PowerShell – Set the account profile picture from Azure AD

If you ever need to set the local Windows user account profile pictures from Azure AD, you can use the following script.

The script leverages the Graph API through a service principal (app) in Azure AD. There is some requirements before running the script:

You can run the script “manually” or deploy it with Azure Intune. You can run the script under your own or with the “nt authority\system” account. Just be sure that the account have access to write to the following registry path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users” and it child objects.

The only thing you need to change in the script is three variables (line 43, 44 and 45) for the Azure AD app information.

Here is a basic walk through of what the script actually does:

  1. Create folder structure in “C:\Scripts\ProfilePicture” to store pictures, script and logs. The folder path can be changed to your liking on line 33, 34 and 39.
  2. Start transcript logs to “C:\Scripts\ProfilePicture\Logs\”.
  3. Get the access token for Graph API.
  4. Get user information (UPN, Username and SID) that have already logged in to the local device.
  5. Download user profile photo for each user in “C:\Scripts\ProfilePicture\Data\”.
  6. Sets registry keys to use the downloaded photo for each user.
  7. Create a task schedule (if it doesn’t exist) so it updates any picture change in Azure AD.
  8. Copy the script to location “C:\Scripts\ProfilePicture”.

You may need to compile the code into an executable, this will disguise the client secret used to retrieve the profile pictures. One way of turning a PowerShell script into an executable is to use this script, but remember to change the schedule task in the code to point to the .exe file instead of the .ps1 before compiling.

 

PowerShell – Get all nested groups for a user in Active Directory

Nested Groups

Ever needed to get all nested groups a user belongs in Active Directory?

 

SharePoint – Get all terms/keywords from the taxonomy store

SharePoint PnP

Yesterday I publish an article how to replace/add keywords on documents. But one of the requirements was that you needed the ID of the term you want to find and add/replace. So yet again I created a small function that allows you to return all terms from the store.

You still need the PnP SharePoint cmdlets, which you can download here.

Exchange – Add nested group recipients to parent resources

Nested Groups

Do you have nested groups within Exchange resources such as distribution groups, shared mailboxes, rooms or equipment?

If you have, you have come to the right place. I have created a script that extracts all nested group members of a resource, and add it directly to the resource instead.

The script works in both on-premise and Exchange Online.

Before you can run the script, you need to have access to the following:

  • Access to on-premise and/or Office 365 environment as a administrator.
  • Have the AzureAD and Active Directory PowerShell module installed.

Read More

SolarWinds Orion – Certificate Expiration Template

I’m back again with one more PowerShell script, this time getting certificate expiration warnings from Windows machines.

You can use the PowerShell script below to create a template and get warnings, critical, down etc. if a certificate is close to expiration or already is expired.

Read More

WSUS – High CPU due to “supersedence” updates.

Lately I have been seeing high CPU (90-100%) usage on servers where the Windows Server Updates Services (WSUS) is installed.

This is mainly caused by updates that is superseded, and is filling the database causing the CPU to spike.

Read More

SharePoint – User Profile Image Cross-Site with ADFS

If you have spread the MySite and a web application into separated SharePoint Web Application and both of these is using AD FS for authentication. You maybe noticed that you are not able to load user profile thumbnails from the MySite. This is because a token is not issued from the MySite web application and Cross-Origin Resource Sharing (CORS) that is a security measure.

But luckily Microsoft have acknowledged this and have added a PowerShell command that allows to load pictures/resources from other SharePoint web applications on the same farm.

Read More

SharePoint – Reduce the search system impact

It’s possible to set the performance for a SharePoint search crawl with PowerShell. This becomes handy if you are on a developing environment where performance isn’t crucial.

There are 3 valid modes:

  • Reduced
    • Total number of threads = number of processors, Max Threads/host = number of processor.
  • PartlyReduced (default)
    • Total number of threads = 4 times the number of processors , Max Threads/host = 16 times the number of processors
  • Maximum
    • Total number of threads = 4 times the number of processors , Max Threads/host = 16 times the number of processors (threads are created at HIGH priority)

Use the following PowerShell commands in a SharePoint Management Shell.

Read More

SharePoint – Enable BLOB Cache with PowerShell

Disk-based caching controls caching for binary large objects (BLOBs) such as image, sound, and video files, as well as code fragments. Disk-based caching is extremely fast and eliminates the need for database round trips. BLOBs are retrieved from the database once and stored on the Web client. Further requests are served from the cache and trimmed based on security.

Disk-based caching is disabled by default. To enable and customize the disk-based cache, you can run the following script.

Read More

Group Policy – Found unlinked (disabled) GPO and delete it

If you have a lot of unused (not linked) group policy object, you can delete it with the following PowerShell script.

Read More