Azure Self Service

 Self Service portal in AzureAD

AzureAD Self service->

Though AzureAD self service, user can manage group, application and password reset access it self. If user wants to join or remove him self from any group he can do from Access portal.
Same if user want to add remove application in Azure portal he can do him self.

Three types of AzureAD self service..

1. Self Service Group membership ->  

2.Self Service Application Access->

3. Self Service Password Reset->

Configure Self Service Group Membership in Azure portal.

Login to Azure portal

Click on Azure AD -> Click Group

Now click General under Settings

Click Yes or No as per your requirement.

you should have valid license to enable these features

 2. Configure Self Service Application Access in Azure portal.

Login to Azure Portal

Go to AzureAD -> Click Enterprise applications

Now click User Settings

Uder the Enterprise application-> Select yes/No to enable or disable features.

3. Configure Self Service Password Reset->

To configure Self service Password Reset

Login to Azure Portal

Open AzureAD -> Search for Password reset

Configure the setting that you want to.

To enable these self service features you need enterprise license.

Manage AzureAD with Windows PowerShell # Manage User, Group

Manage Azure AD through Window PowerShell.

To manage AzureAD with PowerShell first you need to install Azure module in PowerShell.
Before installing Azure module you need to install later PowerShell, you can refer below link to download and install later PS.

Latest PowerShell

To install Azure module PowerShell Run below command.

Install-Module -name Azure

Now Install AzureAD module using below command

install-module -name AzureAD

 

Once installation done.

Run below command to check installed module details

Get-module AzureAD

Run below command to connect with AzureAD

Connect-AzureAD

Enter your Azure account details to connect with Azure portal.

To create manage ADUser, Group or Roles you need to create one Azure ADUser with Global Administrator .

Run below command to connect with AzureAD

 And login with newly created AzureAD User who have Global assignment.

Connect-AzureAD

Use below command to Store your password in incrypted state.

$password = ConvertTo-SecureString -String "P@ssw0rd@123" -AsPlainText -Force

To create UserID in AzureAD use below command.

New-AzADUser -DisplayName "Azure Powershell" -UserPrincipalName "Azurep@kraju947hotmail.onmicrosoft.com" -Passwor $password -MailNickname "Azurep"

To get list out the users created in AzureAD

Run Get-AzureADUser

To filter user starting with selected alphabets

Get-AzureAdUser -Filter "startswith(givenname,'ra')"

1. Cloud Identity -> User ID that we create in cloud Azure AD.

2. Directory Sync identities -> User ID that we create in on-premises and sync with AzureAD cloud.

3. Guest -> Guest account that is not available in On-Premises but we send invite to join like Google,        Hotmail accounts.

Use Cases of Windows PowerShell

Use Case 1: Get Information about Webserver = Get-WebServer
Use Case 2: Get Information about Processes in the computer =Get-processes
Use Case 3: Get list of services in the Computer = Get-service

Verb : Get

Noune:  WebServer, Processes and Service

PowerShell Command work on Verb+Noune

Out: data export

Format: Formatting

Set: Mofifications

Get: retrieve

Azure AD Custom Domain

 Add Custom domain in Azure AD

Login into Azure AD Dashboard.

Click Azure Active Directory.

Click Custom domain names -> Click Add Custom domain

Enter Custom domain name that you have purchased from domain provider i.e GoDaddy or anyother.

Click Add domain.

Now Login to domain provider portal GoDaddy

From Account Select your product ->

Go to DNS -> Manage DNS

Click Add and select create TXT entry.

Enter all entry and click Save.

 Once all done in domain provider portal.

Go to Azure Portal and click verify.

Once you will click verify you will receive error like below.

'

You need to wait for 1-3 days to update all DNS record in Domain provider portal.

Once Verification will complete status will change to green from warning.

And you will be able to create user with myinfotechit.com prefix

Azure Dashboard

 Azure Dashboard -> Azure Dashboard administrator use to create for categorizes resource that he uses frequently.

 

How to create custom Dashboard in Azure portal

Login to Azure portal.

