Wednesday, 30 May 2018

RDP : An authentication error occurred This could be due to CredSSP encryption oracle remediation

Problem:

I am trying to connect a remote machine through Remote Desktop Connection (RDP client) from my local Windows 10 machine and receiving the error "An authentication error has occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation."

RDP An authentication error has occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation.

Cause:

After analyzing some time, found that this error is occurring after May 2018 Security update . Please check this link for more info: https://blogs.technet.microsoft.com/yongrhee/2018/05/09/after-may-2018-security-update-rdp-an-authentication-error-occurred-this-could-be-due-to-credssp-encryption-oracle-remediation/

Solution:

  • Connect the problematic remote machine from different computer (other than your current computer).
  • In remote computer, right-click on My Computer (This PC) -> click Properties.
  • Now click Remote Settings and un-check the option "Allow connections only from computers running Remote Desktop with Network Level Authentication" and Apply the settings.
Remote Desktop Connection An authentication error has occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation.

  • Now try to connect from your local machine.

Tuesday, 29 May 2018

Azure AD Login - The browser based authentication dialog failed to complete. Reason: the server or proxy was not found

Problem:

I am receiving the error "The browser based authentication dialog failed to complete. Reason: the server or proxy was not found" when I try to connect Azure AD powershell command.
Connect-AzureAD : One or more errors occurred.:  The browser based authentication dialog failed to complete. Reason:
The server or proxy was not found.
At line:1 char:1
+ Connect-AzureAD
+ ~~~~~~~~~~~~~~~
    + CategoryInfo          : AuthenticationError: (:) [Connect-AzureAD], AadAuthenticationFailedException
    + FullyQualifiedErrorId : Connect-AzureAD,Microsoft.Open.Azure.AD.CommonLibrary.ConnectAzureAD

Cause:

This issue may occur if your proxy server not allowing to connect internet (especially login portal: https://login.microsoftonline.com) or the proxy settings may not be configured properly to connect internet.

Solution:

Open Internet Explorer (with Run as administrator privilege)-> click Settings (gear icon) in top-right corner -> Internet Options -> select Connections tab -> LAN Settings -> set Automatically detect settings and remove Proxy settings if configured.
Azure AD Login - The browser based authentication dialog failed to complete. Reason: the server or proxy was not found


Tuesday, 15 May 2018

Find and Export Office 365 Users Profile Picture Status using PowerShell

In this post, I am going to share powershell script to find a list of users without profile picture in Office 365. We can extract this report using Exchange Online powershell cmdlets Get-Mailbox and Get-Userphoto.

Before proceed run the following command to connect Exchange Online powershell module.
$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session

Check if specific user has profile picture or not :

The following command checks whether profile photo set or not set for the user "alexw@contoso.com".
$photoObj = Get-Userphoto -Identity "alexw@contoso.com" -ErrorAction SilentlyContinue
If($photoObj.PictureData -ne $null)
{
Write-Host "User has profile picture"
}
Else
{
Write-Host "Profile picture not configured"
}

Export Office 365 Users without profile picture to CSV file :

Run the following powershell script to get a list of users who do not have profile picture and export user details to csv file.
$Result=@()
$allUsers = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$totalusers = $allUsers.Count
$i = 1 
$allUsers | ForEach-Object {
$user = $_
Write-Progress -activity "Processing $user" -status "$i out of $totalusers completed"
$photoObj = Get-Userphoto -identity $user.UserPrincipalName -ErrorAction SilentlyContinue
If($photoObj.PictureData -eq $null) 
{
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}}
$i++
}
$Result | Export-CSV "C:\\office-365-users-without-photo.csv" -NoTypeInformation -Encoding UTF8

Export all O365 Users with profile picture status :

The following powershell script exports all mailbox users with their profile picture status (photo uploaded or not) to csv file.
$Result=@()
$allUsers = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
$totalusers = $allUsers.Count
$i = 1 
$allUsers | ForEach-Object {
$user = $_
Write-Progress -activity "Processing $user" -status "$i out of $totalusers completed"
$photoObj = Get-Userphoto -identity $user.UserPrincipalName -ErrorAction SilentlyContinue
$hasPhoto = $false
if ($photoObj.PictureData -ne $null)
{
$hasPhoto = $true
}
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
HasProfilePicture = $hasPhoto 
}
$i++
}
$Result | Export-CSV "C:\\office-365-users-photo-status.csv" -NoTypeInformation -Encoding UTF8


CSV Output of Profile Picture Status Report:

Find and Export O365 Profile Photo Status Report to CSV file

Friday, 11 May 2018

Microsoft Teams : Get all your teams data using Powershell

Now we can get the list of teams where the current user is being a member using Microsoft Teams Powershell. Before proceed first you have to install Microsoft Teams Powershell using below command.
Install-Module MicrosoftTeams -Force
Note: You have to run the powershell with "Run as administrator" privilege to install this module.

