Create realistic lab users

In testing out some of my other tools over the last few weeks, I’ve found it necessary to create a some test users.  A lot of test users.  Not a normal “a lot,” either.  I needed hundreds of thousands at a minimum, a million if possible, as fully fleshed-out can be.  I needed some with…

1

Quickly find possible Kerberoast victims

Read up on the Kerberoast approach to bruteforce the passwords of service accounts, and find out which of your service accounts would be an interesting target.


Quick Tip: Windows Server Core Start PowerShell

  When logging into a Windows Server Core machine, I was dealing with some frustration due to not being able to do other admin task while the default cmd prompt was in use.  To get past this use the default or initial command prompt similar to how you would use the start menu in the…


Update to the “Migrate EOP Settings” Tool

A little over a year and a half ago, I started working on a tool for a really large Office 365 / BPOS-Dedicated migration to Office 365 Government Community Cloud.  As part of that migration, I wrote this tool: Migrating EOP Settings Between Tenants.  Today, while working with a customer, we discovered that it wasn’t handling…


Making Sense of Replication Schedules in PowerShell

Hi all! Jan-Hendrik Peters, PFE, here to talk to you today about using PowerShell to view replication schedules. Automation with PowerShell is a part of our daily life. However, there are certain things that are for some reason not achievable with PowerShell out of the box. One of them is getting useful output for replication…


Update to the “Find Duplicate Address” tool

Last week, I saw some internal discussion about trying to locate the source of a duplicate object error on-premises.  While an advanced administrator will be able to figure it out by looking at the Connector Spaces for connected directories, it’s not necessarily obvious to a lot of people (especially if you’re not experienced with our…

2

Using “Restore-RecoverableItems”, or “how I saved my own bacon”

Since the dawn of time (or at least, since the dawn of the Epoch), people have been inadvertently deleting stuff.  As is attributed to Uncle Ben, “with great power comes great responsibility,” and so it is true with the system administrator.  The ability to delete an email is insignificant next to the power of the…


Server Core: Navigating an old but new world

Lately, I’ve done a lot of posting on Server Core and one thing I’ve neglected to write on is how you actually navigate in this new world. Starting with Windows Server 1709 (and at the time of this writing), the “current branch” models of Windows Server will not have a GUI and your one and…

2

SharePoint Workflow settings

Hello All, Customer recently asked me about this and since i had to go hunting I figured i would leave this here for you.  Users are having problems running Workflows they will run sporatically and sometimes take quite a bit of time to execute. Here are the commands that I recommend: Setting the Throttle Size,…


Invoke-Adversary – Simulating Adversary Operations

Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring solutions based on how well they detect advanced persistent threats. I was inspired to write this script after seeing APTSimulator excellent tool from Florian Roth. Update 4/17/2018: The script is temporally removed while I resolve an issue. I will update as soon as…

4