Skip to content

Instantly share code, notes, and snippets.

View OmerMicrosoft's full-sized avatar

OmerMicrosoft

7 followers · 0 following
View GitHub Profile
@OmerMicrosoft
OmerMicrosoft / Get-GPMissingPermissionsGPOs.ps1
Last active July 3, 2023 18:23
Find Group Policies with Missing Permissions
#Find Group Policies with Missing Permissions
Function Get-GPMissingPermissionsGPOs
{
$MissingPermissionsGPOArray = New-Object System.Collections.ArrayList
$GPOs = Get-GPO -all
foreach ($GPO in $GPOs) {
If ($GPO.User.Enabled) {
$GPOPermissionForAuthUsers = Get-GPPermission -Guid $GPO.Id -All | select -ExpandProperty Trustee | ? {$_.Name -eq "Authenticated Users"}
$GPOPermissionForDomainComputers = Get-GPPermission -Guid $GPO.Id -All | select -ExpandProperty Trustee | ? {$_.Name -eq "Domain Computers"}
If (!$GPOPermissionForAuthUsers -and !$GPOPermissionForDomainComputers) {
@OmerMicrosoft
OmerMicrosoft / Add-DnsServerConditionalForwarderZone.ps1
Created December 31, 2018 22:13
Add-DnsServerConditionalForwarderZone -Name "contoso.com" -ReplicationScope "Forest"
@OmerMicrosoft
OmerMicrosoft / Create-DNSScavengingRecordsReport.ps1
Last active January 8, 2019 22:15
Creates a report with DNS records stale data
Function Create-DNSScavengingRecordsReport
{
<#Creates a report with DNS records stale data.
For any record, checks if:
1)Stale record, responding to ping.
2)Stale record, NOT responding to ping.
3)Valid record, timestamp is updated (not stale).#>
$DC = (Get-ADDomainController).Name
$DNSRoot = (Get-ADDomain).DNSRoot
$DNSRecords = Get-DnsServerResourceRecord -ComputerName $DC -ZoneName $DNSRoot
@OmerMicrosoft
OmerMicrosoft / Create-DNSScavengingRecordsReport.ps1
Last active September 26, 2019 10:33
Creates a report with DNS records stale data
Function Create-DNSScavengingRecordsReport
{
<#The script checks any Dynamic DNS Record and decided whether it’s:
1)A stale record which responded to ping.
2)stale record which doesn’t responded to ping.
3)An updated record (not stale).#>
$DC = (Get-ADDomainController).Name
$DNSRoot = (Get-ADDomain).DNSRoot
$DNSRecords = Get-DnsServerResourceRecord -ComputerName $DC -ZoneName $DNSRoot
$DateThershold = (Get-Date).AddDays(-14)
@OmerMicrosoft
OmerMicrosoft / ChangeForestAndDomainFunctionalLevels.ps1
Created January 8, 2019 21:42
#Changing The Forest Level
$CurrentForest = Get-ADForest
Set-ADForestMode -Identity $CurrentForest -Server $CurrentForest.SchemaMaster -ForestMode Windows2008R2Forest
#Changing The Domain Level
$CurrentDomain = Get-ADDomain
Set-ADDomainMode -Identity $CurrentDomain.Name -Server $CurrentDomain.PDCEmulator -DomainMode Windows2008R2Domain
@OmerMicrosoft
OmerMicrosoft / Create-DomainControllersRolesReport.ps1
Last active July 3, 2023 18:37
Get Installed Windows Roles on each Domain Controller
#Get Installed Roles on each Domain Controller
$DCsInForest = (Get-ADForest).Domains | % {Get-ADDomainController -Filter * -Server $_}
$DCsRolesArray = @()
foreach ($DC in $DCsInForest) {
$DCRoles=""
$Roles = Get-WindowsFeature -ComputerName $DC.HostName | Where-Object {$_.Installed -like "True" -and $_.FeatureType -like "Role"} | Select DisplayName
foreach ($Role in $Roles) {
$DCRoles += $Role.DisplayName +","
}
try {$DCRoles = $DCRoles.Substring(0,$DCRoles.Length-1)}
@OmerMicrosoft
OmerMicrosoft / Create-ClientsWithNoAssociatedSiteReport.ps1
Last active July 3, 2023 18:37
Create Clients With No Associated Site Report
#Get Domain Controllers for current domain
$DCs = Get-ADGroupMember "Domain Controllers"
#Initiate the clients array
$Clients = @()
Foreach ($DC in $DCs) {
#Define the netlogon.log path
$NetLogonFilePath = "\\" + $DC.Name + "\C$\Windows\debug\netlogon.log"
#Reading the content of the netlogon.log file
try {$NetLogonFile = Get-Content -Path $NetLogonFilePath -ErrorAction Stop}
catch {"Error reading $NetLogonFilePath"}
@OmerMicrosoft
OmerMicrosoft / gist:796661fd6cc58c0ab4060a1e9e718473
Created April 13, 2019 07:32
WVD_AssignTenantCreatorRoleToUser.ps1
$WVDApplication = Get-AzureADServicePrincipal -Filter "displayName eq 'Windows Virtual Desktop'"
$ApplicationRole = $WVDApplication.AppRoles | Where-Object { $_.DisplayName -eq 'TenantCreator'}
$UserAccount = Get-AzureADUser -ObjectId $AzureAccount.Id
New-AzureADUserAppRoleAssignment -ObjectId $UserAccount.ObjectId -PrincipalId $UserAccount.ObjectId -ResourceId $WVDApplication.ObjectId -Id $ApplicationRole.Id
@OmerMicrosoft
OmerMicrosoft / WVD_AssignTenantCreatorRoleToUser.ps1
Created April 13, 2019 07:34
Assign the 'TenantCreator' role to a selected user for WVD (Windows Virtual Desktop)
$WVDApplication = Get-AzureADServicePrincipal -Filter "displayName eq 'Windows Virtual Desktop'"
$ApplicationRole = $WVDApplication.AppRoles | Where-Object { $_.DisplayName -eq 'TenantCreator'}
$UserAccount = Get-AzureADUser -ObjectId $AzureAccount.Id
New-AzureADUserAppRoleAssignment -ObjectId $UserAccount.ObjectId -PrincipalId $UserAccount.ObjectId -ResourceId $WVDApplication.ObjectId -Id $ApplicationRole.Id
@OmerMicrosoft
OmerMicrosoft / WVD_CreateNewRDSTenant.ps1
Created April 13, 2019 07:40
Create a new WVD (Windows Virtual Desktop) tenant
$BrokerURL = "https://rdbroker.wvd.microsoft.com"
Add-RdsAccount -DeploymentUrl $BrokerURL -Credential $Credentials
$RDSTenantName = Read-Host "Enter RDS tenant name"
$NewRDSTenant = New-RdsTenant -Name $RDSTenantName -AadTenantId $SelectedAzureSubscription.TenantId -AzureSubscriptionId $SelectedAzureSubscription.SubscriptionId
if ($NewRDSTenant) {
Write-Host "A new RDS tenant was created with the name $($NewRDSTenant.TenantName)" -ForegroundColor Green
}
else {
Write-Host "The creation of a new RDS tenant was failed." -ForegroundColor Red
}