Initial commit

Policies/service bus queue policy.json

@@ -0,0 +1,52 @@
+{
+  "properties": {
+    "displayName": "Service Bus Queue must have Time to Live (TTL) of 14 days.",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy enables you to restrict service bus queues with TTL other than 2 weeks.",
+    "metadata": {
+      "category": "Service Bus",
+      "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a",
+      "createdOn": "2020-04-01T13:25:04.7464348Z",
+      "updatedBy": "c6025a2e-416c-42da-96ef-dd507382793a",
+      "updatedOn": "2020-04-03T11:50:29.9215728Z"
+    },
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "audit",
+          "deny",
+          "disabled"
+        ],
+        "defaultValue": "audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.ServiceBus/namespaces/queues"
+          },
+          {
+            "not": {
+              "field": "Microsoft.ServiceBus/namespaces/queues/defaultMessageTimeToLive",
+              "equals": "P14D"
+            }
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  },
+  "id": "/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09/providers/Microsoft.Authorization/policyDefinitions/b8e823fc-5c2b-4ebe-b9fc-2d4524bc5ae5",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "name": "b8e823fc-5c2b-4ebe-b9fc-2d4524bc5ae5"
+}

Policies/service bus subscription policy.json

@@ -0,0 +1,52 @@
+{
+  "properties": {
+    "displayName": "Service Bus Subscription must have Time to Live (TTL) of 14 days.",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy enables you to restrict service bus queue subscriptions with TTL other than 2 weeks.",
+    "metadata": {
+      "category": "Service Bus",
+      "createdBy": "c6025a2e-416c-42da-96ef-dd507382793a",
+      "createdOn": "2020-04-03T11:50:04.4806377Z",
+      "updatedBy": null,
+      "updatedOn": null
+    },
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "audit",
+          "deny",
+          "disabled"
+        ],
+        "defaultValue": "audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.ServiceBus/namespaces/topics/subscriptions"
+          },
+          {
+            "not": {
+              "field": "Microsoft.ServiceBus/namespaces/topics/subscriptions/defaultMessageTimeToLive",
+              "equals": "P14D"
+            }
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  },
+  "id": "/providers/Microsoft.Management/managementGroups/ManagementGroup_SurveySoftware/providers/Microsoft.Authorization/policyDefinitions/60f3692c-286d-4184-8e2b-52d76716d947",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "name": "60f3692c-286d-4184-8e2b-52d76716d947"
+}

Policies/service bus topic policy.json

@@ -0,0 +1,66 @@
+{
+    "properties": {
+        "displayName": "Service Bus Topic must have Time to Live (TTL) of equal or less than 14 days",
+        "policyType": "Custom",
+        "mode": "All",
+        "description": "This policy enables you to restrict services bus topic and subscriptions with TTL more than 2 weeks.",
+        "metadata": {
+            "category": "Effectory",
+            "createdBy": null,
+            "createdOn": null,
+            "updatedBy": null,
+            "updatedOn": null
+        },
+        "parameters": {
+            "effect": {
+                "type": "String",
+                "metadata": {
+                    "displayName": "Effect",
+                    "description": "Enable or disable the execution of the policy"
+                },
+                "allowedValues": [
+                    "audit",
+                    "deny",
+                    "disabled"
+                  ],
+                  "defaultValue": "audit"
+            }
+        },
+        "policyRule": {
+            "if": {
+                "anyOf": [
+                    {
+                        "allOf": [
+                            {
+                                "field": "type",
+                                "equals": "Microsoft.ServiceBus/namespaces/topics"
+                            },
+                            {
+                                "field": "Microsoft.ServiceBus/namespaces/topics/defaultMessageTimeToLive",
+                                "greater": "PW2"
+                            }
+                        ]
+                    },
+                    {
+                        "allOf": [
+                            {
+                                "field": "type",
+                                "equals": "Microsoft.ServiceBus/namespaces/topics/subscriptions"
+                            },
+                            {
+                                "field": "Microsoft.ServiceBus/namespaces/topics/subscriptions/defaultMessageTimeToLive",
+                                "greater": "PW2"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "then": {
+                "effect": "[parameters('effect')]"
+            }
+        }
+    },
+    "id": "/providers/Microsoft.Management/managementGroups/e9792fd7-4044-47e7-a40d-3fba46f1cd09/providers/Microsoft.Authorization/policyDefinitions/bab116a2-dffc-4740-9935-187dede2d2b0",
+    "type": "Microsoft.Authorization/policyDefinitions",
+    "name": "bab116a2-dffc-4740-9935-187dede2d2b0"
+}

