User Profile

Joshua_Reynolds

Copper Contributor

Joined Sep 05, 2023

7 Posts2 LikesLikes received

View All Badges

User Widgets

Recent Discussions

Customising SCOM EVENT ID alert message
Hi all I have a rule configured to alert on Domain Admin group membership changes. What I'm hoping for help on is customising the report message so I can cherry pick data to present as this one also goes to a management team. The rule uses Parameter 3 to identify only report on group called "Domain Admins" but how can I push parameter 3 and I assume other parameters to the custom alert fields. I know when I do this stuff in powershell using get-winevent command if I want to grab specific information I'm doing something like the below and I'm essentially wanting to report in the same way so need to extract from the SCOM alert the GroupName affected (I will be doing more the just Domian admins hence wanting this to be dynamic), Account added, Admin making the change without putting in the whole event description so it reads better. $AGG = Get-WinEvent -FilterHashtable @{Path="$securitylog";ID="4728"} -ComputerName $DC -ErrorAction SilentlyContinue foreach($entry in $AGG){ $table += New-Object -TypeName psobject -Property @{ Action = "Added Account to Domain Local Group" Time = get-date $entry.TimeCreated GroupName = $entry.Properties[3].Value+'\'+$entry.Properties[2].Value Admin = $entry.Properties[7].Value+'\'+$entry.Properties[6].Value Account = (New-Object System.Security.Principal.SecurityIdentifier($entry.Properties[1].Value.Value)).Translate([System.Security.Principal.NTAccount]).Value DC = $DC } }
Jan 02, 2025 Place System Center Operations Manager
Reporting
scom
104Views
0likes
0Comments
Re: Access Package Policy via script
Thanks heaps for this Adrian unfortunately I was given other priorities for a while so only just getting back to this now. Its not quite what I needed but I think I can get the rest of the way after your massive help. One question I've never been able to figure out having been self-taught in all of this, where do you go in order to find out what the templates for all these settings are and their potential answers? Like for $T1requestApprovalSettings = @" { "approvalMode": "Serial", "approvalStages": [ { "approvalStageTimeOutInDays": 7, "escalationApprovers": [ ], "escalationTimeInMinutes": 0, "isApproverJustificationRequired": true, "isEscalationEnabled": false, how do you know Serial is the answer for "approvalMode": "Serial", and how do you bring up a list that shows all the variable you can play with like approvalMode, approvalStages, approvalStageTimeOutInDays, etc
Apr 11, 2024 Place Windows PowerShell
734Views
0likes
0Comments
Access Package Policy via script
Think I'm going crazy wondering if anyone can help. I'm attempting to create a policy for an existing Access Package and set the duration time to 12 hours The intention is these packages will work a lot like a PIM group but they are for certain testing profiles Script looks like $allowedRequestors = @(@{ "@odata.type" = '#microsoft.graph.groupMembers' "id"= 'GroupIDRedacted' "description" = 'GroupNameRedacted' }) $params = @{ displayName = "12 Hour Tester Policy" description = "Provide access for 12 hours" allowedTargetScope = "notSpecified" expiration = @{ duration = 'PT12H' type = 'afterDuration' } requestorSettings = @{ "scopeType" = 'SpecificDirectorySubjects' "acceptRequests" = $true "allowedRequestors" = $allowedRequestors } requestApprovalSettings = @{ "isApprovalRequired" = $false "isApprovalRequiredForExtension" =$false "isRequestorJustificationRequired"= $false "approvalMode"= 'NoApproval' "approvalStages"= '[]' } accessPackage = @{ id = $ap.id } } This is to set the parameters I then run the command of New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params -verbose And it will create the policy but the lifecycle expiration is still set to never while all other settings have worked. If I try the non beta command It prompts me for an AccessPackageID as tho none is in the parameters so I supply the same id of the access package as in $ap.id I get the error: "New-MgEntitlementManagementAccessPackageAssignmentPolicy_Create: The request URI is not valid. Since the segment 'accessPackages' refers to a collection, this must be the last segment in the request URI or it must be followed by an function or action that can be bound to it otherwise all intermediate segments must refer to a single resource." Has anyone successfully created an azure access package policy via PowerShell with a duration lifecycle? care to post and example of your parameters if so?
Nov 13, 2023 Place Windows PowerShell
Azure Identity
Windows PowerShell
1.3KViews
1like
2Comments
Re: AD Script to Get Users and Computer Information
if you have found a way to link the information for the user and the computer and you have it in the singular (be it via a foreach loop or not) then you could look to something as Harm_Veenstra has suggested with PSCustomObject one of the ways I script it is: $table = @() $userdetails = get-aduser command you are using $computerdetails - get-adcomputer command you are using $table += new-object -type psobject -Property @{ User = $userdetails.name Computer= $computerdetails.name UserEnabled = $userdetails.enabled } Then once you've added in all the rows you wish into the table the variable will hold everything for you. Please note $table = @() is run only once to set the table up initially if that line exists after you've entered a row it will wipe the table.
Nov 13, 2023 Place Windows PowerShell
1.9KViews
1like
0Comments
Re: Giovani GIl
Are you looking for a script that finds all users of a particular group? All members including nested members of a group? Or something like here is a list of all users, here is their group memberships, and here isa list of all the groups they are nested in?
Nov 13, 2023 Place Windows PowerShell
426Views
0likes
0Comments

Recent Blog Articles

No content to show