February 2022 - Yusuf USTUNDAG

How to Change User Role “Manage Teams”

February 22, 2022September 22, 2022 Yusuf Ustundag 1 Comment

If you want to change the roles of the members of the team groups you have, you can usually use the Teams Admin Panel.

In cases where there are too many members in the group you want to change roles, it may not be efficient to do this from the management console, or you may not see the action taken.

The next thing to do is to use Teams Powershell commands.

First of all, we use the get-team cmdlet to see the properties of the group.

Get-Team -DisplayName "Group Name"

We need to use the Get-TeamUser cmdlet to view the members of the group, but it needs “GroupId” information to use it.

Get-Team -DisplayName "Group Name" | select GroupID

Get-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a"

We need to use the Add-TeamUser or Remove-TeamUser cmdlet to change roles.

Add-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a" -User yusuf@yusufustundag.com -Role Owner

Remove-TeamUser -GroupId "419XXX-XXfc-XX6-bXX9-XXXX2ae8a" -User yusuf@yusufustundag.com -Role Owner

Have a nice day !

How to Find Servers are Using VMXNET3 Adapter

February 14, 2022September 22, 2022 Yusuf Ustundag 1 Comment

If you want to list the adapters used by the virtual servers in your VMware virtualization platform, you can use the commands below.

By the way first of all you need to connect to vCenter and vmware tools must also be installed on your virtual servers.

For example to list servers with VMXNET3 adapters;

Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -eq "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type

For example to list servers without VMXNET3 adapters you can changing the -eq parameter;
Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -ne "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type

If you want to export these lists into .csv file usage Export-Csv command;
Export-Csv C:\VMXNET3_Adapter.csv -NoTypeInformation

The final state of the command;

Get-Vm | Get-NetworkAdapter | Where-object {$_.Type -eq "Vmxnet3"} | Select @{N="VM";E={$_.Parent.Name}},Name,Type | Export-Csv C:\VMXNET3_Adapter.csv -NoTypeInformation

Have a nice day !

How to Connect VMware from Powershell

February 13, 2022September 22, 2022 Yusuf Ustundag 3 Comments

I know it sounds like a very simple process.It is usually told that you can open the powershell application and access it with the “Connect-VIserver” command sets.
This information is correct but incomplete because the need to required install the powershell module.

Install-Module -Name VMware.PowerCLI

If you have installed the module, you can now connect to VMware vCenter via Powershell.

Connect-VIserver -Server vCenter -Port 443

If you get an error like the one below while connecting, you can use the command below to ignore the warning.

Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Now you can connect

Have a nice day !

How to Find Local Group Members from Remote Servers

February 12, 2022September 22, 2022 Yusuf Ustundag 2 Comments

If you need to list local group members belonging to remote servers , you can use two different powershell commands below.

By the way If the Windows Remote Management (WinRM) service is turned off on your remote servers, “Invoke-Command” doesn’t work.

$Servers = Get-Content C:\Temp\BulkServers.txt Foreach ($Server in $Servers) { Invoke-Command -ComputerName $Server -ScriptBlock {Get-LocalGroupMember -Group "Remote Desktop Users"} | Select PSComputerName,Name }

$Servers = Get-Content C:\Temp\BulkServers.txt Foreach ($Server in $Servers) { $Groups = Get-WmiObject Win32_GroupUser –Computer $Server $RDPUsers = $Groups | Where GroupComponent –like '*"Remote Desktop Users"'

Write-Host "Server: $Server" Write-Host " " $RDPUsers |% {
$_.partcomponent –match ".+Domain=(.+)\,Name=(.+)$" > $null $matches[1].trim('"') + "\" + $matches[2].trim('"') } Write-Host " " }

To list other group members, simply change the “Remote Desktop Users” group information.

Have a nice day !

How to Bulk Add DNS A Records

February 11, 2022September 22, 2022 Yusuf Ustundag Leave a comment

If you want to add A records in bulk, you must first edit the A records you want to add as a “.csv” file.

Then it will be enough to run the following powershell line.

Import-Csv .\dns.csv | ForEach-Object { Add-DnsServerResourceRecordA -Name $_.Name -IPv4Address $_.IPv4Address -ZoneName yusufustundag.com -ComputerName PDC -CreatePtr}

If you want to check the A records run the following powershell line.

Get-DnsServerResourceRecord -ZoneName yusufustundag.com -RRType A

Have a nice day!

Exchange Recipient Type Values

February 9, 2022September 22, 2022 Yusuf Ustundag Leave a comment

I don’t know where and when this information will be useful to you, but I needed these values in a few problems I had, maybe you will need them one day.

