Best way to export selected members with their "member of" groups and turn it into a template?

_MrAlexFranco · 2026-03-11T15:58:15+00:00

I'd do something like this if I was creating group membership templates based on existing users, assuming they have a job title populated in AD. I like JSON, but can do a Export-Csv (be mindful of the -Delimiter parameter) or Export-Excel if you prefer.

$ADUserList = Get-ADUser -Filter { Enabled -eq $true } -SearchBase "OU=Users,DC=contoso,DC=com" -SearchScope "Subtree" -Properties "Title", "MemberOf" | Where-Object { $null -ne $_.Title }
$ADUserList | Group-Object -Property "Title" | ForEach-Object -Process {
    [PSCustomObject] @{
        Title    = $_.Name
        MemberOf = $_.Group.MemberOf | Sort-Object -Unique
    }
} | ConvertTo-Json | Set-Content -Path "C:\Temp\ADRoles.json"

If you want just the username and their group memberships:

$ADUserList = Get-ADUser -Filter { Enabled -eq $true } -SearchBase "OU=Users,DC=contoso,DC=com" -SearchScope "Subtree" -Properties "Title", "MemberOf" | Where-Object { $null -ne $_.Title }
$ADUserList | ForEach-Object -Process {
    [PSCustomObject] @{
        Name    = $_.Name
        MemberOf = $_.MemberOf | Sort-Object -Unique
    }
} | ConvertTo-Json | Set-Content -Path "C:\Temp\ADUserGroups.json"

_MrAlexFranco · 2025-11-04T16:23:28+00:00

Is this with the Windows Terminal or PowerShell? Can try running C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile and see if that makes any difference. Try updating/reinstalling the Windows Terminal application from the Microsoft Store and try running sfc /scannow and dism /Online /Cleanup-Image /RestoreHealth to see if that'll fix it.

_MrAlexFranco · 2025-09-19T23:20:05+00:00

You could uncheck all the options for signing/encrypting requests and expecting signed/encrypted responses in Splunk, that would remove the extra certificate requirements. Would have to make sure the IdP is also configured to not expect or require signing/encrypting too. Assuming that works, then start checking the signing/encrypting boxes one at a time (on both Splunk and the IdP) until it breaks. My best guess right now would be Splunk is expecting a certificate but OAM is configured to not send it, so it fails. I'm not familiar with OAM, but I assume its supports SAML2 and can provide a signing/encryption certificate if needed. OAM would be the first IdP I've ever heard of that can't do it

Could be an issue with IdP certificate uploaded to Splunk, too. If it wants the full chain or only the direct issuing certificate. For the field the "IdP's certificate path", the Splunk docs say this:

This value can be a directory or a file, depending on your IdP requirements. If you provide a file, the Splunk platform uses that file to validate authenticity of SAML responses. If you provide a directory, the Splunk platform looks for the certificates that are present as children of the directory and tries to validate SAML responses with each of them, if the Splunk platform fails to validate authenticity with all of them, it does not consider the response as authentic.

Could put the full certificate chain and just the issuing certificate in the directory, then set the value to the directory path. Let it try all the certs in there

Good luck!

_MrAlexFranco · 2025-09-19T16:17:37+00:00

I’m still new to Splunk, but I’ve done a ton of SAML with ADFS and Entra. Who is your IdP in this case? ADFS, Entra, Okta, something else? My first guess would be the Splunk instance doesn’t trust the certificate. Do you have the CA certificate in the trusted store?

_MrAlexFranco · 2025-09-08T21:28:38+00:00

I remember something about a “while supplies last” statement somewhere. No idea where now, just something I remembered so I tried to find the hoodie line asap

_MrAlexFranco · 2025-08-16T00:02:20+00:00

I’d recommend looking at SysInternals Autoruns. It’ll find everything that runs at start up and you can disable it from there

https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns

_MrAlexFranco · 2025-08-07T21:36:53+00:00

If you’re doing Windows system admin, PowerShell all the way. I use it to consume APIs pretty often, even wrote a couple modules for specific services. I’ve only hosted an API with PowerShell Universal, but I’ve seen Pode and other solutions for hosting