Powershell/Lists/ADMusers.ps1

@@ -0,0 +1,96 @@
+# import AD Module
+   Import-Module activedirectory
+   #Set-ExecutionPolicy unrestricted
+
+#---------------------------
+#-------- Variable ---------
+#---------------------------
+$ADUserMembers=""; $ADUser=""
+$ADGroupName=""; $ADGroupCategory=""; $ADGroupScope=""
+$i=0
+
+#---------------------------
+#------- Functions ---------
+#---------------------------
+function Get-ADGroupName ($DN)
+{ 
+    $ADGrpName= (Get-ADGroup -Filter {DistinguishedName -eq $DN}).SamAccountName
+    return $ADGrpName
+}
+
+
+function Get-GroupMemberOf ($ADGroupName)
+{
+if ($ADGroupName -eq "# Developer") {
+break
+}
+$ii++; $a=0
+$Message=""; $Prefix=""
+$GroupCategory=""; $GroupScope=""; $GroupName=""
+
+For ($a=0; $a -lt $ii; $a++) {$Prefix = $Prefix + "    "}
+
+$DNs=(Get-ADGroup $ADGroupName -Properties *).MemberOf
+if ($DNs.count -ne 0)
+{  
+    foreach ($DN in $DNs)
+    {
+       # $Prefix ="    $ADGroupName => "
+        $GroupName = (Get-ADGroupName $DN)
+        $GroupCategory = (Get-ADGroup $GroupName -Properties *).GroupCategory
+        $GroupScope = (Get-ADGroup $GroupName -Properties *).GroupScope
+       
+        $Message="$Prefix $ADGroupName => $GroupName [$GroupCategory - $GroupScope]"
+        Write-Host $Message
+      
+        Get-GroupMemberOf $GroupName '   '
+    }# End ForEach
+  }# End IF
+}#End Function
+
+function Get-UserMemberships ($ADUser)
+{
+
+$ADUserMembers=(Get-ADUser $ADUser -Properties *).MemberOf
+
+Write-Host "AD-User: $ADUser" -ForegroundColor blue 
+#PrimaryGroup
+    $ADPrimaryGroupDN = (Get-ADUser  -Properties * -Filter {SamAccountName -eq $ADUser}).PrimaryGroup
+    $ADPrimaryGroupName=(Get-ADGroupName $ADPrimaryGroupDN)
+    $ADGroupCategory=(Get-ADGroup $ADPrimaryGroupName).GroupCategory
+    $ADGroupScope=(Get-ADGroup $ADPrimaryGroupName).GroupScope
+    $Message = "Primary Group: $ADPrimaryGroupName [$ADGroupCategory, $ADGroupScope]"
+    Write-Host $Message -BackgroundColor yellow
+    
+#Other groups
+foreach ($ADUserMember in $ADUserMembers)
+{$i++
+    $ADGroupName = (Get-ADGroupName $ADUserMember)
+    $ADGroupCategory=(Get-ADGroup $ADGroupName).GroupCategory
+    $ADGroupScope=(Get-ADGroup $ADGroupName).GroupScope
+    $Message = "($i) $ADGroupName [$ADGroupCategory, $ADGroupScope]"
+    Write-Host $Message -ForegroundColor black
+   Get-GroupMemberOf $ADGroupName '    '
+   Write-Host " " 
+}
+}
+
+function Get-AllMembershipsOfUsers($ADGroupName) {
+
+$devadmaccounts = get-adgroupmember -Identity $ADGroupName -Recursive 
+foreach ($devADM in $devadmaccounts) {
+    Get-UserMemberships $devADM.name 
+       Write-Host "======================================================================================================" 
+}
+
+}
+
+
+#-----------------------------------------------------------------
+Clear-Host
+
+$ADUser= "DannyADM"
+Get-UserMemberships $ADUser
+
+#$ADGroupName = "# Developer ADM"
+#Get-AllMembershipsOfUsers $ADGroupName 

