From 34b041dc2e0cecd95d57b6518c5c8e2372361dad Mon Sep 17 00:00:00 2001 From: Jurjen Ladenius Date: Thu, 9 Jul 2020 10:28:42 +0200 Subject: [PATCH] Initial commit --- Policies/service bus queue policy.json | 52 ++++++ Policies/service bus subscription policy.json | 52 ++++++ Policies/service bus topic policy.json | 66 +++++++ Powershell/Lists/ADMusers.ps1 | 96 ++++++++++ Powershell/Lists/Certificates.ps1 | 91 ++++++++++ Powershell/Lists/Resources.ps1 | 63 +++++++ Powershell/RunBooks/ServiceBus.ps1 | 86 +++++++++ Powershell/Tools/ApplyTags.ps1 | 86 +++++++++ Powershell/Tools/DNS verification/Book1.csv | 30 ++++ Powershell/Tools/DNS verification/DNS-vip.csv | 32 ++++ Powershell/Tools/DNS verification/DNS.ps1 | 166 ++++++++++++++++++ .../Add PowerShell to Context Menu.reg | Bin 0 -> 978 bytes .../Add PowerShell to Shift Context Menu.reg | Bin 0 -> 1008 bytes .../Remove PowerShell from Context Menu.reg | Bin 0 -> 556 bytes Powershell/Tools/SyncAAD.ps1 | 3 + README.md | 22 +-- 16 files changed, 825 insertions(+), 20 deletions(-) create mode 100644 Policies/service bus queue policy.json create mode 100644 Policies/service bus subscription policy.json create mode 100644 Policies/service bus topic policy.json create mode 100644 Powershell/Lists/ADMusers.ps1 create mode 100644 Powershell/Lists/Certificates.ps1 create mode 100644 Powershell/Lists/Resources.ps1 create mode 100644 Powershell/RunBooks/ServiceBus.ps1 create mode 100644 Powershell/Tools/ApplyTags.ps1 create mode 100644 Powershell/Tools/DNS verification/Book1.csv create mode 100644 Powershell/Tools/DNS verification/DNS-vip.csv create mode 100644 Powershell/Tools/DNS verification/DNS.ps1 create mode 100644 Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Context Menu.reg create mode 100644 Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Shift Context Menu.reg create mode 100644 Powershell/Tools/PowerShell Context Menu Hacks/Remove PowerShell from Context Menu.reg create mode 100644 Powershell/Tools/SyncAAD.ps1 diff --git a/Policies/service bus queue policy.json b/Policies/service bus queue policy.json new file mode 100644 index 0000000..04354b6 --- /dev/null +++ b/Policies/service bus queue policy.json @@ -0,0 +1,52 @@ +{ + "properties": { + "displayName": "Service Bus Queue must have Time to Live (TTL) of 14 days.", + "policyType": "Custom", + "mode": "All", + "description": "This policy enables you to restrict service bus queues with TTL other than 2 weeks.", + "metadata": { + "category": "Service Bus", + "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a", + "createdOn": "2020-04-01T13:25:04.7464348Z", + "updatedBy": "c6025a2e-416c-42da-96ef-dd507382793a", + "updatedOn": "2020-04-03T11:50:29.9215728Z" + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "audit", + "deny", + "disabled" + ], + "defaultValue": "audit" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.ServiceBus/namespaces/queues" + }, + { + "not": { + "field": "Microsoft.ServiceBus/namespaces/queues/defaultMessageTimeToLive", + "equals": "P14D" + } + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09/providers/Microsoft.Authorization/policyDefinitions/b8e823fc-5c2b-4ebe-b9fc-2d4524bc5ae5", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "b8e823fc-5c2b-4ebe-b9fc-2d4524bc5ae5" +} \ No newline at end of file diff --git a/Policies/service bus subscription policy.json b/Policies/service bus subscription policy.json new file mode 100644 index 0000000..9bcc4f0 --- /dev/null +++ b/Policies/service bus subscription policy.json @@ -0,0 +1,52 @@ +{ + "properties": { + "displayName": "Service Bus Subscription must have Time to Live (TTL) of 14 days.", + "policyType": "Custom", + "mode": "All", + "description": "This policy enables you to restrict service bus queue subscriptions with TTL other than 2 weeks.", + "metadata": { + "category": "Service Bus", + "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a", + "createdOn": "2020-04-03T11:50:04.4806377Z", + "updatedBy": null, + "updatedOn": null + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "audit", + "deny", + "disabled" + ], + "defaultValue": "audit" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.ServiceBus/namespaces/topics/subscriptions" + }, + { + "not": { + "field": "Microsoft.ServiceBus/namespaces/topics/subscriptions/defaultMessageTimeToLive", + "equals": "P14D" + } + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/ManagementGroup_SurveySoftware/providers/Microsoft.Authorization/policyDefinitions/60f3692c-286d-4184-8e2b-52d76716d947", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "60f3692c-286d-4184-8e2b-52d76716d947" +} \ No newline at end of file diff --git a/Policies/service bus topic policy.json b/Policies/service bus topic policy.json new file mode 100644 index 0000000..07b6844 --- /dev/null +++ b/Policies/service bus topic policy.json @@ -0,0 +1,66 @@ +{ + "properties": { + "displayName": "Service Bus Topic must have Time to Live (TTL) of equal or less than 14 days", + "policyType": "Custom", + "mode": "All", + "description": "This policy enables you to restrict services bus topic and subscriptions with TTL more than 2 weeks.", + "metadata": { + "category": "Effectory", + "createdBy": null, + "createdOn": null, + "updatedBy": null, + "updatedOn": null + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "audit", + "deny", + "disabled" + ], + "defaultValue": "audit" + } + }, + "policyRule": { + "if": { + "anyOf": [ + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.ServiceBus/namespaces/topics" + }, + { + "field": "Microsoft.ServiceBus/namespaces/topics/defaultMessageTimeToLive", + "greater": "PW2" + } + ] + }, + { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.ServiceBus/namespaces/topics/subscriptions" + }, + { + "field": "Microsoft.ServiceBus/namespaces/topics/subscriptions/defaultMessageTimeToLive", + "greater": "PW2" + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09/providers/Microsoft.Authorization/policyDefinitions/bab116a2-dffc-4740-9935-187dede2d2b0", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "bab116a2-dffc-4740-9935-187dede2d2b0" +} \ No newline at end of file diff --git a/Powershell/Lists/ADMusers.ps1 b/Powershell/Lists/ADMusers.ps1 new file mode 100644 index 0000000..5d9b098 --- /dev/null +++ b/Powershell/Lists/ADMusers.ps1 @@ -0,0 +1,96 @@ +# import AD Module + Import-Module activedirectory + #Set-ExecutionPolicy unrestricted + +#--------------------------- +#-------- Variable --------- +#--------------------------- +$ADUserMembers=""; $ADUser="" +$ADGroupName=""; $ADGroupCategory=""; $ADGroupScope="" +$i=0 + +#--------------------------- +#------- Functions --------- +#--------------------------- +function Get-ADGroupName ($DN) +{ + $ADGrpName= (Get-ADGroup -Filter {DistinguishedName -eq $DN}).SamAccountName + return $ADGrpName +} + + +function Get-GroupMemberOf ($ADGroupName) +{ +if ($ADGroupName -eq "# Developer") { +break +} +$ii++; $a=0 +$Message=""; $Prefix="" +$GroupCategory=""; $GroupScope=""; $GroupName="" + +For ($a=0; $a -lt $ii; $a++) {$Prefix = $Prefix + " "} + +$DNs=(Get-ADGroup $ADGroupName -Properties *).MemberOf +if ($DNs.count -ne 0) +{ + foreach ($DN in $DNs) + { + # $Prefix =" $ADGroupName => " + $GroupName = (Get-ADGroupName $DN) + $GroupCategory = (Get-ADGroup $GroupName -Properties *).GroupCategory + $GroupScope = (Get-ADGroup $GroupName -Properties *).GroupScope + + $Message="$Prefix $ADGroupName => $GroupName [$GroupCategory - $GroupScope]" + Write-Host $Message + + Get-GroupMemberOf $GroupName ' ' + }# End ForEach + }# End IF +}#End Function + +function Get-UserMemberships ($ADUser) +{ + +$ADUserMembers=(Get-ADUser $ADUser -Properties *).MemberOf + +Write-Host "AD-User: $ADUser" -ForegroundColor blue +#PrimaryGroup + $ADPrimaryGroupDN = (Get-ADUser -Properties * -Filter {SamAccountName -eq $ADUser}).PrimaryGroup + $ADPrimaryGroupName=(Get-ADGroupName $ADPrimaryGroupDN) + $ADGroupCategory=(Get-ADGroup $ADPrimaryGroupName).GroupCategory + $ADGroupScope=(Get-ADGroup $ADPrimaryGroupName).GroupScope + $Message = "Primary Group: $ADPrimaryGroupName [$ADGroupCategory, $ADGroupScope]" + Write-Host $Message -BackgroundColor yellow + +#Other groups +foreach ($ADUserMember in $ADUserMembers) +{$i++ + $ADGroupName = (Get-ADGroupName $ADUserMember) + $ADGroupCategory=(Get-ADGroup $ADGroupName).GroupCategory + $ADGroupScope=(Get-ADGroup $ADGroupName).GroupScope + $Message = "($i) $ADGroupName [$ADGroupCategory, $ADGroupScope]" + Write-Host $Message -ForegroundColor black + Get-GroupMemberOf $ADGroupName ' ' + Write-Host " " +} +} + +function