Resolved–“WARNING: Unable to resolve package source ‘https://www.powershellgallery.com/api/v2’

HiTechCandy Blog – New Era of Technical Blog

I’ve been running into a similar issue today trying to get the AZ module installed.  See if running this below command first helps:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

how-to-disable-inactive-user-accounts-using-powershell

Inactive Active Directory (AD) user accounts can pose a security risk to organizations, in situations such as when former employees still have active accounts months after leaving the company because HR failed to inform IT, or accounts might be created for a particular purpose but never deleted after the event. Whatever the reason for the existence of such accounts, Active Directory can quickly get out of control, in turn making your systems harder to audit and less secure.

Active Directory Module for PowerShell

The PowerShell module for Active Directory allows system administrators to query Active Directory and generate reports using the resulting data. The AD module for PowerShell is installed by default on Windows Server 2012 domain controllers, or alternatively you can download the Remote Server Administration Tools (RSAT) for Windows 8.1 and install the module using the command below.

Log in as a local administrator, open a PowerShell prompt, type the code below and press ENTER to install the AD module for PowerShell:

Install-WindowsFeature RSAT-AD-PowerShell

Search Active Directory for Inactive Accounts

The Search-ADAccount cmdlet provides an easy way to query Active Directory for inactive user accounts:

Search-ADAccount –UsersOnly –AccountInactive

clip_image002Figure 1

The above command returns all inactive accounts. To narrow down the results to a specific time range, you can add the –TimeSpanparameter to Search-ADAccount. In the example below, a variable defines the value for the –TimeSpan parameter, using the New-Timespan cmdlet to simplify the input:

$timespan = New-Timespan –Days 90

Search-ADAccount –UsersOnly –AccountInactive –TimeSpan $timespan

Alternatively, you can specify the –DateTime parameter to return accounts that have been inactive since a given date. In the command that follows, accounts not active since May 5th 2014 are returned:

Search-ADAccount –UsersOnly –AccountInactive -DateTime ‘5/20/2014’

To get more user-friendly information about the accounts, pipe the results to the Get-ADUser cmdlet and then choose the columns to display in the output using Select:

Search-ADAccount –UsersOnly –AccountInactive | Get-ADuser -Properties Department,Title | Select Name,Department,Title,DistinguishedName

clip_image004Figure 2

The results can also be sorted by a specified field, in this example by the LastLogOnDate attribute, which is derived from the LastLogonTimestamp and converted into a readable format:

Search-ADAccount –UsersOnly –AccountInactive | Get-ADuser -Properties Department,Title | Sort LastLogOnDate | Select Name,Department,Title,DistinguishedName

It’s worth noting that unlike the LastLogOn attribute, LastLogonTimestamp is synchronized between domain controllers, but can be 9 to 14 days out-of-date, so you should bear this in mind when processing your results.

Another way to simplify the output and count the number of inactive users is to pipe the results to the Measure cmdlet:

Search-ADAccount –UsersOnly –AccountInactive –TimeSpan $timespan | Measure

As with any other PowerShell cmdlets, the results can be piped to Out-GridView, or to a comma-delimited file so that the results can be imported into Excel.

Search-ADAccount –UsersOnly –AccountInactive –TimeSpan $timespan | Out-GridView

Disable Inactive Accounts

Once you’ve got the set of results you’re looking for, all you need to do is pipe them to the Disable-ADAccount cmdlet as shown here to disable the accounts:

Search-ADAccount –UsersOnly –AccountInactive –TimeSpan $timespan | Disable-ADAccount

Remote Desktop CredSSP encryption Oracle remediation Registry fix

This is a quick credssp registry fix for the following error when trying to connect to a machine using RDP (Remote Desktop):

Image showing RDP CredSSP Authentication Error when connecting to a host with RDP

This is because the server you are connecting to is not patched up to date, and the machine you are connecting from is. Modify the registry to allow your machine to connect to it:

  1. Open Regedit.
  2. Navigate to the following registry key, or create it if it does not exist:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
  3. Create a new DWORD value called “AllowEncryptionOracle
  4. Set the new registry entry to have a value of 2:

Image showing AllowEncryptionOracle registry entry being set to a value of 2

    5. Connect to the server that you were unable to connect to before.

Run this from an elevated command prompt to achieve the same result:

  • REG ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /v AllowEncryptionOracle /t REG_DWORD /d 2

How to export user photos in O365 / Exchange Online using Exchange Online Powershell

Below small script can be use to export photos from O365 / Exchange Online using powershell.

First you need to connect to exchange online.

#############################################

get-mailbox -ResultSize Unlimited | % {Get-UserPhoto $_.identity} | % {Set-Content -path “C:\Photos\$($_.identity).jpg” -value $_.picturedata -Encoding byte}

####################################################

How to export thumbnail/photos from Active Directory using powershell

Below is smal powershell script to export photos from the Active Directory using AD powershell.

