Alan's sysadmin Blog

Working smarter not harder

Archive for the ‘Office 365’ Category

Bulk addition of Fortigate Firewall Addresses

Posted by Alan McBurney on September 24, 2015

During a recent Office 365 Exchange Hybrid project I had the need to lock down the on-premises Exchange servers to the Exchange Online IP addresses.

The published list from Microsoft is quite long and I didn’t fancy adding the address manually to the firewall, so I decided to use regex to edit the list into a format that I could then paste directly to the firewall via SSH.

I took the list from Microsoft and added this to NotePad++, where I then did a find and replace using the below Regex commands. (The inital list of IPs need to be in the format x.x.x.x/x for this to work properly)

Find
(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(/\d{2})

Replace
edit ExchangeOnline-$1.$2.$3.$4\nset subnet $1.$2.$3.$4$5\nnext\n

Using the above regex commands takes a list of IP’s in the format

23.103.160.0/20
23.103.224.0/19
40.96.0.0/16
40.97.0.0/16
40.98.0.0/16

and creates the necessary Fortigate commands

edit ExchangeOnline-23.103.160.0
set subnet 23.103.160.0/20
next

edit ExchangeOnline-23.103.224.0
set subnet 23.103.224.0/19
next

edit ExchangeOnline-40.96.0.0
set subnet 40.96.0.0/16
next

edit ExchangeOnline-40.97.0.0
set subnet 40.97.0.0/16
next

edit ExchangeOnline-40.98.0.0
set subnet 40.98.0.0/16
next

edit ExchangeOnline-40.99.0.0
set subnet 40.99.0.0/16
next

edit ExchangeOnline-40.100.0.0
set subnet 40.100.0.0/16
next

edit ExchangeOnline-40.101.0.0
set subnet 40.101.0.0/16
next

Once SSH’d onto the Fortigate, the command to create the object is

config firewall address

Then simply copy and paste the code from Notepad++ and the end result is as below.

2015-09-24_11-50-34

Posted in Exchange 2013, Exchange Online, FortiGate, Office 365 | Tagged: , , , | Leave a Comment »

Automating PowerShell Connection to Office 365

Posted by Alan McBurney on August 18, 2014

Connecting to Office 365 manually can be a bit of a chore especially if you need to do it on a regular basis, so why not automate the task.

Be sure the following components have been installed on your system before attempting this.

    • Azure Active Directory Module for Windows PowerShell
    • Microsoft Online Services Sign-In Assistant

In order to automate the task, credentials are exported to an XML file.

Get-Credential user@domain.com | Export-Clixml $env:USERPROFILE\Documents\MyO365Creds.xml

The cool thing about exporting the credentials used to connect to 365 using the Export-Clixml command is that the credentials are automatically encrypted within the file using DPAPI and can only by decrypted by the person who originally saved it.

image 

The final piece of the automation process is adding this into your PowerShell profile
First test to see if a profile exists

Test-Path $Profile

Running the above command will return either a True or False value.
True being that the profile exists, false that it doesn’t

If the return value is false then in order to create the profile run the code below

New-Item -Type File -Path $Profile

image

Once the profile exists, to open the Profile type

Notepad $Profile

Finally enter the following into your PowerShell profile. This will run every time you launch PowerShell

Import-Module MSOnline
$Cred = Import-Clixml $env:USERPROFILE\Documents\MyO365Creds.xml
Connect-MsolService -Credential $Cred

If you work with multiple office 365 accounts each one of these credentials can be represented by a variable within your PowerShell profile.

$Cust1Cred = Import-Clixml $env:USERPROFILE\Documents\Cust1O365Creds.xml
$Cust2Cred = Import-Clixml $env:USERPROFILE\Documents\Cust2O365Creds.xml
$Cust3Cred = Import-Clixml $env:USERPROFILE\Documents\Cust3O365Creds.xml

Typically I will omit the final line from the Profile to connect to the service.
Then its really simple to connect to a customers tenancy using

Connect-MSOLService –Credential $Cust1Cred

Posted in Office 365, PowerShell | Tagged: , , | Leave a Comment »