Office 365 get users last password change

This requires admin access to Azure / Office 365

Import-Module MSOnline

$login = Get-Credential
Connect-MsolService -Credential $login

Get-MSOLUser -All | Select DisplayName, UserPrincipalName, LastPasswordChangeTimestamp, PasswordNeverExpires | Sort-Object LastPasswordChangeTimestamp

Note You must have the PowerShell Azure Active Directory (MSOL) Cmdlets installed for this script to work.  You can download them here:

https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx?f=255&MSPPError=-2147217396

Fun with windows subsystem for linux Part 2

After upgrading Windows with the creators update I was able to do a sudo do-release-upgrade Now running xenial on windows subsystem for linux. Microsoft has improved a lot of things on bash on ubuntu on windows. I am now able to run PHP-cgi over mod_fcgid.

Maybe I should do a benchmarking to see how apache is performing compared to plain / native windows apache binaries.

Fun with windows subsystem for linux

After the install and the required reboot I was able to start bash. At first I was confused where to find the files from the home directory. It isn’t the one from windows itself.
Well I found it in AppData\Local\lxss . So each user has his / her own files.

Since I was able to find most stuff I wanted to know if I am able to compile httpd apache on it. I cloned https://github.com/jblond/debian_build_apache24.git and the build went smooth.
But apache didn’t start. Adding AcceptFilter http none and AcceptFilter https none helped. To get rid of the first error messages. But still apache wasn’t starting. Got the following error message.

[Tue Jan 24 22:31:33.590385 2017] [fcgid:emerg] [pid 1289:tid 140034843477824] (38)Function not implemented: mod_fcgid: Can't create shared memory for size 1200712 bytes

Okay, I disabled mod_fcgid and apache starts with /opt/apache2/bin/httpd -k start . Even running C:\Windows\System32\bash.exe ~ as Adminstrator did not solve to run fcgid.
I have to find out how to run mod_fcgid. I like to run PHP over fcgid.

Tags: , , , ,

Delete DS_store and other mac files from windows server

Use a simple batch script

del /s /q /f /a .DS_STORE
del /s /q /f /a ._.*

Maybe you need to cd \ to the root of the drive you are on.

Tags: , , , ,

http/2.0 sslciphersuites with 256 bit alias crypto wars part four

To get rid of 128 bit encryption I had to disable

ECDHE-RSA-AES128-GCM-SHA256

But then I got error messages from the popular browsers Server negotiated HTTP/2 with blacklisted suite. That is caused by DHE-RSA-AES256-SHA and ECDHE-RSA-AES256-SHA

With a lof of trial and error I came to the following

Listen 443
<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

SSLUseStapling off
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256 

However that has the negative effect that Android smaller than 7 and smaller than IE 11 can’t connect to the server. Also some older Firefox versions can’t connect. Depending on the application it might be worth to use such a config that doesn’t allow 128 bit encrypted connections.

Tags: , , ,

How to change the timzone of all mailboxes / accounts in AzureAD

How to change the timzone of all mailboxes / accounts in AzureAD

run PowerShell as Adminsitrator (use this window for all steps)
1) Allow remote signed Scripts

Set-ExecutionPolicy RemoteSigned

2) Log into AzureAD with an Adminsitrator account

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication Basic -AllowRedirection

3) Import remote commands (ignore warnings)

Import-PSSession $session

4) get all mail boxes

get-mailbox

5) Set the timezone ( you could set the language, too)

