Any who use Varonis know it is a sweet program, but an expensive one. Additionally, they hold their documentation tight. Anyway, this is a simple thing, and should not take much effort. I found the service account listed in a couple places, see them here in the pic (Don’t forget the windows services if you […]
Convert LDAP Time
This is the reference and an online converter. EpochConverter.com The 18-digit Active Directory timestamps, also named ‘Windows NT time format’,’Win32 FILETIME or SYSTEMTIME’ or NTFS file time. These are used in Microsoft Active Directory for pwdLastSet, accountExpires, LastLogon, LastLogonTimestamp and LastPwdSet. The timestamp is the number of 100-nanoseconds intervals (1 nanosecond = one billionth of […]
Find all RDP (and Console) Sessions in the Domain
Quickie one liner $work = Get-ADComputer -filter * $work = $work.name foreach ($1 in $work){write-host $1 ; quser /server:$1} This also works (courtesy of jrv [technet]); Get-ADComputer -Filter *| ForEach-Object{ quser /server $_.Name} Or to get a single computer Get-ADComputer <servername> | ForEach-Object{ quser /server $_.Name}
Find the OS of all Computers in the Domain
Quickie one liner Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemService Pack,OperatingSystemVersion -Wrap –Auto Reference: https://serverfault.com/questions/585223/how-to-list-all-computers-operating-system-on-a-network-in-powershell
Powershell fun for the System Monitor
So, I like my monitors to do more then just blink. Also, its good for people to come by and see something happening in IT, as most of the stuff we do is invisible. I started out this script so I could do functions on ranges of IP’s, and it turned into this fun little […]
Solarwinds Web Help Desk (WHD) inactive user logon
I had a user report they could not login with an error of “The account has been deactivated“. I tried the regular stuff, but the domain account was fine, and the LDAP connection was also fine. It turns out that the user may have been moved in the OU structure, or something else made WHD […]
Office 365 Brute Force Attack
If the Office.com accounts are being constantly locked out, you can’t really tell by the ADFS logs if it is an email account that is being attacked, or if it is the general Office account. In my case, it was email, and so with MS new rules, we were able to turn off Basic authentication. […]