Alex Ø. T. Hansen

12/12/2018

Exam AZ-102: Microsoft Azure Administrator Certification Transition

Recently passed the 70-533 exam and earned a MCSE. Now I’m studying for the transition exam AZ-102 (expiring March 31, 2019), which would give me the Azure Administrator Associate badge. In this post I will give a short description on which methods I used to pass AZ-102.

The resources I used were:

Sharon Bennett’s LinkedIn course (30 days free trial)
Saw the videos on the Microsoft Learn portal
Tested my self through the official practice tests on mindhub
Used the official Azure documentation.
Hands-on labs in a Azure subscription (30 days free trial).

The exam is broken into 8 sections:

1. Manage Azure Subscriptions and Resources (5-10%)
  - May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
2. Implement and Manage Storage (5-10%)
  - May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
3. Configure and manage virtual networks (15-20%)
  - May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
  - May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones
4. Manage identities (15-20%)
  - May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
  - May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
5. Evaluate and perform server migration to Azure (15-20%)
  - May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials
  - May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network
6. Implement and manage application services (5-10%)
  - May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
7. Implement advanced virtual networking (5-10%)
  - May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity
8. Secure identities (5-10%)
  - May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure

If you can answer (and know the reason behind the answer) the following questions regarding Azure, you should be ready to take the AZ-102 exam. For each question I will provide a link to the answer. There might be more than one correct answer to a question, but the questions link points to which tool or technology you should know about in order to pass.

Alex Ø. T. Hansen

04/12/2018

PowerShell – Get all SharePoint pages in a site collection

If you need to get all pages (.aspx) within a site collection, I have created a small script. The script enumerates through a site collection (sub-sites included) and retrieves all .aspx pages.
Before executing the script there are some requirements:

You need to be administrator on the site collection.
Install the PnP PowerShell module for SharePoint (the script was tested with SharePoint Online).

There are 3 variables you need to modify on line 32 (site collection URL), 33 (SharePoint root URL), 34 (username) and 35 (password).
The script will generate a report (when finished) on the desktop of the user running the script containing the URL, author and last modified date of the page.

#requires -version 3
<#
.SYNOPSIS
  .

.DESCRIPTION
  .

.NOTES
  Version:        1.0
  Author:         Alex Ø. T. Hansen (ath@tofte-it.dk)
  Creation Date:  03-12-2018
  Purpose/Change: Initial script development
#>

#region begin boostrap
############### Bootstrap - Start ###############

#Clear the screen.
Clear-Host;

#Import module.
Import-Module SharePointPnPPowerShellOnline;

############### Bootstrap - End ###############
#endregion

#region begin input
############### Input - Start ###############

#SharePoint Online.
$SPOServiceUrl = "https://contoso.sharepoint.com/sites/somesite";
$SPOServiceRootUrl = "https://contoso.sharepoint.com";
$SPOServiceUsername = "myuser@contoso.com";
$SPOServicePassword = "<Password goes here>";

#Files.
$Files = @{
    "Report" = "C:\Users\$($env:USERNAME)\Desktop\Pages.csv";
};

############### Input - End ###############
#endregion

#region begin functions
############### Functions - Start ###############

#Creates a PS credential object.
Function Create-PSCredential
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password
    )
 
    #Convert the password to a secure string.
    $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;
 
    #Convert $Username and $SecurePassword to a credential object.
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;
 
    #Return the credential object.
    Return $Credential;
}

#Get all .ASPX pages.
Function Get-SPSitePages
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)]$Session,
        [Parameter(Mandatory=$true)]$RootURL,
        [Parameter(Mandatory=$true)][ValidateSet("Yes","No")]$Subsite
    )

    #Object array.
    $Pages = @();

    #Get all lists.
    $Lists = Get-PnPList -Connection $Session;

    #Foreach lists.
    Foreach($List in $Lists)
    {
        #Get all list items.
        $ListItems = Get-PnPListItem -Connection $Session -List $List.Title;

        #If there is any list items.
        If($ListItems)
        {
            #Foreach list item.
            Foreach($ListItem in $ListItems)
            {
                #If the site is a .ASPX site.
                If($ListItem.FieldValues.File_x0020_Type -eq "aspx")
                {
                    #Create new object.
                    $Page = New-Object -TypeName PSObject;

                    #Add data to the object.
                    Add-Member -InputObject $Page -MemberType NoteProperty -Name Url -Value ($RootURL + $ListItem.FieldValues.FileRef);
                    Add-Member -InputObject $Page -MemberType NoteProperty -Name Author -Value ($ListItem.FieldValues.Author.LookupValue);
                    Add-Member -InputObject $Page -MemberType NoteProperty -Name LastModified -Value (($ListItem.FieldValues.Modified).ToString());
                    Add-Member -InputObject $Page -MemberType NoteProperty -Name Subsite -Value ($Subsite);

                    #Add object to array.
                    $Pages += $Page;
                }
            }
        }
    }

    #Return pages.
    Return $Pages;
}

#Write to the console.
Function Write-Console
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$false)][string]$Category,
        [Parameter(Mandatory=$false)][string]$Text
    )
 
    #If the input is empty.
    If([string]::IsNullOrEmpty($Text))
    {
        $Text = " ";
    }
 
    #If category is not present.
    If([string]::IsNullOrEmpty($Category))
    {
        #Write to the console.
        Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "]: " + $Text + ".");
    }
    Else
    {
        #Write to the console.
        Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "][" + $Category + "]: " + $Text + ".");
    }
}

############### Functions - End ###############
#endregion

#region begin main
############### Main - Start ###############

#Connect to the SharePoint environment.
Write-Console -Text ("Connecting to the SharePoint site '" + $SPOServiceUrl + "'");
$PNPSession = Connect-PNPOnline -Url $SPOServiceUrl -Credentials (Create-PSCredential -Username $SPOServiceUsername -Password $SPOServicePassword) -ReturnConnection;

#Object array.
$Pages = @();

#Get all pages.
Write-Console -Text ("Getting pages (.aspx) from '" + $SPOServiceUrl + "', please wait");
$Pages += Get-SPSitePages -Session $PNPSession -Subsite No -RootURL $RootURL;

#Get all subsites.
$Subsites = Get-PnPSubWebs -Recurse -Connection $PNPSession;

