Microsoft Powershell is everywhere these days. Almost every major Microsoft platform has been including support for Powershell for years and, in some cases, there is no longer a GUI forwhen you need to get certain things done. Thanks to the simplicity of Powershell, it is not just something that is reserved for the IT department. Lots of other departments within law firms or corporations can find something that is useful for them too. In this article we will cover some basic Powershell concepts and then explore some examples of where it can be helpful for system administrators and non-IT folks.
Microsoft PowerShell is a scripting language that allows data, processes, and applications to be queried or modified within Microsoft Operating Systems. The strength of PowerShell lies in its ability to interact with information. One way to approach PowerShell is to think of everything as objects. User accounts, computer objects, servers, virtual machines, and a simple string - all of these things can easily be touched by Powershell and, once you have those objects, you can then get information regarding them and make changes to that information. Since you can quickly grab large groups of objects, Powershell is a very easy way to make widespread changes in your environment in seconds instead of accomplishing the same thing through hours of clicking through different boxes and pop-ups in traditional tools.
PowerShell commands usually follow a verb-noun format, although this can deviate from time to time. Since users and groups are what we look at most frequently, let’s look at some examples for those objects. For example,
Get-ADGroup
will pull back information about a group stored within Active Directory. If you have secured a resource to a specific group in Active Directory and wanted to see who had access to that resource then you could query the group with the following command, where [group name] is the name of the group to be pulled back.
Get-ADGroupMember –identity [group name]
Once this group is retrieved from Active Directory, this group’s properties then can be viewed to see more information. The Get-ADGroupMember command will show all the members of a group. In this case, we have an object that has a list of user objects. Each group member is an object itself. Each one of these objects has its own abilities and features. Technically these can be referred to as methods and properties. A method on an object is an action that an object performs, while a property of an object describes what the object has. With the user objects we can see properties like distinguishedName, name, etc.
Now we have user objects that we can use to obtain more information about a given user. The user objects login ID, technically known as the samAccountName property, could then be used to retrieve more detailed information about the user, such as when the user was created, if the password is currently expired, or what the email address is.
The email address is an important property of a user. The email address these days is more often used as a login ID to a given system on the Internet. Another name for a login ID that follows an internet style format is called a Universal Principal Name, or UPN. The UPN is usually the same as the email address property of a user account within Active Directory. Office 365 uses email addresses, or technically UPNs, for people to log into their O365 environments in the cloud. Sometimes the UPN needs to change to reflect a company’s proper domain name. Initially, a company will start out with a login ID or UPN to log onto Office 365 using @company.onmicrosoft.com. For people to remember to add “.onmicrosoft.com” to their login ID may be confusing sometimes; whereas using company.com is easier to recall.
Office 365 and PowerShell offer a way to change a user’s UPN from @company.onmicrosoft.com to @company.com. With PowerShell, there are extra commands that can be used, or loaded into a script, that extend the functionality of the scripting language. These are called modules, and there is a module specific for Office 365. The Office 365 PowerShell module allows for connectivity to an O365 tenant and, further more, modification of data within that tenant, if given the necessary permissions.
Once the Office 365 PowerShell module is loaded, a “Connect-MsolService” command is used to connect to the O365 tenant. After the connection has been successfully made, all users can then be queried using “Get-MsolUser –All” and stored in an object that will later be used to cycle through. From this point, each user object’s UPN would be checked and if it’s set to @company.onmicrosoft.com this would then be changed to @company.com.
Within Legal, data pertaining to a specific client or matter could be queried using PowerShell. Since Powershell can query information from SQL databases. Say for instance, if the status of a matter is stored in a database, this information could be pulled up using a few lines of PowerShell .
From pulling back basic information about users and groups within Active Directory to connecting to Microsoft Cloud services, PowerShell offers a wide range of functionality that can be used both by non-IT and IT professionals. Let us now explore what non-IT professionals can consider doing with PowerShell, especially within the corporate law department environment. PowerShell can be used to help with migration to the Office 365 e-discovery center, targeted collections, access governance, reporting, legal holds and more.
First, as companies move to Office 365, data will likely be in a hybrid environment until the migration is complete. PowerShell scripts can be used to see who has access to on-premise SharePoint sites or other data repositiories, both on-premise and in Office 365 (GetFolderSearchParameters.ps1). This can be helpful when needing to know what a particular user has access to, especially if doing targeted collections. PowerShell scripts can also be used to automate the migration of legal hold cases to the Office 365 e-discovery center as well as adding users to new matters after migration. This is not an easy process, but can be done (see the following Microsoft article - Use a script to add users to a hold in an eDiscovery case in the Office 365 Security & Compliance Center).
Once migration is complete, PowerShell scripts can be written to check who is on hold. Further, while Office 365 e-discovery does not have a legal hold notification function, PowerShell can be used to notify users being put on hold by using a script that sends an email template containing the hold notice language to the user.
PowerShell can also be used for compliance and reporting. Every action taken in the e-discovery center is logged and auditable. Thus, audit logs can be used as reports and to keep an eye on compliance. Use PowerShell to run reports on audit log actions that are relevant to an established compliance program. Scripts can also be written to notify e-discovery center administrators whenever a new user is added. PowerShell can also assist with GDPR compliance by using a script to find out the geo location of where data is stored for further action, if necessary.
While non-IT professionals will still need someone to write the PowerShell scripts for them if they do not know how, this look at PowerShell within corporate law departments should get everyone thinking how it can be used to make their jobs easier. What could PowerShell do for you?
--------- Co Authored with Ben Hubble with The Wendy's Company
#Microsoft#ApplicationInterfacesandDeployment