Adding Azure Remote App Users with PowerShell

16 February, 2017

Adding azure remote app users with PowerShell is a relatively simple task and many times quicker than waiting for the clunky web based UI. The first thing to do is install the ‘Microsoft Azure PowerShell module’.

Once you have this module installed you need to add an Azure account. You only ever need to do this once. It’s as simple as running the following cmdlet and signing in.

Add-AzureAccount

Once you have signed in you will need to select the subscription that you want to add the user to. You can get a list of all you subscriptions using:

Get-AzureSubscription

select a subscription use the following:

Select-AzureSubscription <Subscription Name>

Once you have selected your subscription you can begin to add users. This is as simple as running:

add-AzureRemoteAppUser -CollectionName <Collection Name> -Type orgid -Userupn <User UPN/Email>

This will then add the user to the selected collection under the selected subscription and allow them to start using remote apps.

SCCM 2012 R2 and PowerShell

14 February, 2017

To use PowerShell with SCCM you will all you need to do is import the module. If you don’t have the module installed you can get it from here: https://www.microsoft.com/en-us/download/details.aspx?id=46681 Note that you will also need to have Configuration Manager Console installed on your computer.

Once you have the module installed, import the module using the following command:

import-module "C:\Program Files (x86)\Microsoft Configuration \Manager\AdminConsole\bin\ConfigurationManager.psd1" 

Once you have imported the module you will need to connect to your site using the following:

CD X:

Where ‘x’ is your site code. In my case this is:

CD PR1: 

Once connected to your site you can query information about your site using:

get-cmsite

There are a whole bunch of cmdlets for SCCM that will allow you to do many tasks directly from the PowerShell console. I have a few SCCM scripts on my GitHub at: https://github.com/NathanKewley/Powershell_For_Dayz/tree/master/SCCM


As I create more scripts utilising SCCM I will be adding them to my Git. So far I have used PowerShell to query User and Device memberships from collections and export the results out to CSV’s for reporting.

Log Off an Azure Remote App User via PowerShell

15 November, 2016

I wrote this script because Azure Remote App is shit and always causes problems for users. One of the bigger problems is when a user’s application within Azure Remote App freezes, the user can’t simple restart the remote app as the server keeps the session and frozen/crashed application alive.

The solution to this is to log the user off the server. This module is designed to be a super simple way to log off a user just by using their email address that is associated with the Azure Remote App account.

function global:end-azureSession{
    Param(
        [parameter(HelpMessage='your username/email for azure')]
        [string]$userEmail,
        [parameter(HelpMessage='your password for azure')]
        [string]$cred
    )

    #define our set variables for the penrith enviroment
    $azureSubscription = 'PCC-AAE'

    #create credentials
    #$secPass = ConvertTo-SecureString $password -AsPlainText -Force
    if($cred){
        #$AzureCred = New-Object System.Management.Automation.PSCredential ($username, $secPass)
    }else{
        $cred = Get-Credential
        #$AzureCred = New-Object System.Management.Automation.PSCredential
    }
    #this will throw exception even if success.... so yep... this is my work-around...
    try{Add-AzureAccount -Credential $cred}catch{write-host "Connected to Azure" -ForegroundColor green}

    #Select subscription
    Select-AzureSubscription $azureSubscription

    #disconnect user
    write-host "Disconnecting user, this may take a while....." -ForegroundColor green
    try{
        invoke-AzureRemoteAppSessionLogoff -CollectionName rappaaeprod -UserUpn $userEmail -confirm:$false >$null 2>&1
        write-host "diconnected..." -ForegroundColor green
    }catch{
        $errorMessage = $_.Exception.Message
        if($errorMessage -eq "InternalError: The server encountered an internal error. Please retry the request."){
            write-host "User has been disconnected" -ForegroundColor green
        }else{
            write-host "ERROR: User connection to Azure not found" -ForegroundColor red
        }
    }
}

 

Example 1: this will prompt you for credentials then end the users session

end-azureSession Nathan.kewley@penrith.city

Example 2: You can save and pass credentials to the module

$cred = get-credential
end-azureSession Nathan.kewley@penrith.city $cred

 

 

365 AD Group Licensing

27 May, 2016

small script I wrote to set users 365 licenses based on Active Directory group membership, only tested in a hybrid environment.

function grantGroupLicense($group, $license){
    $members = Get-ADGroupMember $group -Recursive
    
    foreach($member in $members){
        $adUser = get-aduser $member.samaccountname | select userprincipalname
        $msolUser = Get-MsolUser -UserPrincipalName $adUser.userPrincipalName
        grantLicense $msolUser $license
    }

    function checkLicense($user, $license){
        foreach($lic in $user.licenses){
            if($lic.AccountSku.SkuPartNumber -eq $license){return $true}
        }
        return $false
    }

    function grantLicense($msolUser, $license){
        if(-not(checkLicense $msolUser $license)){
            try{
                set-msolUserLicense -userprincipalname $msolUser.userPrincipalName -AddLicenses $license -ErrorAction Stop
                write-host $msolUser.userPrincipalName Has been given $license -ForegroundColor green
            }catch{
                write-host $msolUser.userPrincipalName could not be given $license -ForegroundColor red
            }
        }else{
            write-host $msolUser.userPrincipalName already has $license -ForegroundColor green
        }
    }
}

