Thursday, February 24, 2022

Bulk DNS Management in PowerShell

So your environment got bigger fast and you have a TON of forward and reverse lookup zones and something is out of whack. Well, I have a tool I've made in PowerShell and used successfully to 1) Find DNS A and PTR records related to specific hostnames or IPs and 2) Update their records like adjusting TTL and bulk renaming to point to a new host and 3) Make a backup of the existing records just in case as a CSV file ^_^).

This is probably one of the scariest tools I've had to build and comes with ZERO warranty - because, seriously, this is manipulating DNS records in bulk - but if you want to even just check to see what A or PTR records exist for a single IP then this might help you. You just run the tool as an admin on a Domain Controller, it IS interactive, and it will tell you that it may take several minutes to retrieve all A and PTR records and mesh them together. After that, it presents a menu to work with. I'm always open to tweaking ideas like I want to, at some point, have an option to just delete all orphaned objects or force re-create PTR records for all A records that are missing them...but that gets weird when you have load balancers and web apps where a ton of stuff should or should not point to one IP. Have fun!

Requires the DNSServer module from RSAT and to be run locally as an admin on the DC. Here's the link to the script:

hornerit/powershell (github.com)

Tuesday, October 20, 2020

Office 365 Spam Remover - Now supports MFA (Updated to support Content Searches)

Problem: A spam campaign has hit your tenant and affected mailboxes and the Campaign options in O365 are either unavailable or don't satisfy the executives yelling at you while you read this.

Resolution: Adjust this script to replace CONTOSO with your domain (if not it will prompt you). This will prompt you for your Exchange Admin credentials, offer you the chance to add more exchange admin accounts to run this under, prompt for the evil sender(s), date and time the spam campaign hit, and optionally the subject line(s) of the evil email messages so you don't accidentally remove too many messages. The script uses a message trace of all email sent to your tenant by the evil senders during the time frame specified and then searches those mailboxes to find the message(s) and NOW CREATES CONTENT SEARCHE(S)! From there, it will create the Purge action necessary to delete the message in question.

Last Updated May 21, 2019 to improve several sections based on feedback and optimizing. Another version of this script has been posted that has a GUI for all of the initial input using the Windows Presentation Framework built into Windows (so no special installs needed) at https://www.hornerit.com/2019/05/o365-spam-remover-script-now-with-gui.html. As with any script you get from the internet, no warranty is expressed or implied for this script so test it and tweak to your environment. I have tried to make it use UTC and avoid hard-coding any regional settings but your mileage may vary.


Update 2019-06-17 - I have moved my scripts to a github repository so that updates are easier to make. DO NOT WORRY - I do not make my github look freaking weird with folders and cryptic things that non-developers don't understand...my scripts are right there in the main folder and you can click them to view/copy/download: https://github.com/hornerit/powershell/blob/master/O365-SPAM-REMOVER-NoGUI-Public.ps1

O365 Spam Remover Script - now with a GUI and supports MFA (updated to use Content Search)

Problem: A spam campaign has hit your company and you want to remove the email from all inboxes in the tenant to help prevent people clicking bad links, freaking out, etc.

Solution: I've created a script as an update to the original script for this post. The newer ExchangeOnlineManagement powershell options appeared and the Search-Mailbox cmdlet has been deprecated...so, the new version creates a Content Search and also creates the appropriate purge actions to delete all email. This script will try to load a GUI for you with several options to control the senders, subject lines, and time frames the spam campaign was sent to make it much simpler on you to remove that phishing or spam campaign that made it through. If the GUI fails, it will fail back to an interactive cmd line script requesting the same info. As with any script you get from the internet, no warranty is expressed or implied for this script so test it and tweak to your environment. I have tried to make it use UTC and avoid hard-coding any regional settings but your mileage may vary.


https://github.com/hornerit/powershell/blob/master/O365-SPAM-REMOVER-GUI-Public.ps1

Update 10/20/2020 - The code has been overhauled and updated for content searches! Update 6/17/2019 - Moved the code to GitHub for easier updating. DO NOT WORRY - my github does not look like some giant mess of folders with cryptic things...the powershell files are right there on the screen and you can click any of them to view them in their entirety.

Update on May 22, 2019 - I have added some support to attempt to auto-load the Exchange Online for Powershell module and use it as priority over basic authentication.