TechCognizance

Author Archives: TechCognizance

Restore Items from OneDrive Recycle Bin using Powershell

Posted on May 16, 2021 by TechCognizance Leave a comment

There are situation when you need to restore large amount of data form OneDrive Recycle bin using PowerShell.

We can using SharePoint PnP PowerShell module for this.

Import the module

Install-Module -Name "PnP.PowerShell" -Force

Now for example you want to Restore OneDrive Recycle Bin of TestUser@techcognizance.com

Connect user’s OneDrive using below command, you need to provide end users credentials when requested.

Connect-PnPOnline  -Url https://techcognizance-my.sharepoint.com/personal/testuser_techcognizance_com -Interactive

Now you can get recycle bin items of the user, if there are so many items, you can specify the limit

Get-PnPRecycleBinItem -FirstStage
Get-PnPRecycleBinItem -SecondStage

If you want to restore just one item, you can specify ID of that Item.

You can also restore all Items in one go.

Get-PnPRecycleBinItem | Restore-PnPRecycleBinItem -Force

We can use filter also, use below command to restore items deleted in last 5 days, where item name contains “Project Related”

$restoreDate = (Get-Date).AddDays(-5)
Get-PnPRecycleBinItem -Firststage | where {($_.DeletedDate -gt $restoreDate) -and ($_.Title  -Like ‘*ProjectRelated*’)} | Restore-PnpRecycleBinItem -Force

OneDrive

Get list of users created in AD within last few days

Posted on March 28, 2021 by TechCognizance Leave a comment

Using PowerShell we can get list of users created during a particular time frame, like in last 1 day, 30 days, etc. This may be helpful in AD audit or to track any security breach.

First, create a variable and store the date you want to go back.

Make sure you run the PowerShell as Admin, if you don’t you may get blank values for WhenCreated

$When = (Get-Date).AddDays(-30) # You can change number of days here as per your requirement. 
Get-ADUser -Filter {WhenCreated -ge $when}

#IF you want to list particular properties, you can use below command.
Get-ADUser -Filter {WhenCreated -ge $when} -Properties * | FT Name, UserPrincipalName, WhenCreated

We can also get group membership of these users in same command output.

Get-ADUser -Filter {whenCreated -ge $when} -Properties * | select UserPrincipalname, SamAccountName, Enabled, whenCreated, @{n="GroupMembership"; e={$_.MemberOf | foreach {(Get-ADGroup $_).Name}}}

Export this list to CSV file.

Get-ADUser -Filter {whenCreated -ge $when} -Properties * | select UserPrincipalname, SamAccountName, Enabled, whenCreated, @{n="GroupMembership"; e={$_.MemberOf | foreach {(Get-ADGroup $_).Name}}} | Export-CSV C:\Temp\ADUsersWhenCreated.csv -notype

Maximize Teams meeting shared content

Posted on March 27, 2021 by TechCognizance Leave a comment

When you are in a Teams meeting and someone is sharing content from their screen. In the new Teams meeting experience Teams meeting window open in a separate window and chat in a separate window and the sharing window size is really small.

We can turn off “New Teams meeting experience” but then we will have one single window for meeting and chat. though, we will have “Full Screen” option and can see large window when someone is sharing screen.

To turn off New Teams meeting experience go to Settings->General->Application -> Uncheck “Turn on new meeting experience”. This option is not available in new Teams versions.

Though, we can increase the sharing Teams window size in new meeting experience also.

To use Full Screen in sharing window.

Click on the “More Actions” (Three dots at the top of Teams Window) -> Click on “Full Screen”

Go to more actions again and click on Focus.

If the Window size is still small, you can also Zoom in the shared window.

Just press Ctrl key on keyboard + (rotate mouse wheel up) to increase Zoom in or rotate mouse wheel down to zoom out.

Action	Windows	Mac
Zoom in	Ctrl+= or Ctrl+(rotate mouse wheel up)	Command+= or Command+(rotate mouse wheel up)
Zoom out	Ctrl+- or Ctrl+(rotate mouse wheel down)	Command+- or Command+(rotate mouse wheel down)
Reset zoom	Ctrl+0	Command+0

Teams

How to Copy Other User’s OneDrive Data to your OneDrive

Posted on March 19, 2021 by TechCognizance Leave a comment

There are situations when we need to copy one user’s OneDrive data to another user’s OneDrive. For example a user leaving company and his manager wants all the project related files from his OneDrive. By default when we remove user’s license OneDrive data is preserved for 30 days which can be increased. If we want to preserve files longer than this, we can either enable retention hold on OneDrive or copy data to another user’s OneDrive.

We can follow below process to Copy OneDrive data.

