Recently, a challenge presented itself in migrating a large archive of data from a Google Drive location (frankly, a rather costly storage option) to a local NAS storage device. I have been using PSGSuite to interface with the G Suite products, so I turned to it to see what my options were. I found them…
Category: Systems Administration
Cloud – Search and Destroy Malicious Emails From End Users’ G-Suite Mailboxes
If you are using managing an enterprise, you will undoubtedly encounter malicious emails targeting your end users. Ideally, you could delete these messages from within your end users’ mailboxes. Normally, this is a premium feature, but if you have configured your G-Suite environment to use PSGSuite, it can be accomplished with some pretty basic scripting….
IAM – PowerShell – Manual Entra Connect Sync via Script
Recently, the need for others to be able to force a manual sync from on-prem Active Directory (AD) to Entra became apparent. I knew this could be done with PowerShell, so I got to work writing a script. Users that may run this script will need to be in the local ‘ADSyncOperators’ group on your…
Cloud- Synchronize Profile Photos Between Federated Domains (Google, Azure)
Synchronization of profile photos between Google’s G Suite and Azure is not supported by the built-in Azure Provisioning engine. This must be accomplished by some other means. In my case, of course, I look to employ PowerShell for such automation tasks. As a prerequisite, you should have already followed PSGSuite’s intial setup procedure documented on…
Cloud – Synchronizing Disablements Between Federated Domains (Azure, Google)
When configuring provisioning between Azure and Google federated domains, you will likely reference Microsoft’s documentation on configuring their canned provisioning Enterprise Application at https://learn.microsoft.com/en-us/entra/identity/saas-apps/g-suite-provisioning-tutorial. There is more information here as well: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/configure-automatic-user-provisioning-portal. The procedure outlined here will get you started- however, you will quickly realize that disablements are not synchronizing between the two platforms. I…
Linux – Configure Debian to Authenticate w/ Active Directory
A unique problem recently presented itself- how to allowing multiple users to access a Linux VM in a secure fashion. Generic user accounts seemed like a poor idea to me, as they would likely end up being mismanaged. And shared accounts are, of course, a terrible idea. So, what to do? Well, I am, of…
PowerShell – Identify VMs w/ Particular OS in vSphere
With CentOS 7 reaching its end-of-life on June 30th of this year, it would be a good idea to identify any VMs with that particular OS. Doing so manually could prove tedious. Personally, I subscribe to the philosophy shared in Google’s SRE manual, and seek to eliminate such toilsome tasks. And PowerShell is a great…
ConfigMan – Teams – Disable Teams Autorun with PowerShell
Teams’ default behavior is to launch automatically upon user login. This can be undesirable for a myriad of reasons, and can be managed with Group Policy with a couple of caveats. The first is that this policy is a User configuration policy, and not a Computer configuration policy. The second is that the policy must…
PowerShell – ConfigMan – Convert OUs to Collections
With ConfigMan application deployments, it’s good practice to, when applicable, divide large groups up and take a staged approach at deployment. I’ve found myself multiple times creating multiple collections containing the objects within an Active Directory (AD) Organizational Unit (OU) for staged deployments. I decided to build a script to ease this process. This script…
PowerShell – Active Directory – Convert AD Name Formats
Many of the ActiveDirectory PowerShell module cmdlets expect the distinguished name format. I find this somewhat inconvenient, as this format does not read as nicely as the canonical name format that so many of us have become familiar with. Additionally, an objects’ canonical name is somewhat more readily available via the Active Directory Users and…