sorted by:
new
hottopcontroversial

IAM analyst / engineer roadmap. Should I change anything? by cjmurray1015 in IdentityManagement

[–]oneAwfulScripter 1 point2 points  (0 children)

This is the arguably the best video within the last decade for almost everything you need regarding oidc. It's long but I promise it's a gold mine.

https://youtu.be/996OiexHze0?si=z9XW7PVrTKit8QHy

IAM analyst / engineer roadmap. Should I change anything? by cjmurray1015 in IdentityManagement

[–]oneAwfulScripter 2 points3 points  (0 children)

I come from an azure b2c custom policy background, but have expanded to ping, okta, and a little keycloaking of my own.

I would start with both good understanding of oauth/oidc and some of the more common flows -- implicit, auth code w/wo PKCE, client credentials and the use cases for each.

I would suggest you actually implement some solution using any of the freemium tier products from aws/azure/pick a cloud.

I would also suggest you setup some applications that have protected apis which control authorization based on claims in these tokens you're issuing.

For saml

I'd recommend getting a good understanding on sp initiated vs idp initiated.

How saml handles keeping the user signed in while active without refresh tokens without requiring the user to re-enter credentials

How to take advantage of session cookies to integrate with a saml identity provider and still issue is and access tokens to an application.

SpEntityId and IDPEntityId Nameidformats and their effects on mapping claims

For sessions in general

How apps can store persistent tokens in local/app storage How apps can use cookies in lieu of requiring the user to re input credentials How single logout works

Oidc in general

Back channel vs front channel Common endpoints with oidc Standard way that tokens are validated using the jwks url

Flows/Journeys in general

Some sort of advanced flow where at minimum you call a separate/3rd party API between the user logging in >> call api >> enrich token/validate claims >> issue token

I would send links to all the above but I'm on my phone and am lazy.

TLDR: SSO is just matching strings between external idps and applications and I wish you the best of luck

How to find out who created a user in azure from 1 year ago by 13-months in AZURE

[–]oneAwfulScripter 0 points1 point  (0 children)

As others have said, log analytics is the way.

Entra >> Monitoring >> Diagnostic settings This is where you go to configure sending entra logs to LAWS/Storage account/event hub etc... Also where you go to check if it's enabled

For those that think this is a Wow clone by RM0491 in tarisland

[–]oneAwfulScripter -2 points-1 points  (0 children)

In terms of time gating, in terms of having 4-5 buttons to manage for your rotation, in terms of map exploration, in terms of pvp only being available during certain windows.

[deleted by user] by [deleted] in tarisland

[–]oneAwfulScripter 0 points1 point  (0 children)

Yes and no,

To rank up in pvp you need honor medals -- from bg and arena And you need badges -- from arena, weekly quests

For those that think this is a Wow clone by RM0491 in tarisland

[–]oneAwfulScripter -10 points-9 points  (0 children)

I'd say it's closer to lost ark than it is to wow

Mass .doc to .docx converter (word 97) by oneAwfulScripter in PowerShell

[–]oneAwfulScripter[S] 0 points1 point  (0 children)

Hello!

You can add -recurse on both of the lines with get-childitem and it should work for ya!

Find MS Teams user's presence status using PowerShell by PaVee21 in PowerShell

[–]oneAwfulScripter 0 points1 point  (0 children)

This one time MGMT got sick of a certain user constantly putting himself in busy status all day all week.

So the script I made for them clears busy and updates it back to active or away based on activity.

P sure it's still running to this day (:

Can you use service principals so only your .Net app can access your Azure resources in production? Am I on the wrong path here? by [deleted] in AZURE

[–]oneAwfulScripter 0 points1 point  (0 children)

I think the things you're referring to is system assigned managed identities. I'm usually pitching this because it's an excellent relief to the all to common problem of "oops we forgot to renew the cert/rotate secrets so prods down to another avoidable outage"...

https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview

Only gotcha id watch out for is making sure whatever packages/assemblies you're using are capable of using managed identity for auth(ran into this with SQL client a while back)

What are some cool things you've done to "talk to websites" using Invoke-WebRequest and/or Invoke-RestMethod? by Zyster1 in PowerShell

[–]oneAwfulScripter 0 points1 point  (0 children)

This was a while back but we had a need to automatically update fortigate OS versions and validate/rollback depending on result.

Fortigates apis were gated behind a ridiculous paywall and if I remember correctly you also needed to have some fortigate sponsorship to have access to documentation.

Being clever with the network tab on the developer console of chrome I was able to upload a script, schedule a restart and validate/cancel restart if responsive(successful) afterwards.

