Search This Blog

Apr 29, 2024

What is "alias" type in whoami output?

 You probably noticed that besides "well-known group" and "group" in the output of whoami /all command, there is also another type called "alias". There was much result in googling to tell what this exactly is.

After much searching, find this document: SAM Remote Protocol - not that kind of doc you'd think of for the question we have above. Anyhow, even info in this doc is obscure: 

alias object: See resource group

then:

resource group: A group object whose membership is added to the authorization context only if the server receiving the context is a member of the same domain as the resource group.

Translation:

An alias is a domain local group from same domain as the resource server where it receives the context

Feb 28, 2024

AzureAD module for Graph Notes

  1.  How to install AzureAD module without internet connection
    1. Download nupkg file from PowerShell Gallery
    2. for module that has dependences, you can download all nupkg files into same folder
    3. copy nupkg file to a dedicated folder
    4. Assuming you have NuGet available, run "Register-PSRepository -Name <pickAName4YourRepository> -SourceLocation <absolute path to nupkg file>"
    5. You can now "find-module -repository <repositoryName>"
    6. "Install-Module -Name <moduleName>"
    7. placeholder
  2. Install modules behind company proxy
    1. run below as admin
    2. [System.Net.WebRequest]::DefaultWebProxy.Credentials = Get-Credential
    3. [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  3. ODATA filter syntax
    1. Get-AzureADUser -Filter "proxyAddresses/any(c:c eq 'smtp:user@domain.com')"
    2. Get-AzureADUser -Filter "Department eq 'HP'"
    3. Get-AzureADDirectoryROle -filter "DisplayName eq 'application administrator'"
    4. Find reference on Oasis website
    5. placeholder
  4. Connect to graph behind proxy
# [NOTE] Set up proxy. Below works for PS 5
[System.Net.WebRequest]::DefaultWebProxy.Credentials = Get-Credential
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

# Powershell 7 is using [System.Net.HttpWebRequest]::DefaultWebProxy instead of [System.Net.WebRequest]
[System.Net.HttpWebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy($null)  
  # this may work in companies where it can authenticate automatically
[System.Net.HttpWebRequest]::DefaultWebProxy.Credentials = Get-Credential
# Prompt for credential in companies that needs authN to use proxy

 [System.Net.HttpWebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials 

# this can be used when proxy uses your default credential (it could be your domain credential, it could be your Azure cendenital, depending on your environment)

  1. placeholder

Jan 31, 2024

[PowerShell] When ExpandProperty is not good enough

The ExpandProperty parameter in select-object cmdlet is useful to view full values of a compound property (e.g. when a property's value is an array or an object). However the limitation is also obvious. It accepts only one property, so we are forced to write a script block to process all results, using a different way to convert/expand properties one by one, before we can finally assembly the output.

The other way to do it is to use inline expression. See below

$targetedProperties=@(
    samaccountname,
    @{l='membership'; e={$_.memberof}}
    @{l='allEmailAddresses'; e={$_.proxyAddresses}}
$uObj = get-aduser 'johnDoe' -properties *
$expandedObj = $uObj | select $targetedProperties
 



Array that includes most meaningful AD attributes for admins


$meaningfulP = @(
    "AccountExpirationDate"
    #"accountExpires" # above converted value is readable to human - blank means never
    "AccountLockoutTime"
    "AccountNotDelegated"
    "AllowReversiblePasswordEncryption"
    #"BadLogonCount" # these are temporary values that are reset by AD periodically
    #"badPasswordTime"
    #"badPwdCount"
    "c"
    "CannotChangePassword"
    "CanonicalName"
    "City"
    "CN"
    "co"
    "codePage"
    "Company"
    "Country"
    "countryCode"
    "Created"
    "createTimeStamp"
    "Deleted"
    "Department"
    #"departmentNumber"
    @{l="deptNumber";e={$_.departmentNumber}}
    "Description"
    "DisplayName"
    "DistinguishedName"
    "Division"
    "EmailAddress"
    "EmployeeID"
    "EmployeeNumber"
    "employeeType"
    "Enabled"
    "extensionAttribute12"
    "extensionAttribute14"
    "extensionAttribute2"
    "extensionAttribute3"
    "extensionAttribute4"
    "extensionAttribute5"
    "extensionAttribute6"
    "extensionAttribute8"
    "extensionAttribute9"
    "Fax"
    "GivenName"
    "HomeDirectory"
    "HomedirRequired"
    "HomeDrive"
    "HomePage"
    "HomePhone"
    "Initials"
    "instanceType"
    "isDeleted"
    "l"
    "LastBadPasswordAttempt"
    "LastKnownParent"
    "LastLogonDate"
    "legacyExchangeDN"
    "LockedOut"
    "lockoutTime"
    "logonCount"
    "LogonWorkstations"
    "mail"
    "mailNickname"
    "Manager"
    #"MemberOf"
    @{l='membership';e={($_.Memberof)[0..20]}} #to prevent this value to become too large to fit into Excel cell limit
    "MNSLogonAccount"
    "MobilePhone"
    "Modified"
    "modifyTimeStamp"
    "Name"
    "ObjectCategory"
    "ObjectClass"
    "Office"
    "OfficePhone"
    "Organization"
    "OtherName"
    "PasswordExpired"
    "PasswordLastSet"
    "PasswordNeverExpires"
    "PasswordNotRequired"
    "physicalDeliveryOfficeName"
    "POBox"
    "PostalCode"
    "preferredLanguage"
    "ProfilePath"
    "ProtectedFromAccidentalDeletion"
    #"proxyAddresses"
    @{l='allEmailAddr';e={$_.proxyAddresses}}
    "SamAccountName"
    "sAMAccountType"
    "ScriptPath"
    "sDRightsEffective"
    #"ServicePrincipalNames"
    @{l='SPN';e={$_.ServicePrincipalNames}}
    "SmartcardLogonRequired"
    "sn"
    "st"
    "State"
    "StreetAddress"
    "Surname"
    "targetAddress"
    "Title"
    "TrustedForDelegation"
    "TrustedToAuthForDelegation"
    "UseDESKeyOnly"
    "userAccountControl"
    "UserPrincipalName"
    "whenChanged"
    "whenCreated"
)