Daniel dstreefkerk
dstreefkerk
/ ConditionalAccess-PolicyNames_and_IDs.txt
Created Oct 6, 2020
KQL Query to retrieve from Log Analytics a list of Conditional Access policy names and IDs
View ConditionalAccess-PolicyNames_and_IDs.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SigninLogs | |
| | mv-expand ConditionalAccessPolicies | |
| | project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id) | |
| | distinct ID,DisplayName | |
| | order by DisplayName asc |
dstreefkerk
/ ConditionalAccess-SignIns-ReportOnly.txt
Last active Mar 23, 2022
KQL Query to retrieve all Azure AD sign-ins that failed a Conditional Access policy in Report-Only mode
View ConditionalAccess-SignIns-ReportOnly.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure | |
| SigninLogs | |
| | mvexpand ConditionalAccessPolicies | |
| | where ConditionalAccessPolicies["result"] == "reportOnlyFailure" | |
| | project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"] |
dstreefkerk
/ Copy-Shrug.ps1
Created Feb 14, 2020
Put this into your PowerShell profile file for an offline version of www.copyshrug.com.
View Copy-Shrug.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Copy-Shrug { | |
| "¯\_(ツ)_/¯" | Set-Clipboard | |
| Write-Output "Shrug copied to clipboard" | |
| } | |
| New-Alias -name 'cps' -Value Copy-Shrug |
dstreefkerk
/ Get-MachineAccountQuotaUsers.ps1
Created Jan 29, 2020
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
View Get-MachineAccountQuotaUsers.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created | |
| foreach ($machine in $machineAccountQuotaComputers) { | |
| $creator = $null | |
| try { | |
| $creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value | |
| } | |
| catch { | |
| $creator = $machine.'ms-DS-CreatorSID' | |
| } |
dstreefkerk
/ CSVGridView.bat
Created Nov 8, 2019
Batch file that enables a CSV to be dragged/dropped and then opened in a PowerShell GridView. Requires the PowerShell ISE to be instaled.
View CSVGridView.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| IF "%~1"=="" GOTO NOFILE | |
| set CSVPATH=%~1 | |
| ECHO Loading CSV %CSVPATH% | |
| powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit" | |
| GOTO END | |
| :NOFILE |
dstreefkerk
/ dfstargets.ps1
Last active Mar 19, 2021
Get a list of active DFS folder targets under a specific DFS root
View dfstargets.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-DfsnFolder -Path \\internal.contoso.com\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$_.group[0]} |
dstreefkerk
/ Get-AussieGovDomains.ps1
Created Jul 9, 2019
Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/
View Get-AussieGovDomains.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .DESCRIPTION | |
| Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/ | |
| #> | |
| # https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details | |
| $dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000' | |
| # Basic function to strip the URL down to the bare FQDN |
dstreefkerk
/ Invoke-QuerySpfViaCloudflareDoh.ps1
Created Jul 9, 2019
View Invoke-QuerySpfViaCloudflareDoh.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Retrieve SPF records for a domain via Cloudflare DoH | |
| $domain = 'example.com' | |
| $result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'} | |
| if ($result -ne $null) { | |
| if ($result.answer -ne $null) { | |
| $result.answer | Select-Object -ExpandProperty data | Where-Object {$_ -like '*v=spf1*'} | |
| } | |
| } |
dstreefkerk
/ Invoke-SpeechPrank.ps1
Last active Mar 19, 2021
Some PowerShell pranking fun. Combine with PSRemoting to confuse your co-workers. I've not used this since 2014, so I don't know if it still works.
View Invoke-SpeechPrank.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -TypeDefinition @' | |
| using System.Runtime.InteropServices; | |
| [Guid("5CDF2C82-841E-4546-9722-0CF74078229A"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] | |
| interface IAudioEndpointVolume { | |
| // f(), g(), ... are unused COM method slots. Define these if you care | |
| int f(); int g(); int h(); int i(); | |
| int SetMasterVolumeLevelScalar(float fLevel, System.Guid pguidEventContext); | |
| int j(); | |
| int GetMasterVolumeLevelScalar(out float pfLevel); |
dstreefkerk
/ Invoke-RegexReplaceTest.ps1
Created Apr 27, 2019
Some simple character replacement via Regex in PowerShell
View Invoke-RegexReplaceTest.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Regex Examples with -Replace | |
| $testString = "ABCabc 123456_!#$%" | |
| Write-Host "Remove all numbers in a string" -ForegroundColor Yellow | |
| "Before: $testString" | |
| "After: $($testString -replace '\d')" | |
| "" | |
| Write-Host "Remove everything but numbers from a string" -ForegroundColor Yellow | |
| "Before: $testString" |
NewerOlder