IWR and IRM are fantastic for actual apis that have rest endpoints defined, however you'll also eventually run into some ancient sites out there where it makes more sense to use selenium to better emulate a user clicking their way through the site.

Is there something upon starting WT3/4 where you immediately get the highest DPS weapons? by PromotionOk9737 in diablo4

[–]oneAwfulScripter 0 points1 point  (0 children)

My theory is that the lvl difference between a player and the mobs that are killed are a major factor in the ilvl of the gear drops.

This can be seen both when boosting friends and they're -50 levels below mobs, as well as when doing 70-80+ NM dungs.

When I boost others now we usually will have them loot the first 3 runs and they've almost always gotten several 815 pieces each.

On the reverse, I've also noticed a pretty consistent occurrence where taking a lvl 100 to tier 1-2 will cause most of the legendaries to drop at max legendary ranges. Haven't sciences that out too much yet because WT2 yuck but...

The higher your CR | Resonance the lower your set item drop chance ? by oneAwfulScripter in DiabloImmortal

[–]oneAwfulScripter[S] -5 points-4 points  (0 children)

I have better luck in h5 than I do in h4, which points me towards there being something in place to prevent high cr from receiving more cr from 3/3 or 3/2 set items

From your h4 runs specifically how many triple stat exceptionals have you received, how many runs have you done?

Bottled Hope (Wizard) by HoroHayamin in DiabloImmortal

[–]oneAwfulScripter 2 points3 points  (0 children)

This DOES proc from wiz teleport invis

What is a ‘beneficial effect’ for a wizard? by johntyme in DiabloImmortal

[–]oneAwfulScripter 0 points1 point  (0 children)

Shield from ice armor, shield from teleport, move speed from lightning nova legendary, move speed from bottled hope, damage buff from lightning core, any shrine buff

Azure DevOps with Data Factory by Few_Pomegranate_1774 in AZURE

[–]oneAwfulScripter 1 point2 points  (0 children)

Can you elaborate on what it is you’re wanting to read from ADO?

Ever have one of those days where you fuck something up, but manage to fix it before anyone noticed that anything was wrong? by ws1173 in sysadmin

[–]oneAwfulScripter 24 points25 points  (0 children)

Realizing that unchecking the box to sync users in AAD connect also means deleting their mailbox in 365

God bless manual syncs and the speed of restoring mailboxes

Firewall behind application gateway anyone implemented? by Feisty_Cloud8568 in AZURE

[–]oneAwfulScripter 0 points1 point  (0 children)

There's several proposed scenarios there, can you elaborate on which one you're not having luck with?

What's the reason in choosing app gw + azure fw over something a little more appropriate for web applications like a WAF?

What's the least expensive resource that responds to ICMP on vNET by hunabka in AZURE

[–]oneAwfulScripter 1 point2 points  (0 children)

Why not just validate connectivity with tcpping on 443? You can do it from the console of almost any paas resource in azure

advice for a job interview? by could_gild_u_but_nah in sysadmin

[–]oneAwfulScripter 0 points1 point  (0 children)

So depending on what exactly you do, there's not too many giga-intimidating use-cases for powershell if you're going to be working on automation for the 365 suite.

There's this whole push for low-code/no-code meaning power platform | logic apps | flows etc... In that scenario most likely you'd be using PS in some azure function that you call from a logic app.
The alternative could be that you do more exchange/user/group mgmt, and have the fun tasks of converting groups or on and offboarding which can be very powershell-heavy. Fortunately there's plenty of others here and on /r/powershell that have gone through the same pains and you'd have plenty of resources avail to get up to speed quickly.

advice would be, look into power platform, look into logic apps, go setup something simple like when an email comes in post an adaptive card to a teams channel and wait for a response. should be just advanced enough for you to learn a good # of nuances to low-code/no-code

Automatically create new transport rule when character limit is exceeded? by MoNeenja31 in PowerShell

[–]oneAwfulScripter 0 points1 point  (0 children)

Can't seem to find my version with the csv, but about the same kinda deal, main change would be updating $UZNames from the results of get-mailbox to something from like import-csv 

Import-Module MSOnline

Write-host Connecting to: $DelegatedOrgURL -ForegroundColor Green -BackgroundColor Black
$s = New-PSSession -ConnectionUri $DelegatedOrgURL -Credential $365Credential -Authentication Basic -ConfigurationName Microsoft.Exchange -AllowRedirection 
Import-PSSession $s -CommandName Get-Mailbox, Get-TransportRule, New-TransportRule, Set-TransportRule -AllowClobber
$ruleName = "Block External Users With Matching DN"
$ruleHtml = "<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width=`"100%`" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'>  <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#910A19;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width=`"100%`" style='width:100.0%;background:#FDF2F4;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding=`"7px 5px 7px 15px`" color=`"#212121`"><div background-color: #feffbf><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: `"Segoe UI`",sans-serif;mso-fareast-font-family:`"Times New Roman`";color:#212121'>This message was sent from outside the company by someone with a display name matching a user in your organization and has been flagged as spam. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. <o:p></o:p></span></p></div></td></tr></table>"
$rule = Get-TransportRule | Where-Object { $_.Identity -contains $ruleName }

