Jorge de Almeida Pinto | IAMTEC zjorz

http://www.linkedin.com/in/jorgedealmeidapinto

89 followers · 8 following

IAMTEC (https://iamtec.eu/)
The Netherlands
17:16 (UTC +02:00)
https://jorgequestforknowledge.wordpress.com/
@JsQForKnowledge

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

zjorz / Delete-Application-From-Entra-ID-And-Exchange-Online.ps1

Last active February 28, 2025 23:04

Deleting A Specific Application From Entra ID And From Exchange Online

-$tenantFQDN           = "<TENANT NAME>.ONMICROSOFT.COM"                        # <= CONFIGURE THIS!!!!!
-$applicationName      = "<APPLICATION DISPLAY NAME>"                           # <= CONFIGURE THIS!!!!!
-Invoke-Command -ArgumentList $tenantFQDN,$applicationName -ScriptBlock {
-	Param (
-		$tenantFQDN,
-		$applicationName
-	)
-	<#

zjorz / Generate-Self-Signed-Certificate-For-Multiple-Purposes.ps1

Last active April 30, 2025 08:00

Code To Generate Self-Signed Certificate That Can be Used For Multiple Purposes, Like Authenticating Against Application Registration In Entra ID, Token Signing Certificate or Token Encryption Certificate In Entra ID/ADFS/Whatever And Probably More Scenarios

	# To generate and export the certificate, local administrator rights in an elevated PowerShell window are required!

	$certPurpose = "<CERTIFICATE PURPOSE>" # "Authentication", "Token Signing", "Token Encryption" # <= CONFIGURE THIS!!!!!
	$svcDisplayName = "<SERVICE DISPLAY NAME AND/OR FQDN>" # <= CONFIGURE THIS!!!!!
	$keyLength = 4096 # 4096 \| 2048 # <= CONFIGURE THIS!!!!!
	$daysBeforeToday = 0 # <= CONFIGURE THIS!!!!! (Positive Number For AFTER Today, Negative Number For Before Today!)
	$daysAfterToday = 397 # 13 Months (Best Practice According To DigiCert) # <= CONFIGURE THIS!!!!!

	$selfSignedCert = Invoke-Command -ArgumentList $certPurpose,$svcDisplayName,$keyLength,$daysBeforeToday,$daysAfterToday -ScriptBlock {
	Param (

zjorz / Create-Application-In-Entra-ID-And-Exchange-Online-To-Send-Email-From-OnPremises-PoSH-Scripts.ps1

Last active March 1, 2025 00:09

Creating An Application In Entra ID And Exchange Online To Be Used As A "Proxy" To Send Emails From On-Premises PowerShell Scripts

	$tenantFQDN = "<TENANT NAME>.ONMICROSOFT.COM" # <= CONFIGURE THIS!!!!!
	$appRegDisplayName = "<APPLICATION DISPLAY NAME>" # <= CONFIGURE THIS!!!!!
	$credentialType = "<CREDENTIAL TYPE>" # "Secret" OR "Certificate" <= CONFIGURE THIS!!!!!
	$lifetimeSecretInDays = 365 # <= CONFIGURE THIS!!!!!
	$certCERFilePath = "<CERTIFICATE CER FILE PATH>" # <= CONFIGURE THIS!!!!!
	$mailboxMailAddress = "<MAIL ADDRESS OF MAILBOX TO ALLOW TO SEND MAIL FROM>" # <= CONFIGURE THIS!!!!!

	Invoke-Command -ArgumentList $tenantFQDN,$appRegDisplayName,$credentialType,$lifetimeSecretInDays,$certCERFilePath,$mailboxMailAddress -ScriptBlock {
	Param (
	$tenantFQDN,

zjorz / Securing-Default-Admin-Account.ps1

Last active January 7, 2025 20:53

Code to secure the default domain admin account as described in the blog post https://jorgequestforknowledge.wordpress.com/2024/05/04/breaking-the-glass-of-your-get-out-of-jail-for-free-ad-account-securing-it-part-2/

	Invoke-Command -ScriptBlock {
	Clear-Host
	Write-Host ""
	Write-Host "###############################################################################" -Foregroundcolor Yellow
	Write-Host "### SECURING THE DEFAULT DOMAIN ADMIN ACCOUNT ###" -Foregroundcolor Yellow
	Write-Host "###############################################################################" -Foregroundcolor Yellow

	$defaultDomainAdm = Get-ADUser -Identity "$((Get-ADDomain).DomainSID.value)-500" -Properties description,mail,memberOf,"msDS-PrincipalName","msDS-SupportedEncryptionTypes",servicePrincipalNames,userAccountControl -Server $((Get-ADDomain).PDCEmulator)

	If ($defaultDomainAdm."msDS-PrincipalName" -ne ([Security.Principal.WindowsIdentity]::GetCurrent()).Name) {

zjorz / Configuring_GenCounter_System_Service_Disabled.ps1

Last active May 18, 2023 20:33

Configuring New Or Existing GPO With The GenCounter System Service To NOT Start (i.e., Disable Generation ID)

	#-------
	# Configuring New Or Existing GPO With The GenCounter System Service To NOT Start (i.e., Disable Generation ID)
	#-------
	$gpoName = "<Name Of Existing Or New GPO>" # <=== CONFIGURE !!!!
	Invoke-Command -ArgumentList $gpoName -Scriptblock {
	Param (
	$gpoName
	)
	Clear-Host

zjorz / Fix_SYSVOL_Repl_With_New_Source_RWDC.ps1

Last active May 12, 2023 22:17

Fixing Broken DFS-R Replication Group (SYSVOL) Replication Between All Replication Group Members While Assigning A Primary Member As Source

	#-------
	# Fixing Broken DFS-R Replication Group Replication Between All Replication Group Members While Assigning A Primary Member As Source
	#-------
	# ASSUMPTIONS:
	# * Name Resolution Works
	# * All DCs In The AD Domain Are Available/Up And Running
	# * All DCs In The AD Domain Are Reachable For LDAP, ADWS, Remote Management, WMI
	# * The Account Used To Execute This Has AT LEAST "Domain Admin" Equivalent Permissions In The AD Domain Being Processed
	# * The Content Of The SYSVOL Of The Chosen DC To Be The Primary Member Is Healthy
	#--------------------#-----------------------#-----------------------#-----------------------#-----------------------#-----------------------