Posts

Posted on

Protect your WordPress site with WordFence

Wordfence is a robust and comprehensive security plugin for WordPress websites. It provides advanced protection against cyber threats such as malware, hacking attempts, and brute force attacks. The plugin features a firewall that blocks malicious traffic before it reaches your site, as well as a malware scanner that detects and removes malicious code. In addition to its security features, Wordfence also offers tools for monitoring site activity and performance. It provides real-time traffic monitoring, detailed logs of site activity, and alerts for suspicious behavior. The plugin also includes options for two-factor authentication and password strength enforcement to further enhance site security.

One of the standout features of Wordfence is its community-powered threat intelligence network. This feature enables the plugin to receive real-time updates and insights about emerging threats from a global network of users. This ensures that your site is protected against the latest security risks.

Overall, Wordfence is a highly effective and user-friendly security solution for WordPress websites. Its comprehensive features and real-time threat intelligence make it a valuable tool for protecting your site from cyber attacks. I would highly recommend Wordfence to any WordPress site owner looking to strengthen their site’s security.

Posted on

Automated PowerShell Script for Updating UserPrincipalNames in Active Directory After Domain Change

You have completed the domain work in relation to your O365 tenancy, however the usernames replicated to AAD are in “username@old suffix.com” format.

Most organizations have inherited a “username@old-domain.local” suffix. Time goes on and the organization changes its name, amalgamates, etc, for whatever reason, effectively changes its name.

The target of the script is the group a on-prem active directory group.

The following script will serve to allow you to run the script wrapped in a scheduled task in order to change the full upn for the usernames in the group with from “username@old-company.local”(no joke intended), through to “firstname.lastname@new-domain.com” format.

I have used the script on a nightly basis but do not see the reason to run it more frequently. 

Import-Module ActiveDirectory
$group = "O365 Users"
$newsuffix = "new-suffix.com"
$users = get-adgroupmember -Identity $group |Get-ADUser |sort userprincipalname
$from = "servername@domain.com"
$to = "admin-user@domain.com"
$tofailedrecipient = "poor.sysadmin@domain.com"

foreach ($user in $users){
    $upn = (($user.givenname)+"."+($user.surname)+"@"+$newsuffix).tostring()
    $upnfromad = ($user.userprincipalname).tostring()
    if ($upn -notmatch $upnfromad) {
        Try{
            $emailbody = "<HTML><HEAD><META http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-1"" /><TITLE></TITLE></HEAD>"
            $emailbody = "<BODY bgcolor=""#FFFFFF"" style=""font-size: Small; font-family: Arial; color: #000000""><P>"
            $emailbody += "<p>The following UPNs have been updated:</p>"
            Set-ADUser -Identity $user.SamAccountName -UserPrincipalName "$($user.GivenName).$($user.Surname)@$newsuffix"
            $emailbody += $upn
            $emailbody += "<br>"
            $successMessageParameters = @{
                        Subject = "The following addresses have been updated - $((Get-Date).ToShortDateString())"
                        Body = $emailbody
                        From = $from
                        To = $to
                        SmtpServer = "x.x.x.x"
                        BodyAsHTML = $true
                        }
            $emailbody += "<p>Regards,</p>"
            $emailbody += "<p>Your friendly Office 365 team</p>"
            Send-MailMessage @successMessageParameters
            }
        Catch [Exception] {
            $ErrorMessage = $_.Exception.Message
            $failedMessageParameters = @{
                        Subject = "The following error was encountered when attempting to update the UPN's"
                        Body = ("'$ErrorMessage'") | Out-String
                        From = $from
                        To = $tofailedrecipient
                        SmtpServer = "x.x.x.x"
                        }
            Send-MailMessage @failedMessageParameters -BodyAsHtml
        }
    }
}

Posted on

Change Suffix To AD Security group

You have completed the domain work in relation to your O365 tenancy, however the usernames replicated to AAD are in “username@old suffix.com” format.

