AZSBTools.psm1


#region Azure specific functions

#region Azure Storage

function Login-AZSubscription {

    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$LogFile 
    )
    
    Begin { }

    Process {
        $LoggedIn = $false
        if ($Login = Get-AzContext) {
            if ($Login.Account.Id -eq $LoginName -and $Login.Name -match $SubscriptionName) {
# Write-Log 'Already connected to Azure subscription',$SubscriptionName,'as',$LoginName Green,Cyan,Green,Cyan $LogFile
            } elseif (-not $LoggedIn) {
                Connect-AzAccount -Credential (Get-SBCredential $LoginName) | Out-Null # -Environment AzureCloud
                Write-Log 'Connected to Azure subscription',$SubscriptionName,'as',$LoginName Green,Cyan,Green,Cyan $LogFile
                try {
                    Get-AzSubscription -SubscriptionName $SubscriptionName -WA 0 -EA 1 | Set-AzContext | Out-Null
                    Write-Log ' Set Azure subscription context to',$SubscriptionName Green,Cyan $LogFile
                } catch {
                    Write-Log $PSItem.Exception.Message Magenta $LogFile
                    break
                }         
            }
        }          
    }

    End { Get-AzContext }
}

function Retry-OnRequest {

# Requires -Modules Azure, Azure.Storage
# Requires -Version 5

<#
 .SYNOPSIS
  Function to retry storage requests when encountering temporary/transient errors
 
 .DESCRIPTION
  Function to retry storage requests when encountering temporary/transient errors,
  like network errors, or storage server busy errors
 
 .PARAMETER Action
  This is a script block to get the block list of a given BLOB
  This is invoked by this function
  Example:
    $action = {
        param ($requestOption)
        return $Blob.ICloudBlob.DownloadBlockList([Microsoft.WindowsAzure.Storage.Blob.BlockListingFilter]::All, $null, $requestOption)
    }
  where $Blob is a Microsoft.WindowsAzure.Commands.Common.Storage.ResourceModel.AzureStorageBlob object
  that can be obtained from the Get-AzureStorageBlob cmdlet for example
 
 .PARAMETER TimeOutInMinutes
  This is the time span in minutes on which the Microsoft.WindowsAzure.Storage.RetryPolicies.ExponentialRetry object is configured
  This is an optional parameter. Default is (New-TimeSpan -Minutes 15)
 
 .PARAMETER maxRetryCountOnException
  This is the maximum number of times the function will retry the call.
  This is an optional parameter. Default is 3 times
 
 .EXAMPLE
    $action = {
        param ($requestOption)
        return $Blob.ICloudBlob.DownloadBlockList([Microsoft.WindowsAzure.Storage.Blob.BlockListingFilter]::All, $null, $requestOption)
    }
    $blocks = Retry-OnRequest $action
  where $Blob is a Microsoft.WindowsAzure.Commands.Common.Storage.ResourceModel.AzureStorageBlob object
  that can be obtained from the Get-AzureStorageBlob cmdlet for example
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros, based on script by Emma Zhu - Microsoft/ShangHai - emmazhu@microsoft.com
  v0.1 - 5 December 2018
#>


    param(
        [Parameter(Mandatory=$true)]$Action,
        [Parameter(Mandatory=$false)][System.TimeSpan]$TimeOutInMinutes = (New-TimeSpan -Minutes 15),
        [Parameter(Mandatory=$false)][Int16]$maxRetryCountOnException = 3
    )
    
    Begin { }

    Process {
        $requestOption = @{
            RetryPolicy = (New-Object -TypeName Microsoft.WindowsAzure.Storage.RetryPolicies.ExponentialRetry -ArgumentList @($TimeOutInMinutes, 10))
        }
        $shouldRetryOnException = $false   
        $retryCount = 0  

        do {
            try {
                return $Action.Invoke($requestOption)
            } catch {
                if ($_.Exception.InnerException -ne $null -And $_.Exception.InnerException.GetType() -Eq [System.TimeoutException] -And $maxRetryCountOnException -gt 0) {
                    $shouldRetryOnException = $true
                    $maxRetryCountOnException --
                    $retryCount ++
                    Write-Log 'retrying request.. #',$retryCount Yellow,Cyan
                } else {
                    $shouldRetryOnException = $false
                    throw
                }
            }
        } while ($shouldRetryOnException)
    }

    End { }
}

function Get-BlobBytes {

# Requires -Modules Azure, Azure.Storage
# Requires -Version 5

<#
 .SYNOPSIS
  Function to calculate the amount of storage used by a BLOB
 
 .DESCRIPTION
  Function to calculate the amount of storage used by a BLOB
 
 .PARAMETER Blob
  This is a Microsoft.WindowsAzure.Commands.Common.Storage.ResourceModel.AzureStorageBlob object
  that can be obtained from the Get-AzureStorageBlob cmdlet for example
 
 .PARAMETER IsPremiumAccount
  An optional Boolean (True/False) parameter that defaults to False
 
 .EXAMPLE
    $LoginName = 'samb@mydomain.com'
    $SubscriptionName = 'my azure subscription name'
    $StorageAccountName = 'mystorageacct'
 
    # Import-Module Azure, Azure.Storage, AZSBTools -DisableNameChecking
    Login-AzureRmAccount -Credential (Get-SBCredential $LoginName) | Out-Null # -Environment AzureCloud
    $Subsciption = Get-AzureRmSubscription -SubscriptionName $SubscriptionName -WA 0
    $Subsciption | Set-AzureRmContext | Out-Null
    Write-Log 'Connected to',$Subsciption.Name,'as',$LoginName Green,Cyan,Green,Cyan
 
    $StorageAccount = Get-AzureRmStorageAccount | where StorageAccountName -eq $StorageAccountName
    $IsPremiumAccount = ($StorageAccount.Sku.Tier -eq "Premium")
    Write-Log 'Processing storage account',$StorageAccount.StorageAccountName,'in RG',$StorageAccount.ResourceGroupName Green,Cyan,Green,Cyan
 
    $ContainerList = Get-AzureStorageContainer -Context $StorageAccount.Context
    $Container = $ContainerList | select -First 1
    Write-Log ' Processing container',$Container.Name Green,Cyan
 
    $BlobList = Get-AzureStorageBlob -Context $StorageAccount.Context -Container $Container.Name
    $Blob = $BlobList | select -First 1
    Write-Log ' Processing blob',$Blob.Name Green,Cyan -NoNewLine
 
    $SizeInBytes = Get-BlobBytes $Blob $IsPremiumAccount
    $myOutput = [PSCustomObject][Ordered]@{
        Name = $Blob.Name
        StorageAccount = $storageAccount.StorageAccountName
        Container = $Container.Name
        Type = $Blob.BlobType
        SizeInBytes = $SizeInBytes
        LastModified = $Blob.LastModified
    }
    Write-log $SizeInBytes,'bytes' Yellow,Cyan
 
    $myOutput | select Name,Type,StorageAccount,Container,
        @{n='SizeInGB';e={[Math]::Round($_.SizeInBytes/1GB,1)}},LastModified |
            sort SizeInGB -Descending | FL
 
    This example calculates the size of the first Blob in the first container of the provided storage account
 
 .EXAMPLE
    $LoginName = 'samb@mydomain.com'
    $SubscriptionName = 'my azure subscription name'
    $StorageAccountName = 'mystorageacct'
 
    # Import-Module Azure, Azure.Storage, AZSBTools -DisableNameChecking
    Login-AzureRmAccount -Credential (Get-SBCredential $LoginName) | Out-Null # -Environment AzureCloud
    $Subsciption = Get-AzureRmSubscription -SubscriptionName $SubscriptionName -WA 0
    $Subsciption | Set-AzureRmContext | Out-Null
    Write-Log 'Connected to',$Subsciption.Name,'as',$LoginName Green,Cyan,Green,Cyan
 
    $StorageAccount = Get-AzureRmStorageAccount | where StorageAccountName -eq $StorageAccountName
    $IsPremiumAccount = ($StorageAccount.Sku.Tier -eq "Premium")
    Write-Log 'Processing storage account',$StorageAccount.StorageAccountName,'in RG',$StorageAccount.ResourceGroupName Green,Cyan,Green,Cyan
 
    $BlobList = foreach ($Container in (Get-AzureStorageContainer -Context $StorageAccount.Context)) {
        Write-Log ' Processing container',$Container.Name Green,Cyan
        $Token = $Null
        do {
            $Blobs = Get-AzureStorageBlob -Context $StorageAccount.Context -Container $Container.Name -ContinuationToken $Token
            if ($Blobs -eq $Null) { break }
 
            if ($Blobs.GetType().Name -eq 'AzureStorageBlob') {
                $Token = $Null
            } else {
                $Token = $Blobs[-1].ContinuationToken
            }
 
            $Blobs | ForEach {
                Write-Log ' Processing blob',$_.Name Green,Cyan -NoNewLine
                $SizeInBytes = Get-BlobBytes $_ $IsPremiumAccount
                [PSCustomObject][Ordered]@{
                    Name = $_.Name
                    StorageAccount = $storageAccount.StorageAccountName
                    Container = $Container.Name
                    Type = $_.BlobType
                    SizeInBytes = $SizeInBytes
                    LastModified = $_.LastModified
                }
                Write-log $SizeInBytes,'bytes' Yellow,Cyan
            }
        } While ($Token -ne $Null)
    }
 
    $BlobList | select Name,Type,StorageAccount,Container,
        @{n='SizeInGB';e={[Math]::Round($_.SizeInBytes/1GB,1)}},LastModified |
            sort SizeInGB -Descending | FT -a
 
    This example calculates blob sizes for all blobs in all containers of the provided storage account
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros, based on script by Emma Zhu - Microsoft/ShangHai - emmazhu@microsoft.com
  v0.1 - 5 December 2018
#>

    param(
        [Parameter(Mandatory=$true)]$Blob,
        [Parameter(Mandatory=$false)][bool]$IsPremiumAccount = $false
    )

    Begin {
        if (-not ([System.Management.Automation.PSTypeName]'PageRange').Type) {
            Add-Type -TypeDefinition "
                public class PageRange {
                    public long StartOffset;
                    public long EndOffset;
                }
            "
 
        }
    }

    Process {
        # Base + blobname
        $blobSizeInBytes = 124 + $Blob.Name.Length * 2

        # Size of metadata
        $metadataEnumerator = $Blob.ICloudBlob.Metadata.GetEnumerator()
        while($metadataEnumerator.MoveNext()) {
            $blobSizeInBytes += 3 + $metadataEnumerator.Current.Key.Length + $metadataEnumerator.Current.Value.Length
        }

        if (-not $IsPremiumAccount) {
            if ($Blob.BlobType -eq [Microsoft.WindowsAzure.Storage.Blob.BlobType]::BlockBlob) {
                $blobSizeInBytes += 8
                
