Blog‎ > ‎

IT


Azure DNS setup for Office 365

posted May 11, 2018, 11:59 AM by Jake Vosloo   [ updated May 11, 2018, 12:02 PM ]

Per-Torben Sørensen wrote an easy to use script for configuring Azure DNS for Office 365.

# This script automatically configures Azure DNS for O365
# Written by Per-Torben Sørensen (per-torben.sorensen@advania.no)
#
# Version: 1.0
#*********************************************************************************************
#
# Input values below
$azureadmin = “me@example.onmicrosoft.com” # admin user in azure portal with DNS rights
$ttl = “86400” # TTL for all records (in seconds)
$zonename=”azure.contoso.com”
$rgname = “testazuredns” # Use Get-AzureRmDnsZone after login to find this
$proofvalue = “MS=ms12345678” # Proof of ownership from the Office 365 portal
#
#*********************************************************************************************
#
# Variables below
$cred = Get-Credential -Message “Log on” -UserName $azureadmin
$runscript = $false # Failsafe for accidental running
#*********************************************************************************************
if ($runscript -eq $false)
{
Write-Host -ForegroundColor Red “Do NOT run this script non-interactively! Run from editor”
return
}
# Log on Azure RM and set DNS variable
Login-AzureRmAccount -Credential $cred
$dnszone = Get-AzureRmDnsZone -Name $zonename -ResourceGroupName $rgname
#
# Creating first TXT record (Proof of domain ownership)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXT -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Value “$($proofvalue)”)
#
# Create CNAME records
New-AzureRmDnsRecordSet -Zone $dnszone -Name “autodiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “autodiscover.outlook.com”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “sip” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “sipdir.online.lync.com”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “lyncdiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “webdir.online.lync.com”)
#New-AzureRmDnsRecordSet -Zone $dnszone -Name “msoid” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “clientconfig.microsoftonline-p.net”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseregistration” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseregistration.windows.net”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseenrollment” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseenrollment.manage.microsoft.com”)
#
# Modifies the existing TXT record
$txtrecord = Get-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXT
Add-AzureRmDnsRecordConfig -RecordSet $txtrecord -Value “v=spf1 include:spf.protection.outlook.com -all”
Set-AzureRmDnsRecordSet -RecordSet $txtrecord
#
# Create SRV records
New-AzureRmDnsRecordSet -Zone $dnszone -Name “_sip._tls” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 443 -Target sipdir.online.lync.com)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “_sipfederationtls._tcp” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 5061 -Target sipfed.online.lync.com)
#
# Set MX record – THIS CHANGES THE MAIL FLOW!
#
$exchadr = ($zonename -replace “\.”,”-“)
$exchadr +=”.mail.protection.outlook.com”
$mxrecords = @()
$mxrecords = New-AzureRmDnsRecordConfig -Exchange $exchadr -Preference 0
New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType MX -Ttl $ttl -DnsRecords $mxrecords
#
# This line allows you to select one or several DNS records and delete them from zone
Get-AzureRmDnsRecordSet -Zone $dnszone | Out-GridView -Title “Select record to delete” -OutputMode Multiple | Remove-AzureRmDnsRecordSet
#

Disable Windows 10 focus stealing

posted Apr 22, 2018, 6:33 PM by Jake Vosloo   [ updated Apr 22, 2018, 6:36 PM ]

Windows has this annoying habit of letting apps become the foreground app when they are started, this goes against my usage where I start an app and then continue in another app while waiting for it to load. I do not want an app ever to become the foreground app when it just started. 

If this is a problem for you too, please sign the petition:

Here is a possible solution:

In Regedit change HKEY_CURRENT_USER\Control Panel\Desktop\ForegroundLockTimeout from 0 to 30d40
Restart Windows.

Reference:
https://www.reddit.com/r/Windows10/comments/3vbzth/turn_off_focus_stealing/


Powershell Rename File with TimeStamp

posted Apr 18, 2016, 9:30 PM by Jake Vosloo

This script takes a file and renames it to include the last write time stamp in the file name.


if (Test-Path $LogFile) {
  $LogFileTimestamp = ([datetime](Get-ItemProperty -Path $LogFile -Name lastwritetime).lastwritetime).ToString("yyyyMMddTHH.mm.sszz")
  $LogBackupfile = $LogFile.Replace(".", "_$LogFileTimestamp.")
  Rename-Item $LogFile $LogBackupfile
}


SQL map time to .Net ticks

posted Nov 12, 2015, 5:38 PM by Jake Vosloo

.Net System.DateTime.Ticks has 10,000,000 ticks per second and starts from 0:00:00 UTC on 1 January 0001, in the Gregorian calendar. To get this number in SQL is quite complex but here is a shortcut:

