Skip to content

Instantly share code, notes, and snippets.


Daniel dstreefkerk

  • Sydney, Australia
View GitHub Profile
dstreefkerk / ConditionalAccess-PolicyNames_and_IDs.txt
Created Oct 6, 2020
KQL Query to retrieve from Log Analytics a list of Conditional Access policy names and IDs
View ConditionalAccess-PolicyNames_and_IDs.txt
| mv-expand ConditionalAccessPolicies
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(
| distinct ID,DisplayName
| order by DisplayName asc
dstreefkerk / ConditionalAccess-SignIns-ReportOnly.txt
Last active Mar 23, 2022
KQL Query to retrieve all Azure AD sign-ins that failed a Conditional Access policy in Report-Only mode
View ConditionalAccess-SignIns-ReportOnly.txt
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
| mvexpand ConditionalAccessPolicies
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]
dstreefkerk / Copy-Shrug.ps1
Created Feb 14, 2020
Put this into your PowerShell profile file for an offline version of
View Copy-Shrug.ps1
function Copy-Shrug {
"¯\_(ツ)_/¯" | Set-Clipboard
Write-Output "Shrug copied to clipboard"
New-Alias -name 'cps' -Value Copy-Shrug
dstreefkerk / Get-MachineAccountQuotaUsers.ps1
Created Jan 29, 2020
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
View Get-MachineAccountQuotaUsers.ps1
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created
foreach ($machine in $machineAccountQuotaComputers) {
$creator = $null
try {
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
catch {
$creator = $machine.'ms-DS-CreatorSID'
dstreefkerk / CSVGridView.bat
Created Nov 8, 2019
Batch file that enables a CSV to be dragged/dropped and then opened in a PowerShell GridView. Requires the PowerShell ISE to be instaled.
View CSVGridView.bat
@echo off
IF "%~1"=="" GOTO NOFILE
set CSVPATH=%~1
powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit"
dstreefkerk / dfstargets.ps1
Last active Mar 19, 2021
Get a list of active DFS folder targets under a specific DFS root
View dfstargets.ps1
Get-DfsnFolder -Path \\\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$[0]}
dstreefkerk / Get-AussieGovDomains.ps1
Created Jul 9, 2019
Retrieve a list of Australian government ( domains from the CKAN Data API at
View Get-AussieGovDomains.ps1
Retrieve a list of Australian government ( domains from the CKAN Data API at
$dataUri = ''
# Basic function to strip the URL down to the bare FQDN
View Invoke-QuerySpfViaCloudflareDoh.ps1
# Retrieve SPF records for a domain via Cloudflare DoH
$domain = ''
$result = Invoke-RestMethod -Uri "$domain&type=TXT" -Headers @{'accept'='application/dns-json'}
if ($result -ne $null) {
if ($result.answer -ne $null) {
$result.answer | Select-Object -ExpandProperty data | Where-Object {$_ -like '*v=spf1*'}
dstreefkerk / Invoke-SpeechPrank.ps1
Last active Mar 19, 2021
Some PowerShell pranking fun. Combine with PSRemoting to confuse your co-workers. I've not used this since 2014, so I don't know if it still works.
View Invoke-SpeechPrank.ps1
Add-Type -TypeDefinition @'
using System.Runtime.InteropServices;
[Guid("5CDF2C82-841E-4546-9722-0CF74078229A"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
interface IAudioEndpointVolume {
// f(), g(), ... are unused COM method slots. Define these if you care
int f(); int g(); int h(); int i();
int SetMasterVolumeLevelScalar(float fLevel, System.Guid pguidEventContext);
int j();
int GetMasterVolumeLevelScalar(out float pfLevel);
dstreefkerk / Invoke-RegexReplaceTest.ps1
Created Apr 27, 2019
Some simple character replacement via Regex in PowerShell
View Invoke-RegexReplaceTest.ps1
# Regex Examples with -Replace
$testString = "ABCabc 123456_!#$%"
Write-Host "Remove all numbers in a string" -ForegroundColor Yellow
"Before: $testString"
"After: $($testString -replace '\d')"
Write-Host "Remove everything but numbers from a string" -ForegroundColor Yellow
"Before: $testString"