Powershell/Lists/Certificates.ps1

@@ -0,0 +1,91 @@
+#Connect-AzAccount
+
+$fileName =  ".\azure_appservice_certificates.csv" 
+
+$subscriptions = Get-AzSubscription
+
+class CertificateCheck {
+    [string] $SubscriptionId = ""
+    [string] $CertificateId = ""
+    [string] $ResourceGroupName = ""
+    [string] $SubjectName = ""
+    [string] $ThumbPrint = ""
+    [DateTime] $ExpirationDate 
+    [double] $TotalDays 
+    [string] $Comment = ""
+}
+
+[CertificateCheck[]]$Result = @()
+
+$StartDate=(GET-DATE)
+foreach ($subscription in $subscriptions)
+{
+    Set-AzContext -SubscriptionId $subscription.Id
+
+    $certs = Get-AzResource -ResourceType Microsoft.Web/certificates 
+    foreach ($cert in $certs) 
+    {    
+        $id = $cert.Id
+        $thumbprint = ($cert.Name.Split([char]"#", [char]"-"))[0]
+
+        Write-Host "Certificate $id"
+
+        [CertificateCheck] $certificateCheck = [CertificateCheck]::new()
+
+        $certificateCheck.SubscriptionId = $subscription.Id
+        $certificateCheck.CertificateId = $id
+        $certificateCheck.ThumbPrint = $thumbprint
+        $certificateCheck.ResourceGroupName = $cert.ResourceGroupName
+
+        $Result += $certificateCheck
+
+    }
+}
+
+$Result | Export-Csv -Path $fileName -NoTypeInformation -Force
+
+$fileName =  ".\azure_appservice_certificates_1.csv" 
+
+foreach ($certificateCheck in $Result) 
+{ 
+    try 
+    {
+        Set-AzContext -SubscriptionId $certificateCheck.SubscriptionId
+
+        $thumbprint = $certificateCheck.ThumbPrint
+        Write-Host "thumbprint: $thumbprint"
+
+        $certificate = Get-AzWebAppCertificate -ResourceGroupName $certificateCheck.ResourceGroupName -Thumbprint $thumbprint -debug -verbose
+
+        if ($null -eq $certificate) 
+        {
+            $certificateCheck.Comment = "Could not find certificate"
+        } 
+        else 
+        {
+            try 
+            { 
+                $subjectname = $certificate.SubjectName
+                $certificateCheck.SubjectName = $subjectname
+
+                Write-Host "Subject name: $subjectname"
+
+                $EndDate=[datetime]$certificate.ExpirationDate
+                $certificateCheck.ExpirationDate = $EndDate
+                $span = NEW-TIMESPAN –Start $StartDate –End $EndDate
+                $certificateCheck.TotalDays = $span.TotalDays
+            }
+            catch {
+                $certificateCheck.Comment = "Could not find expiry for certificate"
+            }
+        }
+    }
+    catch 
+    {
+        $certificateCheck.Comment = "Could not load certificate"
+    }
+}
+ 
+$Result | Export-Csv -Path $fileName -NoTypeInformation -Force
+
+$Result | ft

Powershell/Lists/Resources.ps1

@@ -0,0 +1,63 @@
+#Connect-AzAccount
+
+class ResourceCheck {
+    [string] $ResourceId = ""
+    [string] $Id = ""
+    [string] $Kind = ""
+    [string] $Location = ""
+    [string] $ResourceName = ""
+    [string] $ResourceGroupName = ""
+    [string] $ResourceType = ""
+    [string] $SubscriptionId = ""
+    [string] $SubscriptionName = ""
+    [string] $Tag_Team = ""
+    [string] $Tag_Product = ""
+    [string] $Tag_Environment = ""
+    [string] $Tag_Data = ""
+    [string] $Tag_Delete = ""
+    [string] $Tag_Split = ""
+}
+
+Write-Host "========================================================================================================================================================================"
+Write-Host "Creating resource overview."
+Write-Host "========================================================================================================================================================================"
+
+$subscriptions = Get-AzSubscription
+
+$fileName =  "c:\temp\2020-07-07 azure_resources.csv" 
+rm $fileName
+
+foreach ($subscription in $subscriptions) 
+{
+Set-AzContext -SubscriptionId $subscription.Id
+
+    $allResources = Get-AzResource 
+    [ResourceCheck[]]$Result = @()
+    
+    foreach ($resource in $allResources) {
+
+        [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
+        $resourceCheck.ResourceId = $resource.ResourceId
+        $resourceCheck.Id = $resource.Id
+        $resourceCheck.Kind = $resource.Kind
+        $resourceCheck.Location = $resource.Location
+        $resourceCheck.ResourceName = $resource.ResourceName
+        $resourceCheck.ResourceGroupName = $resource.ResourceGroupName
+        $resourceCheck.ResourceType = $resource.ResourceType
+        $resourceCheck.SubscriptionId = $subscription.Id
+        $resourceCheck.SubscriptionName = $subscription.Name
+        $resourceCheck.Tag_Team = $resource.Tags.team
+        $resourceCheck.Tag_Product = $resource.Tags.product
+        $resourceCheck.Tag_Environment = $resource.Tags.environment
+        $resourceCheck.Tag_Data = $resource.Tags.data
+        $resourceCheck.Tag_Delete = $resource.Tags.delete
+        $resourceCheck.Tag_Split = $resource.Tags.split
+
+        $Result += $resourceCheck
+    }
+
+    $Result | Export-Csv -Path $fileName -Append -NoTypeInformation
+}
+
+Write-Host "========================================================================================================================================================================"
+Write-Host "Done."

