This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Find Group Policies with Missing Permissions | |
Function Get-GPMissingPermissionsGPOs | |
{ | |
$MissingPermissionsGPOArray = New-Object System.Collections.ArrayList | |
$GPOs = Get-GPO -all | |
foreach ($GPO in $GPOs) { | |
If ($GPO.User.Enabled) { | |
$GPOPermissionForAuthUsers = Get-GPPermission -Guid $GPO.Id -All | select -ExpandProperty Trustee | ? {$_.Name -eq "Authenticated Users"} | |
$GPOPermissionForDomainComputers = Get-GPPermission -Guid $GPO.Id -All | select -ExpandProperty Trustee | ? {$_.Name -eq "Domain Computers"} | |
If (!$GPOPermissionForAuthUsers -and !$GPOPermissionForDomainComputers) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-DnsServerConditionalForwarderZone -Name "contoso.com" -ReplicationScope "Forest" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Create-DNSScavengingRecordsReport | |
{ | |
<#Creates a report with DNS records stale data. | |
For any record, checks if: | |
1)Stale record, responding to ping. | |
2)Stale record, NOT responding to ping. | |
3)Valid record, timestamp is updated (not stale).#> | |
$DC = (Get-ADDomainController).Name | |
$DNSRoot = (Get-ADDomain).DNSRoot | |
$DNSRecords = Get-DnsServerResourceRecord -ComputerName $DC -ZoneName $DNSRoot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Create-DNSScavengingRecordsReport | |
{ | |
<#The script checks any Dynamic DNS Record and decided whether it’s: | |
1)A stale record which responded to ping. | |
2)stale record which doesn’t responded to ping. | |
3)An updated record (not stale).#> | |
$DC = (Get-ADDomainController).Name | |
$DNSRoot = (Get-ADDomain).DNSRoot | |
$DNSRecords = Get-DnsServerResourceRecord -ComputerName $DC -ZoneName $DNSRoot | |
$DateThershold = (Get-Date).AddDays(-14) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Changing The Forest Level | |
$CurrentForest = Get-ADForest | |
Set-ADForestMode -Identity $CurrentForest -Server $CurrentForest.SchemaMaster -ForestMode Windows2008R2Forest | |
#Changing The Domain Level | |
$CurrentDomain = Get-ADDomain | |
Set-ADDomainMode -Identity $CurrentDomain.Name -Server $CurrentDomain.PDCEmulator -DomainMode Windows2008R2Domain |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Get Installed Roles on each Domain Controller | |
$DCsInForest = (Get-ADForest).Domains | % {Get-ADDomainController -Filter * -Server $_} | |
$DCsRolesArray = @() | |
foreach ($DC in $DCsInForest) { | |
$DCRoles="" | |
$Roles = Get-WindowsFeature -ComputerName $DC.HostName | Where-Object {$_.Installed -like "True" -and $_.FeatureType -like "Role"} | Select DisplayName | |
foreach ($Role in $Roles) { | |
$DCRoles += $Role.DisplayName +"," | |
} | |
try {$DCRoles = $DCRoles.Substring(0,$DCRoles.Length-1)} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Get Domain Controllers for current domain | |
$DCs = Get-ADGroupMember "Domain Controllers" | |
#Initiate the clients array | |
$Clients = @() | |
Foreach ($DC in $DCs) { | |
#Define the netlogon.log path | |
$NetLogonFilePath = "\\" + $DC.Name + "\C$\Windows\debug\netlogon.log" | |
#Reading the content of the netlogon.log file | |
try {$NetLogonFile = Get-Content -Path $NetLogonFilePath -ErrorAction Stop} | |
catch {"Error reading $NetLogonFilePath"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$WVDApplication = Get-AzureADServicePrincipal -Filter "displayName eq 'Windows Virtual Desktop'" | |
$ApplicationRole = $WVDApplication.AppRoles | Where-Object { $_.DisplayName -eq 'TenantCreator'} | |
$UserAccount = Get-AzureADUser -ObjectId $AzureAccount.Id | |
New-AzureADUserAppRoleAssignment -ObjectId $UserAccount.ObjectId -PrincipalId $UserAccount.ObjectId -ResourceId $WVDApplication.ObjectId -Id $ApplicationRole.Id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$WVDApplication = Get-AzureADServicePrincipal -Filter "displayName eq 'Windows Virtual Desktop'" | |
$ApplicationRole = $WVDApplication.AppRoles | Where-Object { $_.DisplayName -eq 'TenantCreator'} | |
$UserAccount = Get-AzureADUser -ObjectId $AzureAccount.Id | |
New-AzureADUserAppRoleAssignment -ObjectId $UserAccount.ObjectId -PrincipalId $UserAccount.ObjectId -ResourceId $WVDApplication.ObjectId -Id $ApplicationRole.Id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$BrokerURL = "https://rdbroker.wvd.microsoft.com" | |
Add-RdsAccount -DeploymentUrl $BrokerURL -Credential $Credentials | |
$RDSTenantName = Read-Host "Enter RDS tenant name" | |
$NewRDSTenant = New-RdsTenant -Name $RDSTenantName -AadTenantId $SelectedAzureSubscription.TenantId -AzureSubscriptionId $SelectedAzureSubscription.SubscriptionId | |
if ($NewRDSTenant) { | |
Write-Host "A new RDS tenant was created with the name $($NewRDSTenant.TenantName)" -ForegroundColor Green | |
} | |
else { | |
Write-Host "The creation of a new RDS tenant was failed." -ForegroundColor Red | |
} |
OlderNewer