Recent Discussions
Differences with X509Certificate2 between Powershell and PWSH Core (Windows)
Hi all, I wrote some code that loads a certificate from a crt file and it works so far. But with PWSH (7.5.1) some properties (like DnsNameList) are empty. With Windows Powershell the properties are filled. This is true, even when using static LoadCertificateFromFile class under PWSH. (Otherwise I load the certificate with [ X509Certificate2]::new( thebytes )) The validity of the certificate makes no difference so far. It would be nice if anyone has a suggestion how I can work around that issue. THX in advance and best regards!Looking for alternatives to list properties of Word files
Hi! Looking for a way of improving my workflow with Word files and evaluate docx format capabilities, I'm searching for tools to work with its built-in and custom properties. Please, is PowerShell a suitable option? How can I list all properties of a docx file? Thanks for any insight! Ricardo
Copy-Item -Recurse bug
We are copying files using the Copy-Item cmdlet from a local disk to a remote disk. The source folder contains around 900 files in numerous subdirectories. Copy-Item -Path "build\image\*" -Destination $output_path -Recurse -Verbose Get-Command Copy-Item | Select-Object Name, Version Name Version ---- ------- Copy-Item 3.1.0.0
FC Target discovery
I was looking for a way to discover FC targets for each initiator. Searching on the web I found this code # Get all initiator ports (HBA ports) $initiatorPorts = Get-InitiatorPort # Loop through each initiator port and list its targets foreach ($port in $initiatorPorts) { Write-Host "Initiator Port: $($port.NodeAddress) - $($port.PortAddress)" $targets = Get-InitiatorTarget -InitiatorPortAddress $port.PortAddress foreach ($target in $targets) { Write-Host " Target: $($target.NodeAddress) - $($target.PortAddress)" } } But is not working because the Get-initiatortarget is not recognized as valid command. Is there a way I can do it thanks
Intermittent issues with PowerShell Command Responses Since May 10, 2025
Since May 10, 2025, we have observed unexpected behavior intermittently in the responses of the following PowerShell commands. Could you please investigate the issues outlined below? Get-CsTenantFederationConfiguration: The AllowPublicUsers property appears in the command output, but when the response is passed to ConvertTo-Json, the AllowPublicUsers value is missing. Please refer to the attached screenshot for reference. Get-CsExternalAccessPolicy: The EnablePublicCloudAccess property, which is expected to return a boolean value, is now returning null. These issues are not isolated to a specific instance — we are intermittently observing the same behavior across multiple Office 365 tenants. Looking forward to your assistance.PowerShell implicit remoting without connection to server
When I start a PowerShell session on my local computer, and then run: Get-Module -Name FailoverClusters I can see that implicit remoting is used (and I can see the temporary files generated for this), and an output is generated. Needless to say that I don't have the FailoverClusters module installed anywhere on the local machine (I've verified $Env:PSModulePath as well). I don't have any connection to a server when running the command. Maybe somebody can explain to me what PowerShell is doing to find the FailoverClusters module and the cmdlets contained therein?
Can I use PowerShell SecretStore for local system accounts?
I am trying to store some "system" secrets for my services running as default system accounts like "SYSTEM" and "NETWORK SERVICE". Based on my understanding, the SecretStore vault stores secrets locally on file for the current user. So it seems I can't use the tool for my project?
need to create a PTR record via PS | Need your help !