#Foreach subsite.
Foreach($Subsite in $Subsites)
{
    #Connect to the SharePoint subsite.
    Write-Console -Text ("Connecting to the SharePoint subsite '" + $RootURL + $Subsite.ServerRelativeUrl + "'");
    $PNPSessionSubsite = Connect-PNPOnline -Url ($RootURL + $Subsite.ServerRelativeUrl) -Credentials (Create-PSCredential -Username $SPOServiceUsername -Password $SPOServicePassword) -ReturnConnection;

    #Get all pages.
    Write-Console -Text ("Getting pages (.aspx) from '" + ($RootURL + $Subsite.ServerRelativeUrl) + "', please wait");
    $Pages += Get-SPSitePages -Session $PNPSessionSubsite -Subsite Yes -RootURL $RootURL;
}

#Export to the .CSV file.
$Pages | Export-Csv -Path $Files.Report -Encoding UTF8 -Delimiter ";" -NoTypeInformation;

############### Main - End ###############
#endregion

#region begin finalize
############### Finalize - Start ###############

#Disconnect the PowerShell session.
Disconnect-PnPOnline -Connection $PNPSession;
Disconnect-PnPOnline -Connection $PNPSessionSubsite;

############### Finalize - End ###############
#endregion

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

#requires -version 3

.SYNOPSIS

.DESCRIPTION

.NOTES

Version: 1.0

Author: Alex Ø. T. Hansen (ath@tofte-it.dk)

Creation Date: 03-12-2018

Purpose/Change: Initial script development

#region begin boostrap

############### Bootstrap - Start ###############

#Clear the screen.

Clear-Host;

#Import module.

Import-Module SharePointPnPPowerShellOnline;

############### Bootstrap - End ###############

#endregion

#region begin input

############### Input - Start ###############

#SharePoint Online.

$SPOServiceUrl = "https://contoso.sharepoint.com/sites/somesite";

$SPOServiceRootUrl = "https://contoso.sharepoint.com";

$SPOServiceUsername = "myuser@contoso.com";

$SPOServicePassword = "<Password goes here>";

#Files.

$Files = @{

"Report" = "C:\Users\$($env:USERNAME)\Desktop\Pages.csv";

};

############### Input - End ###############

#endregion

#region begin functions

############### Functions - Start ###############

#Creates a PS credential object.

Function Create-PSCredential

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password

)

#Convert the password to a secure string.

$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;

#Convert $Username and $SecurePassword to a credential object.

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

#Return the credential object.

Return $Credential;

}

#Get all .ASPX pages.

Function Get-SPSitePages

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)]$Session,

[Parameter(Mandatory=$true)]$RootURL,

[Parameter(Mandatory=$true)][ValidateSet("Yes","No")]$Subsite

)

#Object array.

$Pages = @();

#Get all lists.

$Lists = Get-PnPList -Connection $Session;

#Foreach lists.

Foreach($List in $Lists)

{

#Get all list items.

$ListItems = Get-PnPListItem -Connection $Session -List $List.Title;

#If there is any list items.

If($ListItems)

{

#Foreach list item.

Foreach($ListItem in $ListItems)

{

#If the site is a .ASPX site.

If($ListItem.FieldValues.File_x0020_Type -eq "aspx")

{

#Create new object.

$Page = New-Object -TypeName PSObject;

#Add data to the object.

Add-Member -InputObject $Page -MemberType NoteProperty -Name Url -Value ($RootURL + $ListItem.FieldValues.FileRef);

Add-Member -InputObject $Page -MemberType NoteProperty -Name Author -Value ($ListItem.FieldValues.Author.LookupValue);

Add-Member -InputObject $Page -MemberType NoteProperty -Name LastModified -Value (($ListItem.FieldValues.Modified).ToString());

Add-Member -InputObject $Page -MemberType NoteProperty -Name Subsite -Value ($Subsite);

#Add object to array.

$Pages += $Page;

}

#Return pages.

Return $Pages;

}

#Write to the console.

Function Write-Console

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$false)][string]$Category,

[Parameter(Mandatory=$false)][string]$Text

)

#If the input is empty.

If([string]::IsNullOrEmpty($Text))

{

$Text = " ";

}

#If category is not present.

If([string]::IsNullOrEmpty($Category))

{

#Write to the console.

Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "]: " + $Text + ".");

}

Else

{

#Write to the console.

Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "][" + $Category + "]: " + $Text + ".");

}

############### Functions - End ###############

#endregion

#region begin main

############### Main - Start ###############

#Connect to the SharePoint environment.

Write-Console -Text ("Connecting to the SharePoint site '" + $SPOServiceUrl + "'");

$PNPSession = Connect-PNPOnline -Url $SPOServiceUrl -Credentials (Create-PSCredential -Username $SPOServiceUsername -Password $SPOServicePassword) -ReturnConnection;

#Object array.

$Pages = @();

#Get all pages.

Write-Console -Text ("Getting pages (.aspx) from '" + $SPOServiceUrl + "', please wait");

$Pages += Get-SPSitePages -Session $PNPSession -Subsite No -RootURL $RootURL;

#Get all subsites.

$Subsites = Get-PnPSubWebs -Recurse -Connection $PNPSession;

#Foreach subsite.

Foreach($Subsite in $Subsites)

{

#Connect to the SharePoint subsite.

Write-Console -Text ("Connecting to the SharePoint subsite '" + $RootURL + $Subsite.ServerRelativeUrl + "'");

$PNPSessionSubsite = Connect-PNPOnline -Url ($RootURL + $Subsite.ServerRelativeUrl) -Credentials (Create-PSCredential -Username $SPOServiceUsername -Password $SPOServicePassword) -ReturnConnection;

#Get all pages.

Write-Console -Text ("Getting pages (.aspx) from '" + ($RootURL + $Subsite.ServerRelativeUrl) + "', please wait");

$Pages += Get-SPSitePages -Session $PNPSessionSubsite -Subsite Yes -RootURL $RootURL;

}

#Export to the .CSV file.

$Pages | Export-Csv -Path $Files.Report -Encoding UTF8 -Delimiter ";" -NoTypeInformation;

############### Main - End ###############

#endregion

#region begin finalize

############### Finalize - Start ###############

#Disconnect the PowerShell session.

Disconnect-PnPOnline -Connection $PNPSession;

Disconnect-PnPOnline -Connection $PNPSessionSubsite;

############### Finalize - End ###############

#endregion

Alex Ø. T. Hansen

01/12/2018

PowerShell – Set the account profile picture from Azure AD

If you ever need to set the local Windows user account profile pictures from Azure AD, you can use the following script.

