Wednesday, September 20, 2017

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap this around an invoke-command for remote query.
$Before = (get-date).adddays(90).ToString("MM/dd/yyyy")
$After = (get-date).AddDays(-5).ToString("MM/dd/yyyy")
<#

https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/
We create a date range with
$Before, i.e. certificates expiring before this date, and
$After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter.
#>
$Restrict = "NotAfter<=$Before,NotAfter>=$After"
$Report = @()
$cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template"

$SplitLines = $cmd.Split("`n`r")

$Index = 0
foreach ($line in $SplitLines){

    if ($line -like "Row*" ){
        $Details = New-Object PSObject 
        $Details | Add-Member noteProperty "RequesterName" $SplitLines[$index+1].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "CommonName" $SplitLines[$index+2].split(":")[1].Replace("`"","").Replace(" ","")
        $Details | Add-Member noteProperty "Certificate Expiration Date" $SplitLines[$index+3].split(':')[1].split(" ")[1].Replace(" ","")

        
        if ($SplitLines[$index+4].split(":")[1].Replace("`"","") -notlike "*1.*") {
            $TemplateName = $SplitLines[$index+4].split(":")[1].Replace("`"","").Replace(" ","")
        }
        Else {
        write-host "hit"
        $templatename = $SplitLines[$index+4].split(":")[1].Replace("`"","").split(" ")[2].Replace(" ","")
        }

        $Details | Add-Member noteProperty "Certificate Template" $TemplateName
        
        
        
        $report += $Details 
    
    }

    $Index++
}
$report

Tuesday, September 12, 2017

Powershell: Generate CSR

Wrote this function to generate SAN certificate requests. This isn't a robust solution, nor does it follow best practice, it is more of a hey it works with a Microsoft CA.


 #https://social.technet.microsoft.com/Forums/Lync/en-US/b4e27454-c60f-4346-9f7d-22214f49ab6f/create-inf-file-to-create-req-using-certreqexe?forum=winserversecurity

Found a more correct script after i wrote this here https://pscsr256.codeplex.com/

<#
.Synopsis
   Generate CSR by Tony Unger
.DESCRIPTION
   Generates CSR
.EXAMPLE
   new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames
.EXAMPLE
   new-csr -CommonName "test0.microsoft.com"
#>
function new-csr
{
    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        # Common name for request
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $CommonName,

        # SAN DNS names
        [string[]]
        $DNSNames
    )

    Begin
    {
    $Date = (Get-Date).ToString('ddMMyyyy')
    $ReqFile = "Cert_Req-$CommonName-" + "$Date" + ".csr"
    }
    Process
    {
        $InfFile = @"
        [NewRequest]`r
        Subject = "CN=$CommonName"`r
        KeySpec = 1
        KeyLength = 2048
        Exportable = TRUE`r
        RequestType = CMC`r
        [Extensions] 
        2.5.29.17 = "{text}" 
        _continue_ = "dns=$CommonName&"`n
"@
    foreach ($DNSName in $DNSNames){
        $InfFile =$InfFile + @" 
            _continue_ = "dns=$DNSName&"`n
"@


    }
    $InfFile
        $FinalInfFile = "Cert_Req_Inf-$CommonName-" + "$Date" + ".inf"
        New-Item $FinalInfFile -type file -value $InfFile -Force

        cmd /c "certreq -new $FinalInfFile $ReqFile"
    }
    End
    {
    }
}

$Hostnames = "test1.microsoft.com","test2.microsoft.com"
new-csr -CommonName "test0.microsoft.com" -DNSNames $HostNames

Thursday, July 6, 2017

Set non-domain windows server to use a KMS Server

REM List out KMS Servers
nslookup -type=srv _vlmcs._tcp

REM Set workgroup to use a particular KMS Server
slmgr.vbs /skms <KMS server>:<port>

Tuesday, May 9, 2017

Powershell: Get LUN ID with Diskspace

get-wmiobject Win32_DiskDrive | select name,caption, scsibus, scsilogicalunit, @{Name="size(GB)";Expression={"{0:N1}" -f($_.size/1gb)}} | sort-object name

Tuesday, October 18, 2016

Powershell: Change UPN on list of users

I needed a script to bulk change a list of users to a new UPN i came up with this.

#
$Users = gc c:\temp\users.txt | get-ADUser

foreach ($User in $Users)
$UserUPN = $User.UserPrincipalname
$UserUPNwithOutDomain = ([regex]::matches($UserUPN, "([^@]+)")).value[0]
Set-ADUser $User -userprincipalname "$UserUPNwithOutDomain@microsoft.com"
}

Monday, May 9, 2016

Vmware: Powershell List all Datastores and virtual machines within


Purpose: Need to know if i had any empty datastores attached to my ESXi hosts. Came up with this one liner which will list out all datastores and the vms that are within empty or not.

get-datastore | select name, @{name="VM";e={get-datastore $_.name | get-vm } } | fl

Thursday, May 5, 2016

VMware: Powershell Query each ESX Hosts Syslog


This query will report each host and its current Syslog

get-vmhost | select Name,@{Name="SysLog"; Expression={(get-vmhostsyslogserver $_.name)}} | FL