Powershell/RunBooks/ServiceBus.ps1

@@ -0,0 +1,86 @@
+$maximumTTL =  [System.TimeSpan]::FromDays(14)  # "P14D"
+
+Import-Module Az.Accounts
+Import-Module Az.Automation
+Import-Module Az.ServiceBus
+Import-Module Az.Resources
+
+$connectionName = "AzureRunAsConnection"
+try
+{
+    # Get the connection "AzureRunAsConnection "
+    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName       
+    $account = Connect-AzAccount `
+        -ServicePrincipal `
+        -TenantId $servicePrincipalConnection.TenantId `
+        -ApplicationId $servicePrincipalConnection.ApplicationId `
+        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
+    Write-Output ("Connected with Automation Account [{0}]" -f $account.Name)
+}
+catch {
+    if (!$servicePrincipalConnection)
+    {
+        $ErrorMessage = "Connection $connectionName not found."
+        throw $ErrorMessage
+    } else{
+        Write-Error -Message $_.Exception
+        throw $_.Exception
+    }
+}
+
+$subscriptions = Get-AzSubscription
+
+foreach ($subscription in $subscriptions) 
+{
+    $context = Set-AzContext -SubscriptionId $subscription.Id
+    Write-Output ("Checking service bus TTL in Subscription [{0}] with Id [{1}]" -f $subscription.Name, $subscription.Id)
+
+    $servicebusses = Get-AzResource -ResourceType Microsoft.ServiceBus/namespaces
+    foreach ($servicebus in $servicebusses) {
+       
+        Write-Output ("Checking service bus TTL for service bus [{0}] in Subscription [{1}] with Id [{2}]" -f $servicebus.Name, $subscription.Name, $subscription.Id)
+
+        #topics
+        $topics = Get-AzServiceBusTopic -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName 
+
+        foreach ($topic in $topics) {
+
+            $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($topic.DefaultMessageTimeToLive)
+            
+            if ($currentTTL -gt $maximumTTL) {            
+                Write-Output ("Updating TTL on topic [{0}] from {1} to {2}" -f $topic.Name, $currentTTL, $maximumTTL)
+                $topic.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL)
+                Set-AzServiceBusTopic -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Name $topic.Name -InputObject $topic 
+            }
+
+            # topic subscriptions
+            $topicSubs = Get-AzServiceBusSubscription -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName -Topic $topic.Name 
+
+            foreach ($topicSub in $topicSubs) {
+                
+                $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($topic.DefaultMessageTimeToLive)
+                
+                if ($currentTTL -gt $maximumTTL) {  
+                    Write-Output ("Updating TTL on topic subscription [{0}\{1}] from {2} to {3}" -f $topic.Name, $topicSub.Name, $currentTTL, $maximumTTL)
+                    $topicSub.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL)
+                    Set-AzServiceBusSubscription -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Topic $topic.Name -Name $topicSub.Name -InputObj $topicSub
+                }
+            }
+        }
+
+        # queues
+        $queues = Get-AzServiceBusQueue -Namespace $servicebus.Name -ResourceGroupName $servicebus.ResourceGroupName
+        
+        foreach ($queue in $queues) {
+            
+            $currentTTL = [System.Xml.XmlConvert]::ToTimeSpan($queue.DefaultMessageTimeToLive)       
+
+            if ($currentTTL -gt $maximumTTL) {
+                Write-Output ("Updating TTL on queue [{0}] from {1} to {2}" -f $queue.Name, $currentTTL, $maximumTTL)
+                $queue.DefaultMessageTimeToLive = [System.Xml.XmlConvert]::ToString($maximumTTL)
+                Set-AzServiceBusQueue -ResourceGroupName $servicebus.ResourceGroupName -Namespace $servicebus.Name -Name $queue.Name -InputObject $queue
+            }
+
+        }
+    }
+}

