(o_0 )

Tuesday, February 10, 2015

Powershell - Active Directory User's Group List

All I wanted to do was to see a list a semi-readable list of the groups a client belongs to.

Get-ADUser am00000b

gives me a list of default values returned.

PS C:\WINDOWS\system32> get-aduser am00000b


DistinguishedName : CN=Lesley,OU=Users,OU=AM,DC=MyCompany,DC=com
Enabled           : True
GivenName         : Lesley
Name              : am00000b
ObjectClass       : user
ObjectGUID        : ffffffff-ffff-ffff-ffff-ffffffffffff
SamAccountName    : am00000b
SID               : S-1-5-21-999999999-999999999-9999999999-99999
Surname           : Phillips
UserPrincipalName : am00000b@am.mycompany.com

Get-ADUser am00000b -Properties * shows me all the AD properties associated with the user. (which you can do on your own). From there I can see the property I'm looking for... MemberOf . If you have a lot of groups assigned to the user, it may be truncated. And, it is not in any particular order. However, you can add MembersOf to the results with -Properties memberof

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof


DistinguishedName : CN=Lesley,OU=Users,OU=AM,DC=MyCompany,DC=com
Enabled           : True
GivenName         : Lesley
MemberOf          : {CN=AMG-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=AMG_Internet_USERS,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=RightFax,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
                    CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,...}
Name              : am00000b
ObjectClass       : user
ObjectGUID        : ffffffff-ffff-ffff-ffff-ffffffffffff
SamAccountName    : am00000b
SID               : S-1-5-21-999999999-999999999-9999999999-99999
Surname           : Phillips
UserPrincipalName : am00000b@am.mycompany.com

Passing that into a Select -ExpandProperty memberof gives the following result.

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof | Select -ExpandProperty memberof
CN=APP-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=AMG-Internet-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=APP-RightFax-admusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com, 
CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-testuser,,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-Level-1,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Instant Message),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^PCAdm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^DominoServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^RemoteControl,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(CompSec),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Organizational Email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(MySpace),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-B-jo,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-SCCM,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^LocalDev,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-FAXServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Smartcard-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-AD-adm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com

And, finally, to make it semi-readable pass in to a Sort-Object

PS C:\WINDOWS\system32> get-aduser am00000b -Properties memberof | Select -ExpandProperty memberof | Sort-Object
CN=^DominoServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^LocalDev,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^PCAdm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=^RemoteControl,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-AD-adm,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-FAXServer,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Internet-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=AMG-SCCM,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=AMG-Smartcard-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-ATTConnect-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-stduser,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Clarity-testuser,,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-stdusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=APP-Heat-Users,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com,
CN=APP-RightFax-admusers,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com, 
CN=IS-B-jo,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=IS-Level-1,OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(CompSec),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Instant Message),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(MySpace),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com
CN=SecWebAccess(Organizational Email),OU=Global,OU=Groups,OU=AM,DC=MyCompany,DC=com

Most examples I found don't use the shorthand for the CN lookup, but rather use a -filter {CN -eq "am00000b"}. Which would look like this...

get-aduser -filter { CN -eq "am00000b" } -Properties memberof | Select -ExpandProperty memberof | Sort-Object

Thursday, December 18, 2014

Powershell - Perfect Passwords

In homage to the folks at the Gibson Research Corporation and their Perfect Passwords page, which has been up for as long as I can remember, I present the following...

Make sure to check out their How Big is Your Haystack? page too.

I was reading about strings in Powershell and realized I could pretty easily make a random string generator similar to the folks at GRC.

PerfectPassword.ps1

$strChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()`~-_=+[]{}\/|?<>,.;':"""
$strResult = ""
$strResult = For ($i=1; $i -lt 65; $i++){$StrResult + $strChars.substring((get-random 93),1)}
[string]::concat("Printable ascii: ", ($strResult -join ""))

$strChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
$strResult = ""
$strResult = For ($i=1; $i -lt 65; $i++){$StrResult + $strChars.substring((get-random 62),1)}
[string]::concat("Alpha numeric:   ", ($strResult -join ""))

$strChars = "0123456789ABCDEF"
$strResult = ""
$strResult = For ($i=1; $i -lt 65; $i++){$StrResult + $strChars.substring((get-random 16),1)}
[string]::concat("Hex:             ", ($strResult -join ""))

$strResult = ""
$strResult = For ($i=1; $i -lt 65; $i++){$StrResult + "0123456789ABCDEF".substring((get-random 16),1)}
[string]::concat("Hex without arg: ", ($strResult -join ""))

$strChars = "ÆƷűʘ ̊░▒▓"
$strResult = ""
$strResult = For ($i=1; $i -lt 65; $i++){$StrResult + $strChars.substring((get-random $strChars.length),1)}
[string]::concat("Silly string:    ", ($strResult -join ""))

Generated the following ...