                $action = { # Default is Microsoft.WindowsAzure.Storage.Blob.BlockListingFilter.Committed. Need All
                    param ($requestOption) 
                    return $Blob.ICloudBlob.DownloadBlockList([Microsoft.WindowsAzure.Storage.Blob.BlockListingFilter]::All, $null, $requestOption) 
                } 
                $blocks = Retry-OnRequest $action 

                if ($blocks -eq $null) {
                    $blobSizeInBytes += $Blob.ICloudBlob.Properties.Length
                } else {
                    $blocks | ForEach { $blobSizeInBytes += $_.Length + $_.Name.Length }
                }  
            } elseif ($Blob.BlobType -eq [Microsoft.WindowsAzure.Storage.Blob.BlobType]::PageBlob) {
                # It could cause server time out issue when trying to get page ranges of highly fragmented page blob
                # Get page ranges in segment can mitigate chance of meeting such kind of server time out issue
                # See https://blogs.msdn.microsoft.com/windowsazurestorage/2012/03/26/getting-the-page-ranges-of-a-large-page-blob-in-segments/ for details.
                $pageRangesSegSize = 148 * 1024 * 1024L
                $totalSize = $Blob.ICloudBlob.Properties.Length
                $pageRangeSegOffset = 0
        
                $pageRangesTemp = New-Object System.Collections.ArrayList
                while ($pageRangeSegOffset -lt $totalSize) {
                    $action = {
                        param($requestOption) 
                        return $Blob.ICloudBlob.GetPageRanges($pageRangeSegOffset, $pageRangesSegSize, $null, $requestOption) 
                    }

                    Retry-OnRequest $action | ForEach { $pageRangesTemp.Add($_) }  | Out-Null
                    $pageRangeSegOffset += $pageRangesSegSize
                }

                $pageRanges = New-Object System.Collections.ArrayList
                foreach ($pageRange in $pageRangesTemp) {
                    if($lastRange -eq $Null) {
                        $lastRange = New-Object PageRange
                        $lastRange.StartOffset = $pageRange.StartOffset
                        $lastRange.EndOffset   =  $pageRange.EndOffset
                    } else {
                        if (($lastRange.EndOffset + 1) -eq $pageRange.StartOffset) {
                            $lastRange.EndOffset = $pageRange.EndOffset
                        } else {
                            $pageRanges.Add($lastRange)  | Out-Null
                            $lastRange = New-Object PageRange
                            $lastRange.StartOffset = $pageRange.StartOffset
                            $lastRange.EndOffset   =  $pageRange.EndOffset
                        }
                    }
                }

                $pageRanges.Add($lastRange) | Out-Null
                $pageRanges | ForEach { $blobSizeInBytes += 12 + $_.EndOffset - $_.StartOffset }
            } else {
                $blobSizeInBytes += $Blob.ICloudBlob.Properties.Length
            }

        } else {
            $blobSizeInBytes += $Blob.ICloudBlob.Properties.Length
        }        
    }

    End { $blobSizeInBytes }
}

function Get-ContainerBytes {

# Requires -Modules Azure, Azure.Storage
# Requires -Version 5

<#
 .SYNOPSIS
  Function to calculate container overhead storage size
 
 .DESCRIPTION
  Function to calculate container overhead storage size
 
 .PARAMETER Container
  This is an object of type Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer
  that can be obtained from the CloudBlobContainer property of the output object of
  the Get-AzureStorageContainer cmdlet - see example below
 
 .EXAMPLE
    $LoginName = 'samb@mydomain.com'
    $SubscriptionName = 'my subscription name'
    $StorageAccountName = 'mystorageacct'
 
    # Import-Module Azure, Azure.Storage, AZSBTools -DisableNameChecking
    Login-AzureRmAccount -Credential (Get-SBCredential $LoginName) | Out-Null # -Environment AzureCloud
    $Subsciption = Get-AzureRmSubscription -SubscriptionName $SubscriptionName -WA 0
    $Subsciption | Set-AzureRmContext | Out-Null
    Write-Log 'Connected to',$Subsciption.Name,'as',$LoginName Green,Cyan,Green,Cyan
 
    $StorageAccount = Get-AzureRmStorageAccount | where StorageAccountName -eq $StorageAccountName
    $IsPremiumAccount = ($StorageAccount.Sku.Tier -eq "Premium")
    Write-Log 'Processing storage account',$StorageAccount.StorageAccountName,'in RG',$StorageAccount.ResourceGroupName Green,Cyan,Green,Cyan
 
    Get-AzureStorageContainer -Context $StorageAccount.Context | foreach {
        Write-Log ' Calculating overhead bytes for container',$_.Name Green,Cyan -NoNewLine
        $ContainerOverheadBytes = Get-ContainerBytes -Container $_.CloudBlobContainer
        Write-Log $ContainerOverheadBytes,'bytes' Yellow,Cyan
    }
  This example calculate overhead bytes for all containers in the provided storage account
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros, based on script by Emma Zhu - Microsoft/ShangHai - emmazhu@microsoft.com
  v0.1 - 5 December 2018
#>

    param(
        [Parameter(Mandatory=$true)][Microsoft.WindowsAzure.Storage.Blob.CloudBlobContainer]$Container
    )

    Begin { }

    Process {
        # Base + name of container
        $ContainerOverheadBytes = 48 + $Container.Name.Length * 2

        # Get size of metadata
        $metadataEnumerator = $Container.Metadata.GetEnumerator()
        while($metadataEnumerator.MoveNext()) {
            $ContainerOverheadBytes += 3 + $metadataEnumerator.Current.Key.Length + $metadataEnumerator.Current.Value.Length
        }

        # Get size for SharedAccessPolicies
        $ContainerOverheadBytes += $Container.GetPermissions().SharedAccessPolicies.Count * 512
    }

    End { $ContainerOverheadBytes }
}

function Get-AzureRMDiskSpace {
<#
 .SYNOPSIS
  Function to obtain used disk space of one or more Azure VMs
 
 .DESCRIPTION
  Function to obtain used disk space of one or more Azure VMs
  This function calculates disk space of unmanaged disks only
  Microsoft charges for the entire allocated space of a managed disk regardless
  of how much is used, so finding the actual used size is irrelevent
 
 .PARAMETER AzureVM
  One or more of type Microsoft.Azure.Commands.Compute.Models.PSVirtualMachineList
  which can be obtained from the output of the AzureRM cmdlet Get-AzureRmVM
 
 .PARAMETER RetryCount
  This is an optional number between 0 and 99
  The cmdlet will retry the disks that fail to get used disk space amount that many times
 
 .EXAMPLE
    Login-AzureRmAccount -Credential (Get-SBCredential 'nam@domain.com') | Out-Null # -Environment AzureCloud
    Get-AzureRmSubscription -SubscriptionName 'my subscription anme' -WA 0 | Set-AzureRmContext | Out-Null
    $VMList = (Get-AzureRmVM -WA 0)[0..2]
    $DiskSpaceUsage = Get-AzureRMDiskSpace -AzureVM $VMList -RetryCount 1 -Verbose
    $DiskSpaceUsage | FT -a
 
. OUTPUTS
  PSCustom object (one for each disk) containing the following properties/example:
    VMName DiskName StorageAccount BlobName TotalSizeGB UsedSizeGB Source DateReported RetryCount
    ------ -------- -------------- -------- ----------- ---------- ------ ------------ ----------
    MigrationAdmin1 MigrationAdmin1 devgdisks756 MigrationAdmin104435.vhd 127 ? AzureStorage 8/8/2018 11:04 AM 5
    DEBCSV01 DEBCSV01 debcssa DEBCSV0120180802110039.vhd 32 3.96 AzureStorage 8/8/2018 10:49 AM 0
    DECEX16VO1 DECEX16VO1 decsa DECEX16VO120180403203752.vhd 127 30.33 AzureStorage 8/8/2018 10:50 AM 0
    DECEX16VO1 DECEX16VO1-DD1 decsa DECEX16VO1-DD1.vhd 40 ? AzureStorage 8/8/2018 11:06 AM 5
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 July 2018 - Known issue: not able to get used space of some disks, getting:
    $Blob.ICloudBlob.GetPageRanges(): Exception calling "GetPageRanges" with "0" argument(s):
    "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeLine=$true,ValueFromPipeLineByPropertyName=$true)]
            [Microsoft.Azure.Commands.Compute.Models.PSVirtualMachineList[]]$AzureVM,
        [Parameter(Mandatory=$false)][ValidateRange(0,99)][Int16]$RetryCount = 0
    )

    Begin { 
        $myOutput = @() 

        function Get-DiskBlobSize {
            [CmdletBinding(ConfirmImpact='Low')] 
            Param(
                [Parameter(Mandatory=$true)][PSCustomObject]$Disk,
                [Parameter(Mandatory=$true)][Microsoft.Azure.Commands.Compute.Models.PSVirtualMachineList]$VM
            )

            Write-Log 'Processing disk:' Green
            Write-Log ($Disk | Out-String).Trim() Cyan
            $StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $VM.ResourceGroupName -Name $Disk.StorageAccount
            $Blob = Get-AzureStorageBlob -Container vhds -Context $StorageAccount.Context -Blob $Disk.BlobName
            $blobSize  = 124 + $Blob.Name.Length * 2
            $blobSize += ($Blob.ICloudBlob.Metadata.Keys.Length   | measure -Sum).Sum
            $blobSize += ($Blob.ICloudBlob.Metadata.Values.Length | measure -Sum).Sum
            $PageRanges = $Blob.ICloudBlob.GetPageRangesAsync() # $Blob.ICloudBlob.GetPageRanges()
            Write-Verbose ($PageRanges | Out-String) 
            if ($PageRanges.Result) {                          
                $PageRanges.Result | foreach { $blobSize += 12 + $_.EndOffset - $_.StartOffset }
                [Math]::Round($blobSize/1GB,2)
            } else { 
                '?' 
            }
        }
    }

    Process {
        #region First run
        foreach ($VM in $AzureVM) {
            
            #region Get list of unmanaged VM disks
            $DiskList = @()
            if ($VM.StorageProfile.OsDisk.ManagedDisk) {
                Write-Log 'Disk',$VM.StorageProfile.OsDisk.Name,'is a managed disk, skipping..' Yellow,Cyan,Yellow
            } else {
                $DiskList += @($VM.StorageProfile.OsDisk | select Name,DiskSizeGB,
                    @{n='StorageAccount';e={$_.Vhd.Uri.Split('.')[0].Split('/')[2]}},
                    @{n='BlobName';e={$_.Vhd.Uri.Split('/')[-1]}})
            }
            foreach ($VMDisk in $VM.StorageProfile.DataDisks) {
                if ($VMDisk.ManagedDisk) {
                    Write-Log 'Disk',$VMDisk.Name,'is a managed disk, skipping..' Yellow,Cyan,Yellow
                } else {
                    $DiskList += $VMDisk | select Name,DiskSizeGB,
                        @{n='StorageAccount';e={$_.Vhd.Uri.Split('.')[0].Split('/')[2]}},
                        @{n='BlobName';e={$_.Vhd.Uri.Split('/')[-1]}}
                }
            }
            #endregion

            if ($DiskList) {
                Write-Log 'Calculating used disk space for',$DiskList.Count,'disk(s) of VM',$VM.Name Green,Cyan,Green,Cyan
                foreach ($Disk in $DiskList) {
                    $myOutput += [PSCustomObject][Ordered]@{
                        VMName         = $VM.Name
                        DiskName       = $Disk.Name
                        StorageAccount = $Disk.StorageAccount
                        BlobName       = $Disk.BlobName
                        TotalSizeGB    = $Disk.DiskSizeGB
                        UsedSizeGB     = Get-DiskBlobSize -Disk $Disk -VM $VM
                        Source         = 'AzureStorage'
                        DateReported   = Get-Date -Format g
                        RetryCount     = 0
                    }
                }
            }