Most organizations have inherited a “username@old-domain.local” suffix. Time goes on and the organization changes its name, amalgamates, etc, for whatever reason, effectively changes its name.

The following script will serve to allow you to run the script ad hoc in order to change the full upn for the usernames in the group with from “username@old-company.local”(no joke intended), through to “firstname.lastname@new-domain.com” format: 

param([string] $group)
cls

Import-Module ActiveDirectory
$newsuffix = "new-suffix.com"
$users = get-adgroupmember -Identity $group |Get-ADUser


write-host "The following users are going to be renamed, would you like to procees?"
$users.userprincipalname 
write-host "The above UPNs are affected." -ForegroundColor Red
$confirmation = Read-Host "Are you Sure You Want To Proceed (y) to firstname.lastname@new-domain.com format" 
if ($confirmation -eq 'y') {
    foreach ($user in $users)
        {
            Set-ADUser -Identity $user.SamAccountName -UserPrincipalName "$($user.GivenName).$($user.Surname)@$newsuffix"
        }
}
Sleep 5

Get-ADGroupMember $group | get-aduser | select userprincipalname

Posted on

Backup permissions for Sharepoint Online

So you have started down the road of creating your Sharepoint site in Office 365 but you do not have permissions permissions as these require to be manually added.

We are a little lazier than that, this will be the basis of a scheduled job.

Please use the script below along with my small recommendations: 

#one-time generation of an a file to hold password so that we may schedule the job. 
#read-Host “Enter Password” -AsSecureString |  ConvertFrom-SecureString | Out-File “C:\Scripts\o365_spo.txt”


Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

#Setup our variables
$date = (get-date -format "dd-MM-yy")
$contents = $null
$emailbody = $null
$AdminURL = "https://tenancy-admin.sharepoint.com"
$AdminName = "O365Backup@domain.com"
#admin account we will be adding
$AdminNames = "backup.account@domain.com","sharepoint.admin@domain.com"
$TenantPass = cat “C:\Scripts\o365_spo.txt” | ConvertTo-SecureString
$TenantCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminname, $TenantPass
$cred = [System.Net.CredentialCache]::DefaultCredentials
[System.Net.WebRequest]::DefaultWebProxy.Credentials = $TenantCredentials

Connect-SPOService -Url $adminurl -credential $TenantCredentials

#Build site list
$Sites = Get-SPOSite -Limit ALL

$emailbody = "<HTML><HEAD><META http-equiv=""Content-Type"" content=""text/html; charset=iso-8859-1"" /><TITLE></TITLE></HEAD>"
$emailbody = "<BODY bgcolor=""#FFFFFF"" style=""font-size: Small; font-family: Arial; color: #000000""><P>"
$emailbody += "<p>Please be aware that the following permissions have been added to sharepoint sites by $AdminName :</p>"
$emailbody += "<p>Tenancy: $AdminURL</p>"


Foreach ($admin in $adminnames){

    Foreach ($Site in $Sites){
        Set-SPOUser -site $Site.Url -LoginName $Admin -IsSiteCollectionAdmin $True
        $displayname = Get-SPOUser -site $Site.Url -LoginName $admin
        $displayname = $displayname.displayname | out-string
        $url = $site.url | Out-String
        $isadmin = get-spouser $site.url -loginname $Admin | select issiteadmin
        $emailbody += "$displayname confirmed as $isadmin for: $url</br>"
        write-host $emailbody
        }
}
$emailbody += "<p>Regards,</p>"
$emailbody += "<p>Your friendly Office 365 team</p>"
$successMessageParameters = @{
Subject = "Site Collection Admin Added to SharePoint Sites - $((Get-Date).ToShortDateString())"
Body = $emailbody
From = "servername@domain.com"
To = "backupadmins@domain.com","digitalplatformteam@domain.com"
#To = "testing.user@domain.com"
SmtpServer = "x.x.x.x"
BodyAsHTML = $true
}
Send-MailMessage @successMessageParameters