Hello dear community, I am trying to update PTR records in my DNS manager using PowerShell script and I am using the below script, it works only when a reverse zone is already existing but I have a part of the code to create a reverse zone if doesn't exist. So the problem is reverse zone is not being created and script ends. Can anyone debug it for me ? or tell me what is wrong or I am ok to have a new script if the below is not right. Appreciate your help !!! :) ------------------------- param( [string]$CsvPath = "E:\dns test file.csv", [string]$DnsServer = "10.10.10.10" ) # Import required module try { Import-Module DnsServer -ErrorAction Stop } catch { Write-Error "Failed to import DnsServer module: $_" exit 1 } # Import CSV data try { $records = Import-Csv -Path $CsvPath Write-Host "Successfully imported $($records.Count) records from $CsvPath" } catch { Write-Error "Failed to import CSV: $_" exit 1 } # Initialize counters $results = @{ Success = 0 Failure = 0 Skipped = 0 Created = 0 } # Process each record foreach ($record in $records) { Write-Host "`nProcessing $($record.IPAddress) -> $($record.Hostname)" try { # Validate IP address format $octets = $record.IPAddress -split '\.' if ($octets.Count -ne 4) { throw "Invalid IP address format - must have 4 octets" } # Build reverse zone name (e.g., 10.0.0.0/24 becomes 0.0.10.in-addr.arpa) $reverseZone = "$($octets[2]).$($octets[1]).$($octets[0]).in-addr.arpa" $ptrName = $octets[3] # Last octet becomes record name # Validate and format hostname $hostname = $record.Hostname.Trim() if (-not $hostname.EndsWith('.')) { $hostname += '.' } # Check if reverse zone exists $zoneExists = Get-DnsServerZone -Name $reverseZone -ComputerName $DnsServer -ErrorAction SilentlyContinue if (-not $zoneExists) { throw "Reverse zone $reverseZone does not exist on server $DnsServer" } # Check for existing PTR record $existingPtr = Get-DnsServerResourceRecord -ZoneName $reverseZone -ComputerName $DnsServer -Name $ptrName -RRType PTR -ErrorAction SilentlyContinue if ($existingPtr) { # Check if it already points to the correct host if ($existingPtr.RecordData.PtrDomainName -eq $hostname) { Write-Host " [SKIP] PTR record already correctly points to $hostname" $results.Skipped++ continue } # Update existing record Write-Host " [UPDATE] Changing PTR from $($existingPtr.RecordData.PtrDomainName) to $hostname" $newRecord = $existingPtr.Clone() $newRecord.RecordData.PtrDomainName = $hostname Set-DnsServerResourceRecord -ZoneName $reverseZone -ComputerName $DnsServer ` -OldInputObject $existingPtr -NewInputObject $newRecord -PassThru -ErrorAction Stop $results.Success++ } else { # Create new record - FIXED SECTION Write-Host " [CREATE] Adding new PTR record for $ptrName pointing to $hostname" # Explicitly create the record object $newPtrRecord = @{ ZoneName = $reverseZone Name = $ptrName PtrDomainName = $hostname ComputerName = $DnsServer ErrorAction = 'Stop' } # Add the record with verbose output $result = Add-DnsServerResourceRecordPtr @newPtrRecord -PassThru if ($result) { Write-Host " [SUCCESS] Created PTR record:" $result | Format-List | Out-String | Write-Host $results.Created++ } else { throw "Add-DnsServerResourceRecordPtr returned no output" } } } catch { Write-Host " [ERROR] Failed to process $($record.IPAddress): $_" -ForegroundColor Red $results.Failure++ # Additional diagnostic info Write-Host " [DEBUG] Zone: $reverseZone, Record: $ptrName, Target: $hostname" if ($Error[0].Exception.CommandInvocation.MyCommand) { Write-Host " [DEBUG] Command: $($Error[0].Exception.CommandInvocation.MyCommand)" } } } # Display summary Write-Host "`nUpdate Summary:" Write-Host " Created: $($results.Created)" Write-Host " Updated: $($results.Success)" Write-Host " Skipped: $($results.Skipped)" Write-Host " Failed: $($results.Failure)" # Return results for further processing if needed $results -------------- Output what I got: Successfully imported records from E:\dns test file.csv Processing 10.0.0.10 -> test.test.sd6.glb.corp.local [ERROR] Failed to process 10.0.0.10: Reverse zone 0.0.10.in-addr.arpa does not exist on server 10.10.10.10 [DEBUG] Zone: 0.0.10.in-addr.arpa, Record: 10, Target: test.test.sd6.glb.corp.local. Update Summary: Created: 0 Updated: 0 Skipped: 0 Failed: 1 Name Value ---- ----- Created 0 Skipped 0 Failure 1 Success 0