        }
        #endregion

        #region Retries
        if ($RetryCount -gt 0) {
            foreach ($Retry in 1..$RetryCount) { 
                Write-Log 'Retry #',$Retry Cyan,Yellow
                foreach ($Disk in ($myOutput | where { $PSItem.UsedSizeGB -eq '?' })) {
                    $Disk.UsedSizeGB   = Get-DiskBlobSize -Disk $Disk -VM ($AzureVM | where { $Disk.VMName -eq $PSItem.Name })
                    $Disk.DateReported = Get-Date -Format g
                    $Disk.RetryCount   = $Retry
                }
            }
        }
        #endregion
    }

    End { $myOutput }
}

function Get-AzureStorageAccountList {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to get Azure storage accounts in a given subscription
 
 .DESCRIPTION
  Function to get Azure storage accounts in a given subscription
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .EXAMPLE
  Get-AzureStorageAccountList -LoginName 'sam.boutros@mydomain.com' -SubscriptionName 'my subscription name'
 
 .OUTPUTS
  This function returns a PS object for each Stprage Account containing the following properties/example:
    Name : maybcstorage
    Type : ARM-GPv1 # This is either ASM, ARM-GPv1, ARM-GPv2, or ARM-BlobOnly
    GeoReplication : Standard_RAGRS # This is either Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS
    Tier : Standard # This is either Standard (HDD) or Enhanced (SSD)
    ResourceGroup : myrs1
    Location : uksouth
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
  https://superwidgets.wordpress.com/2018/07/02/azure-storage-features-and-pricing-june-2018/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 24 October 2018
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        Get-AzResource | where ResourceType -Match 'storage' | foreach {
            [PSCustomObject][Ordered]@{
                Name           = $_.Name 
                Type           = $(
                    if ($_.ResourceType -eq 'Microsoft.ClassicStorage/storageAccounts') { 'ASM' } 
                    elseif ($_.ResourceType -eq 'Microsoft.Storage/storageAccounts') { 
                        if ($_.Kind -eq 'StorageV2') { 'ARM-GPv2' }
                        elseif ($_.Kind -eq 'BlobStorage') { 'ARM-BlobOnly' }
                        else { 'ARM-GPv1' }
                    }
                    else { '???' }
                )
                GeoReplication = $_.sku.name
                Tier           = $_.sku.tier
                ResourceGroup  = $_.ResourceGroupName
                Location       = $_.Location
            }
        }
    } 

    End {}
}

Function Delete-AzureRMUnattachedManagedDisks {

# Requires -Modules AzureRM,ImportExcel
# Requires -Version 5

<#
 .SYNOPSIS
  Function to delete Azure unused/unattached managed disks
 
 .DESCRIPTION
  Function to delete Azure unused/unattached managed disks
  This applies to ARM disks only not classic ASM disks
  This function depends on AzureRM and ImportExcel PowerShell modules available in the PowerShell Gallery
  To install: Install-Module AzureRM,ImportExcel
  This function has been tested to work with PowerShell version 5
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER OutputFile
  This is an optional parameter that specifies the path to output Excel file
  This defaults to a file in the current folder where the script is running
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Delete-AzureRMUnattachedManagedDisks -LoginName 'samb@mydomain.com' -SubscriptionName 'my Azure subscription name here'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 December 2018
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$false)][String]$OutputFile = ".\Unattached Managed Disk List - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').xlsx",
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Delete-AzureRMUnattachedManagedDisks - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        Login-AzureRmAccount -Credential (Get-SBCredential $LoginName) | Out-Null # -Environment AzureCloud
        try {
            Get-AzureRmSubscription -SubscriptionName $SubscriptionName -WA 0 -EA 1 | Set-AzureRmContext | Out-Null
            Write-Log 'Connected to Azure subscription',$SubscriptionName,'as',$LoginName Green,Cyan,Green,Cyan $LogFile
        } catch {
            Write-Log $PSItem.Exception.Message Yellow $LogFile
            break
        }
    }

    Process{

        $ManagedDisks = Get-AzureRmDisk

        if ($ManagedDisks) {
            Write-Log 'Identified',$ManagedDisks.Count,'managed disks' Green,Yellow,Green $LogFile
            $MDList = $ManagedDisks | foreach { 
                [PSCustomObject][Ordered]@{
                    DiskName      = $_.Name
                    SizeGB        = $_.DiskSizeGB
                    ResourceGroup = $_.ResourceGroupName
                    AttachedTo    = $_.ManagedBy
                }
            }
            Write-Log ($MDList | FT -a | Out-String).Trim() Cyan $LogFile
            $UnattachedMDList = $MDList | where {-not $_.AttachedTo }
            if ($UnattachedMDList) {
                Write-Log ' of which',$UnattachedMDList.Count,'disks are not attached to or used by any VM' Green,Yellow,Green $LogFile
                Write-Log ($UnattachedMDList | FT -a | Out-String).Trim() Yellow $LogFile
                
                Write-Log 'Exporting list of unattached managed disks to file',$OutputFile Green,Cyan $LogFile
                $UnattachedMDList | Export-Excel -Path $OutputFile -ConditionalText $(
                    ($UnattachedMDList | Get-Member -MemberType NoteProperty).Name | foreach { New-ConditionalText $_ White SteelBlue }
                ) -AutoSize -FreezeTopRowFirstColumn
                
                Write-Log 'Deleting',$UnattachedMDList.Count,'unattached managed disks' Green,Cyan,Green $LogFile -NoNewLine
                $Result = $UnattachedMDList | 
                    foreach { Remove-AzureRmDisk -ResourceGroupName $_.ResourceGroup -DiskName $_.DiskName -Force }
                Write-Log 'done, task details:' Cyan $LogFile
                Write-Log ($Result | FT -a | Out-String).Trim() Green $LogFile
            } else {
                Write-Log ' all of which are attached/used by VMs' Green $LogFile
            }
        } else {
            Write-Log 'No managed disks found' Green $LogFile
        }

    } 

    End { }
}

Function Remove-AzureUnmanagedDiskSnapshot {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to delete Azure disk snapshot(s) for unmanaged disks
 
 .DESCRIPTION
  Function to delete disk snapshot(s) for a given unmanaged disk
  This applies to unmanaged ARM disk snapshots only not classic ASM disks or managed ARM disks
  This function depends on Az PowerShell module available in the PowerShell Gallery
  To install required module: Install-Module Az
  This function has been tested to work with PowerShell version 5
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER StorageAccountName
  The Azure storage account name such as 'storfluxwidget3vm'
 
 .PARAMETER ContainerName
  The Container name such as 'Vhds'
 
 .PARAMETER BlobName
  The disk name such as 'Widget3VM-20181226-093810.vhd'
 
 .PARAMETER FromDate
  Snapshots with datetime stamp after this point and before the ToDate will be deleted
  Example: 1/1/2018, or 12/11/2018 11:00 AM
  If either ToDate or FromDate is not provided, all snapshots of the provided page blob will be deleted
 
 .PARAMETER ToDate
  Snapshots with datetime stamp before this point and after the FromDate will be deleted
  Example: 1/10/2018, or 12/12/2018 12:00 AM
  If either ToDate or FromDate is not provided, all snapshots of the provided page blob will be deleted
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  $ParameterList = @{
    LoginName = 'sam@dmain.com'
    SubscriptionName = 'my subscription name'
    StorageAccountName = 'storfluxwidget3vm'
    ContainerName = 'vhds'
    BlobName = 'Widget3VM-20181226-093810.vhd'
  }
  Remove-AzureUnmanagedDiskSnapshot @ParameterList
  This example deletes all snapshots of the provided disk
 
 .EXAMPLE
  $ParameterList = @{
    LoginName = 'sam@dmain.com'
    SubscriptionName = 'my subscription name'
    StorageAccountName = 'storfluxwidget3vm'
    ContainerName = 'vhds'
    FromDate = '1/1/2019'
    ToDate = Get-Date
    BlobName = 'Widget3VM-20181226-093810.vhd'
  }
  Remove-AzureUnmanagedDiskSnapshot @ParameterList
  This example deletes all snapshots of the provided disk from 1/1/2019 to now
 
 .EXAMPLE
    $LoginName = 'sam@dmain.com'
    $SubscriptionName = 'my subscription name'
    $DiskList = Get-AzureVMUnmanagedDisk -LoginName $LoginName -SubscriptionName $SubscriptionName -VMName (Get-AzVM).Name
    # By defining the $LogFile variable before the loop, we get to put all the logs in one file
    $LogFile = ".\Remove-AzureUnmanagedDiskSnapshot - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    $SnapShotList = foreach ($Disk in $DiskList) {
        $ParameterList = @{
            LoginName = $LoginName
            SubscriptionName = $SubscriptionName
            StorageAccountName = $Disk.StorageAccountName
            ContainerName = $Disk.ContainerName
            BlobName = $Disk.BlobName
            LogFile = $LogFile
        }
        Remove-AzureUnmanagedDiskSnapshot @ParameterList
    }
    This example lists all unmanaged disks of all ARM VMs in the given subscription, then deletes all their snapshots
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 December 2018
  v0.2 - 1 January 2019 - Rewrite based on Logan Zhao (zhezhao@microsoft.com) input regarding
         $storageContainer.CloudBlobContainer interface, and .CloudBlobContainer.ListBlobs() method
  v0.3 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$StorageAccountName,
        [Parameter(Mandatory=$true)][String]$ContainerName,
        [Parameter(Mandatory=$true)][String]$BlobName,
        [Parameter(Mandatory=$false)][String]$FromDate,
        [Parameter(Mandatory=$false)][String]$ToDate,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Remove-AzureUnmanagedDiskSnapshot - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process{

