PowerShell
335 TopicsExport/Import distribution group members
We're migrating from one forest to another and among other things we have to migrate memberships of distribution groups betweene the two. The problem arised because many distribution groups in the source forest contains "contacts" as members. Since we're using ADMT, which does not migrate contacts, to do the migrations we have exported/imported contacts to the target forest. Now when we migrate the distribution groups they lack the contacts in the membership so we thought of a way to read the distribution group membership from the source domain and update them in the target domain but couldn't manage to get the script working. How can we remotely run the script to extract the group memebership from source domain and add them in the corresponding groups in the target domain33Views0likes1CommentWindows Restricted User Experience Set-CimInstance Error
So I'm trying to set up a restricted user experience that allows the usage of only one application. However, I keep running into this weird error message that provides no useful information: I've been successful in getting the boilerplate example fromthe official Windows guide to work, so I'm fairly certain the error lies in how I've set up the Allowed Apps and PinnedList. Perhaps in the path to the app? But I'm not sure how I'd go about changing that since I got the pathway from the task manager. Any help is appreciated! Full code below: psexec.exe -i -s powershell.exe $assignedAccessConfiguration = @" <?xml version="1.0" encoding="utf-8"?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}"> <AllAppsList> <AllowedApps> <App AppUserModelId="Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe" /> </AllowedApps> </AllAppsList> <v5:StartPins><![CDATA[{ "pinnedList":[ {"packagedAppId":"Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe"}, ] }]]></v5:StartPins> <Taskbar ShowTaskbar="true" /> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount rs5:DisplayName="RDUSER" /> <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}" /> </Config> </Configs> </AssignedAccessConfiguration> "@ $namespaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className $obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration) Set-CimInstance -CimInstance $obj54Views0likes2Commentsscript to use PowerShell to Report Teams Status, Presence and Reset After Time
I would like to create a powershell script to run against my tenant to report where people have got a Reset Status After time coded in Teams Any suggestions - greatfully received. I can only find commands to show presence.Solved67Views0likes5CommentsPowerShell script to reinstall Windows license key
Greetings, I am new to PowerShell. I was talking with my boss recently about an issue we had following the Windows 11 24H2 update. The Windows license is being deactivated following the update. My boss has written a PowerShell script to resolve this issue but he asked me to see if I can write a script as well to fix the issue. He thought it would be good practice for me to learn PowerShell. So he has tossed me into the deep end and I need to quickly learn to swim; ) I need a script that would reinstall the Windows license key, activate the key, and change the DEP policy to opt out mode. This task is above my skill level and I could use some help. Thanks in advance84Views0likes3CommentsI can add myself to any Site Owners group via the web but getting Access Denied using PowerShell
Add-SPOUser -Site "https://mysite" -Group "mySite Owners" -LoginName myemail Add-SPOUser : Attempted to perform an unauthorized operation. I can successfully add other users to sites I'm already Owner using the above CMD. Thank you!1.2KViews0likes5CommentsHow do I get HP Bloatware script to run during enrollment?
Hi all I am wanting to put a script within Intune so during the deployment phase of autopilot it would remove the HP Bloatware however if I attach this script https://gist.github.com/mark05e/a79221b4245962a477a49eb281d97388into the deployment policy it would fail everytime. I can only remove it by going to the start menu , run powershell as admin and then run the script manually from there. What do I need to add so the script can run automatically? It wouldn't matter if it can't be run during the enrollment stage but I do want to somehow automatic this . Thanks361Views0likes2CommentsEntering in commands on a remote workstation using a PS script
I am trying to create a PS script that opens a session on a remote workstation and executes these commands: netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True This is the part of the script giving me trouble: $session = New-PSSession -ComputerName $workstationName # Prompt for credentials $cred = Get-Credential # Use Invoke-Command to run the script block with elevated credentials Invoke-Command -Session $session -Credential $cred -ScriptBlock { # Check if the session is available if ($session -ne $null) { Write-Host "Session established. Waiting for the session to be ready..." # PowerShell commands here netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=domain Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop" netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes Set-NetFirewallRule -DisplayGroup "Network Discovery" -Enabled True Get-Process } # Exit the remote session Exit-PSSession } else { Write-Host "Failed to establish a session." } Here is the error. Any help is appreciated Invoke-Command : Parameter set cannot be resolved using the specified named parameters. At C:\XXXX\VMPrepBeta6.ps1:67 char:5 + Invoke-Command -Session $session -Credential $cred -ScriptBlock { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Invoke-Command], ParameterBindingException + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.InvokeCommandCommand103Views0likes2CommentsMultiple @name substitution in one line import
