|
Methanar posted:Don't write or test it on your own time. Do it during work time because you're making a work problem better. I don't have a way to test PowerShell scripts on work time. I'm not going to test in production and risk making a mistake that could literally cost me my job. Write in work time? Yes, absolutely.
|
# ? May 6, 2020 05:25 |
|
|
# ? Jun 5, 2024 08:22 |
|
Throw commands at it but put -WhatIf at the end of them https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-don-t-fear-hitting-enter-with-whatif/ba-p/353579
|
# ? May 6, 2020 09:46 |
|
Thanks Ants posted:Throw commands at it but put -WhatIf at the end of them drat you, Ants! Now I have another project to work on!
|
# ? May 6, 2020 18:49 |
|
damnts
|
# ? May 6, 2020 18:57 |
The joy if lowly AD powershell is that you could make the same mistakes in the gui. It's the sysadmins issue tbqh. Just don't do something like pipe all uses into disabled.
|
|
# ? May 6, 2020 19:05 |
|
dragonshardz posted:drat you, Ants! Now I have another project to work on! (Check your cmdlets support -whatif before you do this)
|
# ? May 6, 2020 19:38 |
|
Submarine Sandpaper posted:The joy if lowly AD powershell is that you could make the same mistakes in the gui. It's the sysadmins issue tbqh. Just don't do something like pipe all uses into disabled. The way to start with PS and AD is to start using the command-line just to look stuff up. Get-ADComputer, Get-ADUser, Get-ADPrincipalGroupMemberships and so on. Then advance to Add-ADGroupMember. Then start using tab-complete and the up arrow to save typing. Your first step into a larger world will be with the Get-Content/Foreach It sounds like you're adding new hires to all their standard groups, so let's look at that. You can define variables in a PowerShell window and they'll persist until you close the window. Put the list of groups to add new users to in a text file and save it. Run PowerShell as your ADAdmin creds. Now type: code:
Now use the up arrow to go back to the $user = ... line, change the userID and hit return. This changes the content of $user to the second new user Up-arrow again to the foreach line and just hit enter. The second user gets added to the same groups. Leave the window open and as new user setups come in, add them to their groups with a few keystrokes. Turning that into a script that takes userID and department and adds them to the right groups is left as an exercise.
|
# ? May 6, 2020 20:03 |
|
Thanks Ants posted:(Check your cmdlets support -whatif before you do this) This is important, there used to be some that would run for real and just ignore the flag. Hopefully they fixed that.
|
# ? May 6, 2020 22:13 |
|
mllaneza posted:The way to start with PS and AD is to start using the command-line just to look stuff up. Get-ADComputer, Get-ADUser, Get-ADPrincipalGroupMemberships and so on. Then advance to Add-ADGroupMember. Then start using tab-complete and the up arrow to save typing. Yes but also always use |%{}
|
# ? May 6, 2020 22:23 |
|
Super Soaker Party! posted:Yes but also always use |%{} To save anyone else the trouble: it's syntactic sugar for ForEach-Object on the object in the pipeline.
|
# ? May 6, 2020 22:33 |
|
mllaneza posted:The way to start with PS and AD is to start using the command-line just to look stuff up. Get-ADComputer, Get-ADUser, Get-ADPrincipalGroupMemberships and so on. Then advance to Add-ADGroupMember. Then start using tab-complete and the up arrow to save typing. Unfortunately, we don't have a set of groups that everyone gets added to when their account is created. Each branch has their own specific groups that everyone generally gets, but the tickets aren't even all for the same branch! I do already use PowerShell for lookups and all, so head start there. Right now the process for making new accounts is:
So...working within the confines of an environment created in 2008 will be !!fun!!
