Snippets

November 26, 2018
This probably takes a bit of explanation. My use case is the following: I wish to expose an internal Wiki outside the corporate network. To accomplish this I use an Azure AD Application Proxy. I also wish to restrict who has access to the application proxy and enforce multifactor authentication. This is easily accomplished by setting “User assignment required” in properties and adding a Conditional Access-policy. However. A really weird drawback in Azure AD is lack of support for nested groups. ...
October 27, 2017

To change VM Size when your virtual machines are part of an availability set can be a pain in the Azure Portal. Especially if the new size you want is not available on your current cluster and the resources have to be moved as well.

The entire process is a lot easier to do with powershell

...
September 29, 2017
Get-ADUser -SearchBase "ou=users,dc=contoso,dc=com" -Filter * -Properties Name, EmployeeNumber, UserPrincipalName, Manager | where {$_.Manager -eq $null} | ft Name, EmployeeNumber, UserPrincipalName, Manager

Because “Manager” being an extended attribute in Active Directory you can’t use -Filter {Manager -notlike “*“} like you would with basic attributes

September 22, 2017
To delete an entire tree structure with objects (typically Organizational Units) with the flag “ProtectedFromAccidentialDeletion” we first need to remove the flag. We can then select the top node and delete the entire tree. Needless to say, you should probably use this with caution. If you don’t want to remove the protection from every OU in the specified SearchBase you need to split up and run the command multiple times with different values for the SearchBase-argument ...
July 17, 2017
Get-ADUser -Filter "*" -SearchBase "ou=Users,dc=contoso,dc=com" -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
December 2, 2016

This is an old example (albeit with a few updates) on how to use Ansible’s ACME-module to generate free certificates and validated them with a DNS record.

The example use Cloudflare for DNS, but any provider with an ansible module works.

To use the example, add your own email, api token and domain name to variables. To receive a certificate with an actual trusted root, change ACME Directory to https://acme-v02.api.letsencrypt.org/directory

...