Tag: Azure

Azure – resetting a password for a Domain Controller VM

Posted on May 7, 2021 by Dexter

I came across a situation the other day.

In my Azure Tenant, I have a VM, a domain controller that hosts, well… my domain.

I only use it for testing, most recently I was doing some SSPR testing. I only turn it on occasionally for testing some powershell scripts, this password reset utility, and other things that only an on-premises Domain Controller can really do.

Over time, over about 2 weeks I didn’t need it and had this server sitting in a powered off state. When I did need it again, after powering it on, I realized I couldn’t login with my Domain Admin credentials. The error was that my password had expired, and I needed to reset it.

Okay, I’ll use my backup Domain Admin account to reset it. The problem was, the backup Domain Admin account was giving the same error.

Uh-oh.

My primary, and backup domain admin accounts to my one cloud controller that is not replicated anywhere are both locked out. Now what?

Luck has it, there’s as way to do this that’s fairly painless and actually quite simple.

  1. Create a .ps1 file. The only contents it needs are one line:
Net user AD-Admin NewP@ssword!

Name it something relevant like “password_reset.ps1”

This HAS to be an account that’s active in your AD, and perferrably a Domain Admin account. The password can be whatever you want, as long as it fits your password domain policy.

2. Goto portal.azure.com -> Storage accounts -> any_of_your_storage_accounts ->containers (create one if you have to) -> upload. Upload the .ps1 file you created in step 1 above.

3. In portal.azure.com -> Virtual Machines -> Your_VM_DC -> Settings -> Extensions + Applications -> Add a Custom Script Extension

Browse to the storage container in step 2, point to the .ps1 file created in step 1

Let the deployment run

6. Log onto your DC VM in Azure with the credentials from step 1 above. RESET any or all your domain admin passwords that have that requirement.

7. Uninstall and delete that Custom script extension from step 3 for this VM. Otherwise, every time it boots it will reset the password for this one user.

Delete that .ps1 file from the storage container too!

Azure – Import users into cloud via CSV file

Posted on May 7, 2021 by Dexter

There’s a few different methods to import users into your Azure tenant.

  1. In the Azure Active Directory Portal https://aad.portal.azure.com -> Users -> Bulk Operations -> Bulk create
  2. Or you can use a little powershell

This will focus on the powershell method. Mainly because the Azure Portal only requires point and click. Plus, this is way more fun.

The Sample CSV format:

UserPrincipalNameDisplayNameGivenNameSurnamejobTitleMailNickNameObjectIdAccountEnabledAgeGroupCityCompanyNameConsentProvidedForMinorCountryCreationTypeDepartmentFacsimileTelephoneNumberIsCompromisedImmutableIdMobilePasswordPoliciesPasswordProfilePhysicalDeliveryOfficeNamePostalCodePreferredLanguageShowInAddressListStateStreetAddressTelephoneNumberUsageLocationUserStateUserStateChangedOnUserType
nabendun@customdomain.onmicrosoft.comNabendu NahasapeemapetilonNabenduNahasapeemapetilon$null104667339TrueMinorSpringfieldnull United States null856-511-6827    304-960-7231    Guder Lao2810Nepali Illinois43090 Jay Drive314-812-4954US      Member
jimboj@customdomain.onmicrosoft.comJimbo JonesJimboJones$null142259518TrueMinorSpringfieldnull United States null546-298-0636    558-695-5632    Purabaya2810Hebrew Illinois39176 Weeping Birch Court851-166-3492US      Member

And here’s the sample code below.

Make sure before you run to execute connect-azureAD first!

$CSV = Import-Csv C:\path_to_CSV_file.csv -Delimiter ","
 
foreach ($User in $CSV) {
$user.UserPrincipalName
$user.DisplayName
$user.GivenName
$user.Surname
$user.jobTitle
$user.MailNickName
$user.ObjectId
$user.AccountEnabled
$user.AgeGroup
$user.City
$user.CompanyName
$user.ConsentProvidedForMinor
$user.Country
$user.CreationType
$user.Department
$user.FacsimileTelephoneNumber
$user.IsCompromised
$user.ImmutableId
$user.Mobile
$user.PasswordPolicies
$user.PasswordProfile
$user.PhysicalDeliveryOfficeName
$user.PostalCode
$user.PreferredLanguage
$user.ShowInAddressList
$user.State
$user.StreetAddress
$user.TelephoneNumber
$user.UsageLocation
$user.UserState
$user.UserStateChangedOn
$user.UserType

         Set-AzureADUser -ObjectID $user.UserPrincipalName `
         -jobTitle $User.jobtitle `
         -AgeGroup $User.AgeGroup `
         -City $User.City `
         -CompanyName $User.CompanyName `
         -Country $User.Country `
         -Department $User.Department `
         -FacsimileTelephoneNumber $user.FacsimileTelephoneNumber `
         -Mobile $User.Mobile `
         -PhysicalDeliveryOfficeName $user.PhysicalDeliveryOfficeName `
         -Postalcode $user.PostalCode `
         -State $user.state `
         -Streetaddress $user.StreetAddress `
         -TelephoneNumber $user.TelephoneNumber `
         -UsageLocation $user.UsageLocation

        write-output $User
}