example
get-mailbox | Set-MailboxRegionalConfiguration -Language  -TimeZone

The Language ID is a number that corresponds to the correct language type. The following table shows you which number corresponds to which language.
Language (Locale)     Code
Arabic (Algeria)     5121
Arabic (Bahrain)     15361
Arabic (Egypt)     3073
Arabic (Iraq)     2049
Arabic (Jordan)     11265
Arabic (Kuwait)     13313
Arabic (Lebanon)     12289
Arabic (Libya)     4097
Arabic (Morocco)     6145
Arabic (Oman)     8193
Arabic (Qatar)     16385
Arabic (Saudi Arabia)     1025
Arabic (Syria)     10241
Arabic (Tunisia)     7169
Arabic (U.A.E.)     14337
Arabic (Yemen)     9217
Basque     1069
Bulgarian     1026
Catalan     1027
Chinese (Hong Kong S.A.R)     3076
Chinese (Macau S.A.R)     5124
Chinese (People’s Republic of China)     2052
Chinese (Singapore)     4100
Chinese (Taiwan)     1028
Croatian     1050
Czech     1029
Danish     1030
Dutch (Belgium)     2067
Dutch (Netherlands)     1043
English (Australia)     3081
English (Belize)     10249
English (Canada)     4105
English (Caribbean)     9225
English (Ireland)     6153
English (Jamaica)     8201
English (New Zealand)     5129
English (Republic of the Philippines)     13321
English (South Africa)     7177
English (Trinidad)     11273
English (United Kingdom)     2057
English (United States)     1033
English (Zimbabwe)     12297
Estonian     1061
Filipino (Philippines)     1124
Finnish     1035
French (Belgium)     2060
French (Canada)     3084
French (France)     1036
French (Luxembourg)     5132
French (Principality of Monaco)     6156
French (Switzerland)     4108
German (Austria)     3079
German (Germany)     1031
German (Liechtenstein)     5127
German (Luxembourg)     4103
German (Switzerland)     2055
Greek     1032
Hebrew     1037
Hindi     1081
Hungarian     1038
Icelandic     1039
Indonesian     1057
Italian (Italy)     1040
Italian (Switzerland)     2064
Japanese     1041
Kazakh     1087
Korean     1042
Latvian     1062
Lithuanian     1063
Malay     1086
Norwegian (Bokmål)     1044
Persian     1065
Polish     1045
Portuguese (Brazil)     1046
Portuguese (Portugal)     2070
Romanian     1048
Russian     1049
Serbian (Cyrillic)     3098
Serbian (Latin)     2074
Slovak     1051
Slovenian     1060
Spanish (Argentina)     11274
Spanish (Bolivia)     16394
Spanish (Chile)     13322
Spanish (Colombia)     9226
Spanish (Costa Rica)     5130
Spanish (Dominican Republic)     7178
Spanish (Ecuador)     12298
Spanish (El Salvador)     17418
Spanish (Guatemala)     4106
Spanish (Honduras)     18442
Spanish (Mexico)     2058
Spanish (Nicaragua)     19466
Spanish (Panama)     6154
Spanish (Paraguay)     15370
Spanish (Peru)     10250
Spanish (Puerto Rico)     20490
Spanish (International Sort)     3082
Spanish (Traditional Sort)     1034
Spanish (Uruguay)     14346
Spanish (Venezuela)     8202
Swedish (Finland)     2077
Swedish (Sweden)     1053
Thai     1054
Turkish     1055
Ukrainian     1058
Urdu     1056
Vietnamese     1066

The TimeZone consists of a String representing the time zone.  Use the value from the middle column of the table below:

Index     Name of Time Zone     Time
000     Dateline Standard Time     (GMT-12:00) International Date Line West
001     Samoa Standard Time     (GMT-11:00) Midway Island, Samoa
002     Hawaiian Standard Time     (GMT-10:00) Hawaii
003     Alaskan Standard Time     (GMT-09:00) Alaska
004     Pacific Standard Time     (GMT-08:00) Pacific Time (US and Canada); Tijuana
010     Mountain Standard Time     (GMT-07:00) Mountain Time (US and Canada)
013     Mexico Standard Time 2     (GMT-07:00) Chihuahua, La Paz, Mazatlan
015     U.S. Mountain Standard Time     (GMT-07:00) Arizona
020     Central Standard Time     (GMT-06:00) Central Time (US and Canada
025     Canada Central Standard Time     (GMT-06:00) Saskatchewan
030     Mexico Standard Time     (GMT-06:00) Guadalajara, Mexico City, Monterrey
033     Central America Standard Time     (GMT-06:00) Central America
035     Eastern Standard Time     (GMT-05:00) Eastern Time (US and Canada)
040     U.S. Eastern Standard Time     (GMT-05:00) Indiana (East)
045     S.A. Pacific Standard Time     (GMT-05:00) Bogota, Lima, Quito
050     Atlantic Standard Time     (GMT-04:00) Atlantic Time (Canada)
055     S.A. Western Standard Time     (GMT-04:00) Caracas, La Paz
056     Pacific S.A. Standard Time     (GMT-04:00) Santiago
060     Newfoundland and Labrador Standard Time     (GMT-03:30) Newfoundland and Labrador
065     E. South America Standard Time     (GMT-03:00) Brasilia
070     S.A. Eastern Standard Time     (GMT-03:00) Buenos Aires, Georgetown
073     Greenland Standard Time     (GMT-03:00) Greenland
075     Mid-Atlantic Standard Time     (GMT-02:00) Mid-Atlantic
080     Azores Standard Time     (GMT-01:00) Azores
083     Cape Verde Standard Time     (GMT-01:00) Cape Verde Islands
085     GMT Standard Time     (GMT) Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London
090     Greenwich Standard Time     (GMT) Casablanca, Monrovia
095     Central Europe Standard Time     (GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
100     Central European Standard Time     (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb
105     Romance Standard Time     (GMT+01:00) Brussels, Copenhagen, Madrid, Paris
110     W. Europe Standard Time     (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
113     W. Central Africa Standard Time     (GMT+01:00) West Central Africa
115     E. Europe Standard Time     (GMT+02:00) Bucharest
120     Egypt Standard Time     (GMT+02:00) Cairo
125     FLE Standard Time     (GMT+02:00) Helsinki, Kiev, Riga, Sofia, Tallinn, Vilnius
130     GTB Standard Time     (GMT+02:00) Athens, Istanbul, Minsk
135     Israel Standard Time     (GMT+02:00) Jerusalem
140     South Africa Standard Time     (GMT+02:00) Harare, Pretoria
145     Russian Standard Time     (GMT+03:00) Moscow, St. Petersburg, Volgograd
150     Arab Standard Time     (GMT+03:00) Kuwait, Riyadh
155     E. Africa Standard Time     (GMT+03:00) Nairobi
158     Arabic Standard Time     (GMT+03:00) Baghdad
160     Iran Standard Time     (GMT+03:30) Tehran
165     Arabian Standard Time     (GMT+04:00) Abu Dhabi, Muscat
170     Caucasus Standard Time     (GMT+04:00) Baku, Tbilisi, Yerevan
175     Transitional Islamic State of Afghanistan Standard Time     (GMT+04:30) Kabul
180     Ekaterinburg Standard Time     (GMT+05:00) Ekaterinburg
185     West Asia Standard Time     (GMT+05:00) Islamabad, Karachi, Tashkent
190     India Standard Time     (GMT+05:30) Chennai, Kolkata, Mumbai, New Delhi
193     Nepal Standard Time     (GMT+05:45) Kathmandu
195     Central Asia Standard Time     (GMT+06:00) Astana, Dhaka
200     Sri Lanka Standard Time     (GMT+06:00) Sri Jayawardenepura
201     N. Central Asia Standard Time     (GMT+06:00) Almaty, Novosibirsk
203     Myanmar Standard Time     (GMT+06:30) Yangon Rangoon
205     S.E. Asia Standard Time     (GMT+07:00) Bangkok, Hanoi, Jakarta
207     North Asia Standard Time     (GMT+07:00) Krasnoyarsk
210     China Standard Time     (GMT+08:00) Beijing, Chongqing, Hong Kong SAR, Urumqi
215     Singapore Standard Time     (GMT+08:00) Kuala Lumpur, Singapore
220     Taipei Standard Time     (GMT+08:00) Taipei
225     W. Australia Standard Time     (GMT+08:00) Perth
227     North Asia East Standard Time     (GMT+08:00) Irkutsk, Ulaanbaatar
230     Korea Standard Time     (GMT+09:00) Seoul
235     Tokyo Standard Time     (GMT+09:00) Osaka, Sapporo, Tokyo
240     Yakutsk Standard Time     (GMT+09:00) Yakutsk
245     A.U.S. Central Standard Time     (GMT+09:30) Darwin
250     Cen. Australia Standard Time     (GMT+09:30) Adelaide
255     A.U.S. Eastern Standard Time     (GMT+10:00) Canberra, Melbourne, Sydney
260     E. Australia Standard Time     (GMT+10:00) Brisbane
265     Tasmania Standard Time     (GMT+10:00) Hobart
270     Vladivostok Standard Time     (GMT+10:00) Vladivostok
275     West Pacific Standard Time     (GMT+10:00) Guam, Port Moresby
280     Central Pacific Standard Time     (GMT+11:00) Magadan, Solomon Islands, New Caledonia
285     Fiji Islands Standard Time     (GMT+12:00) Fiji Islands, Kamchatka, Marshall Islands
290     New Zealand Standard Time     (GMT+12:00) Auckland, Wellington
300     Tonga Standard Time     (GMT+13:00) Nuku’alofa

