15 March 2019

Install RSAT for Windows Server 2019 and Windows 10 with PowerShell

Windows Server 2019

Run the cmdlet below with the -whatif switch to check what will is allready installed and will be installed:
Install-WindowsFeature -IncludeAllSubFeature RSAT -WhatIf
Get-WindowsFeature -Name RSAT* | where 'install state' -NE Installed
To install all the tools run the cmdlet below:
Install-WindowsFeature -IncludeAllSubFeature RSAT
Install-WindowsFeature -Name RSAT -IncludeAllSubFeature -IncludeManagementTools


Check whether RSAT components are installed on your computer:
Get-WindowsCapability -Name RSAT* -Online
View the status of installed RSAT components in a easy view:
Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, State
You can use the Add-WindowsCapacity cmdlet to install these Windows features.
To install a specific RSAT tool, such as AD management tools (including the ADUC console), run the command:
Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~”
To install the DNS management console only, run:
Add-WindowsCapability –online –Name “Rsat.Dns.Tools~~~~”
And all the other single install options:
Add-WindowsCapability -Online -Name Rsat.FileServices.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.GroupPolicy.Management.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.IPAM.Client.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.LLDP.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.NetworkController.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.NetworkLoadBalancing.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.BitLocker.Recovery.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.CertificateServices.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.DHCP.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.FailoverCluster.Management.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.RemoteAccess.Management.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.RemoteDesktop.Services.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.ServerManager.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.Shielded.VM.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.StorageMigrationService.Management.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.StorageReplica.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.SystemInsights.Management.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.VolumeActivation.Tools~~~~
Add-WindowsCapability -Online -Name Rsat.WSUS.Tools~~~~
To install all the available RSAT tools at once, run:
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
To install only disabled RSAT components, run:
Get-WindowsCapability -Online |? {$_.Name -like "*RSAT*" -and $_.State -eq "NotPresent"} | Add-WindowsCapability -Online
If installing RSAT you encounter an error Add-WindowsCapability failed.
Error code = 0x800f0954, most likely your computer is configured to receive updates from the internal WSUS or SUP server.

To install RSAT components, you need to temporarily disable the update from the WSUS server in the registry.
Open the registry key HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU and change the UseWUServer to 0 and restart the Update Service.

Or run this script:
$currentWU = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" | select -ExpandProperty UseWUServer
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" -Value 0            
Restart-Service wuauserv            
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online            
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" -Value $currentWU
Restart-Service wuauserv

error code: dlg_flags_sec_cert_cn_invalid - The hostname in the website's certificate differs from the website you are trying to visit

This was one error that I couldn't find a definitive answer for after searching the error:

error code: dlg_flags_sec_cert_cn_invalid - The hostname in the website's certificate differs from the website you are trying to visit

Long story short, in my case this came down to the "Common name" or "CN" in the certificate.
I had created the cert with a CN and some SAN names like so:



Internet Explorer 11, Edge, Chrome and Firefox all tripped over the Common name.
If I typed in the browser: "https://application" the error did not appear. So my conclusion is that the webserver doesn't interpret the domain suffix stated in the common name.

So I recreated the certificate with the Common name: "application".
Binded it in IIS, iisrestart and reloaded the site in IE and behold no more errors.

04 March 2019

Install Office365 requirements with PowerShell - SkypeOnline - ExchangeOnline - AzureAD - SharepointOnline - Teams PowerShell modules

Updated - 04-03-2019

  • Added Teams PowerShell module
  • Added AZ PowerShell module
  • Added InTune PowerShell module
  • Added StaffHub PowerShell module

I came across a script by Chris Goosen to connect to all of the Office 365 services via PowerShell.
When I tried to run it errors were flying everywhere.
All of the requirements were missing on my system.

So that's what I came up with, a one stop way to get all of those requirements in one single go.
Install Office365 PowerShell Prerequisites
Downloads and installs the AzureAD, Sharepoint Online, Skype Online for Windows PowerShell

.Made by 
Edwin van brenk


Function InstallSharepointOnlinePowerShellModule() {

$SharepointOnlinePowerShellModuleSourceURL = "https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_8525-1200_x64_en-us.msi"

$DestinationFolder = "C:\Temp"

     If (!(Test-Path $DestinationFolder))
         New-Item $DestinationFolder -ItemType Directory -Force
Write-Host "Downloading Sharepoint Online PowerShell Module from $SharepointOnlinePowerShellModuleSourceURL"

         Invoke-WebRequest -Uri $SharepointOnlinePowerShellModuleSourceURL -OutFile "$DestinationFolder\SharePointOnlineManagementShell_7414-1200_x64_en-us.msi" -ErrorAction STOP

$msifile = "$DestinationFolder\SharePointOnlineManagementShell_7414-1200_x64_en-us.msi"
$arguments = @(