The script leverages the Graph API through a service principal (app) in Azure AD. There is some requirements before running the script:

An Azure AD App with “read all users’ full profiles” Graph API permission. More information, see https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
You must be able to get the object id (client id), key (client secret) and token endpoint (OAuth 2.0 Token Endpoint) from the Azure AD app.
The OS must be Windows 10.
The client must be able to contact the Azure AD.

You can run the script “manually” or deploy it with Azure Intune. You can run the script under your own or with the “nt authority\system” account. Just be sure that the account have access to write to the following registry path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users” and it child objects.

The only thing you need to change in the script is three variables (line 43, 44 and 45) for the Azure AD app information.

Here is a basic walk through of what the script actually does:

Create folder structure in “C:\Scripts\ProfilePicture” to store pictures, script and logs. The folder path can be changed to your liking on line 33, 34 and 39.
Start transcript logs to “C:\Scripts\ProfilePicture\Logs\”.
Get the access token for Graph API.
Get user information (UPN, Username and SID) that have already logged in to the local device.
Download user profile photo for each user in “C:\Scripts\ProfilePicture\Data\”.
Sets registry keys to use the downloaded photo for each user.
Create a task schedule (if it doesn’t exist) so it updates any picture change in Azure AD.
Copy the script to location “C:\Scripts\ProfilePicture”.

You may need to compile the code into an executable, this will disguise the client secret used to retrieve the profile pictures. One way of turning a PowerShell script into an executable is to use this script, but remember to change the schedule task in the code to point to the .exe file instead of the .ps1 before compiling.

#requires -version 3
<#
.SYNOPSIS
  .

.DESCRIPTION
  .

.NOTES
  Version:        1.0
  Author:         Alex Ø. T. Hansen (ath@tofte-it.dk)
  Creation Date:  01-12-2018
  Purpose/Change: Initial script development
#>

#region begin boostrap
############### Bootstrap - Start ###############

#Clear the screen.
Clear-Host;

#Assemblies.
Add-Type -AssemblyName System.Web;

############### Bootstrap - End ###############
#endregion

#region begin input
############### Input - Start ###############

#Folders:
$Folders = @{
    Logs = ("C:\Scripts\ProfilePicture\Logs\");
    Data = ("C:\Scripts\ProfilePicture\Data\");
};

#Files:
$Files = @{
    Script = ("C:\Scripts\ProfilePicture\Set-AzureADProfilePicture.ps1");
};

#Azure AD Application.
$OauthTokenEndpoint = "https://login.microsoftonline.com/<GUID>/oauth2/token";
$ClientID = "<Client ID>";
$ClientSecret = "<Client Secret>";

############### Input - End ###############
#endregion

#region begin functions
############### Functions - Start ###############

#Write to the console.
Function Write-Console
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$false)][string]$Category,
        [Parameter(Mandatory=$false)][string]$Text
    )

    #If the input is empty.
    If([string]::IsNullOrEmpty($Text))
    {
        $Text = " ";
    }

    #If category is not present.
    If([string]::IsNullOrEmpty($Category))
    {
        #Write to the console.
        Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "]: " + $Text + ".");
    }
    Else
    {
        #Write to the console.
        Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "][" + $Category + "]: " + $Text + ".");
    }
}

#Sets a user profile picture.
Function Set-UserProfilePicture
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)]$SID,
        [Parameter(Mandatory=$true)]$FilePath
    )

    #Check if the profile picture exist.
    If(Test-Path -Path $FilePath)
    {
        #Create new image folder.
        $ImageBase = ($env:public + "\AccountPictures\" + $SID);
        $ImageBaseFolder = (New-Item -Path $ImageBase -ItemType Directory -Force) | Out-Null;

        #Create registry path.
        $RegistryPath = ("HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users\" + $SID);
        New-Item -Path $RegistryPath -Force | Out-Null;

        #Array of image sizes.
        $ImageSizes = @(32, 40, 48, 96, 192, 200, 240, 448);

        #Foreach image size.
        Foreach($ImageSize in $ImageSizes)
        {
            #Set photo filename.
            $PhotoFileName = ("Image" + $ImageSize + ".jpg");

            #Save the photo.
            Copy-Item -Path $FilePath -Destination ($ImageBase + "\" + $PhotoFileName) -Force;

            #Create new registry key.
            New-ItemProperty -Path $RegistryPath -Name ("Image" + $ImageSize) -Value ($ImageBase + "\" + $PhotoFileName) -Force | Out-Null;
        }
    }
}

#Get cache user information from the registry.
Function Get-CacheUserInformation
{
    #Array to store user information.
    $Users = @();

    #Get all identities except system users.
    $Identities = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache" | Where-Object {$_.Name -notlike "*S-1-5*"};

    #Foreach identity found.
    Foreach($Identity in $Identities)
    {
        #Clear variables.
        $UPN = $null;
        $SID = $null;
        $SamAccountName = $null;
        $Domain = $null;

        #Set SID.
        $SID = $Identity.PSChildName;

        #Get key values.
        $KeyValues = Get-ItemProperty -Path ("HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\" + $SID + "\IdentityCache\" + $SID);

        #Set variables.
        $UPN = $KeyValues.UserName;
        $SamAccountName = $KeyValues.SAMName;
        $Domain = $KeyValues.ProviderName;

        #Create a new object.
        $User = New-Object -TypeName psobject;
    
        #Add data to the object.
        Add-Member -InputObject $User -MemberType NoteProperty -Name "UPN" -Value $UPN;
        Add-Member -InputObject $User -MemberType NoteProperty -Name "SID" -Value $SID;
        Add-Member -InputObject $User -MemberType NoteProperty -Name "SamAccountName" -Value $SamAccountName;
        Add-Member -InputObject $User -MemberType NoteProperty -Name "Domain" -Value $Domain;

        #Add object to array.
        $Users += $User;
    }

    #Return object array.
    Return $Users;
}

#Get access token from Graph API.
Function Get-GraphAccessToken
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)][string]$TokenEndpoint,
        [Parameter(Mandatory=$true)][string]$ClientID,
        [Parameter(Mandatory=$true)][string]$ClientSecret
    )

    #Encode the client secret so it removes any special characters.
    $ClientSecretEncoded = [System.Web.HttpUtility]::UrlEncode($ClientSecret);