In the Example below we will set all mailboxes in our Office 365 Tenant to the Language English (UK) and the GMT Time Zone.

get-mailbox | Set-MailboxRegionalConfiguration -Language 2057 -TimeZone "GMT Standard Time"

Get only the aliases with

select -expand emailaddresses alias

Final To German Timezone

get-mailbox | select -expand Alias | Set-MailboxRegionalConfiguration -TimeZone "W. Europe Standard Time"
Get-User | Get-Mailbox

Tags: , , , , ,

Things to know about nano editor

Open nano with

nano -wcF

ALT + G = Goto Line Number
CTRL + R = Insert File
CTRL + W = Search String or by RegEx
ALT + R = Replace string or Replace by RegEx
ALT + , = Goto previous buffer
ALT + . Goto next Buffer

Windows Domain: what computer user is logged in

Open a PowerShell on the Domain Controller:

Get-WmiObject -computer localhost -class Win32_ServerConnection

Done

http/2.0 sslciphersuites alias crypto wars part three

It has been a while since I wrote part two of the crypto wars. Luckily Peter Mosmans has backported ChaCha20 and Poly1305 ciphers of OpenSSL 1.1.0 to 1.0.2 on github so that at least Chrome browser can use 256 bit encryption over HTTP/2

However on the httpd dev mailing list there are a few people already talking about making changes to APR and httpd so that it will compile with OpenSSL 1.1.0

The config for that is:

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 
SSLCompression Off 
SSLHonorCipherOrder On 
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA

Why 256 bit? 128 bit hasn’t been cracked yet. The answer is that the collection of data and the data will decrypted when the time has come with a new generation of computers.

http/2.0 sslciphersuites alias crypto wars part two

With the upcoming mod_h2 the httpd apache module for HTTP/2.0 support there is a must to have ECDHE-RSA-AES128-GCM-SHA256 in the SSLCipherSuite[1]. So SSLHonorCipherOrder Off can’t be used. That leaves the connection with only 128 bit encryption instead of 256 bit.

My hope is that the browsers will support soon a 256 Cipher

 

[1] https://http2.github.io/http2-spec/#rfc.section.9.2.2