        #region Validate Input

        if ($StorageAccount = Get-AzStorageAccount | where StorageAccountName -EQ $StorageAccountName) {
            Write-Log 'Validated Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to find Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            break
        }
        if ($StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value) {
            Write-Log 'Acquired access key for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire access key for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        if ($Context = New-AzStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey) {
            Write-Log 'Acquired context for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire context for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        if ($Container = Get-AzStorageContainer -Context $Context -Name $ContainerName) {
            Write-Log 'Read Storage Container',$ContainerName,'under',$StorageAccountName Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to read Storage Container',$ContainerName,'under',$StorageAccountName Magenta,Yellow,Magenta,Yellow $LogFile 
            break
        }

        if ($FromDate) {
            if ($FromDate -as [DateTime]) {
                $FromDate = [DateTime]$FromDate
                Write-Log 'From Date received:',$FromDate Green,Cyan $LogFile
            } else {
                Write-Log 'Bad Date/Time format received as -FromDate:',$FromDate,'stopping' Magenta,Yellow,Magenta $LogFile
                break
            }
        } else {
            Write-Log 'No From Date received, deleting all snapshots named',$BlobName,'in',"$StorageAccountName\$ContainerName" Yellow,Cyan,Green,Cyan $LogFile
            $FromDate = [DateTime]'1/1/1900'
        }
        if ($ToDate) {
            if ($ToDate -as [DateTime]) {
                $ToDate = [DateTime]$ToDate
                Write-Log 'To Date received:',$ToDate Green,Cyan $LogFile
            } else {
                Write-Log 'Bad Date/Time format received as -ToDate:',$ToDate,'stopping' Magenta,Yellow,Magenta $LogFile
                break
            }
        } else {
            Write-Log 'No To Date received, deleting all snapshots named',$BlobName,'in',"$StorageAccountName\$ContainerName" Yellow,Cyan,Green,Cyan $LogFile
            $ToDate = Get-Date
        }

        if ( $SnapshotList = $Container.CloudBlobContainer.ListBlobs($BlobName, $true,'Snapshot') | where { $_.IsSnapShot } ) {
            Write-Log 'Identified',$SnapshotList.Count,'disk snapshots for the disk/page Blob',$BlobName Green,yellow,Green,Cyan $LogFile 
            Write-Log ' dated',($SnapshotList.SnapShotTime -join ', ') Green,Cyan $LogFile 
        } else {
            Write-Log 'No disk snapshots found for the disk/page Blob',$BlobName Magenta,Yellow $LogFile
        }

        #endregion

        #region Delete snapshots
        foreach ($Snapshot in $SnapshotList) {            
            if ( ($Snapshot.SnapshotTime -le $ToDate -and $Snapshot.SnapshotTime -ge $FromDate) -or $DeleteAll ) { 
                Write-Log 'Deleting Snapshot',$Snapshot.SnapshotTime Green,Cyan $LogFile -NoNewLine
                $Snapshot.Delete() 
                $Container = Get-AzStorageContainer -Context $Context -Name $ContainerName
                if ($Container.CloudBlobContainer.ListBlobs($BlobName, $true,'Snapshot') | where { $_.SnapshotTime -eq $Snapshot.SnapshotTime }) {
                    Write-Log 'failed' Yellow $LogFile
                } else {
                    Write-Log 'done' DarkYellow $LogFile
                }
            }
        }
        #endregion

    } 

    End { }
}

Function Get-AzureUnmanagedDiskSnapshot {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to get Azure disk snapshot for unmanaged disks
 
 .DESCRIPTION
  Function to get disk snapshots for a given unmanaged disk
  This applies to unmanaged ARM disk snapshots only not classic ASM disks or managed ARM disks
  This function depends on Az PowerShell module available in the PowerShell Gallery
  To install required module: Install-Module Az
  This function has been tested to work with PowerShell version 5
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER StorageAccountName
  The Azure storage account name such as 'storfluxwidget3vm'
 
 .PARAMETER ContainerName
  The Container name such as 'Vhds'
 
 .PARAMETER BlobName
  The disk name such as 'Widget3VM-20181226-093810.vhd'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  $ParameterList = @{
    LoginName = 'sam@dmain.com'
    SubscriptionName = 'my subscription name'
    StorageAccountName = 'storfluxwidget3vm'
    ContainerName = 'vhds'
    BlobName = 'Widget3VM-20181226-093810.vhd'
  }
  Get-AzureUnmanagedDiskSnapshot @ParameterList
  This example lists all snapshots of the provided disk
 
 .EXAMPLE
    $LoginName = 'sam@dmain.com'
    $SubscriptionName = 'my subscription name'
    $DiskList = Get-AzureVMUnmanagedDisk -LoginName $LoginName -SubscriptionName $SubscriptionName -VMName (Get-AzVM).Name
    # By defining the $LogFile variable before the loop, we get to put all the logs in one file
    $LogFile = ".\Get-AzureUnmanagedDiskSnapshot - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    $SnapShotList = foreach ($Disk in $DiskList) {
        $ParameterList = @{
            LoginName = $LoginName
            SubscriptionName = $SubscriptionName
            StorageAccountName = $Disk.StorageAccountName
            ContainerName = $Disk.ContainerName
            BlobName = $Disk.BlobName
            LogFile = $LogFile
        }
        Get-AzureUnmanagedDiskSnapshot @ParameterList
    }
    This example lists all unmanaged disks of all ARM VMs in the given subscription, then lists all their snapshots
 
 .OUTPUTS
  This function returns objects of type Microsoft.WindowsAzure.Storage.Blob.CloudPageBlob
  for each snapshot found that matches the provided storageaccount/container/blob parameters
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 2 January 2019
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$StorageAccountName,
        [Parameter(Mandatory=$true)][String]$ContainerName,
        [Parameter(Mandatory=$true)][String]$BlobName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Get-AzureUnmanagedDiskSnapshot - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process{

        #region Validate Input
        if ($StorageAccount = Get-AzStorageAccount | where StorageAccountName -EQ $StorageAccountName) {
            Write-Log 'Validated Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to find Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            break
        }
        if ($StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value) {
            Write-Log 'Acquired access key for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire access key for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        if ($Context = New-AzStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey) {
            Write-Log 'Acquired context for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire context for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        if ($Container = Get-AzStorageContainer -Context $Context -Name $ContainerName) {
            Write-Log 'Read Storage Container',$ContainerName,'under',$StorageAccountName Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to read Storage Container',$ContainerName,'under',$StorageAccountName Magenta,Yellow,Magenta,Yellow $LogFile 
            break
        }
        #endregion

        #region Get snapshots
        if ($SnapshotList = $Container.CloudBlobContainer.ListBlobs($BlobName, $true,'Snapshot') | where { $_.IsSnapShot } ) {
            Write-Log 'Identified',$SnapshotList.Count,'disk snapshots for the disk/page Blob',$BlobName Green,yellow,Green,Cyan $LogFile 
            Write-Log ' dated',($SnapshotList.SnapShotTime -join ', ') Green,Cyan $LogFile 
        } else {
            Write-Log 'No disk snapshots found for the disk/page Blob',$BlobName Magenta,Yellow $LogFile
        }
        #endregion

    } 

    End { $SnapshotList }
}

Function New-AzureUnmanagedDiskSnapshot {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to create Azure disk snapshot for unmanaged disks
 
 .DESCRIPTION
  Function to create disk snapshots for a given unmanaged disk
  This applies to unmanaged ARM disk snapshots only not classic ASM disks or managed ARM disks
  This function depends on Az PowerShell modules available in the PowerShell Gallery
  To install required module: Install-Module Az
  This function has been tested to work with PowerShell version 5
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER StorageAccountName
  The Azure storage account name such as 'storfluxwidget3vm'
 
 .PARAMETER ContainerName
  The Container name such as 'Vhds'
 
 .PARAMETER BlobName
  The disk name such as 'Widget3VM-20181226-093810.vhd'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  $ParameterList = @{
    LoginName = 'sam@domain.com'
    SubscriptionName = 'my subscription name'
    StorageAccountName = 'storfluxwidget4vm'
    ContainerName = 'vhds'
    BlobName = 'Widget4VM-20181226-093810.vhd'
  }
  New-AzureRMUnmanagedDiskSnapshot @ParameterList
  This example creates a new snapshot of the provided disk
 
 .OUTPUTS
  This function returns object of type Microsoft.WindowsAzure.Storage.Blob.CloudPageBlob for the snapshot created
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 2 January 2019
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$StorageAccountName,
        [Parameter(Mandatory=$true)][String]$ContainerName,
        [Parameter(Mandatory=$true)][String]$BlobName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\New-AzureUnmanagedDiskSnapshot - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process{

        #region Validate Input

        if ($StorageAccount = Get-AzStorageAccount | where StorageAccountName -EQ $StorageAccountName) {
            Write-Log 'Validated Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to find Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            break
        }
        if ($StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value) {
            Write-Log 'Acquired access key for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire access key for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        if ($Context = New-AzStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey) {
            Write-Log 'Acquired context for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log 'Unable to acquire context for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            break
        }
        
        if ($Blob = Get-AzStorageBlob -Container $ContainerName -Context $Context | Where { $_.Name -eq $BlobName -and (-not $_.ICloudBlob.IsSnapshot)}) {
            Write-Log 'Validated page blob/disk',$BlobName,'under',"$StorageAccountName\$ContainerName" Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'Page blob/disk',$BlobName,'not found under',"$StorageAccountName\$ContainerName" Magenta,Yellow,Magenta,Yellow $LogFile 
            break
        }

        #endregion

        #region New snapshot

        $SnapShot = $Blob.ICloudBlob.CreateSnapshot()

        #endregion

    } 

    End { $SnapShot }
}

function Get-AzureVMUnmanagedDisk {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to return unmanaged disk information of a given Azure VM
 
 .DESCRIPTION
  Function to return unmanaged disk information of a given Azure VM
  This function is intended for ARM disks and VMs not ASM
  This function is intended for unmanaged disks only
  It returns information on OS disk and data disks if any
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER VMName
  The name of the Virtual Machine
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Get-AzureRMVMUnmanagedDisk -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -VMName 'Widget3VM'
  This example lists the unmanaged disks of a given VM
 
 .EXAMPLE
  Get-AzureRMVMUnmanagedDisk -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -VMName (Get-AzureRMVM).Name | FT -a
  This example lists all unmanaged disks in the given subscription
 
 .OUTPUTS
  Array of PS Custom objects, one for each disk found with the following properties:
    BlobName
    ContainerName
    StorageAccountName
    VMName
    ResourceGroup ==> this is the Resource Group Name
    IsOSDisk ==> True/False
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 2 January, 2019 - original release and minor updates
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String[]]$VMName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Get-AzureVMUnmanagedDisk - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {

        #region Get VM List
        $AllVMs = Get-AzVM -WA 0 
        $VMList = @()
        foreach ($VMItem in $VMName) {
            if ($MatchingVMs = $AllVMs | where Name -EQ $VMItem) {
                $VMList += $MatchingVMs
                Write-Log 'Validated VM',$VMItem Green,Cyan $LogFile
            } else {
                Write-Log 'Unable to find VM',$VMItem,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            }
        }
        #endregion

