PowerShell – Script to migrate a security group and all its members from AD to AAD

When you decide it's time to migrate your security groups from on-premise AD to the Cloud, you might find it very tedious and prone to mistakes. Of course that is if you have lots of groups to move. The script in this post should come to your aid as it finds the group you would like to migrate, creates a new group in AAD with a name you choose, then it adds all users and nested groups into the newly created group - the same as your AD group had. A few nice things this script also does: checks if the group you are about to migrate exists in AD; makes sure a group you will be creating in AAD doesn't already exist; combines description and notes, then adds them to a newly created group in AAD. Note that for this script to work well all nested groups must be…

Continue ReadingPowerShell – Script to migrate a security group and all its members from AD to AAD

PowerShell – script to reset user password in AAD and AD then force sign out from Office 365 services

The only purpose of this script is to act as fast as possible when dealing with a successful phishing attack where one of your users got compromised. You can perform all the steps below one by one using UI but it takes more time which must not be wasted in such a case. So, here are actions the script does: Creates a new random password (you can play with how your temp password should look like). Your user will be forced to change it. Resets a password in the cloud / Office 365. Optionally resets a password in your on-premise AD (if your accounts are synced with Active Directory) Terminates all active Office 365 sessions (Invalidates the refresh tokens issued to applications for a user per Microsoft). In order to reset passwords in AD the script must “Run As” an account that can edit AD. If you are remote, you…

Continue ReadingPowerShell – script to reset user password in AAD and AD then force sign out from Office 365 services