Grant permissions on user’s OneDrive to his manager How to grant permissions ?
Generate OneDrive link and provide the link to user
- Login Microsoft Admin portal https://admin.microsoft.com/
- Select the user for which you want to save the data
- Go to OneDrive Tab and click on “Create link to access file”

Now user’s manager can copy the data
- Copy the link and provide to end user to access files of the user leaving
- Open the link on user’s manager computer and select the folders you want to copy to his OneDrive

Click on “Copy To” and the Manager will option to copy to his OneDrive.

Select “Your OneDrive”. You will have option to Copy to existing folders or you can create a new folder also.

Depending on the size of data, you will start seeing files and folders in your OneDrive.

OneDrive

How to grant a user permission to access another user’s oneDrive

Posted on March 7, 2021 by TechCognizance One comment

When an employee leaves your organization, the management wants to access their data to review it and give it a new employee or want to backup the data.

Once you remove the license and delete the user, you will have 30 days by default (can be increased from OneDrive admin center) to access user’s OneDrive data, after 30 days the data will be deleted.

We can allows other users to access OneDrive data using below methods.

Option 1 – Using user’s OneDrive link from M365 Admin center

In the admin center, go to the Users > Active users page.
Select a user.
In the right pane, select OneDrive. Under Get access to files, select Create link to files.

Click on this link and you will get redirected to the user’s OneDrive in your browser window.

Replace OneDrive with mngsiteadmin, so the link will become line below.

Add the new user in the permissions list and click Ok. don’t remove any permissions from here.

The new user will have permissions to the OneDrive

Option 2 – Using SharePoint Admin Center.

Login SharePoint Admin Center
On the left hand pane open the “more features”
Under User Profiles, select Open.
Under People, select Manage User Profiles.
Enter the user’s name and click Find.
Right-click on the user’s name and select Manage Site Collection Owners.
Add a secondary admin in the “Site Collection Administrators” and Click OK

OneDrive

How to generate OWA Login report in Exchange server

Posted on February 27, 2021 by TechCognizance Leave a comment

We can generate OWA login report in Exchange servers using IIS logs, we need to use log parser to get the designred report.

For example, if you want to get report of OWA logins for 10 days for all users.

Download and install log parser and log parser studio on a server and note down the path.
On one of the servers where you have enough space create a folder in C: Drive named “OWALogs”
Copy 10 days logs from C:\inetpub\logs\LogFiles\W3SVC1 from your Exchange servers to C:\OWAlogs
Create a subdirectory under C:\OWAlogs called MergedOWALogs

Open an elevated CMD on the server, where you had installed Log Parser.
Now, Navigate to :- C:\Program Files (x86)\Log Parser 2.2>

Run the below command

logparser.exe -i:iisw3c “select * into c:\OWAlogs\MergedOWALogs\merged.log from c:\OWaLogs\*” -o:csv”

It will take time according to the size of logs and then create a file Merged.log inside C:\OWALogs\MergedOWALogs

Now run below command.

LogParser -i:csv “SELECT cs-username, date, time, c-ip, cs-uri-stem, cs(User-Agent) FROM C:\OWALog\MergedOWALogs\Merged.log TO C:\OWALogs\Output.csv WHERE cs-method LIKE ‘%get%’ and cs-uri-stem LIKE ‘%owa%’

It will take time according to the size of logs.
It will create a file C:\OWALogs\Output.csv
You can ZIP this file and copy your to desktop, you can then apply desired filters on this file to get results you want.

If the above command doesn’t work in CMD you can run below commands in PowerShell.

$logparser = “c:\program files (x86)\Log Parser 2.2\logparser.exe”

$query = “SELECT * INTO C:\OWAlogs\MergedOWALog\merged.log FROM C:\OWALogs\*.log”

& $logparser -i:iisw3c -o:csv $query

Exchange Server

Secure RPC – CVE-2020-1472

Posted on February 15, 2021 by TechCognizance Leave a comment

You see some issues when trying to connect your file shares and get “Access Denied” error, also see events 5827 and 5828 in Domain controller Event Logs.

In your storage logs you also see error – AUTH: Domain Controller error: NetLogon error 0xc0000022: – Filer’s security information differs from domain controller

The cause of this issue is a patch which was released in two pashes and Microsoft has added these event

August 11, 2020- Initial Deployment Phase

In August, Microsoft released the first phase of a two-phase fix to force secure RPC with Netlogon.

This will flag all the no-secure RPC endpoints and will generate a warning in your event logs on domain controllers.

EventID 5829 triggers whenever a vulnerable Netlogon secure channel connection is allowed

February 9, 2021 -Enforcement Phase

The second phase activates an enforcement mode. “The DCs will now be in enforcement mode regardless of the enforcement mode registry key. This requires all Windows and non-Windows devices to use secure RPC with Netlogon secure channel or explicitly allow the account by adding an exception for the non-compliant device.

EventID 5827 and EventID 5828 trigger if vulnerable Netlogon connections are denied.

https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e

How to fix the issue –

If the source device is Windows device, make sure the device is up-to-date and running a supported version of Windows.
Check to ensure that Domain member: Digitally encrypt or sign secure channel data (always) is set to Enabled.

