Steps to extract ntfs share details from file server shares

As part of a file server consolidation effort, I was tasked to come up with a method to move multiple shares on multiple shares to a WSFC. I have decided to document my steps and to see if I have come up with logical steps.

1. Identify all drive mapping GPOs.
2. Identify which servers are file servers and which are not. (There were few file shares that are related to applications)
3. List all shares for each identified file server.
4. For each share in each file server, develop a method to extract:

            a. ACL details
                i. Users in each AD group that are part if 4.a ACLs.

Powershell Script to extract data.

#--1

#extracts ntfs permissions of a folder

Get-Acl D:\Root\xyz | Format-Table -Wrap

#--2

#list all subdirectories under a folder

$FolderPath = Get-ChildItem -Directory -Path "D:\Root\xyz" -Recurse -Force

#Lists ntfs permissions of all the subfolders

#Initialize an array to hold the results

$Results = @()

ForEach ($Folder in $FolderPath) {

    $Acl = Get-Acl -Path $Folder.FullName

    ForEach ($Access in $Acl.Access) {

        $Properties = [ordered]@{

            'Folder Name'  = $Folder.FullName

            'Group/User'   = $Access.IdentityReference

            'Permissions'   = $Access.FileSystemRights

            'Inherited'     = $Access.IsInherited

        }

        # Create a new PSObject and add it to the results array

        $Results += New-Object -TypeName PSObject -Property $Properties

    }

}

# Export the results to a CSV file

$Results | Export-Csv -Path C:\d_root_evtest_acls.csv -NoTypeInformation

#--3

#List unique objects from $Results

$Results.'group/user' | Sort-Object | Get-Unique

#--4

#Run this step for each unique AD Group that gets identified in step 3

#Get AD Group members email addresses

$groupmembers = Get-ADGroupMember -Identity abc_group | Select-Object -ExpandProperty SamAccountName

$Results = @()  

foreach($groupmember in $groupmembers) {

    $groupuser = Get-ADUser -Identity $groupmember -Properties Name, SamAccountName, EmailAddress

    # Create a PSObject with user details

       $Result = new-object psobject -Property @{

        DisplayName = $groupuser.Name

        SamAccountName = $groupuser.SamAccountName

        Email = $groupuser.EmailAddress

        }

    # Add the result to the results array

$Results += $Result

$Result= $Null

}

$Results

MgGraph - Retrieve Sign in activity on guest accounts

MgGraph - Retrieve Sign in activity on guest accounts

Retrieve UserPrincipalName, SignInActivity & CreatedDateTime

# Get all guest users with their UserPrincipalName, SignInActivity, and CreatedDateTime

Get-MgUser -All:$true -Filter "userType eq 'Guest'" 
-Property UserPrincipalName,SignInActivity,CreatedDateTime |
    Select-Object CreatedDateTime,
                  UserPrincipalName,
                  @{Name="LastLoginDate"; Expression={$_.SignInActivity.LastSignInDateTime}}

Explanation:

• Filter Expression: "userType eq 'Guest'" is used to filter guest users.
• Select-Object: This cmdlet is used to format the output. Here, CreatedDateTime and UserPrincipalName are directly selected, while LastSignInDateTime is computed from the SignInActivity property.

Retrive UserPrincipalName, SignInActivity, CreatedDateTime & InvitationState

1. Retrieve User Information: Fetch guest users with UserPrincipalName, SignInActivity, and CreatedDateTime.

2. Retrieve Invitation Information: Use the Microsoft Graph API to fetch invitation details.

# Fetch all guest users and their SignInActivity and CreatedDateTime
$guestUsers = Get-MgUser -All:$true -Filter "userType eq 'Guest'" 
-Property UserPrincipalName,SignInActivity,CreatedDateTime

# Initialize an empty array to hold user details with invitation state
$userDetails = @()

foreach ($user in $guestUsers) {
    # Fetch the invitation details for each guest user
    $invitation = Get-MgInvitation 
    -Filter "invitedUserPrincipalName eq '$($user.UserPrincipalName)'"
    
    # Create a custom object with all required properties
    $userDetails += [PSCustomObject]@{
        CreatedDateTime = $user.CreatedDateTime
        UserPrincipalName = $user.UserPrincipalName
        LastLoginDate = $user.SignInActivity.LastSignInDateTime
        InvitationState = if ($invitation) { $invitation.InvitationStatus } 
        else { "Not Invited" }
    }
}

# Display the user details
$userDetails | Format-Table -AutoSize

Explanation:

1. Retrieve Guest Users:

   • Get-MgUser -Filter "userType eq 'Guest'" fetches guest users with their UserPrincipalName, SignInActivity, and CreatedDateTime.