There are three critical recipient values used by Exchange Server;

msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchRemoteRecipientType

There is the only supported way to change these values is using the Exchange Admin Center or using the Exchange Management Shell.

msExchRecipientDisplayType	Value (Decimal)
MailboxUser	0
DistributionGroup	1
PublicFolder	2
DynamicDistributionGroup	3
Organization	4
PrivateDistributionList	5
RemoteMailUser	6
ConferenceRoomMailbox	7
EquipmentMailbox	8
ArbitrationMailbox	10
MailboxPlan	11
LinkedUser	12
RoomList	15
SyncedMailboxUser	-2147483642
SyncedPublicFolder	-2147483130
SyncedDynamicDistributionGroup	-2147482874
SyncedRemoteMailUser	-2147482106
SyncedConferenceRoomMailbox	-2147481850
SyncedEquipmentMailbox	-2147481594
SecurityDistributionGroup	1043741833
RBAC Role Group	1073741824

msExchRecipientTypeDetails	Value (Decimal)
UserMailbox	1
LinkedMailbox	2
SharedMailbox	4
LegacyMailbox	8
RoomMailbox	16
EquipmentMailbox	32
MailContact	64
MailUser	128
MailUniversalDistributionGroup	256
MailNonUniversalGroup	512
MailUniversalSecurityGroup	1024
DynamicDistributionGroup	2048
PublicFolder	4096
SystemAttendantMailbox	8192
SystemMailbox	16384
MailForestContact	32768
User	65536
Contact	131072
UniversalDistributionGroup	262144
UniversalSecurityGroup	524288
NonUniversalGroup	1048576
Disable User	2097152
MicrosoftExchange	4194304
ArbitrationMailbox	8388608
MailboxPlan	16777216
LinkedUser	33554432
RoomList	268435456
DiscoveryMailbox	536870912
RoleGroup	1073741824
RemoteUserMailbox	2147483648
RemoteRoomMailbox	8589934592
RemoteEquipmentMailbox	17179869184
RemoteSharedMailbox	34359738368
PublicFolderMailbox	68719476736
Team Mailbox	137438953472
RemoteTeamMailbox	274877906944
MonitoringMailbox	549755813888
GroupMailbox	1099511627776
LinkedRoomMailbox	2199023255552
AuditLogMailbox	4398046511104
RemoteGroupMailbox	8796093022208
SchedulingMailbox	17592186044416
GuestMailUser	35184372088832
AuxAuditLogMailbox	70368744177664
SupervisoryReviewPolicyMailbox	140737488355328

msExchRemoteRecipientType	Value (Decimal)
ProvisionedMailbox (Cloud Mailbox)	1
ProvisionedArchive (Cloud Archive)	2
ProvisionedMailbox, ProvisionedArchive (Cloud Mailbox & Cloud Archive)	3
Migrated	4
Migrated, ProvisionedArchive (Migrated Mailbox & Cloud Archive)	6
DeprovisionMailbox	8
ProvisionArchive, DeprovisionMailbox	10
DeprovisionArchive	16
ProvisionMailbox, DeprovisionArchive	17
DeprovisionArchive, Migrated	20
ProvisionMailbox, Migrated, DeprovisionArchive	21
DeprovisionMailbox, DeprovisionArchive	24
RoomMailbox	32
ProvisionMailbox, RoomMailbox	33
ProvisionMailbox, ProvisionArchive, RoomMailbox	35
Migrated, RoomMailbox	36
ProvisionArchive, Migrated, RoomMailbox	38
ProvisionMailbox, DeprovisionArchive, RoomMailbox	49
Migrated, DeprovisionArchive, RoomMailbox	52
EquipmentMailbox	64
ProvisionMailbox, EquipmentMailbox	65
ProvisionMailbox, ProvisionArchive, EquipmentMailbox	67
Migrated, EquipmentMailbox	68
ProvisionArchive, Migrated, EquipmentMailbox	70
ProvisionMailbox, DeprovisionArchive, EquipmentMailbox	81
Migrated, DeprovisionArchive, EquipmentMailbox	84
SharedMailbox	96
ProvisionMailbox, SharedMailbox	97
Migrated, SharedMailbox	100
ProvisionArchive, Migrated, SharedMailbox	102
Migrated, DeprovisionArchive, SharedMailbox	116

Have a nice day !

Office 365 Mailbox Not Showing In On-Premises Exchange Server

February 8, 2022February 8, 2022 Yusuf Ustundag Leave a comment

If you create your user’s mailbox directly from the Office 365 management console, you will not be able to see the newly created mailbox on your On-Premises Exchange server.

The recommended method is to create the mailbox on the On-Premises Exchange server.

In order to solve the problem of the mailbox created directly on Office365 not appearing on Hybrid Exchange in our scenario above, you should run the following commands on the On-Premises Exchange according to the mailbox you are having trouble with.

$uid = read-host "Please enter username" $mailnick = read-host "Please enter username" $tempmail = $uid+"@company.mail.onmicrosoft.com" $primarymail = $mailnick+"@company.com"

Set-ADUser $uid -Clear homemdb, homemta, msExchHomeServerName, msExchPoliciesExcluded Set-ADUser $uid -Add @{msExchRemoteRecipientType="4"} Set-ADUser $uid -Add @{mailNickname="$mailnick"} Set-ADUser $uid -Add @{msExchProvisioningFlags="0"} Set-ADUser $uid -Add @{msExchModerationFlags="6"} Set-ADUser $uid -Add @{msExchAddressBookFlags="1"} Set-ADUser $uid -Replace @{targetaddress="$tempmail"} Set-ADUser $uid -Replace @{msExchRecipientDisplayType="-2147483642"} Set-ADUser $uid -Replace @{msExchRecipientTypeDetails="2147483648"} Set-RemoteMailbox $uid -PrimarySMTPAddress $primarymail

Have a nice day!

