Skip to content

Instantly share code, notes, and snippets.

View matejskubic's full-sized avatar

matejskubic

9 followers · 2 following
View GitHub Profile
@matejskubic
matejskubic / renew self signed certificate.md
Last active April 9, 2024 03:59
Renew Self Signed certificate

To rotate certificates on machines created from the Dynamics 365 for Finance and Operations downloadable VHD, complete the following steps for each certificate. Sample PowerShell scripts are provided where applicable.

  1. Identify which certificates will expire in the next two months.

    Get-ChildItem -path Cert:\LocalMachine\My | Where {$_.NotAfter -lt $(get-date).AddMonths(2)} | Sort NotAfter | Format-Table Subject, Thumbprint, NotAfter

  2. Record the thumbprint of the certificate that needs to be replaced. You will need this in the next step.

  3. Obtain a new certificate for the expired certificate.

@matejskubic
matejskubic / .well-known__acme-challenge__web.config.xml
Created March 28, 2024 20:03
D365FO - renew certificate with Let's Encrypt
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
@matejskubic
matejskubic / azure-create-user.sql
Created August 30, 2023 13:54
SQL Azure add user to role
CREATE USER [name@domain.com] FROM EXTERNAL PROVIDER
sp_addrolemember @rolename = 'db_datawriter', @membername = 'name@domain.com'
sp_addrolemember @rolename = 'db_datareader', @membername = 'name@domain.com'
@matejskubic
matejskubic / Backup-to-Azure.sql
Created June 1, 2023 14:02
SQL backup restore to Azure Blob Storage
CREATE CREDENTIAL [https://_name_.blob.core.windows.net/backup] WITH IDENTITY='Shared Access Signature', SECRET='sp=racwdl&st=2023-06-01T12:17:10Z&se=2024-01-01T21:17:10Z&spr=https&sv=2022-11-02&sr=c&sig=doW...3D'
DECLARE @dbToBackup as sysname = 'DB'
DECLARE @folder as nvarchar(50) = 'shrinked'
DECLARE @file as nvarchar(100) = @dbToBackup + N'_' + FORMAT(GETDATE(), N'yyyy-MM-dd_hhmmss') + N'.bak'
DECLARE @destUrl as nvarchar(500) = N'https://_name_.blob.core.windows.net/backup/' + @folder + N'/' + @file
PRINT @destUrl
BACKUP DATABASE @dbToBackup TO
URL = @destUrl
WITH NOFORMAT, NOINIT, NAME = N'Full Database Backup', NOSKIP, NOREWIND, NOUNLOAD, COMPRESSION, STATS = 5
@matejskubic
matejskubic / gist:10268126
Created April 9, 2014 13:06
Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2
### http://www.hass.de/content/setup-your-iis-ssl-perfect-forward-secrecy-and-tls-12
# Add and Enable SSL 3.0 for client and server SCHANNEL communications
md 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0' -Force
md 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Force
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force
# Add and Enable TLS 1.0 for client and server SCHANNEL communications
md 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0' -Force
@matejskubic
matejskubic / createSqlSharedAccessSignature.ps1
Last active November 3, 2022 18:08
Generate SQL shared access signature for azure storage account
[CmdletBinding()]
Param(
# subscription name
[parameter()]
[string]$subscriptionName = 'EA - MSDN - AX - ProdDev - 01'
,
# resource group name
[parameter()]
[string]$resourceGroupName='adaxbackup'
@matejskubic
matejskubic / Set-AzureADApplication-RequiredResourceAccess.ps1
Created October 13, 2020 20:56
Azure AD - Grant graph and cds
$rra = [System.Collections.Generic.List[Microsoft.Open.AzureAD.Model.RequiredResourceAccess]]::new()
$ra = [Microsoft.Open.AzureAD.Model.RequiredResourceAccess]::new()
$ra.ResourceAppId = "00000003-0000-0000-c000-000000000000" # graph
$ra.ResourceAccess = [Microsoft.Open.AzureAD.Model.ResourceAccess]::new("e1fe6dd8-ba31-4d61-89e7-88639da4683d", "Scope") # User.Read
$rra.Add($ra)
$ra = [Microsoft.Open.AzureAD.Model.RequiredResourceAccess]::new()
$ra.ResourceAppId = "00000007-0000-0000-c000-000000000000" # CDS / Dynamics CRM
$ra.ResourceAccess = [Microsoft.Open.AzureAD.Model.ResourceAccess]::new("78ce3f0f-a1ce-49c2-8cde-64b5c0896db4", "Scope") #user_impersonation
@matejskubic
matejskubic / MsDyn365FO-OnPrem-ServiceFabric-LocalAgent.sql
Created October 10, 2020 11:48
Dynamics Finance & Operations - Local data agent diagnostics
select top 100 *
from DeploymentInstanceArtifact
select top 100 *
from OrchestratorCommand
order by QueuedDateTime desc
select top 100 *
from OrchestratorJob
@matejskubic
matejskubic / WindowsCredentialVault.psm1
Created June 8, 2020 12:06 — forked from guitarrapc/WindowsCredentialVault.psm1
PowerShell Windows Credential Vault Module
function InitializeWindowsCredential
{
Write-Verbose ("Loading PasswordVault Class.")
[void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
}
InitializeWindowsCredential
function ConvertTo-PasswordCredential
{
@matejskubic
matejskubic / tsql-log-analysis.sql
Last active May 14, 2020 10:13
inspect / analyse sql transaction log
SELECT
--TOP 100
AllocUnitName,
Operation,
COUNT(*) c,
SUM([Log Record Length]) l
FROM sys.fn_dblog(NULL,NULL)
GROUP BY
AllocUnitName,
Operation