Once you have installed the Teams module, then run the following command to connect Microsoft Teams and it will ask your credentials to proceed.
Connect-MicrosoftTeams

List all your Teams:

Once you have completed the login step, run the Get-Team command to list all your teams.
PS C:\> Get-Team

GroupId                              DisplayName        Description
-------                              -----------        -----------
9b614bd6-6710-44ae-a9e7-3446334546d7 Team 1             Team 1 Description
7d6143d6-2612-44ae-a9e7-2473364843f5 Team 2             Team 2 Description

List all channels in a Team:

You can get channels of a specific team by running following command. You can get the <Group Id> of the specific team from Get-Team command.
Get-TeamChannel -GroupId <Group Id>

Get Team members and their role:

You can also get members of a specific team and their role (owner or member) by running following command.
Get-TeamUser -GroupId <Group Id>
Note : Using Get-Team cmdlet you can get only your own teams, you can't get teams list of specific user even if you have administrator privilege. The Get-Team cmdlet actually included the parameter -User to get other user teams information, but as of now you will get only access denied ('Get-Team : Error occurred while executing Code: AccessDenied') error message even for global administrator.
PS C:\Windows\system32> Get-Team -User AlexW@contoso.onmicrosoft.com
Get-Team : Error occurred while executing
Code: AccessDenied
Message: Invalid UserId. UserId does not match Access token UserObjectId
InnerError: RequestId: f8664d28-5514-4bef-907e-f7a880907bc7 DateTimeStamp: 2018-05-11T16:59:53
HttpStatusCode: AccessDenied
At line:1 char:1
+ Get-Team -User AlexW@contoso.onmicrosoft.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Team], ApiException
    + FullyQualifiedErrorId : Microsoft.TeamsCmdlets.PowerShell.Custom.ErrorHandling.ApiException,Microsoft.TeamsCmdle
   ts.PowerShell.Custom.GetTeam

Thursday, 10 May 2018

How to get password from user with a mask using Powershell

You can easily prompt and ask input from user by using the Read-Host cmdlet, but by default this command accepts the user input as plain text. If you get some secured data like password from user by using this command, when user type the input the password text will be clearly visible as shown in below example.
PS C:\> Read-Host "Enter password"
Enter password: myPassword
myPassword
If you want to hide or mask the password text from user, then you need to just pass the parameter –AsSecureString with Read-Host powershell command.
PS C:\> Read-Host "Enter password" -AsSecureString
Enter password: **********
System.Security.SecureString
The hard part of the above step is, it will read password as SecureString object not as clear text value. Most of the powershell commands (i.e. Set-ADAccountPassword, Set-MsolUserPassword , etc..) will accept the password input only as SecureString object, you don't need to worry if you are going to use the password with these kind of commands, but if you need that secured text for some other purpose then you should convert the secure string password to clear text password.

The following powershell code shows how to convert secure password into plain text password.

#Step 1: get secure password from user.
$securePwd = Read-Host "Enter password" -AsSecureString
#Step 2: convert secure password into normal plain text password.
$plainPwd =[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($securePwd))
Write-Host "You password is : $plainPwd" -ForegroundColor Yellow

Monday, 7 May 2018

PowerShell : Show Progress Bar, Status and % Completed for Long Running Script

You can use the Write-Progress cmdlet to display progress status and percentage of process completed for a long running command or script. In normal cases you can use Write-Host command but if your script is going to run more time then you should use Write-Progress command to display the clear progress status.

The following command run the timer for 10 seconds and it update progress status for every second.
1..10 | ForEach {
Start-Sleep -s 1
Write-Progress -Activity "Process Started : " -Status "Total items processed: $_"
}
We can also display the progress bar by setting the parameter -PercentComplete
1..100 | ForEach {
Start-Sleep -m 100
Write-Progress -Activity "Process Started" -Status "Total items processed: $_" -PercentComplete $_
}
Show PowerShell Process Output Status 

We can also show the remaining time in seconds by setting the parameter -SecondsRemaining
1..10 | ForEach {
Start-Sleep -s 1
Write-Progress -Activity "Process Started" -Status "Total items processed: $_"  -SecondsRemaining (10-$_)
}
Display PowerShell Progress Bar Status

PowerShell : Sleep, Wait or Suspends the activity for some period of time

You can use the Start-Sleep cmdlet to suspend the activity in a script for the specified period of time. You can use this command for the tasks, such as waiting for an operation to complete or pausing before repeating an operation.

This command wait for 5 seconds.
Start-Sleep -Seconds 5
------- or ---------
Start-Sleep -s 5
The following command makes all the commands to sleep for 500 milliseconds (half of a second)
Start-Sleep -Milliseconds 500
------- or ---------
Start-Sleep -m 500

Timer Job using the cmdlets Start-Sleep and Write-Progress:

The following command run the timer for 60 seconds (1 minute).
1..60 | ForEach { 
Start-Sleep -s 1
Write-Progress -activity "Timer Started: " -Status $_
}

Wait, Sleep or Suspend in PowerShell script