    #Construct request body to Graph API.
    $AuthBody = ("grant_type=client_credentials" + "&client_id=$ClientID" + "&client_secret=$ClientSecretEncoded" + "&resource=https://graph.microsoft.com/");

    #Call the Graph API to get bearer token.
    $AuthReponse = Invoke-RestMethod -Method Post -Uri $OauthTokenEndpoint -body $AuthBody -ContentType "application/x-www-form-urlencoded";

    #Return access token.
    Return ($AuthReponse.access_token);
}

#Get the user profile picture from Azure AD.
Function Get-UserProfilePicture
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)][string]$AccessToken,
        [Parameter(Mandatory=$true)][string]$UPN,
        [Parameter(Mandatory=$true)][string]$Destination
    )

    #Invoke rest method to Graph API with access token.
    Invoke-RestMethod -Method Get -Uri ("https://graph.microsoft.com/v1.0/users/" + $UPN + '/photo/$value') -Headers @{"Authorization"="Bearer $($AccessToken)"} -OutFile $Destination;
}

#Create a schedule task.
Function New-ProfilePictureScheduleTask
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)][string]$Script
    )

    #Template to create the schedule task.
    $XML = @"
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2018-12-01T00:00:00.0000000</Date>
    <Author>blog.tofte-it.dk</Author>
    <URI>\Set Profile Account Pictures</URI>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>2018-12-01T10:00:00+01:00</StartBoundary>
      <ExecutionTimeLimit>P1D</ExecutionTimeLimit>
      <Enabled>true</Enabled>
      <ScheduleByDay>
        <DaysInterval>1</DaysInterval>
      </ScheduleByDay>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P1D</ExecutionTimeLimit>
    <Priority>7</Priority>
    <RestartOnFailure>
      <Interval>PT15M</Interval>
      <Count>3</Count>
    </RestartOnFailure>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
      <Arguments>-ExecutionPolicy Bypass -File "$($Script)"</Arguments>
    </Exec>
  </Actions>
</Task>
"@;

    #Add schedule task.
    Register-ScheduledTask -Xml $XML -TaskName "Set Profile Account Pictures" | Out-Null;
}

#Check if the schedule task already exist.
Function Test-ScheduleTask
{
    [CmdletBinding()]
    
    Param
    (
        [parameter(Mandatory=$true)][string]$Name
    )
 
    #Create a new schedule object.
    $Schedule = New-Object -com Schedule.Service;
    
    #Connect to the store.
    $Schedule.Connect();
 
    #Get schedule tak folders.
    $Task = $Schedule.GetFolder("\").GetTasks(0) | Where-Object {$_.Name -eq $Name -and $_.Enabled -eq $true};
 
    #If the task exists and is enabled.
    If($Task)
    {
        #Return true.
        Return $true;
    }
    #If the task doesn't exist.
    Else
    {
        #Return false.
        Return $false;
    }
}

############### Functions - End ###############
#endregion

#region begin main
############### Main - Start ###############

#Create folders.
New-Item -Path $Folders.Logs -ItemType Directory -Force | Out-Null;
New-Item -Path $Folders.Data -ItemType Directory -Force | Out-Null;

#Start transcript.
Start-Transcript -Path ($Folders.Logs + "\" + (Get-Date).ToString("ddMMyyyy") + ".log") -Append -Force;

#Get access token to access Graph API.
Write-Console -Category "Access Token" -Text "Getting Graph API access token";
$AccessToken = Get-GraphAccessToken -TokenEndpoint $OauthTokenEndpoint -ClientID $ClientID -ClientSecret $ClientSecret;

#Get all cached users.
Write-Console -Category "Registry" -Text "Getting cached users from registry";
$Users = Get-CacheUserInformation;

#Foreach user cached.
Write-Console -Category "Users" -Text "Enumerating cached users";
Foreach($User in $Users)
{
    #Write to log.
    Write-Output "";
    Write-Console -Category $User.UPN -Text $User.UPN;
    Write-Console -Category $User.UPN -Text $User.SID;
    Write-Console -Category $User.UPN -Text $User.SamAccountName;
    Write-Console -Category $User.UPN -Text $User.Domain;

    #Download the profile picture.
    Write-Console -Category $User.UPN -Text ("Downloading profile picture to '" + ($Folders.Data + $User.UPN + ".jpeg") + "'");
    Get-UserProfilePicture -AccessToken $AccessToken -UPN $User.UPN -Destination ($Folders.Data + $User.UPN + ".jpeg");

    #Set the user profile picture.
    Write-Console -Category $User.UPN -Text ("Setting registry keys");
    Set-UserProfilePicture -SID $User.SID -FilePath ($Folders.Data + $User.UPN + ".jpeg");
}

#Output empty line.
Write-Output "";

#Check if the schedule task doesn't exist.
If(!(Test-ScheduleTask -Name "Set Profile Account Pictures"))
{
    #Create the schedule task.
    Write-Console -Category "Schedule Task" -Text ("Creating schedule task");
    New-ProfilePictureScheduleTask -Script $Files.Script;

    #Copy running script.
    Write-Console -Category "Schedule Task" -Text ("Copying running script to '" + $Files.Script + "'");
    Copy-Item -Path $PSCommandPath -Destination $Files.Script;
}

############### Main - End ###############
#endregion

#region begin finalize
############### Finalize - Start ###############

#Stop transcript.
Stop-Transcript;

############### Finalize - End ###############
#endregion

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

#requires -version 3

.SYNOPSIS

.DESCRIPTION

.NOTES

Version: 1.0

Author: Alex Ø. T. Hansen (ath@tofte-it.dk)

Creation Date: 01-12-2018

Purpose/Change: Initial script development

#region begin boostrap

############### Bootstrap - Start ###############

#Clear the screen.

Clear-Host;

#Assemblies.

Add-Type -AssemblyName System.Web;

############### Bootstrap - End ###############

#endregion

#region begin input

############### Input - Start ###############

#Folders:

$Folders = @{

Logs = ("C:\Scripts\ProfilePicture\Logs\");

Data = ("C:\Scripts\ProfilePicture\Data\");

};

#Files:

$Files = @{

Script = ("C:\Scripts\ProfilePicture\Set-AzureADProfilePicture.ps1");

};

#Azure AD Application.