This select statement calculates the .Net ticks in SQL and is accurate to the nearest second.
select (cast(630822816000000000  as bigint) + cast(datediff(second,'2000-01-01',GETUTCDATE()) as bigint) * 10000000) as [Ticks.Net]

This is how I constructed the formula, first I got the ticks up to 2000 from powershell as follows:
Write-Host "2000:  " ([System.DateTime]"2000-01-01").Ticks
Write-Host "Now:   " ([DateTime]::UtcNow).Ticks
Write-Host "Seconds:          ^       " 

Which returns:
2000:   630822816000000000

Then I calculate the difference in seconds since 2000 and the current date and multiply the number of seconds with 10 million to get it into ticks.

References:


Windows update force reboot

posted Oct 17, 2015, 8:43 PM by Jake Vosloo   [ updated Oct 17, 2015, 8:43 PM ]

Windows sometimes restart even when there is a user logged in.  This can be remedied with the following registry edits. The attached file contains these edits.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000005
"AutoInstallMinorUpdates"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"RebootWarningTimeoutEnabled"=dword:00000000
"RebootWarningTimeout"=dword:00000090
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootRelaunchTimeout"=dword:000005A0
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000001

References

PowerShell Find the Current Path

posted Oct 4, 2015, 5:39 PM by Jake Vosloo   [ updated May 31, 2017, 9:34 PM ]


Powershell has a few complications when finding the path where the current script is executing. Especially if you are running it from ISE or directly on the shell.  This function helps to get the most reliable path.

function Get-ScriptDirectory()
{
    #Try 1, should work for powershell 3.0+.
    try{
        $localPath = $PSScriptRoot
        if (![string]::IsNullOrWhiteSpace($localPath)) {return $localPath}
    } Catch [system.exception] {}
    
    #Try 2, for older version of powershell.
    try{
        if ($myInvocation.MyCommand.CommandType -ne [System.Management.Automation.CommandTypes]::Script) {
            $localPath = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Path)
            if (![string]::IsNullOrWhiteSpace($localPath)) {return $localPath}
        }
    } Catch [system.exception] {}
    
    #Try 3, if this is being run in ISE.
    try{
        $localPath = [System.IO.Path]::GetDirectoryName($psISE.CurrentFile.FullPath)
        if (![string]::IsNullOrWhiteSpace($localPath)) {return $localPath}
    } Catch [system.exception] {}

    #Try 4, as last resort use the current shell location.
    try{
        $localPath = (Get-Location).Path
        if (![string]::IsNullOrWhiteSpace($localPath)) {return $localPath}
    } Catch [system.exception] {}

    #All failed, throw an exception.
    throw "ERROR=""Execution path unknown."" messag=""Unable to identify the path of the script which is needed to load the dependency files."""
}

#Use it like this
[string] $scriptPath = Get-ScriptDirectory
[string] $sourcepath = [System.IO.Path]::GetFullPath((Join-Path ($scriptPath) '.\Source'))

References:


Powershell create new self signed certificate

posted May 6, 2015, 6:50 PM by Jake Vosloo

The command to create a new self signed certificate is as follows:

New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname customer1-test.cloudapp.net


From:
http://windowsitpro.com/blog/creating-self-signed-certificates-powershell

PowerShell Export SSL certificates

posted Apr 27, 2015, 7:27 PM by Jake Vosloo   [ updated May 11, 2015, 8:42 PM ]

PowerShell doesn't automatically offer to trust a remote server as many SSH clients does instead you have to go through a number of manual steps to be able to connect to an Azure remote server.  After configuring your VM in Azure, its powershell will be configured with a self signed cerificate for the external Azure URL. To be able to connect to this with PowerShell remoting, you must install the certificate into the local computer's trusted root certificates store. 

You can see which certificates is conneted on your computer using:
netsh http show sslcert

Here's a script which extracts a certificate from a port, save it as a file called DownloadCertAndImportRoot.ps1 on and then attempts to import it into the certificate store.