Write-Host "Attempting to install $msifile"

         $process = Start-Process -FilePath msiexec.exe -Wait -PassThru -ArgumentList $arguments
         if ($process.ExitCode -eq 0)
             Write-Host "$msiFile has been successfully installed"
             Write-Host "installer exit code  $($process.ExitCode) for file  $($msifile)"

         Write-Host $_.Exception.Message


# Download and Install Visual Studio C++ 2017            
$VisualStudio2017x64URL = "https://download.visualstudio.microsoft.com/download/pr/11687625/2cd2dba5748dc95950a5c42c2d2d78e4/VC_redist.x64.exe"            
Write-Host "Downloading VisualStudio 2017 C++ from $VisualStudio2017x64"             
$DestinationFolder = "C:\Temp"            
Invoke-WebRequest -Uri $VisualStudio2017x64URL -OutFile "$DestinationFolder\VC_redist.x64.exe" -ErrorAction STOP            
Write-Host "Attempting to install VisualStudio 2017 C++, a reboot is required!"            
Start-Process "$DestinationFolder\VC_redist.x64.exe" -ArgumentList "/passive /norestart" -Wait            
Write-Host "Attempting to install VisualStudio 2017 C++"             
# Download and Install Skype Online PowerShell module            
$SkypeOnlinePowerShellModuleSourceURL = "https://download.microsoft.com/download/2/0/5/2050B39B-4DA5-48E0-B768-583533B42C3B/SkypeOnlinePowerShell.Exe"
$DestinationFolder = "C:\Temp"
     If (!(Test-Path $DestinationFolder))
         New-Item $DestinationFolder -ItemType Directory -Force

Write-Host "Downloading Skype Online PowerShell Module from $SkypeOnlinePowerShellModuleSourceURL"
Invoke-WebRequest -Uri $SkypeOnlinePowerShellModuleSourceURL -OutFile "$DestinationFolder\SkypeOnlinePowerShell.Exe" -ErrorAction STOP
Start-Process "$DestinationFolder\SkypeOnlinePowerShell.Exe" -ArgumentList "/quiet" -Wait             
# Register PSGallery PSprovider and set as Trusted source
Register-PSRepository -Name PSGallery -SourceLocation https://www.powershellgallery.com/api/v2/ -PublishLocation https://www.powershellgallery.com/api/v2/package/ 
-ScriptSourceLocation https://www.powershellgallery.com/api/v2/items/psscript/ -ScriptPublishLocation https://www.powershellgallery.com/api/v2/package/ -InstallationPolicy 
Trusted -PackageManagementProvider NuGet -ErrorAction SilentlyContinue            
Set-PSRepository -Name psgallery -InstallationPolicy trusted

# Install modules from PSGallery
Install-Module -Name AzureAD -Force
Install-Module -Name MSOnline -Force
Install-Module -Name AZ -Force
Install-Module -Name MicrosoftTeams -Force
Install-Module -Name Microsoft.Graph.Intune -Force
Install-Module -Name MicrosoftStaffHub -RequiredVersion 1.0.0-alpha -AllowPrerelease
# Manually install Exchange Online with MFA authentication support from the Exchange Online ECP            
Write-Host "Login, go to Hybrid and download the Exchange Online Powershell module"            
Start-Process https://outlook.office365.com/ecp/

Connect to all Azure & Office 365 services in one PowerShell window

We've all been there, when running some commandlets from Exchange online suddenly you need to switch to Sharepoint, AzureAD or Skype Online.

With this handy script you can connect to all services at once.
I personally always use the Exchange Online PowerShell module for this, as it will be updated when starting it so you always have the latest commandlets for Exchange Online.

There are some requirements that have to be met before hand:
  • .Net 4.5
  • Windows Management Framework 3.0 or 4.0
  • 64-bit version of Windows OS
Installed modules:
  • Azure Active Directory V2 module
  • SharePoint Online module
  • Skype for Business Online module
Execution policy needs to be at least "Remote Signed"

In the past I have created a script that installs all these requirements at once:
I try to keep this updated, so if anything fails leave me a comment.

Then you can run the lines below and connect to all the services in one PowerShell window.
Mind you, this is all for MFA enabled accounts.

# Azure Active Directory            
# SharePoint Online            
Connect-SPOService -Url https://domain-admin.sharepoint.com            
# Skype for Business Online            
Import-Module SkypeOnlineConnector            
$sfboSession = New-CsOnlineSession -UserName "username@domain.com" -OverrideAdminDomain domain.onmicrosoft.com            
Import-PSSession $sfboSession            
# Exchange Online            
Connect-Exopssession -UserPrincipalName username@domain.com            
# Microsoft Teams            
# AzureAD            
# Intune