$OauthTokenEndpoint = "https://login.microsoftonline.com/<GUID>/oauth2/token";

$ClientID = "<Client ID>";

$ClientSecret = "<Client Secret>";

############### Input - End ###############

#endregion

#region begin functions

############### Functions - Start ###############

#Write to the console.

Function Write-Console

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$false)][string]$Category,

[Parameter(Mandatory=$false)][string]$Text

)

#If the input is empty.

If([string]::IsNullOrEmpty($Text))

{

$Text = " ";

}

#If category is not present.

If([string]::IsNullOrEmpty($Category))

{

#Write to the console.

Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "]: " + $Text + ".");

}

Else

{

#Write to the console.

Write-Output("[" + (Get-Date).ToString("dd/MM-yyyy HH:mm:ss") + "][" + $Category + "]: " + $Text + ".");

}

#Sets a user profile picture.

Function Set-UserProfilePicture

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)]$SID,

[Parameter(Mandatory=$true)]$FilePath

)

#Check if the profile picture exist.

If(Test-Path -Path $FilePath)

{

#Create new image folder.

$ImageBase = ($env:public + "\AccountPictures\" + $SID);

$ImageBaseFolder = (New-Item -Path $ImageBase -ItemType Directory -Force) | Out-Null;

#Create registry path.

$RegistryPath = ("HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users\" + $SID);

New-Item -Path $RegistryPath -Force | Out-Null;

#Array of image sizes.

$ImageSizes = @(32, 40, 48, 96, 192, 200, 240, 448);

#Foreach image size.

Foreach($ImageSize in $ImageSizes)

{

#Set photo filename.

$PhotoFileName = ("Image" + $ImageSize + ".jpg");

#Save the photo.

Copy-Item -Path $FilePath -Destination ($ImageBase + "\" + $PhotoFileName) -Force;

#Create new registry key.

New-ItemProperty -Path $RegistryPath -Name ("Image" + $ImageSize) -Value ($ImageBase + "\" + $PhotoFileName) -Force | Out-Null;

}

#Get cache user information from the registry.

Function Get-CacheUserInformation

{

#Array to store user information.

$Users = @();

#Get all identities except system users.

$Identities = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache" | Where-Object {$_.Name -notlike "*S-1-5*"};

#Foreach identity found.

Foreach($Identity in $Identities)

{

#Clear variables.

$UPN = $null;

$SID = $null;

$SamAccountName = $null;

$Domain = $null;

#Set SID.

$SID = $Identity.PSChildName;

#Get key values.

$KeyValues = Get-ItemProperty -Path ("HKLM:\SOFTWARE\Microsoft\IdentityStore\Cache\" + $SID + "\IdentityCache\" + $SID);

#Set variables.

$UPN = $KeyValues.UserName;

$SamAccountName = $KeyValues.SAMName;

$Domain = $KeyValues.ProviderName;

#Create a new object.

$User = New-Object -TypeName psobject;

#Add data to the object.

Add-Member -InputObject $User -MemberType NoteProperty -Name "UPN" -Value $UPN;

Add-Member -InputObject $User -MemberType NoteProperty -Name "SID" -Value $SID;

Add-Member -InputObject $User -MemberType NoteProperty -Name "SamAccountName" -Value $SamAccountName;

Add-Member -InputObject $User -MemberType NoteProperty -Name "Domain" -Value $Domain;

#Add object to array.

$Users += $User;

}

#Return object array.

Return $Users;

}

#Get access token from Graph API.

Function Get-GraphAccessToken

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)][string]$TokenEndpoint,

[Parameter(Mandatory=$true)][string]$ClientID,

[Parameter(Mandatory=$true)][string]$ClientSecret

)

#Encode the client secret so it removes any special characters.

$ClientSecretEncoded = [System.Web.HttpUtility]::UrlEncode($ClientSecret);

#Construct request body to Graph API.

$AuthBody = ("grant_type=client_credentials" + "&client_id=$ClientID" + "&client_secret=$ClientSecretEncoded" + "&resource=https://graph.microsoft.com/");

#Call the Graph API to get bearer token.

$AuthReponse = Invoke-RestMethod -Method Post -Uri $OauthTokenEndpoint -body $AuthBody -ContentType "application/x-www-form-urlencoded";

#Return access token.

Return ($AuthReponse.access_token);

}

#Get the user profile picture from Azure AD.

Function Get-UserProfilePicture

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)][string]$AccessToken,

[Parameter(Mandatory=$true)][string]$UPN,

[Parameter(Mandatory=$true)][string]$Destination

)

#Invoke rest method to Graph API with access token.

Invoke-RestMethod -Method Get -Uri ("https://graph.microsoft.com/v1.0/users/" + $UPN + '/photo/$value') -Headers @{"Authorization"="Bearer $($AccessToken)"} -OutFile $Destination;

}

#Create a schedule task.

Function New-ProfilePictureScheduleTask

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)][string]$Script

)

#Template to create the schedule task.

$XML = @"

<?xml version="1.0" encoding="UTF-16"?>

<Author>blog.tofte-it.dk</Author>

<URI>\Set Profile Account Pictures</URI>

</RegistrationInfo>

</ScheduleByDay>

</CalendarTrigger>

</Triggers>

<RunLevel>HighestAvailable</RunLevel>

</Principal>

</Principals>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>

<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

</RestartOnFailure>

</Settings>

<Exec>

<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>

<Arguments>-ExecutionPolicy Bypass -File "$($Script)"</Arguments>

</Exec>

</Actions>

</Task>

"@;

#Add schedule task.

}

#Check if the schedule task already exist.

Function Test-ScheduleTask

{

[CmdletBinding()]

Param

(

[parameter(Mandatory=$true)][string]$Name

)

#Create a new schedule object.

$Schedule = New-Object -com Schedule.Service;

#Connect to the store.

$Schedule.Connect();

#Get schedule tak folders.

$Task = $Schedule.GetFolder("\").GetTasks(0) | Where-Object {$_.Name -eq $Name -and $_.Enabled -eq $true};

#If the task exists and is enabled.

If($Task)

{

#Return true.

Return $true;

}

#If the task doesn't exist.

Else

{

#Return false.

Return $false;

}

############### Functions - End ###############

#endregion

#region begin main

############### Main - Start ###############

#Create folders.

New-Item -Path $Folders.Logs -ItemType Directory -Force | Out-Null;

New-Item -Path $Folders.Data -ItemType Directory -Force | Out-Null;

#Start transcript.