Entra PIM Role Activation
# Ensure necessary modules are installed $modules = @("DCToolbox", "Microsoft.Entra") foreach ($module in $modules) { if (-not (Get-Module -ListAvailable -Name $module)) { Install-Module -Name $module -Repository PSGallery -Scope CurrentUser -Force -AllowClobber } } # Check if msal.ps package is installed if (-not (Get-Package -Name msal.ps -ErrorAction SilentlyContinue)) { Install-Package msal.ps -Force -Confirm:$false } # Ensure Entra Authentication module is properly imported Remove-Module Microsoft.Entra.Authentication -ErrorAction SilentlyContinue Import-Module Microsoft.Entra.Authentication -Force # Connect to Entra ID with proper authentication Connect-Entra Add-Type -AssemblyName System.Windows.Forms # Create GUI Form $form = New-Object System.Windows.Forms.Form $form.Text = "EntraPIMRole Activation" $form.Size = New-Object System.Drawing.Size(350, 350) # Create Checkboxes $checkboxes = @() $labels = @("Global Administrator", "Teams Administrator", "SharePoint Administrator", "Exchange Administrator", "Billing Administrator") for ($i = 0; $i -lt $labels.Count; $i++) { $checkbox = New-Object System.Windows.Forms.CheckBox $checkbox.Text = $labels[$i] $checkbox.AutoSize = $true $checkbox.Width = 250 $checkbox.Location = New-Object System.Drawing.Point(20, (20 + ($i * 30))) $checkboxes += $checkbox $form.Controls.Add($checkbox) } # Create TextBox $textBox = New-Object System.Windows.Forms.TextBox $textBox.Location = New-Object System.Drawing.Point(20, 180) $textBox.Size = New-Object System.Drawing.Size(300, 20) $form.Controls.Add($textBox) # Create Button $button = New-Object System.Windows.Forms.Button $button.Text = "Run" $button.Location = New-Object System.Drawing.Point(20, 220) $button.Size = New-Object System.Drawing.Size(80, 30) $button.Add_Click({ $selectedOptions = $checkboxes | Where-Object { $_.Checked } | ForEach-Object { $_.Text } $inputText = $textBox.Text # Verify if the required function exists before executing if (Get-Command -Name Enable-DCEntraIDPIMRole -ErrorAction SilentlyContinue) { Enable-DCEntraIDPIMRole -RolesToActivate $selectedOptions -UseMaximumTimeAllowed -Reason $inputText [System.Windows.Forms.MessageBox]::Show("Activated Roles: $($selectedOptions -join ', ')`nReason: $inputText") } else { [System.Windows.Forms.MessageBox]::Show("Error: Enable-DCEntraIDPIMRole function not found. Ensure the correct module is installed.") } }) $form.Controls.Add($button) # Show Form $form.ShowDialog() Im trying to create a script so i can activate PIM with logon to the azure portal. But for some reason i cant get it to work. Can you all please help me out.Assigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.PowerShell Script to Follow a SharePoint Site for a User
Good morning! I've been struggling with this for a while now. I've tried multiple scripts that are supposed to do this and run into many errors. I have a new script I found, which seems to mostly work, but it gives me this one error: Write-Error: Response status code does not indicate success: Forbidden (Forbidden). It looks like a permissions issue. I'm executing this in VSC, running under my user account, but when it connects to Graph, I'm authenticating it as my admin account, which has the following roles: I do realize how easy it is for users to follow a site, but this is one of those messed-up political situations, so I need a way to do this. After the error, it just hangs here: Add users to follow site(. [Adding user 'Ken Ce.] Here is the script I'm using: # Example: .