Office 365, OneDrive for Business, Powershell, Sharepoint Online

O365AntiCryptoLocker, restores the previous version of your files in Sharepoint Online or Onedrive for Business

June 8, 2016 JosL 14 Comments

Note: O365Undo is also free and can probably help you fix your crytolocker problem more precisely as it is the next version of O365AntiCryptoLocker

At OGD we sometimes have to deal with users that got infected with CryptoLockers and have both automated and controlled systems in place to prevent damage or restore data to any fileshares. An infection on Sharepoint Online or Onedrive has not yet happened, but eventually it of course will and I like to fix things before they break.

As Sharepoint Online and Onedrive for Business natively use versioning on files, you basically have no real risk of losing data to Cryptolockers, your RPO (Restore Point Objective) is 0. However, restoring the previous versions of files is quite a lot of work if done manually, so your RTO (Restore Time Objective) could be weeks or more.

Unless of course, you use Powershell. I’ve written a script that will restore the most current previous version of any file in a given Document Library.

Download: O365AntiCryptoLocker

Example usage for a Onedrive site:

.\O365AntiCryptoLocker.ps1 -siteURL&nbsp;"https://o365mig-my.sharepoint.com/personal/test1_o365mig_onmicrosoft_com" -login "mylogin" -password "mypassword" -libraryTitle "Documents"

Or for a Sharepoint Online Site:

.\O365AntiCryptoLocker.ps1 -siteURL&nbsp;"https://o365mig.sharepoint.com/site1"&nbsp;-login "mylogin" -password "mypassword" -libraryTitle "Documents"

You’ll need the Sharepoint Client Components installed, and you’ll have to have sufficient permissions on the library and its files.

Exchange 2007, Exchange 2010, Exchange 2013, Powershell

Exporting shared mailbox permissions to a CSV

June 8, 2016 JosL 5 Comments

A demonstration of one way to get shared mailbox permissions exported to a CSV file. We needed both users, groups and users in groups (so, a recursive search). Only Shared mailboxes had to be included, we could identity these by a simple rule:

the first portion of the primary email address does not contain a dot

See line 126 and 127 for this rule if you need a different method.

Edit: make sure you replace CED\ with your own domain! Sorry bout that…

This export excludes Deny permissions and looks for users in groups up to 2 levels deep. Credits to Piotrek for his Get-ADNestedGroupMember function.

Script source: Continue reading Exporting shared mailbox permissions to a CSV →

OneDriveMapper

OnedriveMapper v2.33 released!

June 2, 2016 JosL Leave a comment

Version 2.33 of OneDriveMapper has been released.

added the Email field as an alternative source of the user’s login ID when domain joined
fixed backwards support for older Powershell versions where PSDrive would not return the full drive path
A lot of code refactoring

Get the new version here

Exchange Online

Snippet to build a TLS connector in Exchange Online for a list of domains

May 30, 2016 JosL 6 Comments

Some organisations, in particular German ones, require encryption between your Exchange Online mail servers and their mail servers. This can be enforced by adding their domains to an outbound TLS connector in Office 365.

In my case, this had to be enforced (the default is oppertunistic). If you get a long list, you’ll want to script this with the following snippet. Remember to make sure the first line of your CSV has the header/colum name ‘domain’ 🙂


#Author: Jos Lieben
#Help: www.lieben.nu
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber -DisableNameChecking

$connector = Read-Host &quot;Type the name you wish to give this connector&quot;
$csv = Read-Host &quot;Type the path to the file with TLS domains&quot;

$domains = Import-CSV -LiteralPath $csv

$newDomains = @()
foreach($domain in $domains){
$ND = [String]$domain.domain
$ND = $ND.Trim()
$newDomains += $ND
}

try{
New-OutboundConnector -Name $connector -recipientdomains $newDomains -ConnectorType &quot;Partner&quot; -TlsSettings &quot;CertificateValidation&quot; -ErrorAction Stop
}catch{
Write-Error &quot;Failed to modify outbound connector $connector $($Error[0])&quot;
}

Exchange Online, Office 365

Configure TLS relay on IIS for Exchange Online / Office 365

May 28, 2016 JosL 4 Comments

A while ago, you may have read that Microsoft will no longer allow relaying everything by default in Exchange Online when using normal authentication starting in ~~february~~ july 2017.

So I went about and set my SMTP relay in IIS to use a certificate instead, as the article explains. This resulted in a flood of bad mail drops with the following error:

Action: failed
Status: 5.7.57
Diagnostic-Code: smtp;530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM

After messing around with this for a while, I discovered the outbound port you have to use when connecting to smtp.office365.com to relay a message using anonymous TLS is port 25, NOT port 587 as we were using before to submit mail using a user account + password.

For those who want to configure a relay server on IIS to allow applications and devices that don’t support TLS, I’ll set out the steps to configure this properly: Continue reading Configure TLS relay on IIS for Exchange Online / Office 365 →

Liebensraum

O365AntiCryptoLocker, restores the previous version of your files in Sharepoint Online or Onedrive for Business

Exporting shared mailbox permissions to a CSV

OnedriveMapper v2.33 released!

Snippet to build a TLS connector in Exchange Online for a list of domains

Configure TLS relay on IIS for Exchange Online / Office 365

Microsoft 365, Azure, Automation & Code