Oct 18 2016

Deploy Office 365 and HA ADFS From Scratch

Are you interested in Office 365 and ADFS but are intimidated by it and not sure where to begin?  If that’s the case, you’ve come to the right place.  I have been studying to write my 70-346 (Managing Office 365 Identities Exam) and realized that I was still really weak on ADFS and how all the pieces work together.  I decided I wanted to build a fully fleshed out ADFS environment in my own lab complete with a new Office 365 tenant and ADFS configured in high availability with the recommended 4 servers (redundant federation and redundant proxy servers). So that’s what I did and I’m going to walk you through the entire setup, starting from the very beginning.


All the links download are free for testing purposes. To follow along with this HOWTO you will need:

Description URL/Notes
Registered Domain Including access to modify public DNS records – I used www.vanlab.net
Purchased SSL certificate that you have saved as a .PFX file I recommend a wildcard certificate.  I used one from www.cheapsslsecurity.com
Office 365 for Business Trial Setup  https://products.office.com/en-us/business/office-365-for-business-free-trial
Access to a phone Capable of receiving text messages or phone calls
PFSense Firewall  https://pfsense.org/download/
Windows 2012 R2 180 Day Trial  https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2
Windows 10 Enterprise 90 Day Trial  https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
Exchange 2016  https://www.microsoft.com/en-us/download/details.aspx?id=49161
Microsoft Unified Communications Managed API  http://go.microsoft.com/fwlink/p/?linkId=258269
Office 2016 Administrative Templates  https://www.microsoft.com/en-us/download/details.aspx?id=49030
Microsoft Online Services Sign-In Assistant  https://www.microsoft.com/en-us/download/details.aspx?id=41950
Azure AD Module  http://go.microsoft.com/fwlink/p/?linkid=236297

Credit where credit is due.  This HOWTO is based on basic ADFS deployment documentation found here: :

Continue reading

Jul 01 2016

Windows 10 Bitlocker Recovery Gotcha

I recently upgraded my laptop from the now four year old Lenovo W530 to a shiny new Lenovo P50 complete with a Xeon 2.8Ghz CPU, 64GB of RAM and an NVME M.2 boot drive.  Not only did I upgrade the hardware but I also switched from Windows 8.1 to Windows 10.  So far so good.

Being that I’ve always owned laptops, I always try to take precautions against data loss through theft via full disk encryption.  With the release of BitLocker, this has been an remarkably seamless security improvement and I’ve used Bitlocker transparently for years.  So far so good.

Continue reading

Mar 06 2016

HOWTO: Convert binary to human readable text

This is a quick fun little HOWTO.  The was an article on CollegeHumor today that looked like this:


01010100 01101000 01100101 00100000 01110010 01101111 01100010 01101111 01110100 01110011 00100000 01100001 01110010 01100101 00100000 01100001 01101101 01101111 01101110 01100111 00100000 01110101 01110011 00100000 01100001 01101110 01100100 00100000 01110111 01100101 00100000 01100001 01110010 01100101 00100000 01100001 01101100 01101100 00100000 01101001 01101110 00100000 01100100 01100001 01101110 01100111 01100101 01110010 00101110 00100000 01001000 01100101 01101100 01110000 00100000 01110101 01110011 00101100 00100000 01000111 01101111 01100100 00101110

I was of course curious what the message above actually said so I wondered how quickly I could figure that out with PowerShell.  The answer?  Pretty gosh darn quick.

((gc c:\temp\binary.txt) -split " " | % { [char]([convert]::ToInt32("$_",2)) }) -join ""

Continue reading

Feb 15 2016

HOWTO: Determine what wmiprvse.exe is actually doing (aka Troubleshoot WMI)

This HOWTO came about after watching the excellent video series on using Process Explorer available here:

Case of the Unexplained: Troubleshooting with Mark Russinovich

In this video, he talks about a case where wmiprvse.exe was causing Bluray video playback to stutter. 
If you have worked in IT for any length of time, you’ve probably seen this executable come up during your troubleshooting.  It’s the "WMI provider host".
I’ve known that for a while but what happens inside this process has always been a black box for me… until now that is.

If you ever run into an issue where wmiprvse.exe is misbehaving, follow these simple troubleshooting steps:

1) Launch Event Viewer, go to View and enable Show Analytic and Debug Logs

Continue reading

Jan 10 2016

HOWTO: Real world use case for Convert-FromString

This HOWTO covers a real world example of how to use Convert-FromString which was introduced in PowerShell 5.  As a reminder, this is the powerful new cmdlet that allows you to parse any kind of text data and convert the resulting data into structured PowerShell objects by defining “templates” for how the data is laid out and what information you want to extract.

The largest mall in my city includes literally hundreds of stores. I needed to shop for a particular kind of thing and wanted to know what stores I might want to check out.  I started by visiting the website for the mall.  This ended up giving me output that looked like this:


It’s not bad certainly but I would like to apply some filters to the dataset.  Now in reality, I could have certainly figured out what I wanted from this website but I realized this would be a great opportunity to see if I could make the ConvertFrom-String and FlashExtract do something useful.  Could I make a PowerShell object out of this data?

The first thing I did was download the webpage in PowerShell using the Invoke-WebRequest cmdlet.  Powershell includes a “parseddata” object that tries to break down any webpage into its component parts and return the results as nested objects.  I looked at the output and discovered that all of the data I was interested in was stored in parseddata.documentElement.outertext.  This gave me the following results:


Continue reading

Dec 25 2015

HOWTO: Convert Complex Text Data into PowerShell Objects

PowerShell 5.0 introduces a wonderful new cmdlet called ConvertFrom-String.  Don’t let the simple name deceive you though.  There is some exceptionally complex math running behind the scenes here to do some truly wonderful things.
In fact, the code that gets executed inside this function is based upon the "FlashExtract" project completed by Microsoft Research.  How much math? Well here is a portion of the algorithm that was published in their whitepaper.