How to your organization mitigate the risk of a Pass-the-Hash (PtH) attack?

February 4, 2022February 1, 2022 Yusuf Ustundag 1 Comment

This mitigation strategies that you can use in your organization to help prevent both lateral movement and privilege escalation by decreasing the impact of credential theft.

Lateral Movement: In this activity, the attacker uses the credentials obtained from a compromised computer to gain access to another computer of the same value to the organization.

Privilege Escalation: In this activity, the attacker uses the credentials obtained from a compromised computer to gain access to another computer of a higher value to the organization.

These mitigations are effective, practical, and broadly applicable to different domain configurations.

These mitigations are defense-in-depth measures designed to ensure that your environment is protected even if these measures fail.

Mitigation	Effectiveness	Effort Required	Privilege Escalation	Lateral Movement
Restrict and protect local accounts with Administrative Privileges	Excellent	Medium	√	–
Restrict and protect local accounts with Administrative Privileges	Excellent	Low	–	√
Restrict inbound traffic using the Windows Firewall	Excellent	Medium	–	√
More Recommendations	Effectiveness	Effort Required	Privilege Escalation	Lateral Movement
Remove standard users from the local Administrators Group	Excellent	High	√	–
Limit the number and use of privileged Domain Accounts	Good	Medium	√	–
Configure outbound proxies to deny internet to Privileged Accounts	Good	Low	√	–
Ensure Administrative Accounts don’t have email accounts	Good	Low	√	–
Use remote management tools that don’t place reusable credentials on a remote computers memory	Good	Medium	√	–
Avoid logons to less secure computers that are potentially compromised	Good	Low	√	√
Update applications and operating systems	Partial	Medium	–	–
Secure and manage Domain Controllers	Partial	Medium	–	–
Remove LM hashes	Partial	Low	–	–
Other Mitigation	Effectiveness	Effort Required	Privilege Escalation	Lateral Movement
Disable the NTLM Protocol	Minimal	High	–	–
Smart cards and multifactor authentication (MFA)	Minimal	High	–	–
Jump servers	Minimal	High	√	–
Rebooting workstations and servers	Minimal	Low	–	–

Have a nice day!

Hyper-V Virtual Switches

February 3, 2022January 31, 2022 Yusuf Ustundag Leave a comment

The structures Virtual Network and Virtual Switch, these are the components that our virtual servers running on virtualization platforms need for network communication.

Virtual switches also work exactly like physical switches ones. However, the type of your virtual switches will determine which function it will implement.

Virtual switches are very important and necessary for your virtual servers to communicate with your environment.
Therefore, all server virtualization platforms have virtual network technology.
Only the configuration parts can be different.
As a result, they all consist of 3 virtual network types.

External Virtual Switch
Internal Virtual Switch
Private Virtual Switch

External Virtual Switch
This switch type should be used when virtual machines are required to communicate with systems on the physical network.

It can be systems on a physical network, physical servers in your environment, virtual servers on Hyper-V or other servers & services outside.

“External Virtual Switch” are used for your virtual servers to communicate with the external environment.

In order for the External Virtual Switch you created to communicate with the physical network, it must be plugged into the physical network port.
Your virtual servers connected to Virtual Switch use your physical port as a common connection.

Internal Virtual Switch
It can only access your virtual servers in its host.
Therefore, it will only communicate with the host and other virtual servers in the host.
If you connect your virtual servers to Internal Virtual Switch, can’t communication to physical networks.
If you are going to use “Internal Virtual Switch”, you must also add a virtual network card connected to this switch on the Hyper-V host.
Your virtual servers with this type of virtual switch can run at 10Gbps.
Because communication is provided with VMBus protocol.
The existence of any physical port is not required.

Private Virtual Switch
It is used for your virtual servers on an existing host that you want to communication to only among themselves.
With Private Virtual Switches, you create a completely isolated network.
The existence of any physical port is not required.

For more information

Have a nice day!

Minimum Outlook for Windows version requirements for Microsoft 365

February 2, 2022February 2, 2022 Yusuf Ustundag Leave a comment

After November 1, 2021, only Outlook 2013 Service Pack 1 (with latest fixes) and later will be able to connect to Microsoft 365 services.

Not supported versions;

Outlook 2007
Outlook 2010
Office 2013 versions earlier than 15.0.4971.1000
Office 2016 versions earlier than 16.0.4600.1000

Outlook 2007 or Outlook 2010 is blocked from connecting to Exchange Online.
Users can immediately start using Outlook on the web through a browser.

If you want to find the outlook version information used in your tenant organization, you can use the “Microsoft 365 Reports in the admin center – Email apps usage. “

Have a nice day !