Search This Blog

Apr 29, 2024

What is "alias" type in whoami output?

 You probably noticed that besides "well-known group" and "group" in the output of whoami /all command, there is also another type called "alias". There was much result in googling to tell what this exactly is.

After much searching, find this document: SAM Remote Protocol - not that kind of doc you'd think of for the question we have above. Anyhow, even info in this doc is obscure: 

alias object: See resource group

then:

resource group: A group object whose membership is added to the authorization context only if the server receiving the context is a member of the same domain as the resource group.

Translation:

An alias is a domain local group from same domain as the resource server where it receives the context

Tags: ,

Mar 4, 2024

temp

  1. SMS Admins Group
  2. SMS Reporting Users Group
  3. SMS Remote Control Users Group:
  4. SMS Site Servers Group:
  5. SMS SQL Monitor Group

Feb 28, 2024

AzureAD module for Graph Notes

  1.  How to install AzureAD module without internet connection
    1. Download nupkg file from PowerShell Gallery
    2. for module that has dependences, you can download all nupkg files into same folder
    3. copy nupkg file to a dedicated folder
    4. Assuming you have NuGet available, run "Register-PSRepository -Name <pickAName4YourRepository> -SourceLocation <absolute path to nupkg file>"
    5. You can now "find-module -repository <repositoryName>"
    6. "Install-Module -Name <moduleName>"
    7. placeholder
  2. Install modules behind company proxy
    2. run below as admin
    3. [System.Net.WebRequest]::DefaultWebProxy.Credentials = Get-Credential
    4. [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  3. ODATA filter syntax
    1. Get-AzureADUser -Filter "proxyAddresses/any(c:c eq 'smtp:user@domain.com')"
    2. Get-AzureADUser -Filter "Department eq 'HP'"
    3. Get-AzureADDirectoryROle -filter "DisplayName eq 'application administrator'"
    4. Find reference on Oasis website
    5. placeholder
  4. Connect to graph behind proxy
# [NOTE] Set up proxy. Below works for PS 5
[System.Net.WebRequest]::DefaultWebProxy.Credentials = Get-Credential
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

# Powershell 7 is using [System.Net.HttpWebRequest]::DefaultWebProxy instead of [System.Net.WebRequest]
[System.Net.HttpWebRequest]::DefaultWebProxy = New-Object System.Net.WebProxy($null)  
  # this may work in companies where it can authenticate automatically
[System.Net.HttpWebRequest]::DefaultWebProxy.Credentials = Get-Credential
# Prompt for credential in companies that needs authN to use proxy

 [System.Net.HttpWebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials 

# this can be used when proxy uses your default credential (it could be your domain credential, it could be your Azure cendenital, depending on your environment)

  1. placeholder

Subscribe to: Posts (Atom)