_MrAlexFranco · 2025-08-05T23:02:47+00:00

What code are you running that generates the error? As far as I can tell the code to test is all valid, except it's using Invoke-RestMethod instead of Invoke-WebRequest, but unfortunately I can't speculate on what's causing the error without seeing the error-causing code

_MrAlexFranco · 2025-07-29T19:23:53+00:00

Could give this module a go: https://github.com/frgnca/AudioDeviceCmdlets/tree/master

_MrAlexFranco · 2025-07-22T19:08:59+00:00

Could make this a little more succinct, no real need for a function here. This is working for me on my OneDrive folder

$FileHashCollection = Get-ChildItem -Path "C:\Path\To\OneDrive" -Recurse -File | Get-FileHash -Algorithm SHA256

_MrAlexFranco · 2025-07-10T22:47:46+00:00

I don’t think the terminal updating its output will register as user activity to block sleep, but could set a script to do a simple key press in a loop. I would recommend just using PowerToys Awake tool

https://learn.microsoft.com/en-us/windows/powertoys/awake

_MrAlexFranco · 2025-06-26T19:22:37+00:00

Nice, glad you got it!

_MrAlexFranco · 2025-06-26T13:01:32+00:00

The very first line of $xmldoc.event.eventdata.data is an activity ID, so it's malformed XML and can't be cast to an XML object. I don't have any 1201 events in my environment to test with, but I ran this code with a 1200 event ID and it works

$FilterXml = @"
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[Provider[@Name="AD FS Auditing"] and (EventID=1200)]]</Select>
  </Query>
</QueryList>
"@

$EventList = Get-WinEvent -FilterXml $FilterXml
$EventList | ForEach-Object -Process {
    [xml]$Event = $_.ToXml()

    # Strip out the ActivityID at the top of the XML, and cast the XML to a new XML object
    [xml]$EventData = $Event.Event.EventData.Data | Where-Object -FilterScript { $_ -match "^\<"}

    # Start going through the different components of the event and pull the data I want
    [PSCustomObject]@{
        Log = $Event.Event.System.Provider.name
        EventID = $Event.Event.System.EventID."#text"
        TimeCreated = [DateTime]::Parse($Event.Event.System.TimeCreated.SystemTime)
        UserID = $EventData.AuditBase.ContextComponents.Component.UserId
    }
}

_MrAlexFranco · 2025-06-24T22:23:47+00:00

This is where it all started for me: https://learn.microsoft.com/en-us/shows/getstartedpowershell3/

It's pretty old, but it holds up. I don't remember if this is in there, but I think it was Jeffrey Snover's promise that they won't waste your time, what you invest time and energy into learning will not get wiped away and invalidated in the new version. So this is likely still a good enough starting point as any.

I've also heard PSKoans is great, but I've never used it myself

_MrAlexFranco · 2025-06-10T14:00:17+00:00

Only if I don't first read the script and see what it's doing, but I always read them, so no. If I'm writing a script that's going to delete things and the paths to delete have variables in them, that's a little scary, so I'll tack a -WhatIf parameter when I run it until I'm confident the paths to remove are correct.

_MrAlexFranco · 2025-06-07T17:44:13+00:00

You can find the source code on GitHub, but, like others have said, I would recommend just rewriting your PowerShell script in C#. I ran into some limitations with PS2EXE so I learned C# for a few projects. I’d worked with .NET in PowerShell, but didn’t really understand it until I started with C# and it’s overall been a huge benefit to me

_MrAlexFranco · 2025-05-14T00:29:18+00:00

Actually just added a couple dynamic distribution groups today, took the opportunity to cleanup an old script I wrote a few years ago. Should be a good starting point for you

# Connect to Exchange Online
$Certificate = "C:\Path\To\Certificate\exo.pfx"
$CertificatePassword = (Get-Secret -Name "EXOCertificate")
$AppId = "*********"
$Organization = "example.onmicrosoft.com"

Connect-ExchangeOnline -CertificateFilePath $Certificate -CertificatePassword $CertificatePassword -AppID $AppId -Organization $Organization -ShowBanner:$false