Start-Transcript -Path ($Folders.Logs + "\" + (Get-Date).ToString("ddMMyyyy") + ".log") -Append -Force;

#Get access token to access Graph API.

Write-Console -Category "Access Token" -Text "Getting Graph API access token";

$AccessToken = Get-GraphAccessToken -TokenEndpoint $OauthTokenEndpoint -ClientID $ClientID -ClientSecret $ClientSecret;

#Get all cached users.

Write-Console -Category "Registry" -Text "Getting cached users from registry";

$Users = Get-CacheUserInformation;

#Foreach user cached.

Write-Console -Category "Users" -Text "Enumerating cached users";

Foreach($User in $Users)

{

#Write to log.

Write-Output "";

Write-Console -Category $User.UPN -Text $User.UPN;

Write-Console -Category $User.UPN -Text $User.SID;

Write-Console -Category $User.UPN -Text $User.SamAccountName;

Write-Console -Category $User.UPN -Text $User.Domain;

#Download the profile picture.

Write-Console -Category $User.UPN -Text ("Downloading profile picture to '" + ($Folders.Data + $User.UPN + ".jpeg") + "'");

Get-UserProfilePicture -AccessToken $AccessToken -UPN $User.UPN -Destination ($Folders.Data + $User.UPN + ".jpeg");

#Set the user profile picture.

Write-Console -Category $User.UPN -Text ("Setting registry keys");

Set-UserProfilePicture -SID $User.SID -FilePath ($Folders.Data + $User.UPN + ".jpeg");

}

#Output empty line.

Write-Output "";

#Check if the schedule task doesn't exist.

If(!(Test-ScheduleTask -Name "Set Profile Account Pictures"))

{

#Create the schedule task.

Write-Console -Category "Schedule Task" -Text ("Creating schedule task");

New-ProfilePictureScheduleTask -Script $Files.Script;

#Copy running script.

Write-Console -Category "Schedule Task" -Text ("Copying running script to '" + $Files.Script + "'");

Copy-Item -Path $PSCommandPath -Destination $Files.Script;

}

############### Main - End ###############

#endregion

#region begin finalize

############### Finalize - Start ###############

#Stop transcript.

Stop-Transcript;

############### Finalize - End ###############

#endregion

Alex Ø. T. Hansen

20/11/2018

PowerShell – Get all nested groups for a user in Active Directory

Ever needed to get all nested groups a user belongs in Active Directory?

#Get all recursive groups a user belongs.
Function Get-ADUserNestedGroups
{
    Param
    (
        [string]$DistinguishedName,
        [array]$Groups = @()
    )

    #Get the AD object, and get group membership.
    $ADObject = Get-ADObject -Filter "DistinguishedName -eq '$DistinguishedName'" -Properties memberOf, DistinguishedName;
    
    #If object exists.
    If($ADObject)
    {
        #Enummurate through each of the groups.
        Foreach($GroupDistinguishedName in $ADObject.memberOf)
        {
            #Get member of groups from the enummerated group.
            $CurrentGroup = Get-ADObject -Filter "DistinguishedName -eq '$GroupDistinguishedName'" -Properties memberOf, DistinguishedName;
       
            #Check if the group is already in the array.
            If(($Groups | Where-Object {$_.DistinguishedName -eq $GroupDistinguishedName}).Count -eq 0)
            {
                #Add group to array.
                $Groups +=  $CurrentGroup;

                #Get recursive groups.      
                $Groups = Get-ADUserNestedGroups -DistinguishedName $GroupDistinguishedName -Groups $Groups;
            }
        }
    }

    #Return groups.
    Return $Groups;
}
 
#The user to check.
$User = "<SamAccountName/DN/UserPrincipal>";

#Get all groups.
$Groups = Get-ADUserNestedGroups -DistinguishedName (Get-ADUser -Identity $User).DistinguishedName;

#Output all groups.
$Groups | Select-Object Name | Sort-Object -Property Name;

#Get all recursive groups a user belongs.

Function Get-ADUserNestedGroups

{

Param

(

[string]$DistinguishedName,

[array]$Groups = @()

)

#Get the AD object, and get group membership.

$ADObject = Get-ADObject -Filter "DistinguishedName -eq '$DistinguishedName'" -Properties memberOf, DistinguishedName;

#If object exists.

If($ADObject)

{

#Enummurate through each of the groups.

Foreach($GroupDistinguishedName in $ADObject.memberOf)

{

#Get member of groups from the enummerated group.

$CurrentGroup = Get-ADObject -Filter "DistinguishedName -eq '$GroupDistinguishedName'" -Properties memberOf, DistinguishedName;

#Check if the group is already in the array.

If(($Groups | Where-Object {$_.DistinguishedName -eq $GroupDistinguishedName}).Count -eq 0)

{

#Add group to array.

$Groups += $CurrentGroup;

#Get recursive groups.

$Groups = Get-ADUserNestedGroups -DistinguishedName $GroupDistinguishedName -Groups $Groups;

}

#Return groups.

Return $Groups;

}

#The user to check.

$User = "<SamAccountName/DN/UserPrincipal>";

#Get all groups.

$Groups = Get-ADUserNestedGroups -DistinguishedName (Get-ADUser -Identity $User).DistinguishedName;

#Output all groups.

$Groups | Select-Object Name | Sort-Object -Property Name;

Alex Ø. T. Hansen

08/11/2018

SharePoint – Get all terms/keywords from the taxonomy store

Yesterday I publish an article how to replace/add keywords on documents. But one of the requirements was that you needed the ID of the term you want to find and add/replace. So yet again I created a small function that allows you to return all terms from the store.

You still need the PnP SharePoint cmdlets, which you can download here.

