Powershell

How to check for (and remove) Global Admins in your O365 subscription Recently updated !

10 Dec, 2018 in Office365 tagged Powershell by Xander

In this post I’m going to describe how you can easily identify your Office 365 administrators and how to remove them.

connect-msolservice
$role = Get-MsolRole -RoleName "Company Administrator"
Get-MsolRoleMember -roleobjectid $role.objectid

connect-msolservice

$role = Get-MsolRole -RoleName "Company Administrator"

Get-MsolRoleMember -roleobjectid $role.objectid

You now get a overview of your Global Admin users in your O365 subscription.

It’s easy to revoke the Admin rights from a specific user using the Remove-MsolRoleMember command

Remove-MsolRoleMember -RoleName "Company Administrator"-RoleMemberType User -RoleMemberEmailAddress "emailaddress@ofuser.com"

1	Remove-MsolRoleMember -RoleName "Company Administrator"-RoleMemberType User -RoleMemberEmailAddress "emailaddress@ofuser.com"

Script to check multiple servers which services are using specific accounts

2 Jul, 2014 in IT / Powershell / Uncategorized tagged Powershell by Xander

A client wanted to rename a specific account, but they were afraid to change this specific account because it could be used as a service account for several services running on a number of servers. Because I didn’t want to logon to all those servers manually I decided to create a powershell script.

Hereby the source code :

$DefineSaveLocation=&quot;f:\powershell&quot;
$SaveLocaPath=Test-Path $DefineSaveLocation
if ($SaveLocaPath -eq $False)
    {New-Item -ItemType directory -Path $DefineSaveLocation}
cd $DefineSaveLocation

Foreach ($Server in Get-Content &quot;F:\powershell\inputfile.txt&quot; )
 {
  Write-Host &quot;Retrieving Servers for $Server &quot;    
  Get-WmiObject win32_service -ComputerName $Server  | select Name,
  @{N=&quot;Startup Type&quot;;E={$_.StartMode}},
  @{N=&quot;Service Account&quot;;E={$_.StartName}},
  @{N=&quot;System Name&quot;;E={$_.Systemname}} | Sort-Object &quot;Name&quot; &gt; &quot;.\$Server -Services.txt&quot;
 }

$DefineSaveLocation="f:\powershell"

$SaveLocaPath=Test-Path $DefineSaveLocation

if ($SaveLocaPath -eq $False)

{New-Item -ItemType directory -Path $DefineSaveLocation}

cd $DefineSaveLocation

Foreach ($Server in Get-Content "F:\powershell\inputfile.txt" )

{

Write-Host "Retrieving Servers for $Server "

Get-WmiObject win32_service -ComputerName $Server | select Name,

@{N="Startup Type";E={$_.StartMode}},

@{N="Service Account";E={$_.StartName}},

@{N="System Name";E={$_.Systemname}} | Sort-Object "Name" > ".\$Server -Services.txt"

}

This script uses a inputfile containing the servernames. You can use for example use rvtools or an WMI query to create this file.

After running the script the output is as follows :

(Click the picture for a full view)

I imported this file into excel and from now it’s easy to check for accounts being used etc.

Make sure to run powershell in elevated mode and don’t forget the set-executionpolicy unrestricted option.

Exchange & Lync : Find and fix broken inheritance

23 Feb, 2013 in Exchange / IT / Lync / Uncategorized tagged Exchange / Lync / Powershell by Xander

Many times I’ve ran into the following error :

(Error : unsufficient access rights to perform the operation) while moving Lync users of moving mailboxes in Exchange.

This is due to the following :

Include inheritable permissions MUST BE ENABLED. (Also for other tasks)

When this is one or a couple of users this is no problem. When you have >100 users then you don’t want to do this manually.

This is how to script this :

First check witch users are having this problem using the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

Example :

You see the accounts which are having this problem. Nothing is fixed yet. Therefore you need to run the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected} | Set-QADObjectSecurity -UnlockInheritance

M	T	W	T	F	S	S
« Nov
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

vWorld.nl

Because IT's a virtual World!

Because IT's a virtual World!

Powershell

How to check for (and remove) Global Admins in your O365 subscription Recently updated !

Script to check multiple servers which services are using specific accounts

Exchange & Lync : Find and fix broken inheritance