PowerShell, ActiveDirectory and the elusive Filter parameter

When searching for users in Active Directory using PowerShell, the ActiveDirectory module is often one of the first things that comes in to mind. The module has been around for quite som time now but there is one problem that many users still stumbles on, the Filter parameter. There are basically three methods for searching after a user with Get-ADUser.

tl;dr;** This article explains how use the -Filter parameter when searching AD, if you just want the answer, skip down to the **Solution.

Managing licenses with AzureAD V2 PowerShell module

On november 17th, a new version of the AzureAD PowerShell module was released to the gallery. This can be found here: https://www.powershellgallery.com/packages/AzureAD/2.0.0.30

In the old MSOnline module there were two commands used to change assigned licenses to a user. First we had the Set-MsolUserLicense with the parameter ObjectID or UserPrincipalName could be combined with AddLicenses, RemoveLicenses and LicenseOptions. Secondly we had New-MsolLicenseOptions which would create a licenseoptions object.

In the new AzureAD module there still is a command called Set-AzureADUserLicense, but it has only two parametrs, ObjectId and AssignedLicenses. There is no command to create licenseoptions.

Now this can be a bit confusing for the unexperienced PowerShell user, but fear not, we’ll get to the bottom of this!

Test GPO read permission with PowerShell (MS16-072 – KB3159398)

Last patch-tuesday, Microsoft released Security Bulletin MS16-072. This update changes how Group Policies are downloaded to a computer which might cause GPOs to fail to apply. A common symptom for this is that users no longer get their drives mapped by GPO. To quote the KB-article KB3159398: This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

Keeping my GitHub Forks up to date

In a previous post I wrote about when Iupdated the command Update-AzureRMto only update modules that has a newer version available and not download and overwrite modules that already are up to date. Unless I use the -Force parameter of course. Once I've done the change and was satisfied I thought that maybe someone else might benefit from this update and since the AzureRM module is available as an open source project on GitHub I requested to have my changes included in the official version of the module.

Real world DevOps training

I'm an Ops guy, I have a history of working in IT operations and I think of myself as a “technician” or “ITPro”. To be honest, I don't know what to call it, but my point is that I do not have a background as programmer. I've been talking with other Ops-persons about integrating and collaborating with developer teams for quite some time now. Trying to make others understand the benefits they can both give and receive when collaborating with developers and trying to convince operations teams that we have lots and lots to learn from developers.