SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Sponsor:


Recently Changed Pages:

View All Pages


View All Tags







WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

PageDateDiscussionTags
2019/11/18 13:52 1 Comment

View All Comments

start

SHIFT - Sjoerd Hooft's InFormation Technology

This WIKI is part of SHIFT. If you want to post comments, Sign up for Q. Q is the best way to practice your IT exams. A distraction free exam trainer with the option to post comments and even add questions yourself for free access. Give it a try and sign up for two weeks of free access!


Manage MS Teams Membership

In this article I'll show the steps and script to manage team membership based on being a member of an Active Directory security group. I'll create two Azure Enterprise Applications, a script and an Azure DevOps Server pipeline. How fun.

→ Read more...

2021/04/09 13:53 · sjoerd

Register Azure Enterprise App for Graph

I found in the last couple of years multiple uses for Graph, and slowly also Microsoft is moving to Graph for more and more authentication automation. I also found that the interface and procedure changes very fast, I register an Azure Enterprise App once every few months or so and I don't think I've ever done in exactly the same way as before. Because of that, it does take more time than I counted on, so I wanted to make a single page to collect all information, or directly link to other pages as examples.

→ Read more...

2021/04/09 13:24 · sjoerd

Change Expired AD Password

I often have multiple accounts to keep track of, with various password policies. Sometimes a password just expires and I don't want to bother support staff to reset it to a temporary password which I have to reset then again. It's a lot of hassle. To prevent that, I became a big fan of the PowerShell function below. All credits go to Evotec, but I've used it a lot. If you're on a personal system, you could just simply do:

Install-Module PSSharedGoods -Force 
Set-PasswordRemotely

But if you're on a server system without internet access or do not want to install form unknown sources you could simply paste the function into your powershell session and then run the function:

function Set-PasswordRemotely {
    [CmdletBinding(DefaultParameterSetName = 'Secure')]
    param(
        [Parameter(ParameterSetName = 'Secure', Mandatory)][string] $UserName,
        [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $OldPassword,
        [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $NewPassword,
        [Parameter(ParameterSetName = 'Secure')][alias('DC', 'Server', 'ComputerName')][string] $DomainController
    )
    Begin {
        $DllImport = @'
[DllImport("netapi32.dll", CharSet = CharSet.Unicode)]
public static extern bool NetUserChangePassword(string domain, string username, string oldpassword, string newpassword);
'@
        $NetApi32 = Add-Type -MemberDefinition $DllImport -Name 'NetApi32' -Namespace 'Win32' -PassThru
 
        if (-not $DomainController) {
            if ($env:computername -eq $env:userdomain) {
                # not joined to domain, lets prompt for DC
                $DomainController = Read-Host -Prompt 'Domain Controller DNS name or IP Address'
            } else {
                $Domain = $Env:USERDNSDOMAIN
                $Context = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $Domain)
                $DomainController = ([System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($Context)).Name
            }
        }
    }
    Process {
        if ($DomainController -and $OldPassword -and $NewPassword -and $UserName) {
            $OldPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $OldPassword).Password
            $NewPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $NewPassword).Password
 
            $result = $NetApi32::NetUserChangePassword($DomainController, $UserName, $OldPasswordPlain, $NewPasswordPlain)
            if ($result) {
                Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName failed on $DomainController. Please try again." -ForegroundColor Red
            } else {
                Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName succeeded on $DomainController." -ForegroundColor Cyan
            }
        } else {
            Write-Warning "Set-PasswordRemotely - Password change for account failed. All parameters are required. "
        }
    }
}
Set-PasswordRemotely

→ Read more...

2021/01/29 16:21 · sjoerd

Discussion

Enter your comment. Wiki syntax is allowed:
C M L X D
 
start.txt · Last modified: 2020/01/17 14:00 by sjoerd