Archive

Undo-SoftDeletedUnifiedGroup

Soft-deleted Office 365 groups are groups that have been deleted, but can be restored within 30 days of being deleted. All of the group contents can be restored within this period. After 30 days, soft-deleted Office 365 groups are marked for permanent deletion and can’t be restored.

Undo-SoftDeletedUnifiedGroup -SoftDeletedObject “Marketing Department”

Update-DistributionGroupMember

Use the Update-DistributionGroupMember cmdlet to replace all members of distribution groups and mail-enabled security groups. To add or remove existing group members, use the Add-DistributionGroupMember and Remove-DistributionGroupMember

Update-DistributionGroupMember
[-Identity]
[-BypassSecurityGroupManagerCheck]
[-Confirm]
[-DomainController ]
[-Members ]
[-WhatIf]

Update-DistributionGroupMember -Identity “Research Reports” -Members chris@cloudrain.com,michelle@cloudrain.com,laura@cloudrain.com,julia@cloudrain.com

Script to create Active Directory User ID using Powershell

Script to create User ID(use this command in AD server)

New-ADUser -Name(Read-Host -AsPlainText “Type Name”) -DisplayName(Read-Host -AsPlainText “Type Display Name”)-GivenName(Read-Host -AsPlainText “Type First Name”) -Surname(Read-Host -AsPlainText “Type Last Name”) -Manager(Read-Host -AsPlainText “Type Manager Name”) -MobilePhone(Read-Host -AsPlainText “Type Mobile Number”) -SamAccountName(Read-Host -AsPlainText “Type UserName”) -UserPrincipalName(Read-Host -AsPlainText “Type UPN”) -Path “OU=users,OU=users,OU=ssg-india,DC=ssg,DC=com” -Title(Read-Host -AsPlainText “Type Title”) -Department(Read-Host -AsPlainText “Type Department”) -Description(Read-Host -AsPlainText “Type Description”) -office(Read-Host -AsPlainText “Type Office Name”) -EmailAddress(Read-Host -AsPlainText “Type Email Address”) -AccountPassword(Read-Host -AsSecureString “Type Password”) -Enabled $true

Script to remove Powershell.exe Malware/Virus by list of computers

How to clear powershell.exe Malware by list of computers

Create updateCheckServers.txt in the same folder for list of computers

$servers = get-content updateCheckServers.txt
$ReportFile = “malwareReport”+(Get-Date -Format “yyyyMMdd”)+”.csv”
foreach ($server in $servers) {
  $fileStatus = “Not Found”
  $path = “\\”+ $server +”\c$\removeMalware.txt”
  if (test-path -path “$path”){
      $fileStatus = “Good”
  }
  Add-Content $ReportFile “$server,$fileStatus”
}

Powershell Script to remove the outlook profile in the name of “outlook”

#Run on system logged in as the user you are trying to delete and recreate the profile for

if (test-path “$Env:USERPROFILE\outlookprofiledelete.log”){

}

else {

if(Test-Path “$Env:USERPROFILE\AppData\Local\Microsoft\Outlook”){

$PathTrue = 1

Remove-Item “$env:USERPROFILE\AppData\Local\Microsoft\Outlook\*.*” -force | Out-File $Env:USERPROFILE\outlookprofiledelete.log

}

}

if(Test-Path HKCU:\Software\Microsoft\Office\15.0\Outlook)

{

New-ItemProperty -Path HKCU:\Software\Microsoft\Office\15.0\Outlook\AutoDiscover -Name ZeroConfigExchange -Value 1 -PropertyType DWORD -Force

Remove-Item “HKCU:\Software\Microsoft\Office\15.0\Outlook\Profiles\outlook” -Recurse -Force

Remove-ItemProperty -Path HKCU:\Software\Microsoft\Office\15.0\Outlook\Setup\ -name First-Run

}

else{Write-Output ‘Outlook 2013 is not installed on this system’}

if(Test-Path HKCU:\Software\Microsoft\Office\16.0\Outlook)

{

New-ItemProperty -Path HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover -Name ZeroConfigExchange -Value 1 -PropertyType DWORD -Force

Remove-Item “HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\outlook\*” -Recurse -Force

Remove-ItemProperty -Path HKCU:\Software\Microsoft\Office\16.0\Outlook\Setup\ -name First-Run

}

else{Write-Output ‘Outlook 2016 is not installed on this system’}

Powershell Script to remove the Default outlook Profile in user machines

$outlookApplication = New-Object -ComObject ‘Outlook.Application’

$profileName = $outlookApplication.Application.DefaultProfileName

$profileRoot16 = “HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles”

$profileRoot15 = “HKCU:\Software\Microsoft\Office\15.0\Outlook\Profiles”

if (Test-Path $profileRoot15){

$outlookProfile15 = Join-Path -Path $profileRoot15 -Childpath $profileName

}

if (Test-Path $profileRoot16){

$outlookProfile16 = Join-Path -Path $profileRoot16 -Childpath $profileName

}

if (-not(test-path $Env:USERPROFILE\outlookprofiledelete.log)){

if (test-path $profileRoot15){

Remove-Item “$outlookProfile15\*” -force -Recurse | Out-File $Env:USERPROFILE\outlookprofiledelete.log

}

if (test-path $profileRoot16){

Remove-Item “$outlookProfile16\*” -force -Recurse | Out-File $Env:USERPROFILE\outlookprofiledelete.log

}

}

Powerhell Script to remove the Powershell.exe Malware/Virus

Powershell.exe run with High CPU Usage and Memory

Below Script will run and remove the Powershell.exe Malware from the Machine

$logFile = “c:\removeMalware.txt”
Get-WMIObject -Namespace root\Subscription -Class __EventFilter -filter “Name= ‘SCM Event Logs Filter'” |remove-WMIObject  -Verbose
Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter “Name=’SCM Event Logs Filter'” | Remove-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding -Filter “__Path LIKE ‘%SCM Event Logs Consumer%'” | RemovE-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class  ActiveScriptEventConsumer -Filter “Name=’SCM Event Logs Consumer'” | Remove-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter “Name=’SCM Event Logs Consumer'” | Remove-WMIObject -Verbose
Get-WmiObject -Namespace root\Default -List | where {$_.Name -eq ‘Office_Updater’} | Remove-WmiObject -Verbose
Add-Content $logFile “Malware Removal Script Ran”

PowerShell – Updating Users Email Addresses In Active Directory

Problem

Note: I’m referring to the Email address value that is listed on the user object in Active Directory, this will not effect any Exchange Settings!

A colleague asked me today if I had any PowerShell to update ALL the users in a clients AD, to match their UPN to their Email addresses. A quick internet search turned up loads of handy scripts to update the UPN to mach the email address, but not the way round he wanted.

AD User Name

Solution

In most (not all) cases your UPN is the same as your sAMaccountname and your domain name, so you can simply run the following;

Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase 'DC=test,DC=net' | `
    ForEach-Object { Set-ADUser -EmailAddress ($_.samaccountname + '@test.net') -Identity $_ }

Note: Save the above as a file with a .ps1 extension, or execute both commands separately.

Update AD EMail Addresses

Now you may, (like on my test network above,) have your user logon name set to something other than firstname.lastname if so and you would prefer to set the Email value to firstname.lastname@domain.com then use the following instead.

Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase 'DC=test,DC=net' | `
    ForEach-Object { Set-ADUser -EmailAddress ($_.givenName + '.' + $_.surname + '@test.net') -Identity $_ }

Note: Save the above as a file with a ps1 extension, or execute both commands separately.

Update AD EMail firstname lastname