2. Fetch Invitation Details:

   • Get-MgInvitation is used to retrieve invitation details for each guest user based on their UserPrincipalName. Ensure the required permissions are granted to access invitation details.

3. Combine Data:

   • A loop processes each guest user, retrieves their invitation status, and combines this information into a custom object.

4. Output Data:

   • Format-Table -AutoSize is used to display the data in a formatted table.

Permissions:

• To run this script, ensure you have the necessary permissions:
• User.Read.All or User.ReadBasic.All for Get-MgUser
• Invitation.Read.All for Get-MgInvitation

Design a custome role in Azure

Create a custome role in Azure

• Start a CloudShell session by using Windows PowerShell. If prompted to create storage, select Show advanced settings. Then choose the existing resource group "Resourcegroup1, and specify a new storage account storageaccount1 and a new file share fileshare1. Use East US for the location.

• Use the following command to identify the operations associated with virtual machines:
  Get-AzProviderOperation "Microsoft.Compute/virtualmachines/*" | FT Operation, Description -AutoSize

Note the operations for read, start, and deallocate.

• Use the following command to retrieve the built-in role definition for Virtual Machine Contributor:
  Get-AzRoleDefinition -Name "Virtual Machine Contributor" | ConvertTo-Json | Out-File $home\clouddrive\VMOperatorRole.json

• Open the VMOperatorRole.json file in the code editor by using the following commands:
  cd $home\clouddrive
code VMOperatorRole.json

• In the code editor, update the following:

  • Change the Name property value to:
    Virtual Machine Operator
  • Delete the line with the Id property
  • Change the IsCustom property value to:
    true
  • Change the Description property value to:
    Lets you view, start and stop virtual machines.
  • Change the list of actions so that it contains only 3 actions (with no comma on end of the last one): "Microsoft.Compute/*/read", "Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/deallocate/action"

• Save the file by selecting the ellipsis and choosing Save. Close the code editor.

• Attempt to create the new custom role by executing the following statement:
  New-AzRoleDefinition -InputFile "VMOperatorRole.json"

Microsoft update flow in SCCM

 

Microsoft update flow in SCCM

SCCM PS

 1. Connect to SCCM PS

#Connect-CMSite -SiteServer 'servername' -SiteCode Axx

2. When Server names are different in AD and VMware

$List = "A01002E8" | Get-DevicesInCollection 

$List += "Server1"

$List = $List | ? {$_ -ne "Server2"}

$List = $List | ? {$_ -ne "Server3"}

$List = $List | ? {$_ -ne "Server4"}

$List = $List | ? {$_ -ne "Server5"}

$List = $List | ? {$_ -ne "Server6"}

$List = $List | ? {$_ -ne "Server7"}

$List = $List | ? {$_ -ne "Server8"}

$List += "server9 (server9-2012)"

3. $testservers = Get-Content C:\temp\testvms.txt

4. Works remotly on multiple

Get-WmiObject win32_operatingsystem -ComputerName $testvmlist | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

5. Check last 10 eventviewer setup logs

Get-WinEvent -LogName Setup -MaxEvents 10 -ComputerName Axyz01

6. Get-Collection IDs

Get-CMDeviceCollection | where {$_.Name -like "Windows Servers patching main *"} | Select Name, CollectionID

7. Get lastbootup time

$rebootcheck = Get-DevicesInCollection -CollectionsId A01002CB

Get-WmiObject win32_operatingsystem -ComputerName $rebootcheck | select csname, @{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}

8. Find Maintanance window on a device collection(Description)

Get-CMMaintenanceWindow -CollectionId A01002CB

Powershell(VMWare)

VMWare - PowerCLI

PowerCLI

#Importing the module

Import-Module $env:SMS_ADMIN_UI_PATH.Replace("bin\i386","bin\ConfigurationManager.psd1") -Global

import-module AHToolKit

Import-Module VMware.VimAutomation.Core

#modifies the VMware PowerCLI configuration.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false

#connect to vcenter

Connect-VIServer -Server 172.xxx.xxx.xxx

#List permissions

Get-VIPermission | Select Role, Principal

#Add new user/group(principal) to vcenter admin 

New-VIPermission -Entity xxx01-6.5 -Principal "user/group name" -Role Admin -Propagate:$true

#create a variable

$per = Get-VIPermission -Entity (Get-datacenter) -Principal "BAYSIDEHEALTH\its - serverteam"

#remove permissions

remove-VIPermission -Permission $per

---------------------------------------------------------------------------------------------------------------------------

Reference: https://developer.vmware.com/docs/powercli/latest/products/vmwarevsphereandvsan/commands-index/