Bill Long bill-long
bill-long
/ AuthzInitializeContextFromSid.ps1
Last active
October 9, 2023 18:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tests the AuthzInitializeContextFromSid call which is restricted by the GPO discussed in this article: | |
| # https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/authz-fails-access-denied-error-application-access-check | |
| param([string]$sidString) | |
| $authzInitializeResourceManagerSig = @' | |
| [DllImport("authz.dll", CharSet = CharSet.Auto, SetLastError = true)] | |
| public static extern bool AuthzInitializeResourceManager(int flags, IntPtr pfnAccessCheck, IntPtr pfnComputeDynamicGroups, | |
| IntPtr pfnFreeDynamicGroups, string szResourceManagerName, out IntPtr phAuthzResourceManager); | |
| '@ |
bill-long
/ BulkEmailOperationsUsingGraph.ps1
Last active
March 3, 2023 19:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules Microsoft.Graph, Microsoft.Graph.Users.Actions | |
| Connect-MgGraph -Scopes "User.Read.All", "Mail.ReadBasic", "Mail.Read", "Mail.ReadWrite" -DeviceAuth -ContextScope Process | |
| $userId = (Invoke-MgGraphRequest -Uri "v1.0/me")["id"] | |
| # Only returns 10 items by default | |
| Get-MgUserMessage -UserId $userId | ft ReceivedDateTime,Subject | |
| # You can filter for stuff older than a certain date | |
| Get-MgUserMessage -UserId $userId -Filter "ReceivedDateTime lt 2023-01-25" | ft ReceivedDateTime,Subject |
bill-long
/ GetUserNameEx.ps1
Created
February 7, 2023 05:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter()] | |
| [ValidateSet("NameUnknown", "NameFullyQualifiedDN", "NameSamCompatible", "NameDisplay", "NameUniqueId", "NameCanonical", "NameUserPrincipal", "NameCanonicalEx", "NameServicePrincipal", "NameDnsDomain")] | |
| [string] | |
| $ExtendedNameFormat = "NameSamCompatible") | |
| $extendedNameFormats = @{ | |
| "NameUnknown" = 0 | |
| "NameFullyQualifiedDN" = 1 | |
| "NameSamCompatible" = 2 |
bill-long
/ GetSignedXmlResponseCerts.ps1
Last active
October 11, 2022 21:15
Intended to help diagnose the following error from Exchange Mitigation Service: "This XML is not deemed safe to consume since Response xml''s signing cert is invalid or not from microsoft""
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $url = "https://officeclient.microsoft.com/getexchangemitigations" | |
| $r = Invoke-WebRequest $url | |
| $x = [xml]$r.Content | |
| $signedXml = New-Object System.Security.Cryptography.Xml.SignedXml($x) | |
| $sigNode = $x.GetElementsByTagName("Signature") | |
| $signedXml.LoadXml([System.Xml.XmlElement] ($sigNode[0])) | |
| $signedXml.Signature.KeyInfo.Certificates | Format-List | |
| $signedXml.Signature.KeyInfo.Certificates | ForEach-Object { |
bill-long
/ Test-AutoDiscover.ps1
Created
October 4, 2022 20:23
Super simple AutoDiscover test. Does not attempt to encapsulate all of Outlook's logic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter()] | |
| [string] | |
| $HostName, | |
| [Parameter()] | |
| [string] | |
| $EmailAddress | |
| ) |
bill-long
/ CheckCoreOverThreshold.ps1
Created
September 20, 2022 18:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter()] | |
| [int] | |
| $PercentCPUThreshold = 80, | |
| [Parameter()] | |
| [int] | |
| $DurationMilliseconds = 10000 | |
| ) |
bill-long
/ Find-MessageByMid.ps1
Last active
March 17, 2022 17:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $Mailbox, | |
| [Parameter(Mandatory = $true)] | |
| [string] | |
| $MID | |
| ) |
bill-long
/ FindExchangeBackpressure.ps1
Created
March 15, 2022 22:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-ExchangeServer | Where-Object { $_.admindisplayversion -notlike "*14.*" -and $_.admindisplayversion -notlike "*15.0*" } | ForEach-Object { | |
| $server = $_ | |
| [xml]$result = Get-ExchangeDiagnosticInfo $Server -Process EdgeTransport -Component ResourceThrottling | |
| $bp = $result.Diagnostics.Components.ResourceThrottling.ResourceTracker.ResourceMeter | Where-Object { $_.CurrentResourceUse -notlike "low" } | |
| $bp | ForEach-Object { Add-Member -InputObject $_ -MemberType NoteProperty -Name "Server" -Value $server } | |
| $bp | |
| } | Format-Table Server, CurrentResourceUse, Resource |
bill-long
/ FindConnectionsWithoutStartTls.ps1
Created
January 7, 2022 14:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function FindConnectionsWithoutSTARTTLS { | |
| param( | |
| $LocalEndpoint, | |
| [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] | |
| [Alias('FullName')] | |
| [string[]]$LogFile, | |
| $Header = @('date-time', 'connector-id', 'session-id', 'sequence-number', 'local-endpoint', 'remote-endpoint', 'event', 'data', 'context') | |
| ) |
bill-long
/ ParseRCALogExamples.ps1
Last active
September 23, 2021 23:00
RpcClientAccess log parse examples for MapiExceptionRpcServerTooBusy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Show MapiExceptionRpcServerTooBusy count by file | |
| Get-ChildItem *.log | Sort-Object LastWriteTime | % { | |
| $count = (sls "MapiExceptionRpcServerTooBusy" $_).Count | |
| [PSCustomObject]@{ File = $_.Name; LastWrite = $_.LastWriteTime; Count = $count } | |
| } | ft | |
| # Show MapiExceptionRpcServerTooBusy count by hour | |
| sls "^(\S+?),.*MapiExceptionRpcServerTooBusy" *.log | % { |