Powershell/Tools/ApplyTags.ps1

@@ -0,0 +1,86 @@
+#Connect-AzAccount
+
+[string] $currentSubs = ""
+
+function ApplyTeamTag (
+    [string] $resourceId, 
+    [string] $subscriptionId,
+    [string] $tagValue) {
+
+    if ($global:currentSubs -ne $subscriptionId) {
+        Set-AzContext -SubscriptionId $subscriptionId
+        $global:currentSubs = $subscriptionId
+    }
+    try {
+    
+    $tags = (Get-AzResource -ResourceId $resourceId).Tags
+    $tags.team = $tagValue
+    Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
+
+    }
+    catch {
+        Write-Warning "Could not update $resourceId"
+    }
+}
+
+function ApplyProductTag (
+    [string] $resourceId, 
+    [string] $subscriptionId,
+    [string] $tagValue) {
+
+    if ($global:currentSubs -ne $subscriptionId) {
+        Set-AzContext -SubscriptionId $subscriptionId
+        $global:currentSubs = $subscriptionId
+    }
+    try {
+    $tags = (Get-AzResource -ResourceId $resourceId).Tags
+    $tags.product = $tagValue
+ 
+    Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
+    }
+    catch {
+        Write-Warning "Could not update $resourceId"
+    }
+}
+
+function ApplyEnvironmentTag (
+    [string] $resourceId, 
+    [string] $subscriptionId,
+    [string] $tagValue) {
+
+    if ($global:currentSubs -ne $subscriptionId) {
+        Set-AzContext -SubscriptionId $subscriptionId
+        $global:currentSubs = $subscriptionId
+    }
+    try {
+    $tags = (Get-AzResource -ResourceId $resourceId).Tags
+    $tags.environment = $tagValue
+    Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
+    }
+    catch {
+        Write-Warning "Could not update $resourceId"
+    }
+}
+
+function ApplyDataTag (
+    [string] $resourceId, 
+    [string] $subscriptionId,
+    [string] $tagValue) {
+
+    if ($global:currentSubs -ne $subscriptionId) {
+        Set-AzContext -SubscriptionId $subscriptionId
+        $global:currentSubs = $subscriptionId
+    }
+    try {
+    $tags = (Get-AzResource -ResourceId $resourceId).Tags
+    $tags.data = $tagValue
+ 
+    Update-AzTag -ResourceId $resourceId -Tag $tags -Operation Merge
+    }
+    catch {
+        Write-Warning "Could not update $resourceId"
+    }
+}
+
+
+

Powershell/Tools/DNS verification/Book1.csv

@@ -0,0 +1,30 @@
+HostName,Cname,Fqdn
+acc,effectorycorporateacc.azurewebsites.net,acc.effectory.nl
+accept-login,test-login-effectory-accept.azurewebsites.net,accept-login.effectory.nl
+accept-login.internetspiegel,test-login-effectory-accept.azurewebsites.net,accept-login.internetspiegel.effectory.nl
+accept-rebuild,rebuild-accept.azurewebsites.net,accept-rebuild.effectory.nl
+accept,effectorycorporate2-accept.azurewebsites.net,accept.effectory.nl
+autodiscover,autodiscover.outlook.com,autodiscover.effectory.nl
+awverify,awverify.effectorycorporate2.azurewebsites.net,awverify.effectory.nl
+awverify.login,awverify.login-effectory.azurewebsites.net,awverify.login.effectory.nl
+awverify.login.internetspiegel,awverify.login-effectory.azurewebsites.net,awverify.login.internetspiegel.effectory.nl
+awverify.www,effectorycorporate2.azurewebsites.net,awverify.www.effectory.nl
+brochure,s1.instantmagazine.com,brochure.effectory.nl
+elink,elink-eu.azuresend.com,elink.effectory.nl
+form,analytics-eu.clickdimensions.com,form.effectory.nl
+login,questionnairelogin.trafficmanager.net,login.effectory.nl
+login.gptw,questionnairelogin.trafficmanager.net,login.gptw.effectory.nl
+login.internetspiegel,questionnairelogin.trafficmanager.net,login.internetspiegel.effectory.nl
+msoid,clientconfig.microsoftonline-p.net,msoid.effectory.nl
+preprod-rebuild,rebuild-preprod.azurewebsites.net,preprod-rebuild.effectory.nl
+prod,effectorycorporate2.azurewebsites.net,prod.effectory.nl
+selector1._domainkey,selector1-effectory-nl._domainkey.effectory12.onmicrosoft.com,selector1._domainkey.effectory.nl
+selector2._domainkey,selector2-effectory-nl._domainkey.effectory12.onmicrosoft.com,selector2._domainkey.effectory.nl
+stage-login,login-effectory-stage.azurewebsites.net,stage-login.effectory.nl
+stage-login.internetspiegel,login-effectory-stage.azurewebsites.net,stage-login.internetspiegel.effectory.nl
+test-login,test-login-effectory-test.azurewebsites.net,test-login.effectory.nl
+test-login.internetspiegel,test-login-effectory-test.azurewebsites.net,test-login.internetspiegel.effectory.nl
+test-rebuild,rebuild-test.azurewebsites.net,test-rebuild.effectory.nl
+test,effectorycorporate2-test.azurewebsites.net,test.effectory.nl
+www,effectorycorporate2.azurewebsites.net,www.effectory.nl
+www.login,questionnairelogin.trafficmanager.net,www.login.effectory.nl

