View ConditionalAccess-PolicyNames_and_IDs.txt
SigninLogs | |
| mv-expand ConditionalAccessPolicies | |
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id) | |
| distinct ID,DisplayName | |
| order by DisplayName asc |
View ConditionalAccess-SignIns-ReportOnly.txt
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure | |
SigninLogs | |
| mvexpand ConditionalAccessPolicies | |
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure" | |
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"] |
View Copy-Shrug.ps1
function Copy-Shrug { | |
"¯\_(ツ)_/¯" | Set-Clipboard | |
Write-Output "Shrug copied to clipboard" | |
} | |
New-Alias -name 'cps' -Value Copy-Shrug |
View Get-MachineAccountQuotaUsers.ps1
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created | |
foreach ($machine in $machineAccountQuotaComputers) { | |
$creator = $null | |
try { | |
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value | |
} | |
catch { | |
$creator = $machine.'ms-DS-CreatorSID' | |
} |
View CSVGridView.bat
@echo off | |
IF "%~1"=="" GOTO NOFILE | |
set CSVPATH=%~1 | |
ECHO Loading CSV %CSVPATH% | |
powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit" | |
GOTO END | |
:NOFILE |
View dfstargets.ps1
Get-DfsnFolder -Path \\internal.contoso.com\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$_.group[0]} |
View Get-AussieGovDomains.ps1
<# | |
.DESCRIPTION | |
Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/ | |
#> | |
# https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details | |
$dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000' | |
# Basic function to strip the URL down to the bare FQDN |
View Invoke-QuerySpfViaCloudflareDoh.ps1
# Retrieve SPF records for a domain via Cloudflare DoH | |
$domain = 'example.com' | |
$result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'} | |
if ($result -ne $null) { | |
if ($result.answer -ne $null) { | |
$result.answer | Select-Object -ExpandProperty data | Where-Object {$_ -like '*v=spf1*'} | |
} | |
} |
View Invoke-SpeechPrank.ps1
Add-Type -TypeDefinition @' | |
using System.Runtime.InteropServices; | |
[Guid("5CDF2C82-841E-4546-9722-0CF74078229A"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] | |
interface IAudioEndpointVolume { | |
// f(), g(), ... are unused COM method slots. Define these if you care | |
int f(); int g(); int h(); int i(); | |
int SetMasterVolumeLevelScalar(float fLevel, System.Guid pguidEventContext); | |
int j(); | |
int GetMasterVolumeLevelScalar(out float pfLevel); |
View Invoke-RegexReplaceTest.ps1
# Regex Examples with -Replace | |
$testString = "ABCabc 123456_!#$%" | |
Write-Host "Remove all numbers in a string" -ForegroundColor Yellow | |
"Before: $testString" | |
"After: $($testString -replace '\d')" | |
"" | |
Write-Host "Remove everything but numbers from a string" -ForegroundColor Yellow | |
"Before: $testString" |
NewerOlder