Powershell Cheat Sheet
Check if an email is a member of distribution group
Get-DistributionGroupMember -Identity "Shareholders" | ` select DisplayName,PrimarySmtpAddress,RecipientType | ` where { $_.PrimarySmtpAddress -match "marc" }Save a CSV report of users in a distribution group
Get-DistributionGroupMember -Identity "Investors" | ` select * | ` Export-Csv -Path .\investors.csv -NoTypeInformationSave a CSV of all Azure AD joined devices
Get-AzureADDevice -All 1 -Filter "startswith(DeviceOSType,'Windows')"Get all device names and last check-in dates
Import-Module Microsoft.Graph.DeviceManagement Get-MgDeviceManagementManagedDevice | select ` DeviceName,` EmailAddress,` LastSyncDateTime,` AzureAdRegistered,` DeviceRegistrationState,` ComplianceState,` DeviceEnrollmentType,` OperatingSystem |` Sort-Object -Property LastSyncDateTime | ` Export-Csv -Path ~\Downloads\aad-device-sync-report.csv -NoTypeInformationGet list of Dynamic Distribution group members
Get-Recipient -RecipientPreviewFilter ($globalEmployees.RecipientFilter) -OrganizationalUnit ($globalEmployees.RecipientContainer) | ForEach {$_ | select PrimarySmtpAddress}Easier way to get dynamic distribution group membership
Get-DynamicDistributionGroupMember -Identity "All Global Employees" | select Alias,CompanyAllow/Disallow members of a group to create new Microsoft 365 groups. Just update the
GroupNameandAllowGroupCreationvariables as desired. SetGroupNameto''or an empty string if you want to apply the policy to all groups instead of a single one.AllowGroupCreationacceptsTrueorFalse.Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement Import-Module Microsoft.Graph.Beta.Groups Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All" $GroupName = "Information Technology" $AllowGroupCreation = "True" $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $params = @{ templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" values = @( @{ name = "EnableMSStandardBlockedWords" value = "true" } ) } New-MgBetaDirectorySetting -BodyParameter $params $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).Id } $groupId = (Get-MgBetaGroup | Where-object {$_.displayname -eq $GroupName}).Id $params = @{ templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b" values = @( @{ name = "EnableGroupCreation" value = $AllowGroupCreation } @{ name = "GroupCreationAllowedGroupId" value = $groupId } ) } Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $params (Get-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID).ValuesAdd or Remove a user from local computer groups
Remove-LocalGroupMember -Group "GROUP-NAME-HERE" -Member "AzureAD\user@xenter.io"Add-LocalGroupMember -Group "GROUP-NAME-HERE" -Member "AzureAD\user@xenter.io"Add, Remove, or Modify permissions on an Exchange calendar
Import-Module ExchangeOnlineManagement Connect-ExchangeOnlineCheck all permissions on a user calendar
Get-MailboxFolderPermission -Identity "user@xenter.io:\Calendar"Add permissions to a target users calendar, permissions are
AvailabilityOnlyLimitedDetailsReviewerEditorAdd-MailboxFolderPermission -Identity "calendar_owner@xenter.io:\Calendar" -User "editor_user@xenter.io" -AccessRights EditorModify a user with preexisting permissions
Set-MailboxFolderPermission -Identity "calendar_owner@xenter.io:\Calendar" -User "editor_user@xenter.io" -AccessRights EditorRemove calendar permissions
Remove-MailboxFolderPermission -Identity "calendar_owner@xenter.io:\Calendar" -User "editor_user@xenter.io"Enable Automatic Windows 11 Time Sync
Must be done in an administrative powershell prompt
Check status of w32time
Get-Service w32timeIf the process is not running, set it to run at boot then restart it
Set-Service -Name w32time -StartupType Automatic
Restart-Service w32timeForce a time resync
w32tm /resyncCheck configuration & status of w32t
w32tm /query /status
w32tm /query /configuration