Function Get-SPTaxKeyword
{
    #Object array.
    $TermsCollection = @();

    #Get all term groups.
    $TermGroups = Get-PnPTermGroup;

    #Foreach term group.
    Foreach($TermGroup in $TermGroups)
    {
        #Get all term sets.
        $TermSets = $TermGroup | Get-PnPTermSet;

        #Foreach term set.
        Foreach($TermSet in $TermSets)
        {
            #Get all terms.
            $Terms = Get-PnPTerm -TermGroup $TermGroup.Name -TermSet $TermSet.Name;

            #Foreach term.
            Foreach($Term in $Terms)
            {
                #If a term is present.
                If($Term)
                {
                    #Create a new object.
                    $TermCollection = New-Object -TypeName PSObject;

                    #Add value to the object.
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupName" -Value ($TermGroup.Name);
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupId" -Value ($TermGroup.Id);
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupSetName" -Value ($TermSet.Name);
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupSetId" -Value ($TermSet.Id);
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermName" -Value ($Term.Name);
                    Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermId" -Value ($Term.Id);

                    #Add to the object array.
                    $TermsCollection += $TermCollection;
                }
            }
        }
    }

    #Return terms.
    Return $TermsCollection;
}

#Get all keywords.
$Keywords = Get-SPTaxKeyword;

Function Get-SPTaxKeyword

{

#Object array.

$TermsCollection = @();

#Get all term groups.

$TermGroups = Get-PnPTermGroup;

#Foreach term group.

Foreach($TermGroup in $TermGroups)

{

#Get all term sets.

$TermSets = $TermGroup | Get-PnPTermSet;

#Foreach term set.

Foreach($TermSet in $TermSets)

{

#Get all terms.

$Terms = Get-PnPTerm -TermGroup $TermGroup.Name -TermSet $TermSet.Name;

#Foreach term.

Foreach($Term in $Terms)

{

#If a term is present.

If($Term)

{

#Create a new object.

$TermCollection = New-Object -TypeName PSObject;

#Add value to the object.

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupName" -Value ($TermGroup.Name);

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupId" -Value ($TermGroup.Id);

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupSetName" -Value ($TermSet.Name);

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermGroupSetId" -Value ($TermSet.Id);

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermName" -Value ($Term.Name);

Add-Member -InputObject $TermCollection -Membertype NoteProperty -Name "TermId" -Value ($Term.Id);

#Add to the object array.

$TermsCollection += $TermCollection;

}

#Return terms.

Return $TermsCollection;

}

#Get all keywords.

$Keywords = Get-SPTaxKeyword;

Alex Ø. T. Hansen

07/11/2018

SharePoint – Adding keywords to documents with PowerShell

Ever needed to replace or add keywords to documents in a SharePoint site?
Recently I was in charge of migrating site collections from a on-premise environment to SharePoint online.

After the migration we needed to replace a certain taxonomy keyword on all documents. So I created a small PowerShell function to facilitate the company to do so. The function takes 5 parameters:

Url
- URL to the site collection.
Credential
- Credentials to contact the site collection.
TermGuid
- The guid of the keyword that you want to find.
AddTermGuid
- The guid of the new keyword you want to add/replace.
Replace (switch)
- If this switch is set, it will substitute TermGuid with AddTermGuid

In order for the function to work you need to download the SharePoint PnP cmdlets here.

#Replace SharePoint keywords.
Function Add-SPTaxKeyword
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true)][string]$Url,
        [Parameter(Mandatory=$true)][PSCredential]$Credential,
        [Parameter(Mandatory=$true)][string]$TermGuid,
        [Parameter(Mandatory=$true)][string]$AddTermGuid,
        [Parameter(Mandatory=$false)][switch]$Replace
    )

    #Connect to SharePoint site.
    Connect-PnPOnline -Url $Url -Credentials $Credential;

    #Get all libraries/list.
    $Lists = Get-PnPList;

    #Foreach list.
    Foreach($List in $Lists)
    {
        #Get all list items that have specific term guid.
        $ListItems = Get-PnPListItem -List $List.Title | Where-Object {$TermGuid -in $_.FieldValues.TaxKeyword.TermGuid};

        #Foreach list item.
        Foreach($ListItem in $ListItems)
        {
            #If remove source term is set.
            If($Replace)
            {
                #Add keyword and remove source.
                [array]$TermGuids = $ListItem.FieldValues.TaxKeyword.TermGuid;
                [array]$TermGuids += $AddTermGuid;
                [array]$TermGuids = $TermGuids | Where-Object {$_ -ne $TermGuid}
            }
            Else
            {
                #Don't remove anyone.
                [array]$TermGuids = $ListItem.FieldValues.TaxKeyword.TermGuid;
                [array]$TermGuids += $AddTermGuid;
            }

            #Set the keyword on the item.
            Set-PnPListItem -List $List.Title -Identity $ListItem.Id -Values @{"TaxKeyword"=$TermGuids};
        }
    }
}

#Add the keyword.
Add-SPTaxKeyword -Url "https://contoso.sharepoint.com/sites/intranet" -Credential (Get-Credential) -TermGuid "fd9e6751-e7c2-4a71-80ec-486a65eb1ed2" -AddTermGuid "6564c2fe-b39e-4454-b11c-5507a7568948" -Replace;

#Replace SharePoint keywords.

Function Add-SPTaxKeyword

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true)][string]$Url,

[Parameter(Mandatory=$true)][PSCredential]$Credential,

[Parameter(Mandatory=$true)][string]$TermGuid,

[Parameter(Mandatory=$true)][string]$AddTermGuid,

[Parameter(Mandatory=$false)][switch]$Replace

)

#Connect to SharePoint site.

Connect-PnPOnline -Url $Url -Credentials $Credential;

#Get all libraries/list.

$Lists = Get-PnPList;

#Foreach list.

Foreach($List in $Lists)

{

#Get all list items that have specific term guid.

$ListItems = Get-PnPListItem -List $List.Title | Where-Object {$TermGuid -in $_.FieldValues.TaxKeyword.TermGuid};

#Foreach list item.

Foreach($ListItem in $ListItems)

{

#If remove source term is set.

If($Replace)

{

#Add keyword and remove source.

[array]$TermGuids = $ListItem.FieldValues.TaxKeyword.TermGuid;

[array]$TermGuids += $AddTermGuid;

[array]$TermGuids = $TermGuids | Where-Object {$_ -ne $TermGuid}

}

Else

{

#Don't remove anyone.

[array]$TermGuids = $ListItem.FieldValues.TaxKeyword.TermGuid;

[array]$TermGuids += $AddTermGuid;

}

#Set the keyword on the item.

Set-PnPListItem -List $List.Title -Identity $ListItem.Id -Values @{"TaxKeyword"=$TermGuids};

}

#Add the keyword.