I'm trying to export all the "conditional" attributes from the Get-DynamicDistributionGroup into a csv file ConditionalCompany : {} ConditionalStateOrProvince : {} ConditionalCustomAttribute1 : {} ConditionalCustomAttribute2 : {} these attributes are aMicrosoft.Exchange.Data.MultiValuedProperty`1[System.String] so to correctly export them to csv we should use the following for each of them @{Name="ConditionalCustomAttribute1";Expression={($_.ConditionalCustomAttribute1)}} @{Name="ConditionalCustomAttribute2";Expression={($_.ConditionalCustomAttribute2)}} ... I was wondering if there's a way to "expand" the * inside the@{} instead something like @{Name="ConditionalAttribute*";Expression={($_.ConditionalAttribute*)}}132Views0likes1Commentpowershell get-winevent script assistance
first time poster here, hoping i am doing this correctly! I am using the script below to send email alerts when there are more than 200 of event 6273 is logged under the security log within a 10 minute period. This script emails the most recent 100 events and works perfectly but includes much more information than we care to see as shown in the output below the code. We are basically just trying to get an email that allows us to quickly skim through the users from the latest 100 events to ensure they are not legitimate ad accounts and if they are, easily determine the offenders ip address and add it to the blocklist. How can i extract and email only thetimestamp,accountname, and thecalling station identifierformatted with some kind of line break between the entries from this thing? $count = (Get-WinEvent -FilterHashtable @{logname='Security'; Id =6273; StartTime=(Get-Date).AddMinutes(-10)}).count if ($count -gt 200) { $EventId = 6273 $A = Get-WinEvent -MaxEvents 100 -FilterHashTable @{Logname = "Security" ; ID = $EventId; StartTime=(Get-Date).AddMinutes(-10)} -ErrorAction SilentlyContinue $Message = $A.message $EventID = $A.Id $MachineName = $A.MachineName $Source = $A.ProviderName $EmailFrom = "email address removed for privacy reasons" $EmailTo = "email address removed for privacy reasons" $Subject ="Password guessing alert" $Body = "`nMessage: $Message" $SMTPServer = "webmail.mail.com" $SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 587) $SMTPClient.EnableSsl = $true $SMTPClient.Credentials = New-Object System.Net.NetworkCredential("email address removed for privacy reasons", "password"); $SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body) }else { Write-Host "Under 200 events" Exit } Here is the output we currently have scheduled to email us each hour: Message: Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:S-1-0-0 Account Name:CASTRO Account Domain:DOMAIN Fully Qualified Account Name:DOMAIN\CASTRO Client Machine: Security ID:S-1-0-0 Account Name:- Fully Qualified Account Name:- Called Station Identifier:10.44.17.98 Calling Station Identifier:62.122.184.12 NAS: NAS IPv4 Address:10.25.254.1 NAS IPv6 Address:- NAS Identifier:- NAS Port-Type:Virtual NAS Port:2678272000 RADIUS Client: Client Friendly Name:FTD Client IP Address:10.25.254.1 Authentication Details: Connection Request Policy Name:FTD-Authentication Network Policy Name:- Authentication Provider:Windows Authentication Server:DC302.domain.com Authentication Type:PAP EAP Type:- Account Session Identifier:- Logging Results:Accounting information was written to the local log file. Reason Code:16 Reason:Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID:S-1-0-0 Account Name:rlinda Account Domain:DOMAIN Fully Qualified Account Name:DOMAIN\rlinda Client Machine: Security ID:S-1-0-0 Account Name:- Fully Qualified Account Name:- Called Station Identifier:10.44.17.98 Calling Station Identifier:83.97.73.104 NAS: NAS IPv4 Address:10.25.254.1 NAS IPv6 Address:- NAS Identifier:- NAS Port-Type:Virtual NAS Port:2678267904 RADIUS Client: Client Friendly Name:FTD Client IP Address:10.25.254.1 Authentication Details: Connection Request Policy Name:FTD-Authentication Network Policy Name:- Authentication Provider:Windows Authentication Server:DC302.domain.com Authentication Type:PAP EAP Type:- Account Session Identifier:- Logging Results:Accounting information was written to the local log file. Reason Code:16 Reason:Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. Upvote1Downvote0Go to commentsShare112Views0likes1CommentPowerShell script for permissions
Hello Folks, My team came across a situation where we need to fix/assign permissions to folders and subfolders beneath. Problem statement: There are number of shared folders on servers which are going to migrate to SharePoint soon. We have been asked to assign permissions to users who will be doing the migration. We tried it with PowerShell but sooner faced a blocker. On multiple folders (cannot count as there are so many) we do not have access. Our requirement: We are looking for a readymade script or directions using PowerShell where we should be able to identify folders on which our group do not have access and grant us access to those folders. Same script should be able to assign permissions for other users and groups who will be doing the migration. Note: My team members are part of Local Admin group and can do this manually. But number of folders and in thousands. So doing it manually is not advisable.\ Any quick help in this regard will be much appreciated. Thanks & Regards Abhay183Views0likes1Comment