active – Page 2 – Mohammed Wasay

Cleaning up Office365 Groups Mess

February 23, 2017

Office 365 Groups are a shared workspace for email, conversations, files, and events where group members can collectively get stuff done. It compliments the introduction of Microsoft Teams. The main thing to keep in mind is that this feature is still evolving. Why is it important to control Office 365 Group creation? This feature is…

Remove disabled users from Distribution Lists & Security Groups in Active Directory

November 10, 2016

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

# This script removes all disabled users from all security and distribution groups in the specified "searchOU"

Import-Module ActiveDirectory

$searchOU = "OU=Groups,DC=domain,DC=local"

$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU
$adgroup | ForEach-Object{ $group = $_
	Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_
		$uname = $user.Name
		$gname = $group.Name
		Write-Host "Removing $uname from $gname" -Foreground Yellow
		Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false
	}
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

# This script removes all disabled users from all security and distribution groups in the specified "searchOU"

Import-Module ActiveDirectory

$searchOU = "OU=Groups,DC=domain,DC=local"

$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU

$adgroup | ForEach-Object{ $group = $_

Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_

$uname = $user.Name

$gname = $group.Name

Write-Host "Removing $uname from $gname" -Foreground Yellow

Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false

}

…

Migrate Office365 Photos to AD

November 2, 2016

Many of my customers have Office365 and have been using Skype for Business for sometime now. It is likely that your organization users have uploaded their profile picture. Now only if there was a way to sync those pictures back to your AD – so it looks neat & nice. There is a way!

#MigrateOffice365PhotosToAD.ps1

function Get-Office365Photo($EmailAddress,$Credential) {
    $wc = New-Object System.Net.WebClient
    $wc.credentials = $Credential
    # Build the URL that'll return the jpeg of the user's photo
    $url = "https://outlook.office365.com/ews/exchange.asmx/s/GetUserPhoto?email=$EmailAddress&size=HR96x96"
    # Build a path to export it to (.\kim.akers@contoso.com.jpg)
    $outPath = "$pwd\$EmailAddress.jpg"
    try { 
        # Download the image and save it to the current directory
        $wc.DownloadFile($url,$outPath)
        return $outPath
    } catch { throw $_ }
}

function Upload-ADPhoto($Username,$FilePath) {
    # Import the photo into a variable as a byte array
    $photo = [byte[]](Get-Content $FilePath -Encoding byte)
    # Replace the current value of thumbnailPhoto with the byte array from above
    Set-ADUser $Username -Replace @{ThumbnailPhoto=$photo}
}

# Get the credential to allow us to download the images
$Cred = Get-Credential -Message "Please enter your Office 365 Credentials"

# Get every mail-enabled AD user
$users = Get-ADUser -ldapfilter '(mail=*)' -properties mail

# For each of the mail-enabled users...
foreach ($user in $users) {
    try {
        # Download the photo
        $photoPath = Get-Office365Photo -EmailAddress $user.mail -Credential $Cred
        # Upload the photo
        Upload-ADPhoto -Username $user -FilePath $photoPath
    } catch {
        Write-Warning "Unable to update image for $($user.mail)"
    }
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

#MigrateOffice365PhotosToAD.ps1

function Get-Office365Photo($EmailAddress,$Credential) {

$wc = New-Object System.Net.WebClient

$wc.credentials = $Credential

# Build the URL that'll return the jpeg of the user's photo

$url = "https://outlook.office365.com/ews/exchange.asmx/s/GetUserPhoto?email=$EmailAddress&size=HR96x96"

# Build a path to export it to (.\[email protected])

$outPath = "$pwd\$EmailAddress.jpg"

try {

# Download the image and save it to the current directory

$wc.DownloadFile($url,$outPath)

return $outPath

} catch { throw $_ }

}

function Upload-ADPhoto($Username,$FilePath) {

# Import the photo into a variable as a byte array

$photo = [byte[]](Get-Content $FilePath -Encoding byte)

# Replace the current value of thumbnailPhoto with the byte array from above

Set-ADUser $Username -Replace @{ThumbnailPhoto=$photo}

}

# Get the credential to allow us to download the images

$Cred = Get-Credential -Message "Please enter your Office 365 Credentials"

# Get every mail-enabled AD user

$users = Get-ADUser -ldapfilter '(mail=*)' -properties mail

# For each of the mail-enabled users...

foreach ($user in $users) {

try {

# Download the photo

$photoPath = Get-Office365Photo -EmailAddress $user.mail -Credential $Cred

# Upload the photo

Upload-ADPhoto -Username $user -FilePath $photoPath

} catch {

Write-Warning "Unable to update image for $($user.mail)"

}

…

Active Directory: Changing passwords for users in bulk using a .csv file

October 13, 2016

Many accounts in your AD might need a password change. What if you want to do this in bulk ? First, we need to the userlist. Depending on your requirements we need to get a list of users (specifically samaccountname). For random password generation I recommend using http://manytools.org/network/password-generator/ as it can generate up 1000 for…

DFS Namespace service could not initialize cross forest trust information

August 11, 2016August 22, 2016

After you install Active Directory on Windows Server 2008 R2, you may start seeing the following error message after the server boots: The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data. This occurs because…

Change the password age in bulk for Active Directory accounts

July 21, 2016August 22, 2016

Ran into an interesting situation where pretty much all domain accounts did not follow the default password policy and had the option of ‘password never expires’ checked. I needed to fix this immediately without impacting the users and expiring any accounts that may affect the business. I needed to adjust the password age for all…