Source: http://research.microsoft.com/en-us/um/people/sumitg/pubs/pldi14-flashextract.pdf

The idea here is to give us as administrators the ability to take some existing complex text data, intelligently analyze it and convert it into native PowerShell objects. 
Technically we can already do this today using regular expressions.  But coming up with the right combination of letters and characters to produce the intended results is no easy task.  At least until now.
The idea here is that instead of trying to micro manage exactly character-by-character how you want to extract the data to get to the content you want, you instead simply ‘tell’ PowerShell want you want.
Specifically, you pass the ConvertFrom-String function a marked up template of the data that indicates which data is important.

It’s hard to understand in writing but will make a lot more sense once you see it in action.  This is also when the "ah ha" moment comes and you realize the power this new cmdlet offers.

For our example, we’re going to take a look at the c:\windows\windowsupdate.log.  This is a plain text log file that contains several columns:


Continue reading

Dec 16 2015

HOWTO: Monitor a webpage and alert on change

This is admittedly kind of a silly HOWTO but does contain a number of very useful concepts.

I am eagerly awaiting the Lenovo Thinkpad P50 laptop.  The official webpage for this laptop went live today but for pricing it simply says “Coming Soon”.
Rather than refresh the page constantly, I figured I’d let PowerShell do the work for me.  Specifically:

1) Connect to the shop.lenovo.com website every hour and check if the “Coming Soon” pricing has changed
2) If the text is still present, do nothing
3) If the the “Coming Soon” text has been removed (presumably replaced by actual pricing) do the following:
4) Create a pop up tooltip in the Windows System tray alerting me that the pricing is now available
5) In case I miss the popup, email me as well.

To accomplish this, take the code below, save it to a file and create a scheduled task to run it every hour.  That’s it.  You will now be notified as soon as the laptop is available for purchase!

Note: You may be wondering why I didn’t use the built-in Invoke-WebRequest cmdlet.  Normally I would but for Lenovo’s website specifically, I would consistently get “403 – Forbidden” errors.
I tried adding custom user agents and even went as far as using Fiddler to figure out what a good header looks like and then copied that.
The issue appears to be that the Lenovo website is compressed with Gzip and encoded in such a way that (I couldn’t figure out anyway) how to make it work with the built in tool.


Dec 13 2015

HOWTO: Identify and Run every valid Get-* cmdlet on your system

I recently found myself on a long bus ride with my laptop and no Internet connection.  I decided to create a PowerShell puzzle for myself to keep me busy until I reached my destination.  It ended up being kind of interesting so I wanted to share my puzzle and the solution with here.


PowerShell has the concept of “Get-*” cmdlets where these will only retrieve information but will never change anything.  This makes Get commands safe to run, even if you don’t know what they do.   PowerShell ships with hundreds of Get cmdlets.  It would be great to know what kind of information each one provided.  To do that I’d need to run every Get command.  That’s simple enough but is complicated by the fact  that most Get- cmdlets come with multiple ‘parameter sets’ and many are configured with mandatory parameters.  This means that if we blindly run each command we’ll end up with a bunch of errors and prompts for user input.

So what we need to do is figure out which of the Get- commands can be run without passing any parameters.  We then also want to exclude commands that run properly but don’t return any data by default.


Check out the script below.  It will scan the system for every Get- command and then will figure out which ones can be executed directly without parameters and will actually return data.  It then runs all of those and returns the first 5 objects so you can get a feel for what kind of data is returned.  It will then display a report showing how many cmdlets met each criteria.  On my system for example we can see that 143 commands can be executed and return something useful just by typing the name of the command and hitting enter.


Continue reading

Nov 25 2015

HOWTO: Convert SQL data to PowerShell Objects

As you develop your PowerShell skills, you’ll start to see how they can be useful everywhere – even in places where it might not seem obvious.
Let’s say you have a SQL database that you need to extract information from but you’re not terribly strong with SQL.  You are pretty good with PowerShell though.
Wouldn’t it be great if you could easily "convert" your SQL data into a native PowerShell object and then do all of your filtering and customization there?  In a language you know and love?

I found myself in that exact situation and I’m pleased to say I found a simple and elegant solution.

Sidenote: As I was preparing for this blog post, I realized it can be incredibly difficult to build screenshots and database queries that don’t contain potentially sensitive information.

Let’s make up a scenario in which we have a database called ‘rdm’ and inside that there is a table called ‘ConnectionLog’.
We want to find the 5 dates in which the user ‘rvance’ logged in most frequently.  Let’s assume we are doing some kind of security analysis. 

Continue reading

Nov 23 2015

Adele would be amazing at Karaoke

I was browsing the news today and learned that Adele recently performed on Saturday Night Live.  It’s clear by this point that she is a very capable singer. But for a major television performance, I always just cynically assume that the artist is seldom actually singing.  I often expect them to be either dubbed based on a studio recording or with liberal use of Autotune being applied.  Here is an example of what I mean:


Or how about this?  Here is a much more humorous take on how much work is required to make singers sound actually good called “Sound Engineer’s Hard Work”:


All of this brings us to the point.  The reason I knew Adele performed on SNL is because her raw mic audio feed was leaked from the performance.  If this were to happen to a good chunk of modern musicians these days, I suspect their PR teams would be working a lot of overtime.  But Adele is not most musicians.  The raw audio feed was in my opinion even better than the full song with all of the other instruments and backup singers.  There are not many artists that can carry a song entirely on their own with nothing but their voice but Adele would be one of them.

Continue reading