If you need to change a synced AD account with an Exchange Online mailbox into a cloud-only user, these are the steps you need to take:

Move the user to an OU that is not synced by AD Connect and run a delta sync on the AD Connect server (or wait for 30 minutes):

Start-ADSyncSyncCycle -PolicyType Delta

The mailbox is now in the "Soft deleted" state, which means that it is deleted but can be restored within 30 days. To view the soft deleted mailbox run this command:

Connect-ExchangeOnline

Get-Mailbox -SoftDeletedMailbox user@ajni.it | fl guid

Now link the deleted mailbox with the cloud-only user. The cloud-only user has already been created in my case. You will need to insert the user's password in order to proceed.

New-Mailbox -InactiveMailbox 7fb16ffd-cf3a-42ef-a9d3-e0293f5ef6c2 -Alias cloudOnlyUser -MicrosoftOnlineServicesID cloudOnlyUser@ajni.onmicrosoft.com

Afterwards you can either assign a license to the user or convert that mailbox into a shared mailbox which does not need a license.

Normally, with an Office 365 mailbox, you can only send mails with the primary email address. Sending from aliases was not allowed. Microsoft recently rolled out this feature which can be enabled through Exchange Online PowerShell:

Connect-ExchangeOnline

To view the current settings:

Get-OrganizationConfig | fl SendFromAlias*

To enable the feature:

Set-OrganizationConfig -SendFromAliasEnabled $true

To view the settings again:

Get-OrganizationConfig | fl SendFromAlias*

References:

https://lazyadmin.nl/office-365/send-from-alias/

If you ever need to copy NTFS permissions of a folder, there is a quick PowerShell one-liner that will save your day:

Get-Acl C:\SourceFolder| Set-Acl D:\DestinationFolder

Have fun!

If you are using Citrix MCS with Azure VMs, you might have noticed that not all the VM SKUs are available to select when creating a new Machine Catalog. With PowerShell, though, you can use any Azure VM SKUs.

If you are using Citrix Cloud, you have to download and install the Citrix Powershell SDK and login with your Citrix credentials. Optionally you could download an API client and authenticate with those credentials.

The secure client can be downloaded under Identity and Access Management > API Access > Create client. The customer id will also be shown on that page.

You authenticate with the API client this way:

Set-XDCredentials -CustomerId "customername" -SecureClientFile "C:\temp\secureclient.csv" -ProfileType CloudAPI

Otherwise, without API credentials, after executing the first command, you will be asked to insert your Citrix credentials:

Now the commands to change the Citrix MCS VM type.

Get-ProvScheme -ProvisioningSchemeName "CatalogName"

Take note of the folder name after XDHYP:\HostingUnits\ under MasterImageVM.

This command will register the virtual drive XDHYP:\ in PowerShell:

Set-HypAdminConnection

Insert that folder name in this command:

Set-ProvScheme –ProvisioningSchemeName "CatalogName" –ServiceOffering "XDHyp:\HostingUnits\Foldername\serviceoffering.folder\Standard_NV4as_v4.serviceoffering"

Delete and re-create the VM. The right VM type will be then used.

Saving credentials and secrets inside your code is a very bad idea and should be avoided. PowerShell has built-in commands to export and import encrypted data in your code.

There might be a lot of ways to achieve this, but this is how I like to do it. This is very elegant and easy to implement.

Let’s say we have a secret password that we want to secure and avoid saving in the source code.

$secretPW = "SecretPassword" | ConvertTo-SecureString -AsPlainText -Force

We can export this variable to an encrypted XML file with

$secretPW | Export-Clixml -Path .\secret.xml

The password is not human readable:

To import this file use

$secretPW = Import-Clixml -Path .\secret.xml

The plain-text password can be obtained through (I had to split the command into two lines)

[System.Runtime.InteropServices.Marshal]::
PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secretPW))

Just outputting the variable won’t show the password, because the variable is a System.Security.SecureString object.

Credentials can also be saved this way:

$credentials = Get-Credential

You can show the plain-text password with

$credentials.GetNetworkCredential().password

$credentials | Export-Clixml -Path .\credentials.xml

Only the username is shown in clear text.

Same thing again with the import

$credentials = Import-Clixml -Path .\credentials.xml

$credentials.GetNetworkCredential().password

The password can be decrypted by the same user that created the XML file on that specific computer.

References:

https://devblogs.microsoft.com/scripting/decrypt-powershell-secure-string-password/

https://pscustomobject.github.io/powershell/functions/PowerShell-SecureString-To-String/