Usage:
grantGroupLicense <AD-Group-Name> <License SkuPartNumber>

eg:
grantGroupLicense FG-MSVisio_Users VISIOCLIENT
grantGroupLicense FG-MSProject_Users PROJECTCLIENT

 

 

PowerShell Mindflash Administration

04 April, 2016

Having a position where part of my job is to administrate users within Mindflash I am frequently completing the following tasks on Mindflash:
• Creating Users
• Enrolling users in courses
• Resetting user passwords

Often these tasks need to be completed for either an individual user or a batch of users at any given time. While Mindflash provides some bulk administration options through their web portal I found it a little limiting and a little clunky to use.

So naturally been a fan on the command line and primarily a Linux user I thought it would be great to be able to administer Mindflash users from a command line, In this case PowerShell. I have created Get-MindflashUser, A PowerShell cmdlet that hooks into the Mindflash API allowing for administration of users.

Get-MindflashUser allows you to complete all of the following tasks without ever leaving the PowerShell window.
• Get a list of all Mindflash users
• Get a list of all Mindflash courses
• Get a list of all users in a specific course
• Get a specific users details
• Get a specific users details including course enrolment details
• Get course progress for a given user and course
• Invite users to a course
• Reset user password
• Create new users

In addition to all of this, you would obviously be able to use Get-MindflashUser within you own scripts to automate repetitive tasks or generate reports.

Some Examples of Use
Resetting a users password

get-MindflashUser -email user@email.com -resetPassword true -newPassword P@ssword21 –Key <yourAPIKeyHere>

Creating a new user

get-MindflashUser -email user@email.com -first michael -last cho -newUser true -newPassword P@ssword21 –Key <yourAPIKeyHere>

There are more examples of user provided in the header of the script. If you find this script useful in any way please let me know by email at Nathan.kewley@gmail.com. Additionally if you find any issues or bugs in the script please shout out so I can resolve them.

 

Download Get-MindflashUser.ps1

 

Creative Commons License
Get-MindflashUser by Nathan Kewley is licensed under a Creative Commons Attribution 4.0 International License

 

Playing around with IIS and Powershell

01 April, 2016

Playing around with IIS, .NET and PowerShell, more specifically how to execute PowerShell from a form on a webpage. It turns out actually invoking some PowerShell on server side via a client request is quite easy. Here I am hoping to show an example of the minimum code required to achieve this.

We will create a simple interface like the one below. The button to run code will invoke a PowerShell command on the server. The result of the PowerShell command will be appended to the text box below the button.

undefined

The command I am using for testing this with is:

$(Get-WmiObject Win32_Computersystem).name

This command will query the pc for its hostname and return it. So after pressing the button the server will run this command and print the result in the text box. The webpage should now look like this.

undefined

Only 2 files are required to achieve this, I have chosen to use C# to create this. The .html file required is:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="test.aspx.cs" Inherits="powerWeb.test" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
    <head id="Head1" runat="server">
        <title>c# iis powersehll</title>
    </head>

    <body>
        <form id="form1" runat="server">
            <asp:Button ID="resetButton" runat="server" Width="308" Text="Run Code" onClick="runCode" /><br />

            <!-- Holds the result of the command -->
            <asp:TextBox ID="response" TextMode="MultiLine" Width="600" Height="200" runat="server"></asp:TextBox><br />
        </form>
    </body>
</html>

And the .aspx.cs file required that goes along with the html is is:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Management.Automation;

namespace powerWeb
{
    public partial class test : System.Web.UI.Page
    {
        //function that runs when the button is pressed
        protected void runCode(object sender, EventArgs e)
        {
            //create the powershell instance and give it the command we will be executing
            var shell = PowerShell.Create();

            //build out query string
            string query = "$(Get-WmiObject Win32_Computersystem).name";

            //add the command specified from the gui
            shell.Commands.AddScript(query);

            //execute the command and store resutls in results
            var results = shell.Invoke();

            //for each item in the results we append it ot the response text box on the webpage
            foreach (PSObject result in results)
            {
                response.Text = Server.HtmlEncode(result.BaseObject.ToString());
            }
        }

    }
}

Note that you may need to use package manager to install 'System.Management.Automation' as detailed here: https://www.nuget.org/packages/System.Management.Automation

 

Like stated before the point of this is to provide a minimum example of how to execute PowerShell from IIS and .NET. I plan to expand on this concept to allow some PowerShell to ad automation. So I might get around to posting more on here if I have success with this.

Home