Version 3.18 of OneDriveMapper has been released
Get the new version here
For a customer that is using SuccessFactors to manage their employees / contractees, I wrote a script that will update the AD accounts of any person that is updated in SuccessFactors.
I expect you’ll have working knowledge on how to configure SF PerformanceManager to export the users you wish to update to a CSV file on the sFTP server SF provides for you.
With that, you should be able to configure the script. It’ll basically map any field you export to any field in Active Directory you wish. In some cases, such as the Manager field, special logic has been added to the script to look up the user’s manager. For other special fields you may have to write your own logic.
If you wish, the script will provide you with a full report in your email, for example:
Get it @ Gitlab directly: https://gitlab.com/Lieben/assortedFunctions/blob/master/update-AdUsersFromSAPSuccessFactorsReport.ps1
Just a quick share as I needed this for something, this function will replace values in a CSV file. It takes the desired column(s) and value(s) to search for and a new value and desired target column as required parameters.
function update-csvColumn{
Param(
[Parameter(Mandatory=$true)]$csvContents, #input original CSV file contents here (use import-csv first)
[Parameter(Mandatory=$true)][Array]$searchForColumns, #names of the columns you want to base your search on
[Parameter(Mandatory=$true)][Array]$searchForValues, #replace rows in $searchForColumn that match these values (in same order!)
[Parameter(Mandatory=$true)]$replaceColumn, #set this column to what you specified in $newValue
[Parameter(Mandatory=$true)]$newValue #the new value you wish to set $searchForColumn or $replaceColumn to
)
if($searchForColumns.Count -ne $searchForValues.Count) {Throw "You must supply an equal number of columns and values to match on"}
for($i = 0; $i -lt $csvContents.Count; $i++){
$replace = $True
for($c = 0; $c -lt $searchForColumns.Count; $c++){
if($csvContents[$i].$($searchForColumns[$c]) -ne $searchForValues[$c]){
$replace = $False
}
}
if($replace){
$csvContents[$i].$replaceColumn = $newValue
}
}
return $csvContents
}
For a customer that is using SuccessFactors to manage their employees / contractees, I wrote a script that will disable the AD accounts of any person that is disabled in SuccessFactors.
I expect you’ll have working knowledge on how to configure SF PerformanceManager to export the users you wish to disable to a CSV file on the sFTP server SF provides for you.
With that, you should be able to configure the script. If you wish, the script will provide you with a full report in your email, for example:
Get it @ Gitlab directly: https://gitlab.com/Lieben/assortedFunctions/blob/master/disable-AdUsersFromSAPSuccessFactorsReport.ps1
So you’d like to know which applications are living in your AzureAD?
And you’d like to know which of those were added by your admins, and what permissions those applications have?
And you’d also like to know which applications your users are consenting to, and what rights those applications have on your users?
Look no further, I wrote a script to export all of that to Excel for you!
Application overview
Apps an admin has consented to and the type of rights it needs
Apps a user has consented to and the type of rights it needs
Apps to user mapping, for an easy overview of which user has consented to which app
Get it at:
Credits to Doug Finke for the Excel module I’m using!
The Microsoft supplied Get-AzureRMADApplication Powershell cmdlet does not return all applications you can see in the Enterprise Applications and App registrations blades in Azure AD.
In addition, Get-AzureRmAdApplication also does not return information such as:
So, here’s a custom PS function to help you out: https://gitlab.com/Lieben/assortedFunctions/blob/master/get-azureRMADAllApplications.ps1
It requires a special token generated by my get-AzureRMtoken function to log in.
As usual when using unsupported API’s, be careful!
A lot of the things we can click on in the Azure Portal cannot be done through Powershell Cmdlets published by Microsoft.
However, using Fiddler, we can see that there is a ‘hidden’ API we can use, for example, to set permissions. I’ve written a ‘clean’ function to retrieve this token silently that you can use in your scripts:
https://gitlab.com/Lieben/assortedFunctions/blob/master/get-azureRMtoken.ps1
Please be careful using this for production workflows as this is NOT supported by Microsoft.
As I couldn’t google an answer to this one and the error was misleading, if you are using the Intune Service Connector to distribute PCKS certificates from your onprem PKI to your Intune clients and see the following error in the Connector eventlogs:
{
“Metric”:{
“Dimensions”:{
“UserId”:”c659cd5a-86e5-4733-ae58-55a896f63d53″,
“DeviceId”:”4cec597c-cd90-4077-b6c0-612a213353ef”,
“CaName”:”PATH TO CA\\CAFriendlyName”,
“TemplateName”:”Intune”,
“ElapsedMilliseconds”:”786″,
“AgentId”:”1af3469a-ef31-cfd2-3bfc-cba69a6d215d”,
“DiagnosticCode”:”0x0FFFFFFF”,
“DiagnosticText”:”We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: \”DiagnosticException\”] [Exception Message: \”IssuePfx – The submission failed\”]”
},
“Name”:”PkcsCertIssue_Failure”,
“Value”:0
}
}
And this error on your CA:
EventId 22:
Active Directory Certificate Services could not process request 136204 due to an error: Error 0xc8000211 (ESE: -529). The request was for COMPUTERNAME. Additional information: Error Parsing Request
Ensure you restart the Active Directory Certificate Services service on your CA. This is not required as per the documentation, but was surely required in my environment.
Little snippet for those who want a really simple PS oneliner to get the display names of all groups the logged in user is directly or indirectly a member of:
([ADSISEARCHER]"(member:1.2.840.113556.1.4.1941:=$(([ADSISEARCHER]"samaccountname=$($env:USERNAME)").FindOne().Properties.distinguishedname))").FindAll().Properties.distinguishedname -replace '^CN=([^,]+).+$','$1'
Version 3.17 of OneDriveMapper has been released:
Get the new version here