Powershell/Tools/DNS verification/DNS-vip.csv

@@ -0,0 +1,32 @@
+#TYPE HostCheck
+"HostName","Fqdn","CName","IpAddress","Exists","RegisteredInExternalDNS"
+"HostName","Fqdn","Cname","","False","False"
+"acc","acc.effectory.nl","effectorycorporateacc.azurewebsites.net","52.173.149.254","True","True"
+"accept-login","accept-login.effectory.nl","test-login-effectory-accept.azurewebsites.net","","False","False"
+"accept-login.internetspiegel","accept-login.internetspiegel.effectory.nl","test-login-effectory-accept.azurewebsites.net","","False","False"
+"accept-rebuild","accept-rebuild.effectory.nl","rebuild-accept.azurewebsites.net","","False","False"
+"accept","accept.effectory.nl","effectorycorporate2-accept.azurewebsites.net","52.166.198.163","True","True"
+"autodiscover","autodiscover.effectory.nl","autodiscover.outlook.com","40.101.83.24 40.101.18.40 52.97.135.120 52.97.158.168","True","True"
+"awverify","awverify.effectory.nl","awverify.effectorycorporate2.azurewebsites.net","","False","False"
+"awverify.login","awverify.login.effectory.nl","awverify.login-effectory.azurewebsites.net","","False","False"
+"awverify.login.internetspiegel","awverify.login.internetspiegel.effectory.nl","awverify.login-effectory.azurewebsites.net","","False","False"
+"awverify.www","awverify.www.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True"
+"brochure","brochure.effectory.nl","s1.instantmagazine.com","162.13.104.99","True","True"
+"elink","elink.effectory.nl","elink-eu.azuresend.com","40.85.92.142","True","True"
+"form","form.effectory.nl","analytics-eu.clickdimensions.com","52.169.159.156","True","True"
+"login","login.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True"
+"login.gptw","login.gptw.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True"
+"login.internetspiegel","login.internetspiegel.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True"
+"msoid","msoid.effectory.nl","clientconfig.microsoftonline-p.net","20.190.137.69 20.190.137.98 20.190.137.10 40.126.9.8 40.126.9.66 40.126.9.6 20.190.137.6 20.190.137.73","True","True"
+"preprod-rebuild","preprod-rebuild.effectory.nl","rebuild-preprod.azurewebsites.net","","False","False"
+"prod","prod.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True"
+"selector1._domainkey","selector1._domainkey.effectory.nl","selector1-effectory-nl._domainkey.effectory12.onmicrosoft.com","","False","False"
+"selector2._domainkey","selector2._domainkey.effectory.nl","selector2-effectory-nl._domainkey.effectory12.onmicrosoft.com","","False","True"
+"stage-login","stage-login.effectory.nl","login-effectory-stage.azurewebsites.net","","False","False"
+"stage-login.internetspiegel","stage-login.internetspiegel.effectory.nl","login-effectory-stage.azurewebsites.net","","False","False"
+"test-login","test-login.effectory.nl","test-login-effectory-test.azurewebsites.net","","False","False"
+"test-login.internetspiegel","test-login.internetspiegel.effectory.nl","test-login-effectory-test.azurewebsites.net","","False","False"
+"test-rebuild","test-rebuild.effectory.nl","rebuild-test.azurewebsites.net","","False","False"
+"test","test.effectory.nl","effectorycorporate2-test.azurewebsites.net","52.166.198.163","True","True"
+"www","www.effectory.nl","effectorycorporate2.azurewebsites.net","52.166.198.163","True","True"
+"www.login","www.login.effectory.nl","questionnairelogin.trafficmanager.net","40.118.27.252","True","True"