Location – Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

For non-Windows devices acting as a DC, these events will be logged in the system event log when using vulnerable Netlogon secure channel connections. If one of these events is logged
- Recommended – Work with the device manufacturer (OEM) or software vendor to get support for secure RPC with Netlogon secure channel
- Vulnerable If a non-compliant DC cannot support secure RPC with Netlogon secure channel before the DCs are in enforcement mode, add the DC using the “Domain controller: Allow vulnerable Netlogon secure channel connections” group policy described below.

Allowing vulnerable connections from 3rd party devices.

Use the “Domain controller: Allow vulnerable Netlogon secure channel connections” group policy to add non-compliant accounts. This should only be considered a short-term remedy until non-compliant devices are addressed as described above. Note Allowing vulnerable connections from non-compliant devices might have unknown security impact and should be allowed with caution.

Create a security group(s) for accounts which will be allowed to use a vulnerable Netlogon secure channel.
In Group Policy, go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Search for “Domain controller: Allow vulnerable Netlogon secure channel connections”.
If the Administrator group or if any group not specifically created for use with this Group Policy is present, remove it.
Add a security group specifically made for use with this Group Policy to the security descriptor with the “Allow” permission. Note The “Deny” permission behaves the same way as if the account was not added, i.e. the accounts will not be allowed to make vulnerable Netlogon secure channels.
Once the security group(s) is added, the group policy must replicate to every DC.
Periodically, monitor events 5827, 5828 and 5829 to determine which accounts are using vulnerable secure channel connections.
Add those machine accounts to the security group(s) as needed. Best practice Use security groups in the group policy and add accounts to the group so that membership is replicated through normal AD replication. This avoids frequent group policy updates and replication delays.

Update Room and Equipment Mailboxes features using the Resource Schema

Posted on February 12, 2021 by TechCognizance Leave a comment

When creating room mailboxes, it is good to show features of room mailbox to end users for easy identification.

By default in GAL description will only show “Room” which may not be sufficient to identify capabilities of Room while booking.

For example, we can update details like TVScreen, whiteboard, Smartboard with room.

Using resouce schema we can update all features of a room mailbox.

#To check current resource config
Get-ResourceConfig

We can add resource schema using below commands.

Set-ResourceConfig -ResourcePropertySchema @{add="Room/WithTVScreen"}
Set-ResourceConfig -ResourcePropertySchema @{add="Room/Whiteboards"}

Adding resource config value will not update any mailbox, but we will have to set these configs on room mailboxes.

If a item is not there in resource config, you can’t add that item on room mailbox.

Also, only a alphanumeric value is allowed and space is not allowed.

Set-Mailbox R_BoardRoom -ResourceCustom   @{add= "WithTVScreen"}
Set-Mailbox R_PinkRoom -ResourceCustom  @{add= "WithTVScreen", "Whiteboards"}
Set-Mailbox R_SmartRoom -ResourceCustom  @{add= "WithTVScreen", "Whiteboards", "VideoConf" }

Once you update and download the GAL, you will see below results.

Add members to Azure AD/Microsoft 365 Groups in bulk

Posted on February 7, 2021 by TechCognizance Leave a comment

We can bulk update Microsoft 365/Azure AD Groups using PowerShell. We just need a list of users UPN or primary SMTP Addresses.

Get the group’s object ID.

You can copy the group’s object ID from Azure AD console from properties tab or use below command.

#Connect Azure AD
Connect-AzureAD
(Get-AzureADGroup -SearchString Test-Group).ObjectId

If you want to add a mailbox to the group, use below command, it will add User@domain.com to Test-Group

#Connect Azure AD and Exchange online if not connected already. 
Connect-AzureAD
Connect-ExchangeOnline -UserPrincipalName <Your O365 Admin ID>

Add-AzureADGroupMember -ObjectId <Group's Object ID> -RefObjectId (Get-Mailbox User@domain.com).ExternalDirectoryObjectId

If you want to add a set of Azure AD users, for example all users start with TestUser, below command will add all the users start with TestUser to TestGroup

Get-AzureADUser -SearchString TestUser | foreach {Add-AzureADGroupMember -ObjectId <Gorup's ObjectID> -RefObjectId $_.ObjectID}

If you have a list of users, create a file Userlist.txt [One UPN or email per line] and save in C:\Temp folder. Below command will add all the users mentioned in Userlist.txt to the Test-Group

#Connect Azure AD and Exchange online if not connected already.
Connect-AzureAD
Connect-ExchangeOnline -UserPrincipalName <Your Microsoft 365 Admin ID>
Get-Content C:\Temp\UserList.txt | foreach {Add-AzureADGroupMember -ObjectId <Group's Object ID> -RefObjectId (Get-Mailbox $_).ExternalDirectoryObjectId}

« Older Entries