SharePoint – Get all terms/keywords from the taxonomy store

Yesterday I publish an article how to replace/add keywords on documents. But one of the requirements was that you needed the ID of the term you want to find and add/replace. So yet again I created a small function that allows you to return all terms from the store.

You still need the PnP SharePoint cmdlets, which you can download here.

SharePoint – Adding keywords to documents with PowerShell

Ever needed to replace or add keywords to documents in a SharePoint site?
Recently I was in charge of migrating site collections from a on-premise environment to SharePoint online.

After the migration we needed to replace a certain taxonomy keyword on all documents. So I created a small PowerShell function to facilitate the company to do so. The function takes 5 parameters:

  • Url
    • URL to the site collection.
  • Credential
    • Credentials to contact the site collection.
  • TermGuid
    • The guid of the keyword that you want to find.
  • AddTermGuid
    • The guid of the new keyword you want to add/replace.
  • Replace (switch)
    • If this switch is set, it will substitute TermGuid with AddTermGuid

In order for the function to work you need to download the SharePoint PnP cmdlets here.

You are able to get the SharePoint taxonomy keyword GUID through the Get-PnPTerm cmdlet, find more information here.

Exam 70-743 – Upgrading Your Skills to MCSA: Windows Server 2016

I have been studying for the 70-743 exam (upgrading from MCSA: Windows Server 2012) for the past 6 weeks, and was able to pass it with a decent score 817 (min. passing score is 700).
In order for me to pass, I used differrent study materials such as books, videos and websites.

If you are on the same journey, I’m providing a study guide of which resources I used, and which questions you will need to answer right of the bat for you to pass.

Read More

Exchange – Add nested group recipients to parent resources

Do you have nested groups within Exchange resources such as distribution groups, shared mailboxes, rooms or equipment?

If you have, you have come to the right place. I have created a script that extracts all nested group members of a resource, and add it directly to the resource instead.

The script works in both on-premise and Exchange Online.

Before you can run the script, you need to have access to the following:

  • Access to on-premise and/or Office 365 environment as a administrator.
  • Have the AzureAD and Active Directory PowerShell module installed.

Read More

Tutorial – Deploy Always On VPN

Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, non-domain-joined (workgroup), or Azure AD–joined devices, even personally owned devices. With Always On VPN, the connection type does not have to be exclusively user or device but can be a combination of both. For example, you could enable device authentication for remote device management, and then enable user authentication for connectivity to internal company sites and services.

The purpose for this guide is to demonstrate how to deploy the Always On feature easily. In this guide we will deploy the following platforms primarily using PowerShell where possible:

  • Active Directory (AD DS)
  • DNS
  • Certificate Authority (AD CS)
  • DHCP
  • Routing and Remote Access Service (RRAS)
  • Network Policy Server (RADIUS)

It will not be demonstrated how to install Windows Server or Windows 10 operating system.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.

Read More

PowerShell – Add an item to a list in SharePoint through REST

Need to add a item to a list in SharePoint with PowerShell?

I have create a small function that allows you to use the REST API in SharePoint to create a list item.

PowerShell – Microsoft Graph API

Need to connect to Microsoft Graph with PowerShell? The following PowerShell script does just that (pretty easily)!

So what is Microsoft Graph API?

“Microsoft Graph is a Microsoft developer platform that connects multiple services and devices. Initially released 2015, the Microsoft Graph builds on Office 365 APIs and allows developers to integrate their services with Microsoft products, including Windows, Office 365, and Azure. At its Build 2017 conference, Microsoft announced it would use the Microsoft Graph to bring new functionality and connectivity between Windows and other OS platforms, including Android and iOS.”Wikipedia

The following script have a function called “Get-GraphAPIAccessToken” (line 127 in the code below) which have two optional options available.

  • Credential
    • If you don’t want to get an login prompt, when connecting to the API. Then use:
      -Credential (Create-PSCredential -Username “admin@contoso.onmicrosoft.com” -Password “AdminPasswordHere”)
  • ClientID
    • If you need to use a registered application in Azure AD, specify the application id. Otherwise it will use a well-known value that are registered with Azure AD. An example would be:
      -ClientID 3b7e46ca-4495-410f-9691-f90793f0f666

 

There are some requirements before you can run the code, which is:

  • You need an valid internet connection (duuuh?!).
  • The script leverages AzureRM and the script will try to install it, but if it fails you can use “Install-Module AzureRM -SkipPublisherCheck -AllowClobber -Force -Confirm:$false;” to install it.

When you have an access token, you can use the following example which gets the current user profile details:

Get the Azure AD users:

Send an e-mail (need an Exchange license on the user):

 

For more usage examples, Microsoft have create an repository on GitHub.

SCCM – Create Device Collections Based On Security Groups

I’m back again, with a quick how-to on SCCM.

Have you ever needed to create device collections based on security groups (user accounts) in Active Directory? -Well look no further!
You can use the following WQL in a collection.
Only thing you need to change is the SMS_R_User.UserGroupName=”CONTOSO\\mysecuritygroup”.

 

SCCM – Cloud Management Gateway and Cloud Distribution Point

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet without additional infrastructure. You also don’t need to expose your on-premises infrastructure to the internet.

A cloud-based distribution point is a System Center Configuration Manager distribution point that is hosted in Microsoft Azure. The following information is intended to help you learn about configurations and limitations for using a cloud-based distribution point.

In this step-by-step guide, I will demonstrate how to configure and establish a Cloud Management Gateway (CMG) and Cloud Distribution Point (CDP) in SCCM and Azure.

In order to walk you through the entire process of setting up the Cloud Management Gateway and Cloud Distribution Point features, I am going to break this down into 6 parts.

  1. Overview
  2. Certificates
  3. Azure Service
  4. Cloud Management Gateway
  5. Cloud Distribution Point
  6. Log Files

Read More

PowerShell – Intune Local Administrator Password Solution (iLAPS)

If you have devices that is connected to an on-premise, you would certainly configure the Local Administrator Password Solution (LAPS), which allows unique password for each local administrator across the enterprise network.

Unfortunately this method only works when you have on-premise devices, but what about Azure AD Joined machines? – A short answer is “no”.

LAPS takes advantage of 2 attributes in the local Active Directory, these attributes are not available in Azure AD.

Therefor I have created a small application that mimic the same behavior for Azure AD devices, which I call “iLAPS” for Intune Local Administrator Password Solution.

Read More