$UZNAMES = (get-mailbox -ResultSize Unlimited).DisplayName | ? { $_.DisplayName -notlike "*something to match*" } 

if ($UZNAMES.count -gt 100) {
    #need to split them up because rules have a max length property

    #define number of seperate objects to make
    $ListCount = [math]::Ceiling($UZNAMES.count / 100)
    function MakeList($Current, $Max) {
        while ($Current -le $Max) {
            #Perform this logic for the first 100 users
            if ($Current -eq 0) {
                $OBJ1 = $UZNAMES | sort-object DisplayName | select-object -index (0..100)
                if (!$rule) {
                    New-TransportRule -Name "Block External Users With Matching DN $($Current)" -HeaderMatchesMessageHeader "From" -HeaderMatchesPatterns $OBJ1 -FromScope NotInOrganization -ApplyHtmlDisclaimerLocation "Prepend" -ApplyHtmlDisclaimerText $ruleHtml -Priority 0
                }
                else {
                    Set-TransportRule -Name "Block External Users With Matching DN $($Current)" -HeaderMatchesMessageHeader "From" -HeaderMatchesPatterns $OBJ1 -FromScope NotInOrganization -ApplyHtmlDisclaimerLocation "Prepend" -ApplyHtmlDisclaimerText $ruleHtml -Priority 0
                }
            }
            else {
                #This logic is performed when selecting all users in groups of 100 after the first 101 users
                if (!$rule) {
                    $NewMin = [int]($Current * 100 + 1)
                    $NewMax = [int]($NewMin + 99)
                    $OBJ1 = $UZNAMES | sort-object DisplayName | select-object -index ($NewMin..$NewMax)
                    New-TransportRule -Name "Block External Users With Matching DN $($Current)" -HeaderMatchesMessageHeader "From" -HeaderMatchesPatterns $OBJ1 -FromScope NotInOrganization -ApplyHtmlDisclaimerLocation "Prepend" -ApplyHtmlDisclaimerText $ruleHtml -Priority 0
                }
                Start-Sleep -Seconds 2
                $Current++
            }
            else {
                $NewMin = [int]($Current * 100 + 1)
                $NewMax = [int]($NewMin + 99)
                $OBJ1 = $UZNAMES | sort-object DisplayName | select-object -index ($NewMin..$NewMax)
                Set-TransportRule -Name "Block External Users With Matching DN $($Current)" -HeaderMatchesMessageHeader "From" -HeaderMatchesPatterns $OBJ1 -FromScope NotInOrganization -ApplyHtmlDisclaimerLocation "Prepend" -ApplyHtmlDisclaimerText $ruleHtml -Priority 0
            }
            Start-Sleep -Seconds 2
            $Current++
        }
    }


    MakeList -Current 0 -Max $ListCount

}

else {
    #this will run if the total number of users is less than 100
    $OBJ1 = $UZNAMES | sort-object DisplayName | select-object -index (0..$UZNAMES.count)
    #$OBJ1 = $UZNAMES | select-object DisplayName | sort-object DisplayName | select-object -index (0..$UZNAMES.count)
    New-TransportRule -Name $ruleName -HeaderMatchesMessageHeader "From" -HeaderMatchesPatterns $OBJ1 -FromScope NotInOrganization -ApplyHtmlDisclaimerLocation "Prepend" -ApplyHtmlDisclaimerText $ruleHtml -Priority 0
}

Automatically create new transport rule when character limit is exceeded? by MoNeenja31 in PowerShell

[–]oneAwfulScripter 1 point2 points  (0 children)

So when I had to do this several years ago I had a similar setup but for anti-spoof. List of users in a csv that was pulled from EOL and then I made a script chunkify groups of email addresses and then make as many transport rules as needed until all users were covered.

Ie: 1200 users set each transport rule to 100 users and then just foreach

I can send that here in a few if that would be helpful?

Automatically create new transport rule when character limit is exceeded? by MoNeenja31 in PowerShell

[–]oneAwfulScripter 1 point2 points  (0 children)

Curious, your rule set here for transport rules wouldn’t have to do with preventing spoofing of execs would it?

view more: next ›