Azure Web App: Free Space Check, User Removal Scripts

Azure Active Directory e1669806470430

IT Tips & Insights: A Softensity DevOps Engineer shares useful scripts that can save you time and hassle in Azure Web App. 

By Oleg Shalnov, DevOps Engineer

Have you ever received the following message in Microsoft’s Azure Web App?

When you get this message, it can be difficult to understand what folder is causing the warning, and where. Of course you can install an extension and check free space, but it will require web app restart, which is not always possible:

So I wrote a pretty easy PowerShell script that will help you:
gci -force ‘d:\home\’-ErrorAction SilentlyContinue | ? { $_ -is [io.directoryinfo] } | % { $len = 0 ; gci -recurse -force $_.fullname -ErrorAction SilentlyContinue | % { $len += $_.length }; $_.fullname, ‘{0} MB’ -f ($len / 1Mb)}

You can change the folder name for a different target. Have fun with Azure Web App! 

What should you do about users who no longer need access?
Ever wonder what to do about users who leave? Try the following: custom PowerShell script + windows scheduler. This script will find all disabled users, change the password to random, remove them from all groups, move users to special OU and change the default group to special (I created this group manually):

# Target OU

$TargetOU = “OU=DisabledUsers,OU=Office365,OU=Employees”

#Search for disabled users

$DisabledUsers = (Get-ADUser -SearchBase “OU=Office365,OU=Employees,OU=Accounts,DC=corp” -SearchScope OneLevel -Filter {Enabled -eq $false})

#1. Generate Random Password for Disabled Users

#2. Change password for disabled users to random

#3. Add users to a special group

$Group = Get-ADGroup “CN=Disabled Users,CN=Users,DC=corp” -Properties @(“primaryGroupToken”)

#4. Remove disabled users from all groups and change the default group to Disabled Users (a special group with “no access to anything”)

#5. Move them to DisabledUsers OU

foreach ($DisabledUser in $DisabledUsers)

{

function Get-RandomCharacters($length, $characters) {

$random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }

$private:ofs=””

return [String]$characters[$random]

}

function Scramble-String([string]$inputString){

$characterArray = $inputString.ToCharArray()

$scrambledStringArray = $characterArray | Get-Random -Count $characterArray.Length

$outputString = -join $scrambledStringArray

return $outputString

}

$password = Get-RandomCharacters -length 9 -characters ‘abcdefghiklmnoprstuvwxyz’

$password += Get-RandomCharacters -length 3 -characters ‘ABCDEFGHKLMNOPRSTUVWXYZ’

$password += Get-RandomCharacters -length 4 -characters ‘1234567890’

$password += Get-RandomCharacters -length 4 -characters ‘!”§$%&/()=?}][{@#*+’

Set-ADAccountPassword -Identity $DisabledUser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)

Add-ADGroupMember -Identity ‘Disabled Users’ -Members $DisabledUser

Set-ADUser -Identity $DisabledUser -Replace @{primarygroupid=$group.primaryGroupToken}

Start-Sleep -s 5

Get-AdPrincipalGroupMembership -Identity $DisabledUser | Where-Object -Property Name -Ne -Value ‘Disabled Users’ | Remove-AdGroupMember -Members $DisabledUser -Confirm:$false

Move-ADObject -Identity $DisabledUser.distinguishedName -TargetPath $TargetOU

}

I hope you find these scripts useful!

Bio

 

Hey All, I’m an Azure Infrastructure Architect here at Softensity. I have more than 10 years of experience with Azure and Microsoft365, and more than 15 with Microsoft. The last few years I’ve been helping customers with migration to Azure Cloud, specifically to develop, build, create and secure a cloud journey.

 

Join Softensity’s Team