        #region Get VM disks
        $DiskList = @()
        foreach ($VM in $VMList) {
            if ($VM.StorageProfile.OsDisk.Vhd.Uri) {
                $DiskName = Split-Path $VM.StorageProfile.OsDisk.Vhd.Uri -Leaf
                $DiskList += [PSCustomObject][Ordered]@{
                    BlobName           = $DiskName 
                    ContainerName      = (Split-Path $VM.StorageProfile.OsDisk.Vhd.Uri).Split('\')[3]
                    StorageAccountName = (Split-Path $VM.StorageProfile.OsDisk.Vhd.Uri).Split('\')[2].Split('.')[0]
                    VMName             = $VM.Name 
                    ResourceGroup      = $VM.ResourceGroupName 
                    IsOSDisk           = $true
                }
                Write-Log 'Identified VM',$VM.Name,'OS disk',$DiskName Green,Cyan,Green,Cyan $LogFile
            } else {
                Write-Log 'VM',$VM.Name,'OS disk is a Managed disk, skipping..' Magenta,Yellow,Magenta $LogFile    
            }

            if ($VM.StorageProfile.DataDisks) {
                foreach ($Disk in $VM.StorageProfile.DataDisks) {
                    if ($Disk.Vhd.Uri) {
                        $DiskName = Split-Path $Disk.Vhd.Uri -Leaf
                        $DiskList += [PSCustomObject][Ordered]@{
                            BlobName           = $DiskName
                            ContainerName      = (Split-Path $Disk.Vhd.Uri).Split('\')[3]
                            StorageAccountName = (Split-Path $Disk.Vhd.Uri).Split('\')[2].Split('.')[0]
                            VMName             = $VM.Name 
                            ResourceGroup      = $VM.ResourceGroupName 
                            IsOSDisk           = $false
                        }
                        Write-Log 'Identified VM',$VM.Name,'data disk',$DiskName Green,Cyan,Green,Cyan $LogFile
                    } else {
                        Write-Log 'VM',$VM.Name,'data disk',$DiskName,'is a Managed disk, skipping..' Magenta,Yellow,Magenta,Yellow,Magenta $LogFile    
                    }
                }
                
            } else {
                Write-Log 'VM',$VM.Name,'has no data disks, skipping..' Magenta,Yellow,Magenta $LogFile    
            }
        }
        #endregion

    } 

    End { $DiskList }
}

function Delete-AzBlobAndContainerAndAccount {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to delete an Azure Blob, its container if empty, and its storage account if empty
 
 .DESCRIPTION
  Function to delete an Azure Blob, its container if empty, and its storage account if empty
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 January 2019
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$StorageAccountName,
        [Parameter(Mandatory=$true)][String]$ContainerName,
        [Parameter(Mandatory=$true)][String]$BlobName,              
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Delete-AzBlobAndContainerAndAccount - $BlobName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        # Validate Azure access
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        $Go =$true
        if ($StorageAccount = Get-AzStorageAccount | where StorageAccountName -EQ $StorageAccountName) {
            Write-Log ' Identified Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log ' Unable to find Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            $Go = $false
        }
        if ($StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value) {
            Write-Log ' Acquired access key for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log ' Unable to acquire access key for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            $Go = $false
        }
        if ($Context = New-AzStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey) {
            Write-Log ' Acquired context for Storage Account',$StorageAccountName Green,Cyan $LogFile
        } else {
            Write-Log ' Unable to acquire context for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
            Write-Log $Error[0].Exception.Message Yellow $LogFile
            $Go = $false
        }

        try { 
            $Container = Get-AzStorageContainer -Context $Context -Name $ContainerName -EA 1 
            Write-Log ' Read Storage Container',$ContainerName,'under',$StorageAccountName Green,Cyan,Green,Cyan $LogFile

            #region Delete Blob(s)
            if ($BlobList = $Container.CloudBlobContainer.ListBlobs() | where Name -Match $BlobName) {
                foreach ($Blob in $BlobList) {
                    Write-Log ' Deleting Blob',$Blob.Name Green,Yellow $LogFile
                    $Blob.Delete()
                }
                $Container = Get-AzStorageContainer -Context $Context -Name $ContainerName -EA 1 
                if ($BlobList = $Container.CloudBlobContainer.ListBlobs() | where Name -Match $BlobName) {
                    Write-Log ' Failed to delete 1 or more blobs' Magenta $LogFile
                } else {
                    Write-Log ' Blob deletion successful' Cyan $LogFile
                }
            } else {
                Write-Log ' Blob',$BlobName,'not found in',"$StorageAccountName/$ContainerName" Magenta,Yellow,Magenta,Yellow $LogFile
            } 
            #endregion

            #region Delete container if empty
            if ($BlobList = $Container.CloudBlobContainer.ListBlobs()) {
                Write-Log ' Container',$ContainerName,'is not empty - skipping, it has the following blobs:' Green,Yellow,Green $LogFile
                $BlobList | foreach { Write-Log " $($_.Name)" Cyan $LogFile } 
            } else {
                Write-Log ' Deleting empty container',$ContainerName Green,Yellow $LogFile -NoNewLine
                try {
                    $Result = $Container | Remove-AzureStorageContainer -PassThru -Force -EA 1 
                    Write-Log 'done' DarkYellow $LogFile
                } catch {
                    Write-Log 'failed' Magenta $LogFile
                }
            } 
            #endregion
                                      
        } catch {
            Write-Log ' Unable to read Storage Container',$ContainerName,'under',$StorageAccountName Magenta,Yellow,Magenta,Yellow $LogFile 
        } 

        #region Delete Storage Account if empty
        if ($Go) {                    
            if ($ContainerList = Get-AzStorageContainer -Context $Context) {
                Write-Log ' Storage account',$StorageAccountName,'is not empty - skipping, currently has the following container(s)' Cyan,Yellow,Cyan $LogFile
                $ContainerList.Name | foreach { Write-Log " $_" Green $LogFile }
            } else {
                Write-Log 'Deleting empty Storage Account',$StorageAccountName Green,Cyan $LogFile -NoNewLine
                $StorageAccount | Remove-AzStorageAccount -Force
                Write-Log 'done' Green $LogFile
            }
        } 
        #endregion
    }

    End {  }
}

function Delete-AzVM {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to delete an Azure ARM VM and all its objects
 
 .DESCRIPTION
  Function to delete an Azure ARM VM and all its objects including:
  - Boot Diagnostics blob(s), storage container, storage account if empty
  - VM object
  - OS disk, storage container if ampty, storage account if ampty
  - Data disk(s) if any, storage container(s) if ampty, storage account(s) if ampty
  - VM NIC(s)
  - VM public IP objects if any
  NSG's are not deleted by this function since they may be linked to many NICs
  This function will not delete a running VM by design
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER VMName
  The name of one or more ARM Virtual Machines
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Delete-AzVM -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -ARMVMName 'Widget3VM'
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 January 2019
  v0.2 - 24 May 2019 - Updated to use AZ module instead of AzureRM module
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$VMName,   
        [Parameter(Mandatory=$false)][String]$ResourceGroupName,   
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Delete-AzVM - $VMName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        # Validate Azure access, Input
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }

        Try {
            $StorageAccountList = Get-AzStorageAccount -EA 1 
            if (-not $StorageAccountList) {
                Write-Log 'No storage accounts found' Magenta $LogFile; Break
            }
        } catch {
            Write-Log 'Unable to list Storage Accounts in Subscription',$SubscriptionName Magenta,Yellow $LogFile; Break
        }

        Try {
            $RawVMList = Get-AzVM -EA 1 
            if (-not $RawVMList) {
                Write-Log 'No VMs found' Magenta $LogFile; Break
            }
        } catch {
            Write-Log 'Unable to list VMs in Subscription',$SubscriptionName Magenta,Yellow $LogFile; Break
        }

    }

    Process {

        if ($VM = $RawVMList | where Name -EQ $VMName) {
            if ($VM.Count -gt 1) {
                if ($ResourceGroupName) {
                    $VM = Get-AzVM -Name $VMName -ResourceGroupName $ResourceGroupName
                } else {
                    Write-Log 'Delete-AzVM input error:','Found more than 1 VM named',$VMName Magenta,Yellow,Magenta $LogFile
                    Write-Log ($VM|Out-String).Trim() Yellow $LogFile
                    Write-Log 'If more than 1 VM exist in the same subscription with the same name, you must specify the ResourceGroupName' Magenta $LogFile
                    break
                }
            }
        } else {
            Write-Log 'VM',$VMName,'not found in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
            break
        } 

    if ($VM) {
            Write-Log 'Processing VM' Green $LogFile
            Write-Log ($VM|Out-String).Trim() Cyan $LogFile

            $VMStatus = (Get-AzVM -ResourceGroupName $VM.ResourceGroupName -Name $VMName -Status).Statuses[1].DisplayStatus
            if ($VMStatus -eq 'VM deallocated') { 

                #region Delete Boot Diagnostics blob(s) if configured, container, storage account if empty
                    if ($VM.DiagnosticsProfile.bootDiagnostics.storageUri) {
                        $StorageAccountName = ($VM.DiagnosticsProfile.bootDiagnostics.storageUri).Split('/')[2].Split('.')[0]
                        $ContainerName = "bootdiagnostics-$($vm.Name.ToLower().Substring(0, 9))-$($VM.vmId)"
                
                        $Go =$true
                        if ($StorageAccount = Get-AzStorageAccount | where StorageAccountName -EQ $StorageAccountName) {
                            Write-Log ' Identified Diagnostics Storage Account',$StorageAccountName Green,Cyan $LogFile
                        } else {
                            Write-Log ' Unable to find Diagnostics Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
                            $Go = $false
                        }
                        if ($StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value) {
                            Write-Log ' Acquired access key for Storage Account',$StorageAccountName Green,Cyan $LogFile
                        } else {
                            Write-Log ' Unable to acquire access key for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
                            Write-Log $Error[0].Exception.Message Yellow $LogFile
                            $Go = $false
                        }
                        if ($Context = New-AzStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey) {
                            Write-Log ' Acquired context for Storage Account',$StorageAccountName Green,Cyan $LogFile
                        } else {
                            Write-Log ' Unable to acquire context for Storage Account',$StorageAccountName,'in subscription',$SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile 
                            Write-Log $Error[0].Exception.Message Yellow $LogFile
                            $Go = $false
                        }
                        try { 
                            $Container = Get-AzStorageContainer -Context $Context -Name $ContainerName -EA 1 
                            Write-Log ' Read Storage Container',$ContainerName,'under',$StorageAccountName Green,Cyan,Green,Cyan $LogFile
                            if ($BlobList = $Container.CloudBlobContainer.ListBlobs() ) {
                                Write-Log ' Found the following blobs in',"$StorageAccountName/$ContainerName" Green,Cyan $LogFile
                                $BlobList.Name | foreach { Write-Log " $_" Cyan $LogFile }
                            } else {
                                Write-Log ' No Blobs found in',"$StorageAccountName/$ContainerName" Magenta,Yellow $LogFile
                            }
                    