PS D:\> ./perfectpassword.ps1
Printable ascii: O2c5:sf%4Qn>ckr_6oz-DEGhadY8/{Qw5XOQ2TnJ7WdbqP%[D^.dK=aju.5.9N+*
Alpha numeric:   a5uFPTohb4kXsv5ItStk5A1XGvoM4mTmRsaqhnjKEZaEOmX3ccN6gOZJdG9uFLoY
Hex:             2F105A618BA16525859D9C1076393D1E935A1C869855FC2B6AC20645D08E7DDB
hex without arg: AC73073BC3306B0B47390ED3EFC04AFCAAB34FBE615D23F20DAFA4BBE440A272
Silly string:    ű ʘ░Æ▒ ʘ░űƷ▓̊ÆÆ░Æ Æ ÆÆƷ ▓▓ű▓  űű̊Ʒ  ▒ƷƷƷ ʘƷʘÆ░Ʒ▒ű̊Æ▓ƷÆƷűʘ▓▒Æ̊  Ʒ

PS D:\> ./perfectpassword.ps1
Printable ascii: b|JLNI{]V/;%]~Et{M*k3zoVgJEVJ
Alpha numeric:   r8cZBh2h83yxW7yPaUsQ9DtiBJDEyzZWRf7jwHhEWblYhm8XCPcrMZzXN4y2OxTI
Hex:             0AABF347ADEF48039A0B582DA28724D64AC884C359ACE781E24F50387C0DBD45
hex without arg: F8AAB8B5EC5CE5F3A690FD04740B4F7844D6DD666E18A692DC3544617537701E
Silly string:    ű▒ ̊  ʘ░ÆƷ̊Æ░ ̊Æ̊▓▒ ░ƷűÆ▓░▓ ̊▓▓ʘ▒Ʒű▒▓Æ̊űʘ űÆ░űʘ▓░Ʒ▒̊Ʒ̊űƷ̊ ░▒̊▓ƷƷ

PS D:\> ./perfectpassword.ps1
Printable ascii: Cpv3w[g5y1ex[qC5Hb~OeBAv,jvSG{&VDs~Xh)%}lwE11;DLohM1m#ha\"8m44xM
Alpha numeric:   ZG7NyWGKs5tX8SP9XZtrAkxMhVOfiJqG05TcbPaxHZqnxrcjuPvWr99OjtGNiBCS
Hex:             ACC0FAF1DFB9E23DB7C73730F1EB263168997F2BB3F536BF1BEABF728C1EB3F6
Hex without arg: BA369A5B50C08EC85EA77966060AE4F748A92566525A37AA088D98F13D52AAD0
Silly string:    Æű░▓űƷʘ▓ űƷűű░Ʒ̊▒ʘ̊ű░Ʒ▓░̊̊ʘűÆű░̊űű ▓░̊ʘ▒Ʒ̊ʘűʘ̊▒ ░░ʘűÆ ű▓ʘ▓ʘ░░Æ▓Ʒ

There is some extra stuff I was playing around with in there.

The Silly string was made using the Character Map accessory.

Wednesday, December 17, 2014

iPhone - Unable to Move Messages

Description: Clients cannot move messages to folders to trash on their iPhone or iPad

Clients may see a message similar to the following...

Turn off and on the mail for the afflicted account...

1. - 5. Open Settings > Mail, Contacts, Calendars > pick the account > turn off mail >
then... turn it back on.

When you turn off the Mail, your account's mailbox will clear.

6. Go to the inbox and re-sync.

After the re-sync, and your messages appear, you should be able to move mail around to a new folder, including Trash.

You're done!

I got a GitHub!

https://github.com/LesleyPhillips

Now, let's see what I can do with it....

Friday, September 12, 2014

Here I am learning to do things all over again...

A line of circles
http://lesley-o0.blogspot.com/p/tube.html

A circle
http://lesley-o0.blogspot.com/p/circl.html

Saturday, August 30, 2014

Microsoft MTA Windows Server Administration 98-365

I just finished CBT Nuggets Microsoft MTA Windows Server Administration 98-365 series. It had a few things I didn't know yet. It was neat to see the new tools I had been missing. I'm already torturing the few real experts I know.

Wednesday, August 20, 2014

Notes Redirect File

The Notes Redirect File or .nrf is a text file that can be created automatically when you use the admin client to delete a database and you want to leave a clue, for the accessing clients, as to where they can go to continue to access a replica of the db.

We use this when we remove a replica of a database so that client can continue to access the file on the another server. The format looks like this:

[NotesRedirectFile]
Type=Move
RepID=87654321:12345678
Title=lesleysRedirTest
Ref=CN=APP001/OU=SRV/O=MyCompany!!isg\lesleysRedirTest.nsf

The name of this file is lesleysRedirTest.nrf (matching the name of the db, lesleysRedirTest.nsf) and, it goes in the directory of the server that the db replica is being deleted from.

In this case we deleted the db from server APP002/SRV/MyCompany and clients clicking the bookmarks or workspace icons going to APP002 will automatically have their links to APP002 deleted and replaced with links to the db on APP001.

If you need to get a hold of a replica id of the db, in case you forgot to create the redir on delete, you can get one from the remaining dbs and get a db link. When you paste the db link in to a text editor you will get the following, with the replica id in it...

lesleysRedirTest
<NDL>
<REPLICA 87654321:12345678>
<HINT<CN=APP001/OU=SRV/O=MyCompany</HINT>
<REM>lesleysRedirTest</REM>
</NDL>

Search This Blog