Add-SPTaxKeyword -Url "https://contoso.sharepoint.com/sites/intranet" -Credential (Get-Credential) -TermGuid "fd9e6751-e7c2-4a71-80ec-486a65eb1ed2" -AddTermGuid "6564c2fe-b39e-4454-b11c-5507a7568948" -Replace;

You are able to get the SharePoint taxonomy keyword GUID through the Get-PnPTerm cmdlet, find more information here.

Alex Ø. T. Hansen

05/11/2018

Exam 70-743 – Upgrading Your Skills to MCSA: Windows Server 2016

I have been studying for the 70-743 exam (upgrading from MCSA: Windows Server 2012) for the past 6 weeks, and was able to pass it with a decent score 817 (min. passing score is 700).
In order for me to pass, I used differrent study materials such as books, videos and websites.

If you are on the same journey, I’m providing a study guide of which resources I used, and which questions you will need to answer right of the bat for you to pass.

Alex Ø. T. Hansen

19/09/2018

Exchange – Add nested group recipients to parent resources

Do you have nested groups within Exchange resources such as distribution groups, shared mailboxes, rooms or equipment?

If you have, you have come to the right place. I have created a script that extracts all nested group members of a resource, and add it directly to the resource instead.

The script works in both on-premise and Exchange Online.

Before you can run the script, you need to have access to the following:

Access to on-premise and/or Office 365 environment as a administrator.
Have the AzureAD and Active Directory PowerShell module installed.

Alex Ø. T. Hansen

16/09/2018

Tutorial – Deploy Always On VPN

Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, non-domain-joined (workgroup), or Azure AD–joined devices, even personally owned devices. With Always On VPN, the connection type does not have to be exclusively user or device but can be a combination of both. For example, you could enable device authentication for remote device management, and then enable user authentication for connectivity to internal company sites and services.

The purpose for this guide is to demonstrate how to deploy the Always On feature easily. In this guide we will deploy the following platforms primarily using PowerShell where possible:

Active Directory (AD DS)
DNS
Certificate Authority (AD CS)
DHCP
Routing and Remote Access Service (RRAS)
Network Policy Server (RADIUS)

It will not be demonstrated how to install Windows Server or Windows 10 operating system.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.

Alex Ø. T. Hansen

13/07/2018

PowerShell – Add an item to a list in SharePoint through REST

Need to add a item to a list in SharePoint with PowerShell?

I have create a small function that allows you to use the REST API in SharePoint to create a list item.

################################################
<# Function - Start #>

#Creates a PS credential object.
Function Create-PSCredential
{
    [cmdletbinding()]	
		
    Param
    (
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,
        [Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password
    )

    #Convert the password to a secure string.
    $SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;

    #Convert $Username and $SecurePassword to a credential object.
    $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

    #Return the credential object.
    Return $Credential;
}

#Adds a SharePoint List Item using REST.
Function Create-SPListItem
{
    [cmdletbinding()]

    Param
    (
        [Parameter(Mandatory=$True)]$Credential,
        [Parameter(Mandatory=$True)][string]$Site,
        [Parameter(Mandatory=$True)][string]$List,
        [Parameter(Mandatory=$True)][HashTable]$Content
    )

    #Construct path to list API.
    $ListSvc = ($Site + "/_vti_bin/listdata.svc/" + $List);

    #Webrequest headers.
    $Headers = @{
        "Accept" = "application/json;odata=verbose";
    }

    #Convert hashtable to JSON.
    $Body = $Content | ConvertTo-Json;

    #Invoke the REST API.
    $Result = Invoke-WebRequest -Uri $ListSvc -Method Post -Credential $Credential -Headers $Headers -ContentType "application/json" -Body $Body;

    #If the status description is set to created.
    If($Result.StatusDescription -eq "Created")
    {
        #True.
        Return $true;
    }
    Else
    {
        #False.
        Return $false
    }
}

<# Functions - End #>
################################################
<# Main - Start #>

#SharePoint site.
$SPSite = "https://sharepoint.contoso.com/site/123";

#SharePoint list name.
$SPList = "MyList";

#Credentials.
$Username = “Contoso\User”;
$Password = “MyPassword”;
$Credential = Create-PSCredential -Username $Username -Password $Password;

#List Item Data.
$Content = @{
    Column1 = "Data1";
    Column2 = "Data2";
    Column3 = "Data3";
}

Create-SPListItem -Credential $Credential -Site $SPSite -List $SPList -Content $Content;

<# Main - End #>
################################################

################################################

<# Function - Start #>

#Creates a PS credential object.

Function Create-PSCredential

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid username, example 'Domain\Username'.")]$Username,

[Parameter(Mandatory=$true, HelpMessage="Please provide a valid password, example 'MyPassw0rd!'.")]$Password

)

#Convert the password to a secure string.

$SecurePassword = $Password | ConvertTo-SecureString -AsPlainText -Force;

#Convert $Username and $SecurePassword to a credential object.

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecurePassword;

#Return the credential object.

Return $Credential;

}

#Adds a SharePoint List Item using REST.

Function Create-SPListItem

{

[cmdletbinding()]

Param

(

[Parameter(Mandatory=$True)]$Credential,

[Parameter(Mandatory=$True)][string]$Site,

[Parameter(Mandatory=$True)][string]$List,

[Parameter(Mandatory=$True)][HashTable]$Content

)

#Construct path to list API.

$ListSvc = ($Site + "/_vti_bin/listdata.svc/" + $List);

#Webrequest headers.

$Headers = @{

"Accept" = "application/json;odata=verbose";

}

#Convert hashtable to JSON.

$Body = $Content | ConvertTo-Json;

#Invoke the REST API.

$Result = Invoke-WebRequest -Uri $ListSvc -Method Post -Credential $Credential -Headers $Headers -ContentType "application/json" -Body $Body;

#If the status description is set to created.

If($Result.StatusDescription -eq "Created")

{

#True.

Return $true;

}

Else

{

#False.

Return $false

}

<# Functions - End #>

################################################

<# Main - Start #>

#SharePoint site.

$SPSite = "https://sharepoint.contoso.com/site/123";

#SharePoint list name.

$SPList = "MyList";

#Credentials.

$Username = “Contoso\User”;

$Password = “MyPassword”;

$Credential = Create-PSCredential -Username $Username -Password $Password;

#List Item Data.

$Content = @{

Column1 = "Data1";

Column2 = "Data2";

Column3 = "Data3";

}

Create-SPListItem -Credential $Credential -Site $SPSite -List $SPList -Content $Content;

<# Main - End #>

################################################