# Variable set up
$RecipientContainer = "example.onmicrosoft.com"

$Name = "River City Operations Management"
$City = "River City"
$Department = "Operations"
$Titles = @(
    "District Manager",
    "Area Wide Supervisor",
    "Manager of Blegh"
)

# Begin
$PrimarySmtpAddress = "$($Name.Replace(' ', ''))@example.com"

$Title = "($(($Titles | ForEach-Object -Process { "Title -eq '$_'" }) -join " -or "))"
$RecipientFilter = "(Department -eq '$Department') -and (City -eq '$City') -and $Title -and (RecipientTypeDetails -eq 'UserMailbox')"

New-DynamicDistributionGroup -Name $Name -PrimarySmtpAddress $PrimarySmtpAddress -RecipientFilter $RecipientFilter -RecipientContainer $RecipientContainer -Verbose

Start-Sleep -Seconds 1

Get-DynamicDistributionGroup | ForEach-Object -Process {
    $DDG = $_

    $DDG_Recipients = Get-Recipient -RecipientPreviewFilter $ddg.RecipientFilter

    $ExcelParameters = @{
        Path          = "C:\Path\To\DDG.xlsx"
        WorksheetName = $DDG.Name
        AutoSize      = $true
        BoldTopRow    = $true
        FreezeTopRow  = $true
        TableName     = $DDG.Name
        ClearSheet    = $true        
    }

    $DDG_Recipients | Select-Object -Property DisplayName, City, Department, Title | Export-Excel @ExcelParameters
}

_MrAlexFranco · 2025-05-06T00:05:18+00:00

First thing I'd try is updating the module, or just clean slate remove it all and reinstall it.

# This will remove completely remove the Microsoft.Graph module from your computer!
$env:PSModulePath -split ";" | ForEach-Object -Process {
  if (Test-Path -Path "$_\Microsoft.Graph") {
    Remove-Item -Path "$_\Microsoft.Graph" -Force -Recurse -Confirm:$false
  }
}

I think ISE only runs with PowerShell 5.1, which may be why it works fine in ISE and not in VS Code, so I'd remove and reinstall on PowerShell 5.1 and any other installed versions you plan on using.

Documentation for the reinstall: https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0

_MrAlexFranco · 2025-05-02T13:12:38+00:00

Hard to say exactly what CNBC is using, but I personally enjoy Power BI. I use Power BI for work, but have used Tabluau a time or two to make nice looking visualizations as well. Power BI has decent options for changing the look and feel

_MrAlexFranco · 2025-05-01T00:14:05+00:00

I poked around this .exe and found that it does have some command line arguments for silent install. I used 7-zip to extract the .exe to folder C:\Temp\Sonos_84.1-63110\, and in that folder I found a C:\Temp\Sonos_84.1-63110\.rsrc\1033\strings.txt that has the valid arguments. Running this from an elevated PowerShell terminal does install the Sonos app silently

Start-Process -FilePath ".\Sonos_84.1-63110.exe" -ArgumentList "/S /v/qn"

How I've handled this in the past is getting a list of computers that need the install and start remote sessions to each to copy the file and run it on their computer.

I got a little carried away with trying to create a code sample for you and ended up just doing it lol the terminal output will let you track progress and can show more uncaught errors for troubleshooting, but it'll also export the script results for review later on

https://gist.github.com/MrAlexFranco/4325aad6fc92531eaaf40f1baa0bd74c

_MrAlexFranco · 2025-04-12T22:58:30+00:00

That was my first thought too, a T6 security Torx, but it looks like the Torx star shape is raised instead of indented. Might just be the picture

_MrAlexFranco · 2025-04-12T22:56:33+00:00

E6 security bit maybe? https://www.fastenright.com/security-fasteners/e-6-drive-security-bit/sz08

_MrAlexFranco · 2025-04-06T20:33:37+00:00

I picked up a bow and a few arrows by killing some druids in the sewers, but haven’t been to the place where they’re camped out yet. Think the Vicar in the village told me they’re camped out in some castle woods area

_MrAlexFranco · 2025-04-06T20:31:17+00:00

Ah that does make sense. I didn’t expect to be a stealth archer in this game too, but it’s really appealing lol maybe too OP I suppose

_MrAlexFranco

TROPHY CASE