|
# ? May 6, 2020 23:25 |
|
Holy gently caress so our email has been down for a shitton of users since yesterday around 8am. This is following my manager's rather brash and unplanned decision to remove everyone but himself from Global Admin (and apparently any admin roles as well) in o365. I wasted a good portion of my day yesterday on a conference call with him just repeatedly saying "I can't help you do poo poo. I have no admin. I can't even loving powershell. Call Microsoft or fix my privileges." Back on the call first thing this morning. Repeating the same poo poo. "bruh there is literally nothing I can do to help you. I can't even get into the health reports page." Today around 2 Microsoft finally acknowledged that there was an issue with Outlook being presented "multiple authentication" and not allowing users to connect. I finally got my admin privileges back around 4pm. Ran some connectivity analyzer tests, read up on the issue report and found that I could connect if I allowed "Modern Authentication" (we are still using Basic Auth.) Presented everything, and said, "this will fix it. All I have to do is hit enter to run this script I just finished and everything will magically work again." I was told to hold off, 2 more hours go by and we are still on the call and I am pulling my hair out knowing that this poo poo could be fixed this very second. Then he decides to call Microsoft. ...still on the conference call, and waiting for a call back from microsoft. They finally answer like an hour after I should have already gone home and basically just said, "yeah we know poo poo is hosed. Just enable Modern Authentication and everything should work." Manager, still doesn't want to do it, even after I explained it won't break anything and we can just disable it again whenever he wants. So I just throw my hands up and gtfo. I get home and see I have an email saying that "Modern Authentication has been enabled." ...okay whatever
|
# ? May 7, 2020 02:31 |
|
dragonshardz posted:Right now the process for making new accounts is: Depending on your system and admins, you can set up your O365 sync server to enable you to remotely trigger a sync through the same script so that it does that, waits for about ten minutes, then connects to O365 to assign standard licensing.
|
# ? May 7, 2020 03:06 |
|
Ghostlight posted:How I approached learning/writing a similar script without a testing environment was I first went through an existing user object and separated out all the parts that were default from the bits that we were copying it for, then wrote a script to create that essential AD account from scratch so that I didn't have to manually blank things off the existing one or replace information. Once I had a script that created the barebones AD account I then went through and gave it prompts to ask me for new information, like names, positions, etc rather than doing that through the GUI. Once I was confident that was working I then moved to reading those variables from a text file instead. At the moment that text file is being made by a Flow reading my email and I have to manually kick off the process and round out any weird corners, but it's essentially ready and waiting to be plugged into an automated onboarding process I've spent like the last six months wireframing and okaying with HR. I work for a state government department and am not a permanent employee so the likelihood of getting any changes made to the O365 sync server are pretty slim. And I mean yes your method is good; I just have to, y'know. Actually work on it.
|
# ? May 7, 2020 03:21 |
|
GnarlyCharlie4u posted:They finally answer like an hour after I should have already gone home and basically just said, "yeah we know poo poo is hosed. Just enable Modern Authentication and everything should work." ETA: assumng O365, haven't had the opportunity to test it with on-prem yet.
|
# ? May 7, 2020 05:15 |
|
Arquinsiel posted:I don't know how much you care, but not using it means that in the event that someone gets their password stolen it's easy to bypass 2FA and just stick their account into Thunderbird or whatever via POP3 and MS will give zero shits at all and allow full access to the mailbox. We only allow MAPI and Activesync (not even OWA) and I have a shitton of rules for what specific devices are allowed so I'm not as worried, but I'm pro-enabling it.
|
# ? May 7, 2020 06:56 |
|
Arquinsiel posted:I don't know how much you care, but not using it means that in the event that someone gets their password stolen it's easy to bypass 2FA and just stick their account into Thunderbird or whatever via POP3 and MS will give zero shits at all and allow full access to the mailbox. Are you sure, my understanding was that basic auth and MFA meant you had to use the app-specific passwords. Yes you'd have the same problem as the point of the app passwords is that they bypass MFA for applications that have no idea what the gently caress that is, but it's not the same thing as someone getting the password that they type in all the time stolen.
|
# ? May 7, 2020 11:46 |
|
Thanks Ants posted:Are you sure, my understanding was that basic auth and MFA meant you had to use the app-specific passwords.
|
# ? May 7, 2020 12:35 |
|
GnarlyCharlie4u posted:Manager, still doesn't want to do it, even after I explained it won't break anything and we can just disable it again whenever he wants. If I ever become a manager so spineless I'm afraid to authorize changing anything because it might break something as time and entropy slooowly rots our systems, please slit my throat with a circuit board.