Powershell/Tools/DNS verification/DNS.ps1

@@ -0,0 +1,166 @@
+class HostCheck {
+    [string] $HostName = ""
+    [string] $Fqdn = ""
+    [string] $CName = ""
+    [string] $IpAddress = ""
+    [bool] $Exists = $false
+    [bool] $RegisteredInExternalDNS = $false;
+}
+
+function HostExistsInExternal ([HostCheck] $hostCheck, [string] $ExternalDNSServer) {
+    try {
+        $CnameChain = resolve-dnsname -name $hostCheck.Fqdn -DnsOnly -Type A -NoHostsFile -Server $ExternalDNSServer -ErrorAction Ignore
+
+        foreach ($chainItem in $CnameChain) {
+            if ($chainItem.NameHost -ieq $hostCheck.CName) {
+                $hostCheck.RegisteredInExternalDNS = $true
+                return $hostCheck
+            }
+        }
+    }
+    catch {
+        $hostCheck.RegisteredInExternalDNS = $false
+    }
+
+    $hostCheck.RegisteredInExternalDNS = $false
+    return $hostCheck
+}
+
+function GetIPAddress ([HostCheck] $hostCheck) {
+    try {
+        $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.Fqdn)
+
+        $hostCheck.IpAddress = $hostAddresses.IPAddressToString
+        $hostCheck.Exists = $true
+    }
+    catch { 
+        try {
+            $hostAddresses = [System.Net.Dns]::GetHostAddresses($hostCheck.HostName)
+
+            $hostCheck.IpAddress = $hostAddresses.IPAddressToString
+            $hostCheck.Exists = $true
+        }
+        catch {
+            $hostCheck.IpAddress = ""
+            $hostCheck.Exists = $false
+        }
+
+    }
+    return $hostCheck
+}
+
+function Effectory-DNSVerify (
+    [string] $ZoneName = "effectory.com", 
+    [string] $DNSServer = "DC1.effectory.local",
+    [string] $ExternalDNSServer = "8.8.8.8",
+    [string] $Type = "CName") {
+    
+    Clear-DnsClientCache
+
+    $DNSRecords = Get-DnsServerResourceRecord -ZoneName $ZoneName -computername $DNSServer -RRType $Type
+
+    # HostName                  RecordType Type       Timestamp            TimeToLive      RecordData
+    # --------                  ---------- ----       ---------            ----------      ----------
+    # accept                    CNAME      5          0                    01:00:00        effectorycorporate2-accept.azurewebsites.net.
+    # accept-authorization      CNAME      5          0                    01:00:00        authorization-web-api-accept.azurewebsites.net.
+    # accept-beta-project       CNAME      5          0                    01:00:00        webclient-project-accept.azurewebsites.net.
+    # accept-cluster            CNAME      5          0                    01:00:00        test-cluster-effectory-accept.azurewebsites.net.
+    # accept-customer           CNAME      5          0                    01:00:00        test-customer-effectory-accept.azurewebsites.net.
+    # accept-dashboard          CNAME      5          0                    01:00:00        dashboard-effectory-accept.azurewebsites.net.
+
+    [HostCheck[]]$Result = @()
+
+    foreach ($DNSRecord in $DNSRecords) {
+
+        [HostCheck] $hostCheck = [HostCheck]::new()
+        $hostCheck.HostName = $DNSRecord.HostName
+        
+        [string] $fqdn = $DNSRecord.HostName
+        if (-not ($fqdn.ToLowerInvariant().EndsWith($ZoneName.ToLowerInvariant()))) {
+            $fqdn = "$($DNSRecord.HostName).$($ZoneName)"
+        }
+        $hostCheck.Fqdn = $fqdn
+
+        [string] $cname = $DNSRecord.RecordData.HostNameAlias
+        if ($cname.EndsWith(".")) {
+            $cname = $cname.Remove($cname.Length - 1, 1)
+        }
+        $hostCheck.CName = $cname
+
+        $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer
+        $hostCheck = GetIPAddress -host $hostCheck
+
+        $Result += $hostCheck
+    }
+
+    return $Result
+}
+
+function Effectory-DNSVerify-Csv (
+    [string[]] $FileName, 
+    [string] $ExternalDNSServer = "8.8.8.8") {
+    
+    Clear-DnsClientCache
+    
+    $DNSRecords = import-csv $FileName -Header 'HostName', 'Cname', 'Fqdn'
+
+    # HostName,Cname,Fqdn
+    # accept-authorization,authorization-web-api-accept.azurewebsites.net,accept-authorization.effectory.com
+    # accept-customer,test-customer-effectory-accept.azurewebsites.net,accept-customer.effectory.com
+    # accept-ecestore,test-ecestore-accept.azurewebsites.net,accept-ecestore.effectory.com
+
+    [HostCheck[]]$Result = @()
+    foreach ($DNSRecord in $DNSRecords) {
+
+        [HostCheck] $hostCheck = [HostCheck]::new()
+        $hostCheck.HostName = $DNSRecord.HostName
+        $hostCheck.CName = $DNSRecord.Cname
+        $hostCheck.Fqdn = $DNSRecord.Fqdn
+
+        $hostCheck = HostExistsInExternal -host $hostCheck -ExternalDNSServer $ExternalDNSServer
+        $hostCheck = GetIPAddress -host $hostCheck
+
+        $Result += $hostCheck
+    }
+    
+    return $Result
+}
+
+function Effectory-DNSClean-Csv (
+    [string[]] $FileName, 
+    [string] $DNSServer = "DC1.effectory.local",
+    [string] $Type = "CNAME") {
+    
+    Clear-DnsClientCache
+    
+    $DNSRecords = import-csv $FileName -Header 'HostName', 'ZoneName'
+
+    # HostName,ZoneName
+    # accountmanagertools,effectory.local
+    # alex,effectory.local
+    # webstage.beste-werkgevers,effectory.local
+
+    foreach ($DNSRecord in $DNSRecords) {
+        
+        if (($DNSRecord.HostName -eq "HostName")) {
+            continue;
+        }
+
+        Write-Host "Deleting $($DNSRecord.HostName) from $($DNSRecord.ZoneName)"
+
+        try {
+            Remove-DnsServerResourceRecord -ComputerName $DNSServer -ZoneName $DNSRecord.ZoneName -RRType $Type -Name $DNSRecord.HostName -Force 
+        }
+        catch { }
+    }
+}
+
+
+#Effectory-DNSVerify -ZoneName "effectory.com" -DNSServer "DC1.effectory.local" -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-effectory-com.csv
+#Effectory-DNSVerify -ZoneName "effectory.local" -DNSServer "DC1.effectory.local" -ExternalDNSServer "DC2.effectory.local" | Export-Csv -Path .\DNS-effectory-local.csv
+Effectory-DNSVerify-Csv -FileName .\Book1.csv -ExternalDNSServer "8.8.8.8" | Export-Csv -Path .\DNS-vip.csv
+
+# | Format-Table
+# | Export-Csv -Path .\DNS-xxxx.csv
+
+#Effectory-DNSClean-Csv -FileName .\deletedns.csv -DNSServer "DC1.effectory.local"