Click Dashboard

Click New Dashboard

Select Blank Dashboard

Type Dashboard Name

Drag and drop from Title Gallery or select from Title Gallery and click Add

Click Save

Now you can drop down Dashboard to select newly created Dashboard.

And you will see all the settings are reflecting.

If you want to export Azure Dashboard setting and upload to new created Account.

Select Dashboard and click edit to add/remove more services in Dashboard

If you want to save setting or upload same setting for other account -> Click Export

Now Click Download or Print

Login with other Account in Azure portal.

Now click My Dashboard

Select Upload -> Browse the .json file path and upload

Now done with Azure Dashboard Customization.
 

Azure Cloud Shell # PowerShell

Azure Cloud Shell -> Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Azure Cloud Shell Features -> 

1. Azure PowerShell can be launched directly from a portal and it is temporary.

2. Azure PowerShell provides an integrated graphical text editor.

3. Azure PowerShell authenticates directly so no need to enter login details again and again.

4. Azure PowerShell runs on a temporary host.

5. Azure PowerShell requires a resource group and storage account, When you launch Azure Cloud Shell and if you have not created a Storage account, One pop up will prompt and ask to create an account automatically.

6. Azure PowerShell uses the same Azure file share for both Bash and PowerShell. Bash for Linux users and PowerShell for Windows.

7. Azure PowerShell is assigned one machine per user.

Login to Azure Portal

Click on PowerShell icon -> once you click on Cloud PowerShell icon one below page will open.

If you want to open for windows , click PowerShell.

One Storage account will be created if you don’t have an existing one.

It will take 2-3 minutes and PowerShell will launch.

Later if you want to switch to Bash you can switch also you can re-launch PowerShell.

Create Resource Group using CloudShell

To perform any activity on Azure CloudShell or PowerCli you need to login with your subscription ID.

Login to Azure Account -> To login Azure subscription use below command.

Login-AzAccount -UseDeviceAuthentication

Then Open the link below and enter the Authentication Code.

https://microsoft.com/devicelogin

Now close this page as Authentication has already done.

Use Below Command to Create a Resource Group.

New-AzResourceGroup -Name RG_PowerShell -Location 'EastUS'

Use Below Command to Get a list of created Resource Groups.

Get-AzResourceGroup

Use Below Command to Delete Resource Group

Remove-AzResourceGroup -Name RG_PowerShell

RG_PowerShell -> Resource Group Name

Get Network adapter details

Below PS command can be use to get physical network and team details.

Get-NetAdapter | Format-table

Get Network Adapter details(Physical Only).
Get-NetAdapter -Physical


Get Network Adapter Statistics

Get-NetAdapterStatistics



List all the available NIC teams.
Get-NetLbfoTeam

Server Uptime and Service Status matching the text command

Some important command to get server uptime and Service status matching the text.

To get server Uptime

================

 Invoke-Command -ScriptBlock {

$dt = Get-Date 

$tz = [System.TimeZone]::CurrentTimeZone

Write-Host "`r`nHostname:" $(hostname)

Write-Host "Timezone:"  $tz.StandardName " / " $tz.DaylightName

Write-Host "Date: " $dt

}

============================

Expected output

===================================================

Get Service status matching the text

===============================

Get-Service | Where-Object {$_.Name -Match "windows" -or $_.DisplayName -Match "window" }

Expected Output

Start a service

Start-Service -Name "ServiceName"

Stop a service

Stop-Service -Name "ServiceName"

PS C:\Windows\system32> get-service -name wuauserv

Status   Name               DisplayName

------   ----               -----------

Stopped  wuauserv           Windows Update

PS C:\Windows\system32> start-service wuauserv

PS C:\Windows\system32> get-service -name wuauserv

Status   Name               DisplayName

------   ----               -----------

Running  wuauserv           Windows Update

PS C:\Windows\system32> stop-service wuauserv

PS C:\Windows\system32> get-service -name wuauserv

Status   Name               DisplayName

------   ----               -----------

Stopped  wuauserv           Windows Update

VMtool update at power cycle and Manual

 Script to enable update vmtool at power cycle  and Manual

Using below script you can enable and disable VMtool update. You can schedule VMtool update using VUM as well.

