To get up and running quickly, here's what I did. For best security, you should totally check the docs if you aren't sure if this is safe ;)
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Install-Module AzureADPreview
Install-Module MSOnline
It will not hurt anything to have all three of these modules installed alongside one another.
Having managed over 45K users in Google Workspace, I can definitively say Microsoft is the only large productivity suite provider that cares about IT admins by providing good tooling ;)
Let's create a user with the Azure Az Powershell module.
Now lets look at how to get user details in each module.
My primary 3 uses for Get commands are to view user details (usually troubleshooting), search users and filter (Get-* | Where-Object...), and get an object to pipe into another command (Get-* | Where-Object {...} | Set-*).
Az Azure module:
Get-AzADUser -UserPrincipalName tuser1@domain.onmicrosoft.com
Update-AzADUser is limited compared to the other two. That's why I'd suggest comparing all three and seeing which is the right tool for the job.
Keep an eye on Az modules - changes fast
Not sure if anyone will notice, but as I was playing with the modules, I tabbed through the options for UserType and discovered something I've never seen before.
Anyone know what a "viral" user type is?
Whatever it is, it doesn't sounds good, and I changed Test User Three to it
The last main function that I'll cover is deleting users.
Again, the commands are too long for Twitter, but you can find them all over on the repo:
1) MSA passwords are incredibly strong and rotate frequently enough that Kerberoasting is near impossible (especially with AES)
2) The password can be retrieved on one server and used on another, pass the hash/ticket still works..
OK, first, let's find out if you have a KDS root key set up. Run Powershell on a machine with the Active Directory Powershell Module installed and run this:
I like Matthew a lot, but I don't feel this is a "dumb overreaction."
As a security admin overseeing 40K+ students and participating in communities serving over 1.5M students, I would love to shed some light on the difficulties Zoom has created for us.
First, let's start with Zoombombing. The answer seems very simple - let's add a password. The problem is that many places allowed teachers to go create their own accounts, and we had to rely on them reading email from IT.
For those of us who do have an admin console to control settings, sure we can change the settings to add a password, but that only affects future meetings (according to the console), not past meetings.
Again, communicating to teachers to change existing meetings? This is hard.