                            Write-Log ' Deleting the container',$ContainerName,'and all its Blobs..' Green,Yellow,Green $LogFile -NoNewLine
                            try {
                                $Result = $Container | Remove-AzStorageContainer -PassThru -Force -EA 1 
                                Write-Log 'done' Cyan $LogFile
                            } catch {
                                Write-Log 'failed' Magenta $LogFile
                            }
                        } catch {
                            Write-Log ' Unable to read Storage Container',$ContainerName,'under',$StorageAccountName Magenta,Yellow,Magenta,Yellow $LogFile 
                        } # Delete Container

                        if ($Go) {                    
                            if ($ContainerList = Get-AzStorageContainer -Context $Context) {
                                Write-Log ' Storage account',$StorageAccountName,'is not empty - skipping, currently has the following containers' Cyan,Yellow,Cyan $LogFile
                                $ContainerList.Name | foreach { Write-Log " $_" Green $LogFile }
                            } else {
                                Write-Log 'Deleting empty Storage Account',$StorageAccountName Green,Cyan $LogFile -NoNewLine
                                $StorageAccount | Remove-AzStorageAccount -Force
                                Write-Log 'done' Green $LogFile
                            }
                        } # Delete Storage Account if empty
                    } else {
                        Write-Log ' Boot diagnostics not configured for VM',$VM.Name Green,Yellow $LogFile
                    }
                    #endregion

                #region Delete VM
                Write-Log ' Deleting VM',$VMName Green,Cyan $LogFile -NoNewLine
                $Result = $VM | Remove-AzVM –Force
                Write-Log 'done' DarkYellow $LogFile
                #endregion

                #region Delete OS disk, status blob

                if($VM.StorageProfile.OsDisk.ManagedDisk) {
                    Write-Log ' Deleting managed OS disk',$VM.StorageProfile.OSDisk.Name,'for VM',$VM.Name Green,Cyan,Green,Cyan $LogFile -NoNewLine
                    Get-AzDisk -ResourceGroupName $VM.ResourceGroupName -DiskName $VM.StorageProfile.OSDisk.Name | Remove-AzDisk -Force
                    Write-Log 'done' DarkYellow $LogFile
                } else {
                    $StorageAccountName = ($VM.StorageProfile.OSDisk.Vhd.Uri).Split('/')[2].Split('.')[0]
                    $ContainerName = ($VM.StorageProfile.OSDisk.Vhd.Uri).Split('/')[3]
                    $BlobName = ($VM.StorageProfile.OSDisk.Vhd.Uri).Split('/')[4]
                    Write-Log 'Identified OS disk',$BlobName,'in Storage Account/Container',"$StorageAccountName/$ContainerName" Green,Cyan,Green,Cyan $LogFile
                    $ParameterList = @{
                        LoginName          = $LoginName
                        SubscriptionName   = $SubscriptionName
                        StorageAccountName = $StorageAccountName
                        ContainerName      = $ContainerName
                        BlobName           = $BlobName             
                        LogFile            = $LogFile                         
                    }
                    Delete-AzBlobAndContainerAndAccount @ParameterList     
                }               

                #endregion

                #region Delete data disks

                foreach ($DataDisk in $VM.StorageProfile.DataDisks) { 
                    if($DataDisk.ManagedDisk) {
                        Write-Log ' Deleting managed data disk',$DataDisk.Name,'for VM',$VM.Name Green,Cyan,Green,Cyan $LogFile -NoNewLine
                        Get-AzDisk -ResourceGroupName $VM.ResourceGroupName -DiskName $DataDisk.Name | Remove-AzDisk -Force
                        Write-Log 'done' DarkYellow $LogFile
                    } else {
                        $StorageAccountName = ($DataDisk.Vhd.Uri).Split('/')[2].Split('.')[0]
                        $ContainerName = ($DataDisk.Vhd.Uri).Split('/')[3]
                        $BlobName = ($DataDisk.Vhd.Uri).Split('/')[4]
                        Write-Log 'Identified data disk',$BlobName,'in Storage Account/Container',"$StorageAccountName/$ContainerName" Green,Cyan,Green,Cyan $LogFile
                        $ParameterList = @{
                            LoginName          = $LoginName
                            SubscriptionName   = $SubscriptionName
                            StorageAccountName = $StorageAccountName
                            ContainerName      = $ContainerName
                            BlobName           = $BlobName             
                            LogFile            = $LogFile                         
                        }
                        Delete-AzBlobAndContainerAndAccount @ParameterList  
                    }
                }

                #endregion

                #region delete vNIC(s)
                foreach ($VMNIC in ($VM.NetworkProfile.NetworkInterfaces | where {$_.ID})) {
                    $NICName = Split-Path -Path $VMNIC.ID -leaf
                    Write-Log ' Deleting VM NIC',$NICName Green,Cyan $LogFile -NoNewLine
                    Get-AzNetworkInterface -ResourceGroupName $VM.ResourceGroupName -Name $NICName | Remove-AzNetworkInterface -Force
                    Write-Log 'done' DarkYellow $LogFile
                }
                #endregion

                #region delete public IP if any
                Remove-Variable FoundPublicIP -EA 0 
                foreach ($VMNIC in $VM.NetworkProfile.NetworkInterfaces.Id) {
                    foreach ($PublicIP in (Get-AzPublicIpAddress -ResourceGroupName $VM.ResourceGroupName | Where { $_.IpConfiguration.Id })) {
                        if (($PublicIP.IpConfiguration.Id).Split('/')[8] -eq $VMNIC.Split('/')[8]) {
                            Write-Log 'Identified Public IP object',$PublicIP.Name,'associated with VM NIC',($VMNIC.Split('/')[8]),'of VM',$VM.Name Green,Cyan,Green,Cyan ,Green,Cyan 
                            $FoundPublicIP = $PublicIP
                        }        
                    }
                }

                if ($FoundPublicIP) {
                    Write-Log ' Deleting VM public IP object',$PublicIP.Name Green,Cyan $LogFile -NoNewLine
                    Get-AzPublicIpAddress -ResourceGroupName $VM.ResourceGroupName -Name $PublicIP.Name | Remove-AzPublicIpAddress -Force 
                    Write-Log 'done' DarkYellow $LogFile
                } else {
                    Write-Log ' No public IP object found for VM',$VM.Name Green,Cyan $LogFile
                }
                #endregion

                # Not deleting NSG's here, since they may apply to several NICs that belong to several VMs
                # Will have a separate function to delete unused NSG's (not linked to any NICs)

            } else {
                Write-Log 'VM',$VMName,'is not powered off. Current status is:',$VMStatus,'skipping..' Magenta,Yellow,Magenta,Yellow,Magenta $LogFile
            }
        }

    }

    End {  }
}

function Report-AzureRMSubscriptionVMBackup {
<#
 .SYNOPSIS
  Function to list backup recovery points of Azure VMs in one or more subscriptions
 
 .DESCRIPTION
  Function to list backup recovery points of Azure VMs in one or more subscriptions
  The script provides interim output to the console indicating its progress through the hierarchy of:
    Subscriptions
      Recovery Services Vaults
        Registered AzureVM Backup containers
          Backup Items
            Recovery points
 
 .PARAMETER SubscriptionName
  Name of Azure subscription
  If not provided it will default to all accessible Azure subscriptions
 
 .EXAMPLE
    Login-AzureRmAccount -Credential (Get-SBCredential 'name@domain.com') | Out-Null # -Environment AzureCloud
    Report-AzureRMSubscriptionVMBackup
 
 .EXAMPLE
    $VMBackupList = Report-AzureRMSubscriptionVMBackup -SubscriptionName 'my subscription name'
    $VMBackupList | Format-Table -Auto # to display to the console
    $VMBackupList | Out-GridView # to display to ISE GridView
    $VMBackupList | Export-Csv .\VMBackupList1.csv -NoType # to export to CSV
 
. OUTPUTS
  PSCustom object (one for each recovery point) containing the following properties/example:
    VMName VaultName ResourceGroup SubscriptionName RecoveryPointType RecoveryPointTime EncryptionEnabled
    ------ ------------ ------------- ---------------- ----------------- ----------------- -----------------
    ab123xyzw01 xyz abc my subscription name CrashConsistent 8/9/2018 6:01:25 AM False
    ab123xyzw01 xyz abc my subscription name CrashConsistent 8/8/2018 6:08:09 AM False
    ab123xyzw01 xyz abc my subscription name CrashConsistent 8/7/2018 6:11:49 AM False
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 9 August 2018
  v0.2 - 24 September 2018 - Fixed bug with Get-AzureRmResource line
  v0.3 - 25 September 2018 - Added Vault Name in output
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeLine=$true,ValueFromPipeLineByPropertyName=$true)]
            [String[]]$SubscriptionName
    )

    Begin { 
        $myOutput = @() 

        # Validate AzureRM PowerShell module is available
        if(-not (Get-Module -ListAvailable AzureRM)) {
            Write-Log 'Required AzureRM PowerShell module not found. You can install it from the PowerShell Gallery by running:' Magenta
            Write-Log 'Install-Module AzureRM' Yellow
            break
        }

        # Validate that we're logged in to Azure
        try { Get-AzureRmSubscription -EA 1 -WA 0 | Out-Null  } catch { Write-Log $_.exception.message Yellow; break }
    }

