Deallocate Azure VMs with Azure Devops – Scheduled VM shutdown.

Having been inspired by Gregor Suttie's post 'Replacing Azure Automation using Azure CLI and Azure Devops' I decided to do something similar with Powershell. My requirement was to power off VMs with a certain tag and value at a certain time. The PowerShell for this is fairly simple: Get-AzVM | Where-Object {$_.tags['shutDown'] -eq "19:00"} | Stop-AZVM … Continue reading Deallocate Azure VMs with Azure Devops – Scheduled VM shutdown.

Azure Security Center & log Analytics Workspaces

Azure Security Center is a good thing to have as part of your Azure resources and it comes in two tiers: Free or Standard. By default it is enabled in your Azure subscription at the free tier and changing that to standard unlocks additional features and comes with some costs . So you've upgraded Security … Continue reading Azure Security Center & log Analytics Workspaces

When life gets confusing – check your AzureRM module version

I had to enable disk encryption on some existing Azure VMs this morning but I kept hitting a snag even though I had done this before and was using the same powershell as before. Here's the PowerShell: $rgName = 'MySecureRg'; $vmName = 'MySecureVM'; $KeyVaultName = 'MySecureVault'; $KeyVault = Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname; $diskEncryptionKeyVaultUrl = … Continue reading When life gets confusing – check your AzureRM module version

vNet Peering PowerShell

We have a hub and spoke design in Azure for our vNets and needed to peer the vNets together. This can be done in an ARM template and we could have deployed all three networks in one go and peered them as part of the ARM template deployment.  For various reasons that approach didn't really … Continue reading vNet Peering PowerShell

Querying IIS SMTP Smarthost Settings

Had a request to throw something together to query multiple machines and find the smarthost server that IIS was configured to use.  All I had time for was 'quick and dirty' so this is what I came up with;   get-adcomputer -filter * | Select-Object dnshostname >c:\servers.txt Get-WmiObject -Namespace "root\MicrosoftIISv2" -Class "IISSMTPServerSetting" -Filter "Name ='SmtpSvc/1'" … Continue reading Querying IIS SMTP Smarthost Settings

New Child Domain – Server Core and PowerShell

All of my domain controllers are now server core unless someone can give me a very good reason to install Windows with a GUI, so far no one has given me a good enough reason. When deploying a new child domain this means we can now use some PowerShell goodness to create our new child … Continue reading New Child Domain – Server Core and PowerShell

Restore Computer Object with AD Recycle Bin

Over the Xmas period it would seem that someone deleted a computer account from AD.  This meant that the user of that PC could not log in using that PC.  This is a Windows 2008R2 forest so to restore the computer object;   Get-Adobject -filter {samaccountname -eq "pcname$"} -IncludeDeletedObjects | Restore-Adobject   The $ on … Continue reading Restore Computer Object with AD Recycle Bin

AdminSDHolder and admincount=1 attribute

Certain groups within Active Directory are considered protected groups and are protected by AdminSDHolder.  When a user becomes a member of a protected group it will no longer inherit permissions from its parent object in AD (usually an OU).  This can mess up any carefully laid permission delegations you may have configured.  Much more on … Continue reading AdminSDHolder and admincount=1 attribute

Move users to OU based on description

Trying to keep up with job changes and ensuring users accounts are in the correct OU in AD can be problematic.  In the environment I work in each team has their own OU (I'm not sure why it is like this,  I suspect it's a case of 'that's the way we've always done it'). Anyway … Continue reading Move users to OU based on description