Get-AllMembershipsOfUsers($ADGroupName) { + +$devadmaccounts = get-adgroupmember -Identity $ADGroupName -Recursive +foreach ($devADM in $devadmaccounts) { + Get-UserMemberships $devADM.name + Write-Host "======================================================================================================" +} + +} + + +#----------------------------------------------------------------- +Clear-Host + +$ADUser= "DannyADM" +Get-UserMemberships $ADUser + +#$ADGroupName = "# Developer ADM" +#Get-AllMembershipsOfUsers $ADGroupName \ No newline at end of file diff --git a/Powershell/Lists/Certificates.ps1 b/Powershell/Lists/Certificates.ps1 new file mode 100644 index 0000000..cbc080d --- /dev/null +++ b/Powershell/Lists/Certificates.ps1 @@ -0,0 +1,91 @@ +#Connect-AzAccount + +$fileName = ".\azure_appservice_certificates.csv" + +$subscriptions = Get-AzSubscription + +class CertificateCheck { + [string] $SubscriptionId = "" + [string] $CertificateId = "" + [string] $ResourceGroupName = "" + [string] $SubjectName = "" + [string] $ThumbPrint = "" + [DateTime] $ExpirationDate + [double] $TotalDays + [string] $Comment = "" +} + +[CertificateCheck[]]$Result = @() + +$StartDate=(GET-DATE) +foreach ($subscription in $subscriptions) +{ + Set-AzContext -SubscriptionId $subscription.Id + + $certs = Get-AzResource -ResourceType Microsoft.Web/certificates + foreach ($cert in $certs) + { + $id = $cert.Id + $thumbprint = ($cert.Name.Split([char]"#", [char]"-"))[0] + + Write-Host "Certificate $id" + + [CertificateCheck] $certificateCheck = [CertificateCheck]::new() + + $certificateCheck.SubscriptionId = $subscription.Id + $certificateCheck.CertificateId = $id + $certificateCheck.ThumbPrint = $thumbprint + $certificateCheck.ResourceGroupName = $cert.ResourceGroupName + + $Result += $certificateCheck + + } +} + +$Result | Export-Csv -Path $fileName -NoTypeInformation -Force + +$fileName = ".\azure_appservice_certificates_1.csv" + +foreach ($certificateCheck in $Result) +{ + try + { + Set-AzContext -SubscriptionId $certificateCheck.SubscriptionId + + $thumbprint = $certificateCheck.ThumbPrint + Write-Host "thumbprint: $thumbprint" + + $certificate = Get-AzWebAppCertificate -ResourceGroupName $certificateCheck.ResourceGroupName -Thumbprint $thumbprint -debug -verbose + + if ($null -eq $certificate) + { + $certificateCheck.Comment = "Could not find certificate" + } + else + { + try + { + $subjectname = $certificate.SubjectName + $certificateCheck.SubjectName = $subjectname + + Write-Host "Subject name: $subjectname" + + $EndDate=[datetime]$certificate.ExpirationDate + $certificateCheck.ExpirationDate = $EndDate + $span = NEW-TIMESPAN –Start $StartDate –End $EndDate + $certificateCheck.TotalDays = $span.TotalDays + } + catch { + $certificateCheck.Comment = "Could not find expiry for certificate" + } + } + } + catch + { + $certificateCheck.Comment = "Could not load certificate" + } +} + +$Result | Export-Csv -Path $fileName -NoTypeInformation -Force + +$Result | ft \ No newline at end of file diff --git a/Powershell/Lists/Resources.ps1 b/Powershell/Lists/Resources.ps1 new file mode 100644 index 0000000..7991ad2 --- /dev/null +++ b/Powershell/Lists/Resources.ps1 @@ -0,0 +1,63 @@ +#Connect-AzAccount + +class ResourceCheck { + [string] $ResourceId = "" + [string] $Id = "" + [string] $Kind = "" + [string] $Location = "" + [string] $ResourceName = "" + [string] $ResourceGroupName = "" + [string] $ResourceType = "" + [string] $SubscriptionId = "" + [string] $SubscriptionName = "" + [string] $Tag_Team = "" + [string] $Tag_Product = "" + [string] $Tag_Environment = "" + [string] $Tag_Data = "" + [string] $Tag_Delete = "" + [string] $Tag_Split = "" +} + +Write-Host "========================================================================================================================================================================" +Write-Host "Creating resource overview." +Write-Host "========================================================================================================================================================================" + +$subscriptions = Get-AzSubscription + +$fileName = "c:\temp\2020-07-07 azure_resources.csv" +rm $fileName + +foreach ($subscription in $subscriptions) +{ +Set-AzContext -SubscriptionId $subscription.Id + + $allResources = Get-AzResource + [ResourceCheck[]]$Result = @() + + foreach ($resource in $allResources) { + + [ResourceCheck] $resourceCheck = [ResourceCheck]::new() + $resourceCheck.ResourceId = $resource.ResourceId + $resourceCheck.Id = $resource.Id + $resourceCheck.Kind = $resource.Kind + $resourceCheck.Location = $resource.Location + $resourceCheck.ResourceName = $resource.ResourceName + $resourceCheck.ResourceGroupName = $resource.ResourceGroupName + $resourceCheck.ResourceType = $resource.ResourceType + $resourceCheck.SubscriptionId = $subscription.Id + $resourceCheck.SubscriptionName = $subscription.Name + $resourceCheck.Tag_Team = $resource.Tags.team + $resourceCheck.Tag_Product = $resource.Tags.product + $resourceCheck.Tag_Environment = $resource.Tags.environment + $resourceCheck.Tag_Data = $resource.Tags.data + $resourceCheck.Tag_Delete = $resource.Tags.delete + $resourceCheck.Tag_Split = $resource.Tags.split + + $Result += $resourceCheck + } + + $Result | Export-Csv -Path $fileName -Append -NoTypeInformation +} + +Write-Host "========================================================================================================================================================================" +Write-Host "Done." diff --git a/Powershell/RunBooks/ServiceBus.ps1 b/Powershell/RunBooks/ServiceBus.ps1 new file mode 100644 index 0000000..965df3b --- /dev/null +++ b/Powershell/RunBooks/ServiceBus.ps1 @@ -0,0 +1,86 @@ +$maximumTTL = [System.TimeSpan]::FromDays(14) # "P14D" + +Import-Module Az.Accounts +Import-Module Az.Automation +Import-Module Az.ServiceBus +Import-Module Az.Resources + +$connectionName = "AzureRunAsConnection" +try +{ + # Get the connection "AzureRunAsConnection " + $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName + $account = Connect-AzAccount ` + -ServicePrincipal ` + -TenantId $servicePrincipalConnection.TenantId ` + -ApplicationId $servicePrincipalConnection.ApplicationId ` + -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint + Write-Output ("Connected with Automation Account [{0}]" -f $account.Name) +} +catch { + if (!$servicePrincipalConnection) + { + $ErrorMessage = "Connection $connectionName not found." + throw $ErrorMessage + } else{ + Write-Error -Message $_.Exception + throw $_.Exception + } +} + +$subscriptions = Get-AzSubscription + +foreach ($subscription in $subscriptions) +{ + $context = Set-AzContext -SubscriptionId $subscription.Id + Write-Output ("Checking service bus TTL in Subscription [{0}] with Id [{1}]" -f $subscription.Name, $subscription.Id) + + $servicebusses = Get-AzResource -ResourceType Microsoft.ServiceBus/namespaces + foreach ($servicebus in $servicebusses) { + + Write-Output ("Checking service bus TTL for service bus [{0}] in Subscription [{1}] with Id [{2}]" -f $servicebus.Name, $subscription.Name, $subscription.Id) + + #topics + $topics = Get-AzServiceBusTopic -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName + + foreach ($topic in $topics) { + + $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($topic.DefaultMessageTimeToLive) + + if ($currentTTL -gt $maximumTTL) { + Write-Output ("Updating TTL on topic [{0}] from {1} to {2}" -f $topic.Name, $currentTTL, $maximumTTL) + $topic.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL) + Set-AzServiceBusTopic -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Name $topic.Name -InputObject $topic + } + + # topic subscriptions + $topicSubs = Get-AzServiceBusSubscription -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName -Topic $topic.Name + + foreach ($topicSub in $topicSubs) { + + $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($topic.DefaultMessageTimeToLive) + + if ($currentTTL -gt $maximumTTL) { + Write-Output ("Updating TTL on topic subscription [{0}\{1}] from {2} to {3}" -f $topic.Name, $topicSub.Name, $currentTTL, $maximumTTL) + $topicSub.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL) + Set-AzServiceBusSubscription -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Topic $topic.Name -Name $topicSub.Name -InputObj $topicSub + } + } + } + + # queues + $queues = Get-AzServiceBusQueue -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName + + foreach ($queue in $queues) { + + $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($queue.DefaultMessageTimeToLive) + + if ($currentTTL -gt $maximumTTL) { + Write-Output ("Updating TTL on queue [{0}] from {1} to {2}" -f $queue.Name, $currentTTL, $maximumTTL) + $queue.