#########################################################

$list=GET-ADuser –filter * -properties thumbnailphoto

Foreach ($User in $list)

{

$Directory=’C:\Photos\’

If ($User.thumbnailphoto)

  {

  $Filename=$Directory+$User.samaccountname+’.jpg’

  [System.Io.File]::WriteAllBytes($Filename, $User.Thumbnailphoto)

  }

}

#########################################################

Move-CsUser : Unable to locate Windows Live ID token from the provided credentials, or fr om Active Directory Federation Services (AD FS) credentials cache.

PROBLEM

I am getting below error while trying to move the on-premises lync 2013 user to Skype Online.

O365 Sign in method – Seamless Single Sign-on
ADFS Services – Stopped

ADConnect Sync – OK

Password Write back – Enabled

Move-CsUser -Identity “mailtest@domain.com” -Target sipfed.online.lync.com -Confirm:$false -Verbose

VERBOSE: CN=MailTest,OU=Test,OU=Users,OU=IT,OU……………..DC=local

WARNING: Moving a user from the current version to an earlier version (or to a service

version) can cause data loss.

VERBOSE:CN=MailTest,OU=Test,OU=Users,OU=IT,OU……………..DC=local

Move-CsUser : Unable to locate Windows Live ID token from the provided credentials, or fr

om Active Directory Federation Services (AD FS) credentials cache.

At line:1 char:1

+ Move-CsUser -Identity “mailtest@domain.com” -Target sipfed.online.lync.com -Co …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : InvalidOperation: (CN=MailTest,OU=………..DC=local:OCSAD

User) [Move-CsUser], MoveUserException

+ FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserC

mdlet

Move-CsUser : HostedMigration fault: Error=(510), Description=(This user’s tenant is not enabled for shared sip address space.)

PROBLEM

In a Lync hybrid deployment, when you try to move users from the on-premises server that is running Lync to Skype for Business Online (formerly Lync Online) in Office 365, you receive the following error message in Skype for Business Online PowerShell:

Move-CsUser : HostedMigration fault: Error=(510), Description=(This user’s tenant is not enabled for shared sip address space.)

SOLUTION

Before you try to migrate an on-premises Lync user to Skype for Business Online in Office 365, your Office 365 Skype for Business Online organization must be enabled for Shared Session Initiation Protocol (SIP) Address Space.

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

 

How to connect to Skype for Business Online PowerShell

The first step is to install the Windows PowerShell Module for Skype for Business Online. For information, go to the following Microsoft website:

After you have the Skype for Business Online Connector module installed, open Windows PowerShell, and then run the following commands:

Import-Module LyncOnlineConnector

 

$cred = Get-Credential

 

$CSSession = New-CsOnlineSession -Credential $cred

 

Import-PSSession $CSSession -AllowClobber

For more information about how to connect to Skype for Business Online by using Windows PowerShell, go to the following Microsoft TechNet website:

How to put O365 mailbox on in-place hold using the Exchange Online powershell

In Exchange Server, In-Place Hold functionality is integrated with In-Place eDiscovery searches. You can use the In-Place eDiscovery & Hold wizard in the Exchange Administration Center (EAC) or the New-MailboxSearch and related cmdlets in Exchange Management Shell to place a mailbox on In-Place Hold.

Connect to Exchange online powershell and run the below command

New-MailboxSearch -Name “NameOfMailbox” -SourceMailboxes EmailAddress -ExcludeDuplicateMessages $True -InPlaceHoldEnabled $true -ItemHoldPeriod Number of Days -Description In-PlaceHoldDescription

 

Many organizations require that users be informed when they’re placed on hold. Additionally, when a mailbox is on hold, any retention policies applicable to the mailbox user don’t need to be suspended. Because messages continue to be deleted as expected, users may not notice they’re on hold. If your organization requires that users on hold be informed, you can add a notification message to the mailbox user’s Retention Comment property and use the RetentionUrl property to link to a web page for more information. Outlook 2010 and later displays the notification and URL in the backstage area. You must use the Shell to add and manage these properties for a mailbox.

How to view current mailbox size, message count and last logon

You can use the Exchange Management Console to view who last logged on to a mailbox, the last logon date and time, the mailbox size, and the message count by completing these steps:

1. Expand the Recipient Configuration node and then select the Mailbox node.
2. Double-click the mailbox with which you want to work.
3. On the General tab, the Last Logged On By text box shows who last logged on to the mailbox, and the Modified entry shows the date and time the mailbox was last modified.
4. On the General tab, the Total Items and Size (KB) areas show the number of messages in the mailbox and the current mailbox size in kilobytes, respec¬tively.

If you want to view similar information for all mailboxes on a server, the easiest way is to use the Get-MailboxStatistics cmdlet. Here are some examples of using this cmdlet.

Get-MailboxStatistics -Server ‘corpsvr127’
Get-MailboxStatistics -Database ‘Engineering Primary’
Get-MailboxStatistics –Identity ‘cpandl\williams’