Powershell/Tools/SyncAAD.ps1

@@ -0,0 +1,3 @@
+function SyncAAD {
+	Invoke-Command -ScriptBlock { Start-ADSyncSyncCycle -PolicyType Delta } -ComputerName ADConnect.effectory.local -Credential $ADSyncCred
+}

README.md

@@ -1,20 +1,2 @@
-# Introduction 
-TODO: Give a short introduction of your project. Let this section explain the objectives or the motivation behind this project. 
-
-# Getting Started
-TODO: Guide users through getting your code up and running on their own system. In this section you can talk about:
-1.	Installation process
-2.	Software dependencies
-3.	Latest releases
-4.	API references
-
-# Build and Test
-TODO: Describe and show how to build your code and run the tests. 
-
-# Contribute
-TODO: Explain how other users and developers can contribute to make your code better. 
-
-If you want to learn more about creating good readme files then refer the following [guidelines](https://docs.microsoft.com/en-us/azure/devops/repos/git/create-a-readme?view=azure-devops). You can also seek inspiration from the below readme files:
-- [ASP.NET Core](https://github.com/aspnet/Home)
-- [Visual Studio Code](https://github.com/Microsoft/vscode)
-- [Chakra Core](https://github.com/Microsoft/ChakraCore)
+# Cloud Engineering scripts 
+This is Jurjen's repository with policy files and PowerShell scripts.