Aperture Script Memos
From Datateknik
(Difference between revisions)
| Line 21: | Line 21: | ||
*Disable recursive queries | *Disable recursive queries | ||
*Use the following script | *Use the following script | ||
| − | <blockquote><code> | + | <blockquote><code># Script for allowing internal hosts to send recursive queries to a public DNS server<br># Adding internal network IP addresses to the client subnet<br># Creating a scope to enable recursion and where to send queries<br># Creating policy for recursion matching client subnet and recursion scope<br>Add-DnsServerClientSubnet -Name InternalNetworkIP -IPv4Subnet 1.2.3.4 /n |
| − | + | -IPv6Subnet aaa:bbbb:ccc::/64<br>Add-DnsServerRecursionScope -Name InternalRecursionScope -EnableRecursion $true | |
| + | -Forwarder 8.8.8.8, 2001:4860:4860::8888<br>Add-DnsServerQueryResolutionPolicy -Name InternalQueryPolicy -Action ALLOW -ApplyOnRecursion -ClientSubnet "EQ,InternalNetworkIP" -RecursionScope InternalRecursionScope<br># Confirm configuration by showing DNS recursion policy, DNS recursion scope, and our query policy.<br>Get-DnsServerClientSubnet<br>Get-DnsServerRecursion<br>Get-DnsServerRecursionScope<br>Get-DnsServerQueryResolutionPolicy | ||
</code></blockquote> | </code></blockquote> | ||
Revision as of 07:57, 20 October 2020
Creating users with CSV file on Windows Server 2019 AD
- Create the CSV file with ";" as delimiter
- Create an OU container in your Active Directory server and record the location
- Create a PowerShell script in the same location as the CSV file is located
- Use the following script
# Import Active Directory module and import CSV File to list
Import-Module Active Directory
$import_users = Import-Csv -Path .\Users.csv -Header "FirstName","LastName","Password" -Delimiter ";"
# Start a loop and send each line of the CSV file to create a user
$import_users | ForEach-Object{
New-ADUser `
-Name $($_.FirstName + " " + $_.Lastname) `
-GivenName $_.FirstName `
-SurName $_.LastName `
-DisplayName $($_.FirstName + " " + $_.Lastname) `
-SamAccountName $($_.FirstName.Substring(0,3).ToLower() + $_$.LastName.Substring(0,3).ToLower()) `
-UserPrincipalName $($_.FirstName.ToLower() + "." + $_.LastName.ToLower() + "@example.com") `
-AccountPassword $(ConvertTo-SecureString $_.Password -AsPlainText -Force)`
-Path "OU=ExampleUsers,DC=example,DC=com" `
-Enabled $True `
}
Blocking open resolver and enabeling WSUS Service on Windows Server 2019 AD
- Disable recursive queries
- Use the following script
# Script for allowing internal hosts to send recursive queries to a public DNS server
# Adding internal network IP addresses to the client subnet
# Creating a scope to enable recursion and where to send queries
# Creating policy for recursion matching client subnet and recursion scope
Add-DnsServerClientSubnet -Name InternalNetworkIP -IPv4Subnet 1.2.3.4 /n
-IPv6Subnet aaa:bbbb:ccc::/64
Add-DnsServerRecursionScope -Name InternalRecursionScope -EnableRecursion $true
-Forwarder 8.8.8.8, 2001:4860:4860::8888
Add-DnsServerQueryResolutionPolicy -Name InternalQueryPolicy -Action ALLOW -ApplyOnRecursion -ClientSubnet "EQ,InternalNetworkIP" -RecursionScope InternalRecursionScope
# Confirm configuration by showing DNS recursion policy, DNS recursion scope, and our query policy.
Get-DnsServerClientSubnet
Get-DnsServerRecursion
Get-DnsServerRecursionScope
Get-DnsServerQueryResolutionPolicy
