Simon Poirier poiriersimon
poiriersimon
/ O365 unsafe users.ps1
Created
January 9, 2019 15:38
O365 Check for user that doesn't have password Expiration and aren't using Strong Password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1 - List Managed Domain | |
| $ManagedDomain = Get-MSOLDomain |where {$_.AuthenticationType -eq "Managed"} | |
| #2 - Check if 1 users exist in those domain | |
| $UsedManagedDomains = @() | |
| foreach ($ManagedDomain in $ManagedDomains){$Users = @(); $users= Get-MSOLUser -All | where {$_.UserPrincipalName -like "*$($ManagedDomain.name)"}} | |
| #3 - for each of those domain - Get-MSOLUser | where{$_.PasswordNeverExpire -eq $TRUE} | |
| [array]$UnsafeUsers = $Users | where {$_.PasswordNeverExpires -eq $True -and StrongPasswordRequired -eq $False} | |
| #4 - if any Trigger | |
| If($UnsafeUsers.count -eq 0){Write-host "Pass"} Else {Write-host "Fail : You have $($UnsafeUsers.count) account"} |
poiriersimon
/ Check for EXO SPF.ps1
Created
January 9, 2019 18:49
Check SPF for all accepted domain in Exchange Online
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $AcceptedDomains=Get-AcceptedDomain |where {$_.DomainName -notlike "*.mail.onmicrosoft.com"} | |
| #A better approach would be to validate if the domain is user in a primary email address | |
| $DomainWithoutSPF = @() | |
| foreach($AcceptedDomain in $AcceptedDomains){ | |
| $DNS = Resolve-DnsName -Type TXT -Name $AcceptedDomain.DomainName |where{$_.Strings -like "*v=spf1*"} | |
| if($DNS.strings -like "*include:spf.protection.outlook.com*"){Return | |
| }elseif($DNS.strings -like "*include:*"){ | |
| foreach($include in $($dns.Strings.split(" ")| where {$_ -like "include:*"})){ | |
| $tDns = Resolve-DnsName -Type TXT -Name $($include.split(":")[-1]) | |
| if($tDNS.strings -like "*include:spf.protection.outlook.com*"){Return} |
poiriersimon
/ Get-DistributionGroupExpandedMember.ps1
Last active
February 5, 2019 19:34
This script is used to get the list of all member of a Distribution list that contain other Distribution list, the result is a pure list of user or contact that are contain is those recursive Distribution List I found this useful to manage New-App Userlist with group ex : New-App
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-DistributionGroupExpandedMember { | |
| Param( | |
| [Parameter(Mandatory=$True,ValueFromPipeline=$True)][String] $Identity | |
| ) | |
| BEGIN{ | |
| } | |
| PROCESS { | |
| $ExpandedDLList = @() | |
| [array]$DL = Get-DistributionGroupMember $Identity |
poiriersimon
/ Check SPF for IP.ps1
Created
January 31, 2019 16:58
Check if some IP or ip range are included in SPF Records
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $IpsToCheck = @("40.107.67.0","104.47.612.0","52.100.146.0","40.107.0.0","104.47.0.0","52.100.0.0") | |
| $domain = "spf.protection.outlook.com" | |
| #A better approach would be to validate if the domain is user in a primary email address | |
| $IpMissing = @() | |
| foreach($IpToCheck in $IpsToCheck){ | |
| $DNS = Resolve-DnsName -Type TXT -Name $domain |where{$_.Strings -like "*v=spf1*"} | |
| if($DNS.strings -like "*$($IpToCheck)*"){ $DNS.strings | |
| }elseif($DNS.strings -like "*include:*"){ | |
| foreach($include in $($dns.Strings.split(" ")| where {$_ -like "include:*"})){ | |
| $tDns = Resolve-DnsName -Type TXT -Name $($include.split(":")[-1]) |
poiriersimon
/ Extract-SharedMailboxPermission.ps1
Last active
February 25, 2019 18:13
Script to extract Shared Mailbox permission in EXO and expand (Nested) DG if present
poiriersimon
/ Remove Database with no mailboxes.ps1
Created
February 11, 2019 20:01
Remove Database with no mailboxes for Exchange 2010+
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $MailboxDatabase = Get-mailboxDatabase | where {$_.Recovery -eq $False} | |
| $EmptyDBs = @() | |
| foreach($DB in $MailboxDatabase){ | |
| $Mailboxes = $DB | Get-Mailbox | select Identity -first 1 | |
| if($Mailboxes -eq $NULL){ | |
| $EmptyDB = New-Object PSObject | |
| $EmptyDB | Add-Member NoteProperty -Name "Name" -Value $DB.Name | |
| $EmptyDB | Add-Member NoteProperty -Name "EDBPath" -Value $DB.EdbFilePath | |
| $EmptyDB | Add-Member NoteProperty -Name "LogPath" -Value $DB.LogFolderPath | |
| $EmptyDB | Add-Member NoteProperty -Name "Servers" -Value $($DB.Servers -join ',') |
poiriersimon
/ ProxyAuth.ps1
Created
April 23, 2019 18:21
Powershell cmdlet to authenticate to Proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Configuration du proxy pour permettre l'Accès a Graph API sans problème | |
| $wc = New-Object System.Net.WebClient | |
| $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials |
poiriersimon
/ Get-GraphAuthHeaderBasedOnUPN.ps1
Last active
May 2, 2019 16:41
Powershell Function to Get Auth Header based on UPN with Graph API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #You need AzureAD Module (Save-Module AzureAD -Path C:\temp) | |
| #Azure DLL are sideloaded in a job to bypass potential conflict with other version | |
| function Get-GraphAuthHeaderBasedOnUPN | |
| { | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $True)] | |
| [string]$Tenant = "", | |
| [Parameter(Mandatory = $false)] | |
| [string]$clientId = "1950a258-227b-4e31-a9cf-717495945fc2", |
poiriersimon
/ Connect-Intune.ps1
Last active
May 2, 2019 19:49
Powershell function to connect to Intune Graph API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #You need AzureAD Module (Save-Module AzureAD -Path C:\temp) | |
| #You need Function Get-GraphAuthHeaderBasedOnUPN @ https://gist.github.com/poiriersimon/ded7cdca600ba0aab84b75b7f47c1235 | |
| Function Connect-Intune{ | |
| param | |
| ( | |
| [Parameter(Mandatory = $True)] | |
| [string]$Tenant, | |
| [Parameter(Mandatory = $True)] | |
| [string]$UserPrincipalName, | |
| [string]$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547", |
poiriersimon
/ Get-CurrentUPN.ps1
Created
April 23, 2019 18:32
Powershell function to detect UPN for the currently logged user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-CurrentUPN | |
| { | |
| $UserPrincipalName = $NULL | |
| # | |
| $UPNList = @() | |
| $UPN = $Env:USERNAME | |
| if($UPN -eq $NULL){ | |
| $UPN = (whoami) | |
| if($UPN -ne $NULL){ |