<#
This script retrieves the certificate from an SSL connection, saves the certificate as a file and attempts to import it into the trusted root store.
USAGE:  .\DownloadCertAndImportRoot.ps1 "https://www.google.com"
Adapted from: 
https://bernhardelbl.wordpress.com/2013/03/21/download-and-install-a-certificate-to-your-trusted-root-using-powershell/
#>
param($url)

[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} #Bypass Powershell certificate validation, so that we can download any untrusted certificate.
[System.Uri] $u = New-Object System.Uri($url)
[Net.ServicePoint] $sp = [Net.ServicePointManager]::FindServicePoint($u);
[System.Guid] $groupName = [System.Guid]::NewGuid() #allow to quickly close all connections
[Net.HttpWebRequest] $req = [Net.WebRequest]::create($url)
$req.Method = "GET"
$req.Timeout = 600000 # = 10 minutes
$req.ConnectionGroupName = $groupName
# // Set if you need a username/password to access the resource
#$req.Credentials = New-Object Net.NetworkCredential("username", "password");
[Net.HttpWebResponse] $result = $req.GetResponse() #If the server return 404 then you will get an exception here.
$sp.CloseConnectionGroup($groupName) | Out-Null

#Write the certificate to a temp file
$tempfilename = [System.IO.Path]::GetTempFileName() #get a temporary file reference
[System.Byte[]] $data = $sp.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes($tempfilename, $data)
Write-Debug "Downloaded to temp file: $tempfilename"

#move the temp file to the local folder for future use.
$outfilename = (Convert-Path .) + "\CertExport.cer"
if(Test-Path $outfilename) { del $outfilename }
mv $tempfilename $outfilename
Write-Host "Certificate saved as: $outfilename"

#Import the certificate into the root certificate store
if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator))
{
    #CertUtil -addStore Root $outfilename
    $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $store = new-object System.Security.Cryptography.X509Certificates.X509Store(“Root”,”LocalMachine”)
    $pfx.Import($outfilename)
    $store.Open(“MaxAllowed”)
    $store.Add($pfx)
    $store.Close()
}
else
{
    Write-Host "The script is not running as administrator and cannot automatically import the certificate into the root store. You should Right-click the exported certificate file and install it into the trusted root store."
}


The manual process is:

You can use Chrome or Firefox to download the certificate and then user Windows Explorer or MMC to import it into the certificate store. This only works if you are not using any insecure ports which will be blocked by these browsers...

Open PowerShell and run the following command to confirm that it is failing:
Test-WsMan -Port 5986 -UseSSL YourServerUrl.cloudapp.net

You should get an error stating:
The SSL certificate is signed by an unknown certificate authority.

Now open the server url in chorme:
https://YourServerUrl.cloudapp.net:5986

Access and download the certificate to your local disk.
Right-click the certificate and install it into the trusted root store.
Try the PowerShell command again, it should work now.

References:

Get incremental build number in TFS VisualStudio online

posted Apr 25, 2015, 6:16 PM by Jake Vosloo

I wanted incremental build numbers from VisualStudio online when automatically building and deploying to Google play store.

The build process file creates the buildnumber in the first line:
this:Process.BuildNumberFormat="[&quot;$(Rev:rr)&quot;]"

The $(Rev:xxx) defines the build number. When a build is completed, if nothing else in the build number has changed, the Rev integer value is incremented by one.

Although I could not find any documentation, it seems the Rev number has the following format:
rr formats it like ## so:
$(Rev:.r) is formatted as .1
$(Rev:.rr) is formatted as .01
$(Rev:rr) is formatted as 01


References:


Root Samsung Note Pro 12.2 LTE SM-P905 - P905ZSUANH1

posted Apr 10, 2015, 2:42 AM by Jake Vosloo   [ updated Apr 10, 2015, 2:48 AM ]

Warning: This trips the Knox warranty void flag.

Download and extract the following files:

Power off your Android device.

Put the Galaxy Note Pro 12.2 LTE SM-P905 in Download Mode by pressing and holding down the Home, Volume Down buttons while pressing the Power button. A warning screen will come up; press Volume Up button to enter Download Mode. If you get a recovery menu instead, check that you are pressing the volume down button and not the volume up button.


Run Odin3 v3.09.exe as an Administrator because Admin privileges is required to complete the process smoothly

Connect your device to your PC using USB cable. You will see an  “Added!!”  massage in Odin’s message box.

Click the AP Button, and select that CF-Auto-Root-viennalte-viennaltexx-smp905.tar.md5 file

In Odin window, ensure only Auto Reboot and F. Reset Time checkboxes are selected.

Double  check everything in Step 8 & 9 above. When satisfied click the START button to begin the flashing process.

Your device will restart and it is complete when you see a PASS message with green background in the left-most box at  the very top of the Odin. You can now unplug the USB cable to disconnect  your device from computer.

If it worked, go to http://www.chainfire.eu/ and make a big donation for their work.


Extracted from:
http://androidpulp.blogspot.com/2014/09/root-p905zsuanh1-android-442-kitkat.html

1-10 of 36