#Script to update Vmtool on power cycle

Connect-VIServer -Server VCSA7.ads.com

$VM = Get-Content "c:\temp\VM_list.txt"

foreach ($i in $VM){

$vm = Get-VM -Name $i | % {Get-View $_.ID}

$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

$vmConfigSpec.Tools = New-Object VMware.Vim.ToolsConfigInfo

$vmConfigSpec.Tools.ToolsUpgradePolicy = "upgradeAtPowerCycle”

$vm.ReconfigVM($vmConfigSpec)

} 

VM_List  -> Put list of the VMs on which you want to update VMTool

=======================================

Script to Disable update vmtool at power cycle 

#Script to change the VM update at power cycle to Manual

Connect-VIServer -Server VCSA7.ads.com

$VM = Get-Content "c:\temp\VM_list.txt"

foreach ($i in $VM){

$vm = Get-VM -Name $i | % {Get-View $_.ID}

$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec

$vmConfigSpec.Tools = New-Object VMware.Vim.ToolsConfigInfo

$vmConfigSpec.Tools.ToolsUpgradePolicy = "Manual”

$vm.ReconfigVM($vmConfigSpec)

} 

Windows system up time and high CPU usage processes

 Windows system up time

Invoke-Command -ScriptBlock {
	$ut = (get-date) - (gcim Win32_OperatingSystem).LastBootUpTime 
	$tz = [System.TimeZone]::CurrentTimeZone
	Write-Host "`r`nHostname:" $(hostname)
	Write-Host "Timezone:"  $tz.StandardName " / " $tz.DaylightName
	Write-Host "Up time: " $ut.Days " Days " $ut.Hours " Hours " $ut.Minutes " Minutes `r`n"
}

Sample Output:
Hostname: Computer1
Timezone: Romance Standard Time / Romance Daylight Time
Up time: 4 Days 22 Hours 51 Minutes

Get top 5
high CPU usage processes
Get-Process | Sort CPU -descending | Select -first 5 -Property ID, ProcessName, Description, CPU | Format-List
=================================
Expected output
Id          : 2140
ProcessName : chrome
Description : Google Chrome
CPU         : 681.109375

Id          : 7032
ProcessName : mcshield
Description :
CPU         : 649.71875

Id          : 5016
ProcessName : dptf_helper
Description : Intel(R) Dynamic Tuning Utility Application
CPU         : 516.328125

Bulk Machine Remote Telnet PowerShell Script

How to do remote Telnet from multiple source machines & ports.

$Servers = "Computer1",

"Computer2",

"Computer3",

"Computer4",

"Computer5"

 $Ports   =  "443"    

$Destination = "192.168.1.5"

$Results = @()

$Results = Invoke-Command $Servers {param($Destination,$Ports)

                $Object = New-Object PSCustomObject

                $Object | Add-Member -MemberType NoteProperty -Name "ServerName" -Value $env:COMPUTERNAME

                $Object | Add-Member -MemberType NoteProperty -Name "Destination" -Value $Destination

                    Foreach ($P in $Ports){

                        $PortCheck = (Test-NetConnection -Port $p -ComputerName $Destination ).TcpTestSucceeded

                        If($PortCheck -notmatch "True|False"){$PortCheck = "ERROR"}

                        $Object | Add-Member Noteproperty "$("Port " + "$p")" -Value "$($PortCheck)"

                    }

                $Object

           } -ArgumentList $Destination,$Ports | select * -ExcludeProperty runspaceid, pscomputername -Verbose

            $Results | Format-Table -AutoSize | Out-file "C:\temp\portstatus.csv" -Append

============================

# Add the source servers separated with comma " , "

# Make sure the last source server doesn’t end with a comma

To check multiple port status add separated with comma " " , " "

$Ports   =  "445",

                  "139"