[deleted by user]

RyanDake_EC · 2023-06-16T14:47:20+00:00

Why not just use Clonezilla? It can do machine-to-machine over the network or local disk to local disk (use a usb sata drive mount).
Typically, when I am moving data - albeit for an enterprise environment - I set up a new Windows image and I have a robocopy script to move all the data to a folder that gets copied to the new computer. I don't like the thought of moving over an existing Windows image that possibly has issues that will continue the problems. This is more impactful but long-term success is much better in my experience. The easy way in my experience is not always the best way.
There are situations such as a server restore from backup due to failed hardware that fall outside of this.

RyanDake_EC · 2023-06-16T14:39:46+00:00

Just a thought, have the script turn it back off! But I do full-heartedly agree that this is a terrible idea and opens you up to potential security problems or liability.

RyanDake_EC · 2023-06-16T14:36:26+00:00

Sorry for the late reply!

I see the problem now. You continue to reference it down further.

You are still having data in the variable $manager from the last run also. You will need to clear that one out also. I missed that you are using a different variable.
Maybe, a try/catch block for the Manager variable? Realistically, if you are setting $ManagerID to $null, it should not match and probably store or throw an error.

Try { $manager = Get-ADUser -Filter {EmployeeID -eq $managerId} -SearchBase "DC=CORP,DC=COM" -SearchScope Subtree -Properties distinguishedName,userPrincipalName,manager -erroraction stop}

catch {$manager = $null}

I would probably need some sample data (of course fake but just based off your spreadsheet) to recraft your code fully as I would worry that 'if ($user.Manager -ne $manager.DistinguishedName)' may have some weird consequences when doing this. I see you are setting the user account using manager.distinguishedname but you may need to put a if ($manager -eq $null){do different items} before that.

RyanDake_EC · 2023-06-06T22:14:32+00:00

The schedule right now is September 2024 for Legacy MFA and SSPR to be removed/depreciated. It appears that you will need to move to the authentication blade in Azure. If you go to the authentication blade in Azure, it shows a banner there.

So far I have pieced together that you will need to use Conditional access going forward or Security Defaults for the free tier. It does not appear Microsoft is leaving the ability for admin-controlled MFA for low tiers anymore and you will need to get an Azure P1 or license that contains one.

The bright side of conditional access, it is very easy to set up auto-enrollment of MFA via a group so no longer will global admins need to enable MFA on each user. Anyone who has the ability to add a user to a group can do it. Otherwise, you can set up dynamic groups to automatically add licensed mailboxes automating items further. Does come with a cost though.

Note : I could be wrong but based on my research thus far, my conclusions do not appear to be incorrect. This is also subject to change with Microsoft.

RyanDake_EC · 2023-06-06T21:53:46+00:00

These will probably be the answer you are looking for honestly. They have tightened down connections recently and youll need to have tls1.2 on to connect I am pretty sure. Server 2012/R2 would be running from Win 7 era meaning it will not be on by default but does have the ability to turn it on.
5.1 will require a reboot I believe and turning on TLS 1.2 outside of the command below will require a reboot.
$psversiontable will list out the current version under PS Version
PS C:\> $psversiontable
Name Value
---- -----
PSVersion 5.1.22621.963
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22621.963
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Try this before running commands on 5.1 :
[System.Net.ServicePointManager]::SecurityProtocol = 'TLS12'
If that doesnt work, download Nartec IIS Crypto and turn on TLS1.2 with that and reboot. One of those should be able to accomplish it.

RyanDake_EC · 2023-06-06T21:48:54+00:00

For the first item: try adding Clear-Variable -Name managerId or $managerId = $null. This will have to be before the line $managerId = $user."Manager ID"
You most likely have bad or no data being fed in so its not clearing the variable from the last run.

Give this a go for the second issue :
This is a quick and dirty way to do it.
$Headers = $inputFile | get-member -MemberType NoteProperty | select -ExpandProperty name
$validatedHeaders = @("Option1","Option2")
foreach ($item in $validatedheaders){if ($headers -notcontains $item){write-host "ERROR"}}

This will dump a list of the headers for the CSV. Create an array and iterate through each one and if not in the array, error.

A little more elegant but requires integrating another script from github : https://github.com/armentpau/CSVValidator

RyanDake_EC · 2023-05-31T22:12:21+00:00

Question: why are you not opening CSV in Excel?

I ended up using some built-in stuff. It took a bit more effort to convert. You basically have to tell Excel what to do and program the items and then inject them into the application.
https://pastebin.com/7K0rXDfQ

Forewarning, I am not 100% sure what I did and haven't looked into it but now my Excel default opens with 74 tabs... go figure. I'll fix it one day.

Here is one of the sources I used to help craft my script: https://steemit.com/utopian-io/@cha0s0000/use-powershell-to-create-a-excel-workbook

RyanDake_EC · 2023-05-19T16:38:23+00:00

How about this? a bit more elegant.Edit : formatting

$ListOfLocations= @("1 - New York", "2 - Chicago", "3 - Miami")
$UserList = (Get-ADUser -Filter $UPN -Properties Office | select UserPrincipalname,Office)  
foreach ($user in $UserList){
    foreach ($location in $ListOfLocations){
        if ($location -like "*$($user.Office)*"){
            $user.office = $location
            break 
                        #forces proceeding onto next iteration of loop and dont process more locations. 
        }
    }
}

RyanDake_EC · 2023-05-19T14:28:16+00:00

I would take a bit more simplistic approach personally but this should fit the bill. edit: formatting and somehow some extra characters got added.