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL) + Set-AzServiceBusQueue -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Name $queue.Name -InputObject $queue + } + + } + } +} diff --git a/Powershell/Tools/ApplyTags.ps1 b/Powershell/Tools/ApplyTags.ps1 new file mode 100644 index 0000000..67982b3 --- /dev/null +++ b/Powershell/Tools/ApplyTags.ps1 @@ -0,0 +1,86 @@ +#Connect-AzAccount + +[string] $currentSubs = "" + +function ApplyTeamTag ( + [string] $resourceId, + [string] $subscriptionId, + [string] $tagValue) { + + if ($global:currentSubs -ne $subscriptionId) { + Set-AzContext -SubscriptionId $subscriptionId + $global:currentSubs = $subscriptionId + } + try { + + $tags = (Get-AzResource -ResourceId $resourceId).Tags + $tags.team = $tagValue + Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge + + } + catch { + Write-Warning "Could not update $resourceId" + } +} + +function ApplyProductTag ( + [string] $resourceId, + [string] $subscriptionId, + [string] $tagValue) { + + if ($global:currentSubs -ne $subscriptionId) { + Set-AzContext -SubscriptionId $subscriptionId + $global:currentSubs = $subscriptionId + } + try { + $tags = (Get-AzResource -ResourceId $resourceId).Tags + $tags.product = $tagValue + + Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge + } + catch { + Write-Warning "Could not update $resourceId" + } +} + +function ApplyEnvironmentTag ( + [string] $resourceId, + [string] $subscriptionId, + [string] $tagValue) { + + if ($global:currentSubs -ne $subscriptionId) { + Set-AzContext -SubscriptionId $subscriptionId + $global:currentSubs = $subscriptionId + } + try { + $tags = (Get-AzResource -ResourceId $resourceId).Tags + $tags.environment = $tagValue + Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge + } + catch { + Write-Warning "Could not update $resourceId" + } +} + +function ApplyDataTag ( + [string] $resourceId, + [string] $subscriptionId, + [string] $tagValue) { + + if ($global:currentSubs -ne $subscriptionId) { + Set-AzContext -SubscriptionId $subscriptionId + $global:currentSubs = $subscriptionId + } + try { + $tags = (Get-AzResource -ResourceId $resourceId).Tags + $tags.data = $tagValue + + Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge + } + catch { + Write-Warning "Could not update $resourceId" + } +} + + + diff --git a/Powershell/Tools/DNS verification/Book1.csv b/Powershell/Tools/DNS verification/Book1.csv new file mode 100644 index 0000000..1fd643f --- /dev/null +++ b/Powershell/Tools/DNS verification/Book1.csv @@ -0,0 +1,30 @@ +HostName,Cname,Fqdn +acc,effectorycorporateacc.azurewebsites.net,acc.effectory.nl +accept-login,test-login-effectory-accept.azurewebsites.net,accept-login.effectory.nl +accept-login.internetspiegel,test-login-effectory-accept.azurewebsites.net,accept-login.internetspiegel.effectory.nl +accept-rebuild,rebuild-accept.azurewebsites.net,accept-rebuild.effectory.nl +accept,effectorycorporate2-accept.azurewebsites.net,accept.effectory.nl +autodiscover,autodiscover.outlook.com,autodiscover.effectory.nl +awverify,awverify.effectorycorporate2.azurewebsites.net,awverify.effectory.nl +awverify.login,awverify.login-effectory.azurewebsites.net,awverify.login.effectory.nl +awverify.login.internetspiegel,awverify.login-effectory.azurewebsites.net,awverify.login.internetspiegel.effectory.nl +awverify.www,effectorycorporate2.azurewebsites.net,awverify.www.effectory.nl +brochure,s1.instantmagazine.com,brochure.effectory.nl +elink,elink-eu.azuresend.com,elink.effectory.nl +form,analytics-eu.clickdimensions.com,form.effectory.nl +login,questionnairelogin.trafficmanager.net,login.effectory.nl +login.gptw,questionnairelogin.trafficmanager.net,login.gptw.effectory.nl +login.internetspiegel,questionnairelogin.trafficmanager.net,login.internetspiegel.effectory.nl +msoid,clientconfig.microsoftonline-p.net,msoid.effectory.nl +preprod-rebuild,rebuild-preprod.azurewebsites.net,preprod-rebuild.effectory.nl +prod,effectorycorporate2.azurewebsites.net,prod.effectory.nl +selector1._domainkey,selector1-effectory-nl._domainkey.effectory12.onmicrosoft.com,selector1._domainkey.effectory.nl +selector2._domainkey,selector2-effectory-nl._domainkey.effectory12.onmicrosoft.com,selector2._domainkey.effectory.nl +stage-login,login-effectory-stage.azurewebsites.net,stage-login.effectory.nl +stage-login.internetspiegel,login-effectory-stage.azurewebsites.net,stage-login.internetspiegel.effectory.nl +test-login,test-login-effectory-test.azurewebsites.net,test-login.effectory.nl +test-login.internetspiegel,test-login-effectory-test.azurewebsites.net,test-login.internetspiegel.effectory.nl +test-rebuild,rebuild-test.azurewebsites.net,test-rebuild.effectory.nl +test,effectorycorporate2-test.azurewebsites.net,test.effectory.nl +www,effectorycorporate2.azurewebsites.net,www.effectory.nl +www.login,questionnairelogin.trafficmanager.net,www.login.effectory.nl diff --git a/Powershell/Tools/DNS verification/DNS-vip.csv b/Powershell/Tools/DNS verification/DNS-vip.csv new file mode 100644 index 0000000..f05b3cc --- /dev/null +++ b/Powershell/Tools/DNS verification/DNS-vip.csv @@ -0,0 +1,32 @@ +#TYPE HostCheck +"HostName","Fqdn","CName","IpAddress","Exists","RegisteredInExternalDNS" +"HostName","Fqdn","Cname","","False","False" +"acc","acc.effectory.nl","effectorycorporateacc.azurewebsites.net","52.173.149.254","True","True" +"accept-login","accept-login.effectory.nl","test-login-effectory-accept.azurewebsites.net","","False","False" +"accept-login.internetspiegel","accept-login.internetspiegel.effectory.nl","test-login-effectory-accept.azurewebsites.net","","False","False" +"accept-rebuild","accept-rebuild.effectory.nl","rebuild-accept.azurewebsites.net","","False","False" +"accept","accept.effectory.nl","effectorycorporate2-accept.azurewebsites.net","52.166.198.163","True","True" +"autodiscover","autodiscover.effectory.nl","autodiscover.outlook.com","40.101.83.24 40.101.18.40 52.97.135.120 52.97.158.168","True","True" +"awverify","awverify.effectory.nl","awverify.effectorycorporate2.azurewebsites.net","","False","False" +"awverify.login","awverify.login.effectory.nl","awverify.login-effectory.azurewebsites.net","","False","False" +"awverify.login.internetspiegel","awverify.login.internetspiegel.effectory.nl","awverify.login-effectory.azurewebsites.net","","False","False" +"awverify.www","awverify.www.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True" +"brochure","brochure.effectory.nl","s1.instantmagazine.com","162.13.104.99","True","True" +"elink","elink.effectory.nl","elink-eu.azuresend.com","40.85.92.142","True","True" +"form","form.effectory.nl","analytics-eu.clickdimensions.com","52.169.159.156","True","True" +"login","login.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True" +"login.gptw","login.gptw.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True" +"login.internetspiegel","login.internetspiegel.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True" +"msoid","msoid.effectory.nl","clientconfig.microsoftonline-p.net","20.190.137.69 20.190.137.98 20.190.137.10 40.126.9.8 40.126.9.66 40.126.9.6 20.190.137.6 20.190.137.73","True","True" +"preprod-rebuild","preprod-rebuild.effectory.nl","rebuild-preprod.azurewebsites.net","","False","False" +"prod","prod.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True" +"selector1._domainkey","selector1._domainkey.effectory.nl","selector1-effectory-nl._domainkey.effectory12.onmicrosoft.com","","False","False" +"selector2._domainkey","selector2._domainkey.effectory.nl","selector2-effectory-nl._domainkey.effectory12.onmicrosoft.com","","False","True" +"stage-login","stage-login.effectory.nl","login-effectory-stage.azurewebsites.net","","False","False" +"stage-login.internetspiegel","stage-login.internetspiegel.effectory.nl","login-effectory-stage.azurewebsites.net","","False","False" +"test-login","test-login.effectory.nl","test-login-effectory-test.azurewebsites.net","","False","False" +"test-login.internetspiegel","test-login.internetspiegel.effectory.nl","test-login-effectory-test.azurewebsites.net","","False","False" +"test-rebuild","test-rebuild.effectory.nl","rebuild-test.azurewebsites.net","","False","False" +"test","test.effectory.nl","effectorycorporate2-test.azurewebsites.net","52.166.198.163","True","True" +"www","www.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True" +"www.login","www.login.