How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4

Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers

Now, it’s time to test running the script. Let’s say user2 has recently joined to your company and try to run some script downloaded from internet on Node-2 computer which is a newly domain joined computer. Also, don’t forget to “gpupdate” on client computers after your GPO is changed. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 4”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3

3) Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-2: Request the certificate to sign the script by user1
Go to >> Part-4: Run the test scripts

In Part-2, we have signed the script with user1’s certificate. There are some manual works such as adding user1 certificate to trusted publisher group. Let us see how can we automate this process by using GPO.

First of all, we need to export user1 certificate from Node1 computer’s personal store to DC1 computer where we can distribute this certificate via Group Policy. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 3”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2

2) Request the certificate the sign the script by user1
Go to >> Part-1:Install ADCS service and configure Code Signing Certificate Template
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts

In the Part-1, we have configured AD CS role and configure certificate template. Now, it’s time that user1 request his certificate and sign his script. On the Node-1 computer with user1 logged on as domain user: Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 2”

How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1

Go to >> Part-2: Request the certificate the sign the script by user1
Go to >> Part-3: Configure GPO to allow only signed scripts and add user1’s certificate to trusted publisher group on domain computers
Go to >> Part-4: Run the test scripts

This is a lengthy post of how to digitally sign your powershell script, so I divide it up to 4 sections.  Digitally signing of powershell script, for the security purpose, is particularly useful to prevent the execution of malicious scripts on servers or workstations in your domain environment. Today, I will show you how to sign your powershell scripts from Microsoft CA and use GPO to control the execution of unsigned scripts in domain environment. Continue reading “How to Digitally Sign the Powershell Scripts with Microsoft CA in Domain – A step-by-step Guide – Part 1”

Recover Crashed Exchange 2013 Mailbox Server in DAG

Recovering a crashed mailbox server in a Database Availability Group (DAG) is a straightforward process using the setup.exe /m:RecoverServer command. However, to ensure a smooth recovery, you need to follow certain steps. Here’s an overview of the recovery process, which I will explain in detail later:

Continue reading “Recover Crashed Exchange 2013 Mailbox Server in DAG”

Search Multiple Words in Multiple Excel files using Powershell !

Inventory documentation with Excel is something that most infrastructure administrators have to deal with on a daily basis. Sometimes, I have to search for a bulk of IP addresses in multiple Excel files, but I have to do it by opening the Excel files one by one. After investigating how this can be achieved in PowerShell, I found that using comObject is the way to go, as it can be used to automate most Windows applications. Make sure Microsoft Excel is already installed before you run the script.

Continue reading “Search Multiple Words in Multiple Excel files using Powershell !”

View SSL/TLS Certificate Info with OpenSSL Command

You can simply check the SSL/TLS certificate information which is listening at non-http port (like STMP) by using the OpenSSL tool. All you need to know is to the port that uses encrypted connection. For example, I view the certificate info at CentOS website & TLS certificate used for smtp connection. With WSL, OpenSSL already installed and you’re ready to go.

Continue reading “View SSL/TLS Certificate Info with OpenSSL Command”

Creating Active Directory Users in the Nested OUs

It is the powershell script that will automatically create AD users. What makes it unique is that all the necessary OUs (even nested OUs) are created in advance before users creation. So, you won’t need a separate script for both tasks. Here, I give the screenshot of my testing domain, with example users defined in my csv file.

Continue reading “Creating Active Directory Users in the Nested OUs”

How to find Active Directory Users Properties: Memership, OU and Creation Date etc.

It’s a one-liner command that I use to find the most common AD attributes including the Creation date, Member Of and OU location. I attached the screenshot as example.

Continue reading “How to find Active Directory Users Properties: Memership, OU and Creation Date etc.”

How to power on bulk VMs automatically in PowerCli

Here’s a script using PowerCLI to handle disaster recovery by powering on VMs while ensuring that VMs originally powered off remain off. The script includes functionality to back up the current power state of VMs, compare it with the stored power state, and display a progress bar during the recovery process.

Continue reading “How to power on bulk VMs automatically in PowerCli”