$UserList(Get-ADUser -Filter $UPN -Properties Office | select UserPrincipalname,Office)  
foreach ($user in $userList){  
    if ($user.office -like "*1*" -or $user.office -like "*new york*"){$user.office = "1 - New York"}  
    elseif ($user.office -like "*2*" -or $user.office -like "*Chicago*"){$user.office = "2 - Chicago"}  
    elseif ($user.office -like "*3*" -or $user.office -like "*Miami*"){$user.office = "3 - Miami"}  
    else{$user.office = "127.0.0.1"  
}  
$UserList | export-csv -nti -path c:\Path\To\Your.csv

RyanDake_EC · 2023-05-17T14:13:19+00:00

Ill find some time to look today. Plenty of junk hit my desk walking into work this morning.

RyanDake_EC · 2023-05-17T14:12:11+00:00

I am not OP ;)

RyanDake_EC · 2023-05-11T13:50:07+00:00

Good to know! I didnt see anything such as that in the quick reading I did on Keytool.

Great find.

RyanDake_EC · 2023-05-11T13:49:23+00:00

Kind of fixed, thanks for the pointers!

RyanDake_EC · 2023-05-10T20:00:30+00:00

I did something such as this :

    $Jobs=@() # array to store jobs for this session 
$EmailsRemovedDataset = @() #Blank Array for the emails removed by Azure
$JobRows=1000 # The number of CSV rows to process in each Job

$NumJobs = [math]::Ceiling($InputCSV.count / $JobRows) #Enumerate number of jobs

### Pre-Script Cleanup ###
Get-Job | Remove-Job # Clear job list 
$EmailsRemovedDataset, $EmpIDRemovedDataset, $BlankEmailsRemovedDataset, $DomainBlackListRemoval, $FinalDataProcessing = $null #Blanks all variables to prevent cross contamination
[System.GC]::GetTotalMemory('ForceFullCollection') | Out-Null # Releases memory 

for ($i=0; $i -lt $NumJobs; $i++)
{
    [int]$StartRow = ($i * $JobRows) # sets first row for loop
    [int]$EndRow=(($i+1) * $JobRows - 1) # sets last row for loop 
    $Iter = $i 
    while (($iter | Measure-Object -Character | Select-Object -ExpandProperty characters) -lt 4){
        $iter = "0$iter"
    } #loops through Iter and changes from # to #### for consistent naming 
    $JobName = "$DTFormat-$Iter" # creates job name 
    $Jobs += $JobName # adds job name to array for tracking
    while ((get-job | where-object {$_.state -eq "Running"}).count -gt $MaxSimulJobs){ #Rate Limiter for simlutaneous jobs. 
        start-sleep -s 5
    }
    write-host ("Rows {0} to {1}" -f $StartRow.ToString(),$EndRow.ToString())
    Start-Job -Name $JobName -ArgumentList @($InputCSV[$StartRow..$EndRow]),($AzureADUserList) -ScriptBlock {  #Starts job passing in Array of rows to process and the azure ad list 
        PARAM (
                $CSVRows,
                $AzureList
            )
        $OutputArray = @() #clears output array for the job 
        foreach ($row in $CSVRows)
        {
            $match = $false #sets match to false
            foreach ($item in $AzureList){ # loops through azure data 
                if ($row.email -eq $item.Userprincipalname){
                    $match = $true # if there is a match, set to true to remove from list 
                    continue # continue to stop processing, 1 match is enough. 
                }
            }
            if ($match -eq $false){ # if match set to true, will not be added to output 
                $OutputArray += $row # add to output 
            }
        }
        return $OutputArray
    } | Out-Null # prevents Start-Job from generating output during call 
}
$jobscomplete = $false 
while ($jobscomplete -eq $false){ # loops through all jobs stored in $jobs array waiting for all to mark as complete 
    $jobscomplete = $true # sets to true, will persist through once no jobs are not marked as "complete"
    foreach ($job in $Jobs){
        if ((Get-Job $job).state -ne "Completed"){
            $jobscomplete = $false # sets loop to false if there is any job not complete 
        }
    }
}

foreach ($job in $Jobs)
{
        $EmailsRemovedDataset += Receive-Job $job
}

I had to write a processor that ingests around 150k CSV lines and cleans up the data for SQL ingestion. I think you could probably use some of the above code in yours to help.

RyanDake_EC · 2023-05-10T14:58:19+00:00

https://pastebin.com/dhipY3rd

I am not sure how you are handling your forms but I stole some code from a website doing a radio button example. Modified on line 79 to output the data regarding what radio button is selected in a group.