\Add-FollowUserSite.ps1 -UsersMail "user1@[domain].com","user2@[domain].com","user3@[domain].com" -SitesUrl "https://[domain].sharepoint.com" [CmdletBinding()] param( [Parameter(Mandatory=$true,HelpMessage="List of Users Mails")] [String[]]$UsersMail=@("user1@[domain].com","user2@[domain].com","user3@[domain].com"), [Parameter(Mandatory=$true,HelpMessage="List of SharePoint Url to follow")] [String[]]$SitesUrl=@("https://[domain].sharepoint.com") ) Begin{ # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.users) { Write-Host "Microsoft Graph Users Module Already Installed" } else { try { Install-Module -Name microsoft.graph.users -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Validate Modules ffor Microsoft graph users exist if (Get-Module -ListAvailable -Name microsoft.graph.sites) { Write-Host "Microsoft Graph Sites Module Already Installed" } else { try { Install-Module -Name microsoft.graph.sites -Scope CurrentUser -Repository PSGallery -Force -AllowClobber } catch [Exception] { $_.message } } # Import Modules Microsoft.Graph.users and Microsoft.Graph.sites to be used Import-Module Microsoft.Graph.users Import-Module Microsoft.Graph.sites Write-Host "Connecting to Tenant" -f Yellow Connect-MgGraph -Scopes "Sites.ReadWrite.All", "User.Read.All" Write-Host "Connection Successful!" -f Green } Process{ $count = 0 $UsersMail | foreach { #Get user Graph properties $mail = $_ $user = Get-MgUser -ConsistencyLevel eventual -Count 1 -Search ([string]::Format('"Mail:{0}"',$mail)) $SitesUrl | foreach { #Get Site Graph properties $domain = ([System.Uri]$_).Host $AbsolutePath = ([System.Uri]$_).AbsolutePath $uriSite = [string]::Format('https://graph.microsoft.com/v1.0/sites/{0}:{1}',$domain,$AbsolutePath) $site = Invoke-MgGraphRequest -Method GET $uriSite #Create Body for Post request $body = @' { "value": [ { "id": "{$SiteID}" } ] } '@.Replace('{$SiteID}',$site.id) #Graph call that include user to follow site $uriFollow = [string]::Format('https://graph.microsoft.com/v1.0/users/{0}/followedSites/add',$user.Id) #Include follow option from user to SharePoint Site try{ $response = Invoke-MgGraphRequest -Method POST $uriFollow -Body $body -ContentType "application/json" Write-Host "User '$($user.DisplayName)' is following site '$($AbsolutePath)'" -f Green } catch { Write-Error $_.Exception } } $count += 1 #progress bar Write-Progress -Activity 'Add users to follow site(s)' -Status "Adding user '$($user.DisplayName)' to follow sites... ($($count)/$($UsersMail.Count))" -PercentComplete (($count / $UsersMail.Count) * 100) } } End { Disconnect-MgGraph Write-Host "Finished" -ForegroundColor Green } Any help would be greatly appreciated.Getting Teams meeting transcripts using Powershell with Graph API
I have set up an Enterprise App in Entra with the following API permissions: Microsoft.Graph OnlineMeetings.Read (Delegated) OnlineMeetings.Read.All (Application) User.Read.All (Application) Admin consent has been granted for the Application types. Below is the code snippet for getting the meetings: $tenantId = "xxxxxx" $clientId = "xxxxxx" $clientSecret = "xxxxxx" $secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force $psCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secureSecret) Connect-MgGraph -TenantId $tenantId -ClientSecretCredential $psCredential -NoWelcome $meetings = Get-MgUserOnlineMeeting -UserId "email address removed for privacy reasons" -All Connect-MgGraph is invoked without errors. I had verified this with Get-MgContext command. At line 10 I get this error: Status: 404 (NotFound) ErrorCode: UnknownError I don't know if this is means there was an error in the API call, or there were no records found (I do have Teams calls with transcripts though). I have tried changing the last line to (without -All): $meetings = Get-MgUserOnlineMeeting -UserId "my guid user id here" And I get this error: Status: 403 (Forbidden) ErrorCode: Forbidden Adding -All parameter results in this error: Filter expression expected - /onlineMeetings?$filter={ParameterName} eq '{id}'. I've done some searching but I haven't found any more information nor solution for this. I hope someone can point me in the right direction. Thanks in advance!
