Create a “Dynamic” AD Group using PowerShell

I had a request come to me today for an AD group that will always contain all of the users in a particular OU.  If you have come across my little place on the internet before, you are likely familiar that I do a lot of work with AD FS.  Keeping that in mind, I wanted to make sure only users that were synced with Azure AD/O365 from this OU were added to the group.  Additionally, if that user were no longer synced with Azure AD/O365 I wanted to remove them from the group to keep it tidy.  And thus I came up with the following script that I have run every hour:

 

Exchange Online Missing Mandatory Parameters: ArchiveGuid

I’ve been working with hybrid Office 365 environments for quite some time now and liked to think that I had come across most of the weird errors, but of course just when you think that there has to be another random msExch attribute to come along and muck things up.  I came across just such a case today, presenting itself with the following error in Office 365:

Exchange: Cannot process command because of one or more missing mandatory parameters: ArchiveGuid.

I did a little digging and came across this blog post that found the msExchRemoteReceipeintType attribute to be the culprit.  I cleared the value, kicked off a full dirsync and wha-lah!  Problem solved.

Export Licensed User Properties from Multiple Azure AD Tenants

This is a pretty easy one, but it is quite useful.  Usually when I have a need to do this I just need to export FirstName, LastName, and UPN but the properties are really plug and play.  Look up the different properties on the Get-MsolUser Microsoft Doc found here.  This may go without saying, but you could always just run this as a one liner after connecting to your tenant if you don’t have a need for exporting multiple tenants.  I use this mostly for internal stuff, so I want all the users that we manage.  Without further ado:

 

Convert .pfx to .pem Format

I needed to get .pem’s out of a .pfx recently for an application that did not have an easy method to upload a .pfx.  It ran on top of a debian distro so I figured it was easier to just drop the .pem’s where they need to be, but then I realized I’ve never taken a .pfx and split it up before.  Perfect time to figure it out right?  Luckily the issue wasn’t all that important (was a test/dev thing), so that’s just what I did.  Here is what I came up with:

1.) Install OpenSSL on a machine

2.) Copy .pfx file to that computer

3.) Run the following to get the key.pem:

4.) Run the following to get the crt.pem

That should do it for you.  Do with them what you will!

Sources:

Adobe Blog Post

StackPath Support Article

Running Scheduled Task with Group Managed Service Account

So I am trying to start using Group Managed Service Accounts rather than the old school create a user account and be done with it for my scheduled tasks.  This combined with some other security measures I’m putting in place should help lower the damage a malicious being could do should they somehow get a privileged account significantly, and it generally just makes way more sense.  All that being said, I ran into a little issue trying to run a scheduled task as one of these Group Managed Service Accounts I have created (don’t worry, I’ll have a post about how to do that soon).  You can’t just add them with the GUI as you would expect, you have to use CLI (at least to my knowledge you have to).  I stumbled across this TechNet post that helped me come to the following solution.  Again, this is assuming you have your Group Managed Service Account configured correctly.

1.) Create your Scheduled Task as you normally would, but disregard the Security Options (we’ll be changing those in a second)

2.) Once that is created, open a PowerShell window as administrator

3.) Run the following:

4.) When it asks for a password, leave it blank and hit enter

That’s it!  You can refresh your Task Scheduler window to see the updated Security Options.

Installing VMware Tools on Ubuntu Server via CLI

Per usual this is more for my own reference because I’m forgetful, but it might help someone out if they happen to miss the very detailed instructions found here on VMware’s KB site.  For this I think I’ll do a numbered list of steps to make things simple:

1.) Mount VMware Tools installer in vSphere/vCenter by selecting the Install VMware Tools option

2.) SSH into your Linux VM and sudo up, or if you prefer put sudo in front of all your commands…I’m lazy

3.) Create a directory to use as a mount point

4.) Mount the CDROM to your newly created mount point

5.) Copy the zipped files to a temporary directory

6.) Move into your temp directory and extract the files

7.) Move into the vmware-tools-distrib directory and run the PERL install script

At this point you’ll be asked a whole bunch of questions to customize the install.  Select whatever works for your environment, though the defaults will work fine for most.  It’ll go through installing and you’re done!