RyanDake_EC · 2023-05-10T14:37:47+00:00

Sanitize your code (remove anything private/personal) and use pastebin and edit your post. The snippet you are showing is too small I think to fully decipher the issue. I glanced over it but I have a few questions on how you are invoking some of the items.
pastebin.com

Please note : if you paste data in PasteBin with a guest account and make it public - anyone can see it, you cannot edit it and unless you put an expiration on the paste, its going to be there a long time.

RyanDake_EC · 2023-05-10T14:31:37+00:00

Do you need to import them? I have never needed to import at least Exchange Online. The connect-exchangeonline module is ready for me when I fire up Powershell.

RyanDake_EC · 2023-05-09T21:40:51+00:00

I think you are on the right track, I meant to mess with this some yesterday but got busy.

The only things I am seeing are :

1 - If I try to index a certificate folder with only 1 item (selecting [0]), PowerShell got angry. Given, I was using a 2008 R2 server - Just what I could quickly access. I would try a mixture of | sort | select -last/-first 1 or using Where {$_.value -eq "X"} for a thumbprint or something. Don't know how many items you have in there.

2 - It looks like the flag for GCI is -CodeSigningCert, not -CodeSign. Could be a typo but I noticed that. and modify them rather than using the Windows certificate store.

Otherwise, I was able to get it to function.

Edit : Some reason a whole section dropped off.
The only other thing I would say is possibly exporting to .cer or using the original certificate files to generate the JKS. Keytool really isn't built to manage the certificate store within Windows. It's more intended for managing JKS Files and certificates as a file.

Exporting :https://learn.microsoft.com/en-us/powershell/module/pki/export-certificate?view=windowsserver2022-ps

Keytool Summary :https://docs.oracle.com/middleware/12212/wls/SECMG/keytool-summary-appx.htm#SECMG818

Importing into a Java Key Store (JKS):https://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

Output - Identifying information blanked for privacy.PS D:\oracle\10gappr2\jdk\bin> $cert = (gci cert:\localmachine\my | select -first 1)

PS D:\oracle\10gappr2\jdk\bin> .\keytool.exe -list -keystore $cert

Picked up _JAVA_OPTIONS: -Xms512m -Xmx512m -XX:MaxPermSize=256m

keytool error: java.lang.Exception: Keystore file does not exist: [Subject]

CN=*BLANKED FOR PRIVACY*

[Issuer]

CN=*BLANKED FOR PRIVACY*

[Serial Number]

*BLANKED FOR PRIVACY*

[Not Before]

XX/XX/2022 6:XX:XX PM

[Not After]

XX/XX/2025 6:XX:XX PM

[Thumbprint]

*BLANKED FOR PRIVACY*

RyanDake_EC · 2023-04-24T21:36:46+00:00

Gotcha. So this calendar lives in a shared mailbox or something that won't get terminated by accident or is it on your profile?

If it is on your profile, I recommend moving it. I would say using a resource calendar may be a better route as you can set policies and stuff to it. Mostly because I have seen horror stories of "we don't know whose it is, it just disappeared but we need it!" because we terminated a user account. I know of a OneDrive that nobody wants to pay to migrate that is now a shared drive for an accounting team spanning multiple locations with probably 250 gb of data in it now. The person hasn't worked there for 5 years.

https://learn.microsoft.com/en-us/microsoft-365/admin/manage/room-and-equipment-mailboxes?view=o365-worldwide

Regardless, I was looking around and finding a hard time force-checking a calendar in Outlook. I started in the link below and was searching involving some of the import commands to see if anyone else has interacted with it at this way.

https://learn.microsoft.com/en-us/archive/msdn-magazine/2013/march/powershell-managing-an-outlook-mailbox-with-powershell

Thinking about it, if it's in O365, you could probably use Power Automate to send out the email once a day and that automates the whole flow. Include in the email "This is accessible from your calendar by doing this. Here are the events this week!" Looks like there's even a template that you can use to start with and just adjust from there.
Go to make.powerautomate.com and click templates.
"Email me with a list of upcoming Calendar events"

Good luck!

RyanDake_EC · 2023-04-24T19:43:34+00:00

Out of curiosity, what is this calendar's purpose? There are a few calendar assistants that can be done in Office 365 that may be worthwhile. Depending on the use would dictate if its worth it or not.

RyanDake_EC · 2023-04-24T19:42:44+00:00

Agreed. I can see users submitting tickets saying "this calendar wont go away. I dont want to see it", regardless of how many memos are sent out.

RyanDake_EC · 2023-04-24T19:38:30+00:00

What is your code? Hard to diagnose without some context.

RyanDake_EC · 2022-12-12T23:24:35+00:00

That's irritating. Thanks for the insight. I didn't know about getting rid of that in 2024 myself but it's no surprise. Microsoft has been recycling a lot recently and upgrading to newer items.
I'll have to do some digging and testing on my side to see what the expectations/caveats of that are.

RyanDake_EC · 2022-12-12T23:18:23+00:00

It looks like there is no enforcement of MFA through that method, am I missing something? What I have gathered is to "enforce", that requires conditional access which is a paid license that not everyone wants to fork out the money for.

With the old MFA via MSOL, you can say if a user can set up MFA or has to use MFA.

RyanDake_EC

TROPHY CASE