AAD-Connect PTA with SSO & Kerberos Decryption Key Roll Over

25th of September, 2018 / / 2 Comments

When setting up PTA with SSO the Kerberos decryption keys must be rolled over every 30 days. Unfortunately Microsoft have not yet devised a streamline process to automate, but hoping to deliver within the next 6 months.  Till this is made available the following solution has been developed to automatically perform this function.

The problem is best illustrated in the following test environment which has three internal domains configured for seamless single sign-on.

AD-Connect Screen

As illustrated below the decryption keys should be rolled over every 30 days to ensure the platform remains secure and operational.… [Keep reading] “AAD-Connect PTA with SSO & Kerberos Decryption Key Roll Over”

Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR

25th of September, 2018 / / No Comments 
Update 29 August 2019 See this post for multi-threading Granfeldt PowerShell Management Agent Imports (with Workday as an example).

Before I even get started with this post, let me state that the integration I describe here is not a standalone solution. Integrating with Workday for any organisation of significant size will require multiple integration points each providing coverage for the scenarios for your implementation. I list a few in this post, but Alexander Filipin has already done an awesome job here.… [Keep reading] “Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR”

Automate the Generation of a Granfeldt PowerShell Management Agent Schema Definition File

24th of September, 2018 / / No Comments

Generating Schema.ps1 for the Granfeldt FIM/MIM PowerShell Management Agent

Getting started writing your first Forefront/Microsoft Identity Manager Granfeldt PowerShell Management Agent can be a bit daunting. Before you can do pretty much anything you need to define the schema for the PSMA. Likewise if you have written many, the generation of the schema file often seems to take longer than it should and can be a little tedious when all you want to do is write the logic for the Import and Export scripts.… [Keep reading] “Automate the Generation of a Granfeldt PowerShell Management Agent Schema Definition File”

Integrating with SailPoint IdentityNow Private (v1) API’s using PowerShell

19th of September, 2018 / / 1 Comment 
Update: Oct 2019. Leveraging the SailPoint IdentityNow API's is now easier using the SailPoint IdentityNow PowerShell Module.

How to generate the ‘Password Hash’ to leverage the IdentityNow Private API’s

Recently I’ve posted about integrating with the SailPoint IdentityNow API’s. Specifically;

So why another post on a very similar subject?… [Keep reading] “Integrating with SailPoint IdentityNow Private (v1) API’s using PowerShell”

Programmatically deploy and add SharePoint Framework Extensions using SharePoint CSOM and PowerShell

18th of September, 2018 / / No Comments

In the previous blog here, we looked at how to deploy and install SharePoint Apps. Now let’s look at installing SharePoint Framework extensions – Listview command sets programmatically.

SharePoint CSOM

SharePoint Framework has three type of extensions that could be created – Application customiser, Listview command sets and Field customisers. In this blog, we will look at adding list view command sets programmatically.

Listview command extensions are actually custom actions installed in a library or list.… [Keep reading] “Programmatically deploy and add SharePoint Framework Extensions using SharePoint CSOM and PowerShell”

Lifecycle Management of Identities in SailPoint IdentityNow via API and PowerShell

14th of September, 2018 / / No Comments 
Update: Oct 2019. Lifecycle Management of Identities can be easily performed using the SailPoint IdentityNow PowerShell Module.

Introduction

If you’ve been following along I’ve been posting about leveraging the SailPoint IdentityNow API for;

Now that I’ve covered Searching and Authoring all that is left is lifecycle management. And that’s what I’ll cover in this post.… [Keep reading] “Lifecycle Management of Identities in SailPoint IdentityNow via API and PowerShell”

Deploy and Install SharePoint Apps using SharePoint CSOM and PnP PowerShell

13th of September, 2018 / / 1 Comment

In this blog, we will look at steps to install and deploy SharePoint apps to Modern Sites using SharePoint ALM CSOM and PnP PowerShell. Using the below steps, it is possible to programmatically deploy and install custom SharePoint Framework apps using an Azure Function or a Local PowerShell script.

Installing SharePoint Apps

SharePoint Apps can be deployed on a site using ALM (Application Lifecycle Management) APIs. After the app is installed in the App catalog, we could add it to a SharePoint site.… [Keep reading] “Deploy and Install SharePoint Apps using SharePoint CSOM and PnP PowerShell”

Authoring Identities in SailPoint IdentityNow via the API and PowerShell

13th of September, 2018 / / No Comments 
Update: Oct 2019. Authoring Identities can be easily performed using the SailPoint IdentityNow PowerShell Module.

Introduction

A key aspect of any Identity Management project is having an Authoritative Source for Identity. Typically this is a Human Resources system. But what about identity types that aren’t in the authoritative source? External Vendors, contingent contractors and identities that are used by End User Computing systems such as Privileged Accounts, Service Accounts, Training Accounts.

Now some Identity Management Solutions allow you to Author identity through their Portals, and provide a nice GUI to create a user/training/service account.… [Keep reading] “Authoring Identities in SailPoint IdentityNow via the API and PowerShell”

Disk Space Reporting through Lamba Functions- Windows servers

4th of September, 2018 / / No Comments

Solution Objective:

The solution provides detailed report related to hard disk space for all the Windows Ec2 instances in the AWS environment.

Requirements:

Mentioned below are the requirements the solution should be able to fulfil.

  • Gather information related to all mount points in all the Windows EC2 instances in the environment.
  • Able to generate cumulative report based on all instances in the environment.

3. Assumptions:

The following assumptions are considered

  • All the EC2 instances have SSM agent installed.
[Keep reading] “Disk Space Reporting through Lamba Functions- Windows servers”

Using Azure Cognitive Services Language Text Translation with PowerShell

28th of August, 2018 / / No Comments

Introduction

Over the last few months whilst developing my Voice Assistant for Microsoft Identity Manager I’ve been leveraging a number of the Azure Cognitive Services. Each one has its own nuance as they all appear to be in differing iterations of maturity. My first hurdle when looking to leverage one, is the examples provided. Often the samples are in languages I’m not fluent in and pretty much always there is no examples of using PowerShell and the awesome Invoke-RestMethod call to interact with them.… [Keep reading] “Using Azure Cognitive Services Language Text Translation with PowerShell”