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True" diff --git a/Powershell/Tools/DNS verification/DNS.ps1 b/Powershell/Tools/DNS verification/DNS.ps1 new file mode 100644 index 0000000..2c7feee --- /dev/null +++ b/Powershell/Tools/DNS verification/DNS.ps1 @@ -0,0 +1,166 @@ +class HostCheck { + [string] $HostName = "" + [string] $Fqdn = "" + [string] $CName = "" + [string] $IpAddress = "" + [bool] $Exists = $false + [bool] $RegisteredInExternalDNS = $false; +} + +function HostExistsInExternal ([HostCheck] $hostCheck, [string] $ExternalDNSServer) { + try { + $CnameChain = resolve-dnsname -name $hostCheck.Fqdn -DnsOnly -Type A -NoHostsFile -Server $ExternalDNSServer -ErrorAction Ignore + + foreach ($chainItem in $CnameChain) { + if ($chainItem.NameHost -ieq $hostCheck.CName) { + $hostCheck.RegisteredInExternalDNS = $true + return $hostCheck + } + } + } + catch { + $hostCheck.RegisteredInExternalDNS = $false + } + + $hostCheck.RegisteredInExternalDNS = $false + return $hostCheck +} + +function GetIPAddress ([HostCheck] $hostCheck) { + try { + $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.Fqdn) + + $hostCheck.IpAddress = $hostAddresses.IPAddressToString + $hostCheck.Exists = $true + } + catch { + try { + $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.HostName) + + $hostCheck.IpAddress = $hostAddresses.IPAddressToString + $hostCheck.Exists = $true + } + catch { + $hostCheck.IpAddress = "" + $hostCheck.Exists = $false + } + + } + return $hostCheck +} + +function Effectory-DNSVerify ( + [string] $ZoneName = "effectory.com", + [string] $DNSServer = "DC1.effectory.local", + [string] $ExternalDNSServer = "8.8.8.8", + [string] $Type = "CName") { + + Clear-DnsClientCache + + $DNSRecords = Get-DnsServerResourceRecord -ZoneName $ZoneName -computername $DNSServer -RRType $Type + + # HostName RecordType Type Timestamp TimeToLive RecordData + # -------- ---------- ---- --------- ---------- ---------- + # accept CNAME 5 0 01:00:00 effectorycorporate2-accept.azurewebsites.net. + # accept-authorization CNAME 5 0 01:00:00 authorization-web-api-accept.azurewebsites.net. + # accept-beta-project CNAME 5 0 01:00:00 webclient-project-accept.azurewebsites.net. + # accept-cluster CNAME 5 0 01:00:00 test-cluster-effectory-accept.azurewebsites.net. + # accept-customer CNAME 5 0 01:00:00 test-customer-effectory-accept.azurewebsites.net. + # accept-dashboard CNAME 5 0 01:00:00 dashboard-effectory-accept.azurewebsites.net. + + [HostCheck[]]$Result = @() + + foreach ($DNSRecord in $DNSRecords) { + + [HostCheck] $hostCheck = [HostCheck]::new() + $hostCheck.HostName = $DNSRecord.HostName + + [string] $fqdn = $DNSRecord.HostName + if (-not ($fqdn.ToLowerInvariant().EndsWith($ZoneName.ToLowerInvariant()))) { + $fqdn = "$($DNSRecord.HostName).$($ZoneName)" + } + $hostCheck.Fqdn = $fqdn + + [string] $cname = $DNSRecord.RecordData.HostNameAlias + if ($cname.EndsWith(".")) { + $cname = $cname.Remove($cname.Length - 1, 1) + } + $hostCheck.CName = $cname + + $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer + $hostCheck = GetIPAddress -host $hostCheck + + $Result += $hostCheck + } + + return $Result +} + +function Effectory-DNSVerify-Csv ( + [string[]] $FileName, + [string] $ExternalDNSServer = "8.8.8.8") { + + Clear-DnsClientCache + + $DNSRecords = import-csv $FileName -Header 'HostName', 'Cname', 'Fqdn' + + # HostName,Cname,Fqdn + # accept-authorization,authorization-web-api-accept.azurewebsites.net,accept-authorization.effectory.com + # accept-customer,test-customer-effectory-accept.azurewebsites.net,accept-customer.effectory.com + # accept-ecestore,test-ecestore-accept.azurewebsites.net,accept-ecestore.effectory.com + + [HostCheck[]]$Result = @() + foreach ($DNSRecord in $DNSRecords) { + + [HostCheck] $hostCheck = [HostCheck]::new() + $hostCheck.HostName = $DNSRecord.HostName + $hostCheck.CName = $DNSRecord.Cname + $hostCheck.Fqdn = $DNSRecord.Fqdn + + $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer + $hostCheck = GetIPAddress -host $hostCheck + + $Result += $hostCheck + } + + return $Result +} + +function Effectory-DNSClean-Csv ( + [string[]] $FileName, + [string] $DNSServer = "DC1.effectory.local", + [string] $Type = "CNAME") { + + Clear-DnsClientCache + + $DNSRecords = import-csv $FileName -Header 'HostName', 'ZoneName' + + # HostName,ZoneName + # accountmanagertools,effectory.local + # alex,effectory.local + # webstage.beste-werkgevers,effectory.local + + foreach ($DNSRecord in $DNSRecords) { + + if (($DNSRecord.HostName -eq "HostName")) { + continue; + } + + Write-Host "Deleting $($DNSRecord.HostName) from $($DNSRecord.ZoneName)" + + try { + Remove-DnsServerResourceRecord -ComputerName $DNSServer -ZoneName $DNSRecord.ZoneName -RRType $Type -Name $DNSRecord.HostName -Force + } + catch { } + } +} + + +#Effectory-DNSVerify -ZoneName "effectory.com" -DNSServer "DC1.effectory.local" -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-effectory-com.csv +#Effectory-DNSVerify -ZoneName "effectory.local" -DNSServer "DC1.effectory.local" -ExternalDNSServer "DC2.effectory.local" | Export-Csv -Path .\DNS-effectory-local.csv +Effectory-DNSVerify-Csv -FileName .\Book1.csv -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-vip.csv + +# | Format-Table +# | Export-Csv -Path .\DNS-xxxx.csv + +#Effectory-DNSClean-Csv -FileName .\deletedns.csv -DNSServer "DC1.effectory.local" \ No newline at end of file diff --git a/Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Context Menu.reg b/Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Context Menu.reg new file mode 100644 index 0000000000000000000000000000000000000000..4b8593bf6ab7fdfb364e115517bff777758e37e4 GIT binary patch literal 978 zcmchWT}uK{5Qg9Dp#QK4;nmSTA&j6fNk~dkl4wIrHx*qKwX8p1J#%)~61KNw6yO?@9@9W^$LmZwn&(HC-NJ-TLzGK9J{PxWe z!|V~bWwf^;4s1w%W9U3%<2~XWW1Z-YQ&P3%P0nMoTP)|}Z{}IRHtX|~s=8q|k7}!| znl9BqDm-mwc!x9<>WV1FtLu5$JVR!eRS|BjE#vm=b6x0MIie-q2vlEpqp^+?z$K|a z_mBL-be=K2vkm^sx6C$#scdd|hA!xZ?Rdm2j@XC{-}K&AZRYu|1Hb#3zHLtm#Q)$4 znCC5>tDxDxWO^ArMiTY`lZ*VG)WEx-w&lq`=9sVDvL4$%RQJ{aQS#cumS;lQUi<*> C{;CB4 literal 0 HcmV?d00001 diff --git a/Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Shift Context Menu.reg b/Powershell/Tools/PowerShell Context Menu Hacks/Add PowerShell to Shift Context Menu.reg new file mode 100644 index 0000000000000000000000000000000000000000..5517aef69eb3ec920d370f2c43b7ee989162a5cb GIT binary patch literal 1008 zcmcJO?Mnhd5XPU+LI1-cgr8P>g)oA`B%vrtNumoey;OWTQA_*htKaP1S%P0?IXL|@!uJ? z4iS;soQXIa=+)yiv5dUUaIV=$AWYV$-qH+J&&8?1YH<-VTt~IRUXZ=x&zFekqc1d7 zNkwGorGV8cGSy?2@W2Z?Yee-LRa;-^??IZPw>!RdvH`p43uV zx4KjvsqnR!;XTq&s4Gy6SI6_Rd4|j`t0LT5TgL6h=ep3ja-b#M2vl2lqrS!o;F8pz z^JjAKSdr0cv}(E_7)s)`3jUvcm`;04XN|?*YRcS|FqO^wpIPU0%3eUkq>i{RnSC>Q zTQ9Q64;}cIk?GrRQ33oFU%<5Q=&N#cCe{X(Gj!SHIc(h#rE8?}=vk1^&5WonXg03g;3mCBth$ zji)x!Ti}_3yJB))CrwO;^d2G{XE#R){o`(7%8EgDnI}J6!4#8qj zo5)nJT85aKQd@FPb)hqqo9;oI=|ZkU;}UaZ?t(tYZA{J7YwjF#Aiw|3!C`R^ZXNAw zhy%;$Zwg&dY`QnRw?qql@M@;EzRf$QyK%X||F=(t+U`HUk}=jD+j-Gk*Sgo0p0E*T h&K4iAi4xtwW6IK?%r=^^y>5==-|0Gav%Z^k{Q;z}U(Emj literal 0 HcmV?d00001 diff --git a/Powershell/Tools/SyncAAD.ps1 b/Powershell/Tools/SyncAAD.ps1 new file mode 100644 index 0000000..0c72157 --- /dev/null +++ b/Powershell/Tools/SyncAAD.ps1 @@ -0,0 +1,3 @@ +function SyncAAD { + Invoke-Command -ScriptBlock { Start-ADSyncSyncCycle -PolicyType Delta } -ComputerName ADConnect.effectory.local -Credential $ADSyncCred +} \ No newline at end of file diff --git a/README.md b/README.md index 0ca446a..6d1d356 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,2 @@ -# Introduction -TODO: Give a short introduction of your project. Let this section explain the objectives or the motivation behind this project. - -# Getting Started -TODO: Guide users through getting your code up and running on their own system. In this section you can talk about: -1. Installation process -2. Software dependencies -3. Latest releases -4. API references - -# Build and Test -TODO: Describe and show how to build your code and run the tests. - -# Contribute -TODO: Explain how other users and developers can contribute to make your code better. - -If you want to learn more about creating good readme files then refer the following [guidelines](https://docs.microsoft.com/en-us/azure/devops/repos/git/create-a-readme?view=azure-devops). You can also seek inspiration from the below readme files: -- [ASP.NET Core](https://github.com/aspnet/Home) -- [Visual Studio Code](https://github.com/Microsoft/vscode) -- [Chakra Core](https://github.com/Microsoft/ChakraCore) \ No newline at end of file +# Cloud Engineering scripts +This is Jurjen's repository with policy files and PowerShell scripts. \ No newline at end of file