|
# ? May 7, 2020 17:33 |
|
Got passed over for a promotion. The guy who got it has zero prior IT experience and has been on the team for a shorter period of time than me. We were both told we would be getting promoted eventually but for some reason he got bumped up first. Weirdly enough, he sometimes hangs out with my boss after work and only got hired because he is a roommate of a friend of my boss. I'm sure it's a coincidence. gently caress this poo poo I smell a
|
# ? May 8, 2020 13:27 |
|
Thom and the Heads posted:Got passed over for a promotion. The guy who got it has zero prior IT experience and has been on the team for a shorter period of time than me. We were both told we would be getting promoted eventually but for some reason he got bumped up first. Weirdly enough, he sometimes hangs out with my boss after work and only got hired because he is a roommate of a friend of my boss. I'm sure it's a coincidence. "You got fast tracked because you work in the same office as the boss and go out for smoke breaks with him every day." "Nuh-uh! It's a meritocracy!"
|
# ? May 8, 2020 22:09 |
|
I'll just put the notes in here: "Caller reports dropouts on video calls and frequent VPN disconnects." "Ping testing to router shows severe packet loss and latency issues. Cx unable to use wireless, as parent insisted it be disabled on grounds it 'gives you the corvid'." "Cx also advises that parent also cut network cable from living room to bedroom because it was "on stairs and a trip hazard", cx attempted repair with elec tape & wirenuts." "Advised Cx to obtain replacement cable."
|
# ? May 10, 2020 09:30 |
|
It's impressive that they managed to get that information about the cable out of the caller
|
# ? May 10, 2020 10:43 |
|
I'm impressed they got some signal through a long CAT cable with wirenuts
|
# ? May 10, 2020 16:35 |
|
It must be maddening to have to stay home all day with a parent who is a moron. I mean, jeeze, everyone knows it’s 5G that gives you the corona.
|
# ? May 10, 2020 22:11 |
|
yeah, but all the new routers come with 5G Hz support now! I'm not quite sure about Hz, but my nephew says that means 'hurts' and I'm like "no poo poo Brindon"
|
# ? May 10, 2020 22:22 |
|
Darchangel posted:It must be maddening to have to stay home all day with a parent who is a moron. Yes, but this was Wi-Fi giving "corvid" which we all know. 802.11 causes crows.
|
# ? May 12, 2020 13:23 |
PYF covid-related wifi SSIDs for scaring the neighbors
|
|
# ? May 12, 2020 13:30 |
|
Data Graham posted:PYF covid-related wifi SSIDs for scaring the neighbors “5G SIGNAL BOOSTER”
|
# ? May 12, 2020 16:27 |
|
The Bat Signal (5G)
|
# ? May 12, 2020 16:36 |
|
Mask Compliance Agency(Mobile)
|
# ? May 12, 2020 16:51 |
|
FEMA COVID CASUALTY VAN 37
|
# ? May 12, 2020 17:19 |
|
Not COVID-related, but I once spotted this SSID, at work: edit: yes, that's Windows 7 (in 2015. They were *finally* rolling out Win 10 when I left in 2017.) Darchangel fucked around with this message at 17:25 on May 12, 2020 |
# ? May 12, 2020 17:23 |
|
If you happen to be around Connolly Station in Dublin look out for "Hide yo kids hide yo wifi". It's not mine, but it always makes my commute a little bit less poo poo.
|
# ? May 12, 2020 17:28 |
|
An SSID within range of my old apartment was "Kim's Pedobear Van" My complex was literally next to a police station and it existed for years until I moved out
|
# ? May 12, 2020 17:40 |
|
Subnet Mask
|
# ? May 12, 2020 17:52 |
|
Dirt Road Junglist posted:"You got fast tracked because you work in the same office as the boss and go out for smoke breaks with him every day." I got on the lab support team by taking smoke breaks with the team's tech lead. A year later I got his job after he got promoted offsite.
|
# ? May 12, 2020 18:14 |
|
My favorite was a screenshot from a crowded apartment building. One SSID read: “Give me back my flamingos” Further down the list: “gently caress YOUR FLAMINGOS”
|
# ? May 12, 2020 18:16 |
|
klosterdev posted:An SSID within range of my old apartment was "Kim's Pedobear Van" So it was your SSID then?
|
# ? May 12, 2020 18:21 |
|
|
# ? Jun 5, 2024 08:22 |
|
A coffeeshop across the street from a previous employer was in view of "Pretty Fly For A Wifi" and "Have You Stopped Beating Your Wifi".
|
# ? May 12, 2020 20:56 |