Monday, October 26, 2020

Convert ImmutableID to Hex for AD

To get the immutableID value from a user (should be able to do similar with Get-MSOLUser if preferred):

$id = (Get-AzureADUser -ObjectId User@domain.com).immutableid

To convert that ID to hex for entry

$hex=([system.convert]::FromBase64String("$id") | ForEach-Object ToString X2) -join ' '

To view the value in $hex:

$hex

The immutable id will be a value something like: fhG+Kox7LkaYwSIf6s6UFA==

The hex for that one is: 7E 11 BE 2A 8C 7B 2E 46 98 C1 22 1F EA CE 94 14

The hex value can be entered into the ms-DS-ConsistencyGUID attribute of the user object.


And converting from objectGUID to ImmutableID

$immutableID = [system.convert]::ToBase64String(([GUID]($u.ObjectGUID)).tobytearray())

Wednesday, October 7, 2020

Install-Module Fails without TLS 1.2

 I've run into problems with Windows Server where the Install-Module cmdlet generate errors and won't download from the PowerShell  repository on the internet. To fix this you need to enable TLS 1.2 for PowerShell.

To do this permanently for .NET 4 and up, set two registry keys for 64-bit and 32-bit .NET Framework:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

If you need to do a quick temporary fix because you can't update the registry then use this:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

The temporary fix is only for the current PowerShell prompt.