Gui to deploy folder contents to multiple VMs
I am trying to improve imaging computers where I work. I need to create a gui for new hires since the imaging process is so complicated. I need the GUI to request necessary computer names that are being imaged and then copy files from a local workstation to the machines that are being imaged on the network that our technicians do not have physical access to. I have turned to Powershell for the solution in an attempt to improve on my knowledge which is basic really. Below is the code I have come up with so far. In this code I am getting the location of the file. I would rather copy the entire folder instead of the file but I couldnt find the code to do that. So, if that is possible please show me how. If not I figure I would have to save these imaging files to a ZIP file. Then I could maybe use this GUI I am working on to move the zip file to the remote computers. Add-Type -AssemblyName System.Windows.Forms # Create the form $form = New-Object System.Windows.Forms.Form $form.Text = "File and Network Location Collector" $form.Size = New-Object System.Drawing.Size(400, 200) # Create the label for file name $fileLabel = New-Object System.Windows.Forms.Label $fileLabel.Text = "File Name:" $fileLabel.Location = New-Object System.Drawing.Point(10, 20) $form.Controls.Add($fileLabel) # Create the text box for file name $fileTextBox = New-Object System.Windows.Forms.TextBox $fileTextBox.Location = New-Object System.Drawing.Point(100, 20) $fileTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($fileTextBox) # Create the label for network location $networkLabel = New-Object System.Windows.Forms.Label $networkLabel.Text = "Network Location:" $networkLabel.Location = New-Object System.Drawing.Point(10, 60) $form.Controls.Add($networkLabel) # Create the text box for network location $networkTextBox = New-Object System.Windows.Forms.TextBox $networkTextBox.Location = New-Object System.Drawing.Point(100, 60) $networkTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($networkTextBox) # Create the button to submit $submitButton = New-Object System.Windows.Forms.Button $submitButton.Text = "Submit" $submitButton.Location = New-Object System.Drawing.Point(150, 100) $form.Controls.Add($submitButton) # Add event handler for the button click $submitButton.Add_Click({ $fileName = $fileTextBox.Text $networkLocation = $networkTextBox.Text [System.Windows.Forms.MessageBox]::Show("File Name: $fileName`nNetwork Location: $networkLocation") }) # Show the form $form.ShowDialog() In this portion of the code it is copying from one source to many locations. Thank you for any assistance as this would help my organization a lot. We are getting several new hires who are very new to the industry. This would be a huge blessing. Pardon the change in font size. It did that for no reason, its my first time using the blog, and there appears to be no way to change the sizes lol. Forgive me. #Define the source folder and the list of target computers $sourceFolder = "C:\Path\To\SourceFolder" $destinationFolder = "C:\Path\To\DestinationFolder" $computers = @("Computer1", "Computer2", "Computer3") # Replace with actual computer names # Function to copy the folder function Copy-Folder { param ( [string]$source, [string]$destination ) Copy-Item -Path $source -Destination $destination -Recurse -Force } # Execute the copy operation on each computer foreach ($computer in $computers) { Invoke-Command -ComputerName $computer -ScriptBlock { param ($source, $destination) Copy-Folder -source $source -destination $destination } -ArgumentList $sourceFolder, $destinationFolder } Write-Host "Folder copied to all specified computers."Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyID. How to get the ID?
Hello! I am trying to copy an Intune App Protection Policy so I can edit it and apply it to a different group of users. I've cobbled together the below script from other examples but it doesn't work because I am not able to find the -ManagedAppPolicyID that it wants. I've not been able to find it anywhere in Intune. I've not been able to find a PowerShell cmdlet that will list it either. Does anyone know how I can make this work? Or another way to do it? Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" $policyId = "<Insert App Policy ID>" $appProtectionPolicy = Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyId $policyId $newPolicy = $appProtectionPolicy | Select-Object * -ExcludeProperty Id, CreatedDateTime, Version, LastModifiedDateTime $newPolicy.DisplayName = "Copy of $($newPolicy.DisplayName)" New-MgDeviceAppManagementMobileAppConfiguration -Data $newPolicy Get-MgDeviceAppManagementManagedAppPolicy -Filter "displayName eq '$($newPolicy.DisplayName)'".Net mail message, PowerShell and Microsoft Purview Infrmation Protection
I have a PowerShell script that using the .net mail message to send emails. We want to restrict some of those emails to a certain sensitivity (we call it classification) and restrict it to only internal users (which this label does when sending via Outlook). I have looked at a number of ways to do this but haven't come up with anything that works. Here are the issues: The smtp server is NOT in Office 365. The PowerShell window is opened as an admin account so using an Outlook interface might not work. Currently, I have it set to send remotly (A session is created with the server that is whitelisted and it actually sends the message). Any information would be of great assistance.