    Process {

        if (-not $SubscriptionName) { $SubscriptionName = (Get-AzureRmSubscription -WA 0).Name }

        foreach ($Subscription in $SubscriptionName) {
            Write-Log 'Processing subscription',$Subscription Green,Cyan
            try {
                Get-AzureRmSubscription -SubscriptionName $Subscription -EA 1 -WA 0 | Set-AzureRmContext | Out-Null  
                $VaultList = Get-AzureRmResource | where ResourceType -EQ Microsoft.RecoveryServices/vaults | select Name,ResourceGroupName,Location
                if ($VaultList) {
                    Write-Log ' Identified',$VaultList.Count,'Recovery Services Vaults;',($VaultList.Name -join ', ') Green,Cyan,Green,Cyan
                    foreach ($Vault in $VaultList) {
                        Write-Log ' Processing Recovery Services Vault',$Vault.Name Green,Cyan 
                        Set-AzureRmRecoveryServicesVaultContext -Vault $Vault
                        $ContainerList = Get-AzureRmRecoveryServicesBackupContainer  -ContainerType 'AzureVM' -Status 'Registered' 
                        if ($ContainerList) {
                            Write-Log ' Identified',$ContainerList.Count,'Azure VM backup sets/containers;',($ContainerList.FriendlyName -join ', ') Green,Cyan,Green,Cyan
                            foreach ($Container in $ContainerList) {
                                $backupitem = Get-AzureRmRecoveryServicesBackupItem -Container $Container -WorkloadType 'AzureVM'
                                if ($backupitem) {
                                    $RecoveryPointList = Get-AzureRmRecoveryServicesBackupRecoveryPoint -Item $backupitem 
                                    if ($RecoveryPointList) {
                                        Write-Log ' Identified',$RecoveryPointList.Count,'recovery points for VM',$Container.FriendlyName Green,Cyan,Green,Cyan
                                        foreach ($RecoveryPoint in $RecoveryPointList) {
                                            $myOutput += [PSCustomObject][Ordered]@{
                                                VMName            = $RecoveryPoint.ItemName.Split(';')[2]
                                                ResourceGroup     = $RecoveryPoint.ItemName.Split(';')[1]
                                                VaultName         = $Vault.Name 
                                                SubscriptionName  = $Subscription
                                                RecoveryPointType = $RecoveryPoint.RecoveryPointType
                                                RecoveryPointTime = $RecoveryPoint.RecoveryPointTime
                                                EncryptionEnabled = $RecoveryPoint.EncryptionEnabled
                                            }
                                        }
                                    } else {
                                        Write-Log ' No recovery points found for VM',$Container.FriendlyName Green,yellow
                                    }
                                }
                            }
                        } else {
                            Write-Log ' No registered VM backup containers found in Recovery Services Vault',$Vault.Name Green,Yellow
                        }
                    }
                } else {
                    Write-Log ' No Recovery Services Vaults found in subscription',$Subscription Green,Yellow
                }
            } catch {
                Write-Log $_.exception.message Yellow
            }
            
        }
    }

    End { $myOutput }
}

function Remove-AzureRMVMBackup {
<#
 .SYNOPSIS
  Function to disable backup of a given VM and delete existing backups (recovery points)
 
 .DESCRIPTION
  Function to disable backup of a given VM and delete existing backups (recovery points)
  If there are multiple VMs with the same name (under different Resource Groups) in the same
  subscription, this function will not delete the backups (cannot tell which VM the backups belong to)
  This function will work on both ARM and ASM VM backups
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER VMName
  The name of a given Virtual Machine
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Remove-AzureRMVMBackup -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -VMName 'Widget3VM'
 
 .LINK
  https://superwidgets.wordpress.com/2019/01/16/remove-azurermvmbackup-function-added-to-azsbtools-powershell-module/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 16 January 2019
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$VMName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Remove-AzureRMVMBackup - $VMName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzureRMSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        
        # List backup containers because ASM VM backups may not show in which Vault their container is located
        $BackupContainerList = foreach ($RSVault in Get-AzureRmRecoveryServicesVault) {
            Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureVM -Status Registered -VaultId $RSVault.ID | select FriendlyName,
                @{n='VaultId'  ;e={$RSVault.ID}},
                @{n='Vault'    ;e={Split-Path $RSVault.ID -Leaf}},
                @{n='Container';e={$_.FriendlyName}}
        }
        Write-Verbose 'Identified list of backup vaults and containers:'
        Write-Verbose ($BackupContainerList | FT Vault,Container -a | Out-String).Trim()

        if ($FoundContainer = $BackupContainerList | where FriendlyName -EQ $VMName) {
            $BackupContainer = Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureVM -Status Registered -VaultId $FoundContainer.VaultId -FriendlyName $FoundContainer.FriendlyName
            Write-Log 'Identified VM Backup Container',$BackupContainer.FriendlyName,'for VM',$VMName Green,Cyan,Green,Cyan $LogFile
            Write-Log ($BackupContainer | FL | Out-String).Trim() Cyan
            if ($BackupContainer.Count -gt 1) {
                Write-Log 'Remove-AzureRMVMBackup: Found more than 1 backup container for VM',$VMName,'skipping..' Magenta,Yellow,Magenta $LogFile
            } else {
                if ($BackupItem = Get-AzureRmRecoveryServicesBackupItem -Container $BackupContainer -WorkloadType AzureVM -VaultId $FoundContainer.VaultId) {
                    Write-Log ' Identified',($BackupItem.Name.Split(';')[2]),'VM Backup Item' Green,Cyan,Green 
                    Write-Log ($BackupItem  | FL | Out-String).Trim() Cyan
                    if ($BackupItem.Count -gt 1) {
                        Write-Log 'Remove-AzureRMVMBackup: Found more than 1 Backup item for VM',$VMName,'skipping..' Magenta,Yellow,Magenta $LogFile
                    } else {
                        Write-Log ' Disabling backup for VM',$VMName,'and deleting existing backups' Green,Cyan,Green $LogFile -NoNewLine
                        $Result = Disable-AzureRmRecoveryServicesBackupProtection -Item $BackupItem -RemoveRecoveryPoints -Force -VaultId $FoundContainer.VaultId
                        Write-Log 'done' DarkYellow $LogFile
                    }
                } else {
                    Write-Log ' No Backup Item found for VM',$VMName Green,Yellow
                }
            }
        } else {
            Write-Log ' No Backup Container found for VM',$VMName Green,Yellow
        }            
        
    }

    End { }
}

function Get-AzureBlob {
<#
 .SYNOPSIS
  Function to return an Azure blob object if it exists based on a blob URL
 
 .DESCRIPTION
  Function to return an Azure blob object if it exists
  Function returns False if blob does not exist in the given URL
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER URL
  This is the Blob URL like https://paklfjlkdjalsdkfjalk5.blob.core.windows.net/vhds/AdfsdfsdI-2015-09-14.vhd
  This can be obtained from the Get-AzureVM and Get-AzureRMVM cmdlets
  For example, ASM VM OS disk: $VM.vm.OSVirtualHardDisk.MediaLink.AbsoluteUri
                ASM VM data disk URLs: $VM.VM.DataVirtualHardDisks.medialink.AbsoluteUri
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Get-AzureBlob -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -URL 'https://paklfjlkdjalsdkfjalk5.blob.core.windows.net/vhds/AdfsdfsdI-2015-09-14.vhd'
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 17 January 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String[]]$URL,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Get-AzureBlob - $URL - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzureRMSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        foreach ($URI in $URL) {
            $Go = $true
            try {
                $StorageAccountName = $URL.Split('/')[2].Split('.')[0]
            } catch {
                $Go = $false
                Write-Log 'Unable to get Storage Account name from provided URL',$URI Magenta,Yellow $LogFile
                Write-Log 'Expecting URL in the format','https://paklfjlkdjalsdkfjalk5.blob.core.windows.net/vhds/AdfsdfsdI-2015-09-14.vhd' Cyan,Yellow $LogFile
            }            
            try {
                $ContainerName = $URL.Split('/')[3]
            } catch {
                $Go = $false
                Write-Log 'Unable to get Container name from provided URL',$URI Magenta,Yellow $LogFile
                Write-Log 'Expecting URL in the format','https://paklfjlkdjalsdkfjalk5.blob.core.windows.net/vhds/AdfsdfsdI-2015-09-14.vhd' Cyan,Yellow $LogFile
            }            
            try {
                $VHDName = $URL.Split('/')[4]
            } catch {
                $Go = $false
                Write-Log 'Unable to get VHD/Blob name from provided URL',$URI Magenta,Yellow $LogFile
                Write-Log 'Expecting URL in the format','https://paklfjlkdjalsdkfjalk5.blob.core.windows.net/vhds/AdfsdfsdI-2015-09-14.vhd' Cyan,Yellow $LogFile
            }
            if ($Go) {
                $Context = (Get-AzureStorageAccount -StorageAccountName $StorageAccountName).Context
                try {
                    Get-AzureStorageBlob -Container $ContainerName -Blob $VHDName -Context $Context -EA 1 
                } catch {
                    $false
                }
            }          
        }    
    }

    End { }
}

function Clone-AzureRMUnmanagedDisk {

# Requires -Modules AzureRM
# Requires -Version 5

<#
 .SYNOPSIS
  Function to copy Azure ARM VM unmanaged disk from one storage account to another
 
 .DESCRIPTION
  Function to copy Azure ARM VM unmanaged disk from one storage account to another or
  from one container to another in the same storage account
  This can be useful in migrating VMs from managed to unmanaged disks,
  VM backup that does not depend on VM OS or bakup agent in the VM,
  VM cloning scenarios,
  VM migration from one subscription to another,
  VM migration from one Azure region to another,
  VM migration from one storage account type to another (ASM/ARM, Standard/Premium)
  especially where not supported by the Microsoft provided tools
  Disk copy is validated by comparing the count of used bytes of the source disk snapshot and the destination disk
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER StorageAccountName
  The Azure storage account name such as 'storfluxwidget3vm'
 
 .PARAMETER DiskName
  This is the source disk name
   
 .PARAMETER SourceStorageAccount
  This is the name of the source Storage Account
   
 .PARAMETER SourceContainer
  This is the name of the source Container
   
 .PARAMETER DestinationStorageAccount
  This is the name of the destination Storage Account
   
 .PARAMETER DestinationContainer
  This is the name of the destination container
  If not present, the function will create it
   
 .PARAMETER OverWriteDest
  This is an optional parameter set to False by default
  When set to True, it causes the function to over-write the destination disk/page blob if it exists
  If set to False, the function will not over-write desination disk/page blob if it already exists
 
 .PARAMETER DeleteSource
  This is an optional parameter set to False by default
  When set to True, it causes the function to delete the source disk after a validated copy
  If set to False, the source disk must will be left behind to be deleted manually thereafter
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    $ParameterSet = @{
        LoginName = 'sam@mydomain.com'
        SubscriptionName = 'my subscription name'
        DiskName = 'mydiskname.vhd'
        SourceStorageAccount = 'mysourcesa'
        SourceContainer = 'vhds'
        DestinationStorageAccount = 'mydestsa'
    }
    Clone-AzureRMUnmanagedDisk @ParameterSet
    This will copy the provided disk and not delete the source
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 13 February 2019
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$DiskName,                                      # Example 'Widget1VM-20181218-123351'
        [Parameter(Mandatory=$true)][String]$SourceStorageAccount,                          # Example 'storfluxwidget1vm'
        [Parameter(Mandatory=$true)][String]$SourceContainer,                               # Example 'vhds'
        [Parameter(Mandatory=$true)][String]$DestinationStorageAccount,                     # Example 'storfluxwidget2vm'
        [Parameter(Mandatory=$false)][String]$DestinationContainer = $SourceContainer,      
        [Parameter(Mandatory=$false)][Switch]$DeleteSource = $false,
        [Parameter(Mandatory=$false)][Switch]$OverWriteDest = $false,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Clone-AzureRMUnmanagedDisk - $DiskName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        # Validate Azure access, Input
        if (-not ($Login = Login-AzureRMSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }

        Try {
            $StorageAccountList = Get-AzureRmStorageAccount -EA 1 
            if (-not $StorageAccountList) { Write-Log 'No storage accounts found in subscription',$SubscriptionName Magenta,Yellow $LogFile; Break }
        } catch {
            Write-Log 'No storage accounts found in subscription',$SubscriptionName Magenta,Yellow $LogFile; Break
        }

        @($SourceStorageAccount,$DestinationStorageAccount) | foreach {
            if (-not ($StorageAccountList | where StorageAccountName -EQ $_)) {
                Write-Log 'Storage Account',$_,'not found in subscription', $SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
                Break
            } else {
                Write-Log 'Validated Storage Account',$_,'in subscription', $SubscriptionName Green,Cyan,Green,Cyan $LogFile
            }
        }

        $StorageAccount = Get-AzureRmStorageAccount | where StorageAccountName -EQ $DestinationStorageAccount
        $StorageKey     = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value
        $DestContext    = New-AzureStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey
        $ContainerList  = Get-AzureRmStorageContainer -ResourceGroupName $StorageAccount.ResourceGroupName -StorageAccountName $StorageAccount.StorageAccountName
        if ($DestinationContainer -in $ContainerList.Name) {
            Write-Log 'Validated destination container',$DestinationContainer,'in destination Storage Account',$DestinationStorageAccount Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'Destination container',$DestinationContainer,'not found in destination Storage Account',$DestinationStorageAccount,'creating..' Cyan,Yellow,Cyan,Yellow,Cyan -NoNewLine  $LogFile
            New-AzureRmStorageContainer -ResourceGroupName $StorageAccount.ResourceGroupName -StorageAccountName $StorageAccount.StorageAccountName -Name $DestinationContainer | Out-Null
            Write-Log 'done' Green $LogFile
        } 
        
        $StorageAccount = Get-AzureRmStorageAccount | where StorageAccountName -EQ $SourceStorageAccount
        $StorageKey     = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageAccount.ResourceGroupName -Name $StorageAccount.StorageAccountName)[0].Value
        $SrcContext     = New-AzureStorageContext -StorageAccountName $StorageAccount.StorageAccountName -StorageAccountKey $StorageKey
        $ContainerList  = Get-AzureRmStorageContainer -ResourceGroupName $StorageAccount.ResourceGroupName -StorageAccountName $StorageAccount.StorageAccountName
        if ($SourceContainer -in $ContainerList.Name) {
            Write-Log 'Validated source container',$SourceContainer,'in source Storage Account',$SourceStorageAccount Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'Source container',$SourceContainer,'not found in source Storage Account',$SourceStorageAccount Magenta,Yellow,Magenta,Yellow $LogFile
            break
        } 

        $DiskName = $DiskName.ToLower()
# if (-not ($DiskName.EndsWith('.vhd'))) { $DiskName = "$DiskName.vhd" }
        if ($PageBlob = Get-AzureStorageBlob -Container $SourceContainer -Context $SrcContext | 
            where { $_.Name -EQ $DiskName -and -not $_.ICloudBlob.IsSnapshot} ) {
            Write-Log 'Validated unmanaged disk (page blob)',$DiskName,'in container',$SourceContainer Green,Cyan,Green,Cyan
        } else {
            Write-Log 'Unmanaged disk (page blob)',$DiskName,'not found in container',$SourceContainer Magenta,Yellow,Magenta,Yellow
            break
        }

    }

    Process {

        #region Snapshot, copy source disk to destination, monitor and wait for copy
        $Go = $true        
        if ($DestBlob = Get-AzureStorageBlob -Container $DestinationContainer -Context $DestContext | where Name -EQ $DiskName) {
            Write-Log 'Page blob already exists in the destination',"$DestinationStorageAccount/$DestinationContainer/$DiskName" Green,Cyan $LogFile 
            if ($OverWriteDest) {
                Write-Log ' and ''OverWriteDest'' switch is set to',$OverWriteDest,'- over-writing destination page blob..' Green,Cyan,Green -NoNewLine $LogFile
            } else {
               Write-Log ' and ''OverWriteDest'' switch is set to',$OverWriteDest,'- aborting..' Yellow,Magenta,Yellow $LogFile
               $Go = $false
            }
        } 

        if ($Go) {
            Write-Log 'Creating a snapshot of the source disk/page blob',"$SourceStorageAccount/$SourceContainer/$DiskName" Green,Cyan -NoNewLine $LogFile
            $Snapshot = $PageBlob.ICloudBlob.CreateSnapshot()
            $SnapshotBlob = Get-AzureStorageBlob -Container $SourceContainer -Context $SrcContext | 
                where SnapshotTime -EQ $Snapshot.SnapshotTime
            $SourceBlobSizeInBytes = Get-BlobBytes -Blob $SnapshotBlob -IsPremiumAccount ($SourceStorageAccount.Sku.Tier -eq 'Premium')
            if ($Snapshot.Name -eq $PageBlob.Name) {
                Write-Log 'done, time stamp',$Snapshot.SnapshotTime DarkYellow,Cyan $LogFile
                Write-Log 'Copying snapshot of source disk/page blob to destination',"$DestinationStorageAccount/$DestinationContainer/$DiskName" Green,Cyan $LogFile
                Write-Log ' Allocated size',"$([Math]::Round($SnapshotBlob.Length/1GB,1))GB ($('{0:n0}' -f $SnapshotBlob.Length) bytes)",'used size',"$([Math]::Round($SourceBlobSizeInBytes/1GB,1))GB ($('{0:n0}' -f $SourceBlobSizeInBytes) bytes)" Green,Cyan,Green,Cyan $LogFile
                $Duration = Measure-Command {
                    Start-AzureStorageBlobCopy -CloudBlob $SnapshotBlob.ICloudBlob -Context $SrcContext -DestContainer $DestinationContainer -DestContext $DestContext -Force | Out-Null
                    $DestBlob = Get-AzureStorageBlob -Container $DestinationContainer -Context $DestContext | where Name -EQ $DiskName
                    $Result = Get-AzureStorageBlobCopyState -CloudBlob $DestBlob.ICloudBlob -Context $DestContext -WaitForComplete 
                }
                if ($Result.Status -eq 'Failed') {
                    Write-Log 'Failed:' Magenta $LogFile
                    Write-Log " $($Result.StatusDescription)" Yellow $LogFile
                } else {
                    Write-Log 'done in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) hh:mm:ss" Green,Cyan $LogFile
                }    
                $Snapshot.Delete()        
            } else {
                Write-Log 'failed' Magenta $LogFile
            } 

            #region Validate copy success
            $DestBlob = Get-AzureStorageBlob -Container $DestinationContainer -Context $DestContext | where Name -EQ $DiskName
            $DestBlobSizeInBytes = Get-BlobBytes -Blob $DestBlob -IsPremiumAccount ($DestinationStorageAccount.Sku.Tier -eq 'Premium')
            if ($SourceBlobSizeInBytes -eq $DestBlobSizeInBytes) {
                Write-Log 'Validated successful disk/page blob copy' Green
            } else {
                Write-Log 'Destination blob/disk size is',$DestBlobSizeInBytes,'bytes which is different from the source blob/disk size of',$SourceBlobSizeInBytes,'bytes' Magenta,Yellow,Magenta,Yellow,Magenta
                break
            }
            #endregion

            #region Delete source
            if ($DeleteSource) {
                Write-Log 'Deleting source disk/page blob',"$SourceStorageAccount/$SourceContainer/$DiskName" Green,Cyan -NoNewLine $LogFile
                $PageBlob.ICloudBlob.Delete()
                if ($PageBlob = Get-AzureStorageBlob -Container $SourceContainer -Context $SrcContext | 
                    where { $_.Name -EQ $DiskName -and -not $_.ICloudBlob.IsSnapshot} ) {
                    Write-Log 'failed to delete source disk/page blob' Magenta $LogFile
                } else {
                    Write-Log 'done' Green $LogFile
                }
            }
            #endregion

        }  
        #endregion

    }

    End {  }
}

#endregion

#region Graph API

function Get-GraphAPIToken {

    <#
    .SYNOPSIS
    Function to get a Graph API token

    .DESCRIPTION
    Function to get a Graph API token
    Depends on Get-PSCredential function of the AZSBTools PS module

    .PARAMETER TenantId
    Your Azure Tenant Id such as mydomain.com

    .PARAMETER AppId
    App ID from Azure App registration at
    https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
    Example: '12abcabc-2233-4444-999-c3333f75555'

    .PARAMETER AppName
    This is the App Name from Azure App registration
    On first time use, the operator will prompted for the password, which is a secret obtained
    from the App 'Certificates and Secredts' link at
    https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
    To replace the save encrypted credential, use:
    Get-SBCredential 'myAppNameHere' -Refresh
    The saved encrypted credential is specific to the operator and computer where this function is invoked
    For more details see Get-SBCredential help

    .PARAMETER APIVersion
    API version such as v1.0 or beta
    https://docs.microsoft.com/en-us/graph/use-the-api#version

    .EXAMPLE
    Get-GraphAPIToken -TenantId 'mydomain.com' -AppId '12abcabc-2233-4444-999-c3333f75555' -AppName 'PowerShellAutomation99'

    .LINK
    https://superwidgets.wordpress.com/category/powershell/

    .NOTES
    Function by Sam Boutros
    v0.1 - 17 September 2019
    #>


    param(
        [Parameter(Mandatory=$true)][String]$TenantId,
        [Parameter(Mandatory=$true)][String]$AppId,
        [Parameter(Mandatory=$true)][String]$AppName,
        [Parameter(Mandatory=$false)][ValidateSet('v1.0','beta')][String]$APIVersion = 'v1.0'
    )

    Begin { }

    Process {
        $Secret        = Get-SBCredential $AppName
        $APIBaseUri    = "https://graph.microsoft.com/$APIVersion"
        $secretEncoded = [System.Uri]::EscapeDataString($Secret.GetNetworkCredential().Password)
        $ParameterList = @{
            Uri         = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
            Method      = 'Post'
            ContentType = 'application/x-www-form-urlencoded'
            Body        = "client_id=$AppId&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secretEncoded&grant_type=client_credentials"
        }
    }

    End {
        (Invoke-RestMethod @ParameterList).access_token
    }
}

#endregion

function New-SBAZServicePrincipal {
<#
 .SYNOPSIS
  Function to create Azure AD Service Principal
 
 .DESCRIPTION
  Function to create Azure AD Service Principal
  The use case intended for this function is to use the Service Principal to run PowerShell scripts against an Azure subscription
 
 .PARAMETER ServicePrincipalName
  One or more Service Principal Names
 
 .PARAMETER Environment
  Name of the Azure cloud. This parameter default to Azure Commercial cloud.
  As of 15 March 2018 that list is:
    AzureGermanCloud
    AzureCloud
    AzureUSGovernment
    AzureChinaCloud
    To see an updated list, use:
        (Get-AzureRMEnvironment).Name
 
 .PARAMETER Role
  This parameter is used to assign Role/Permissions for te Service Principal in the current subscription.
  The default value is 'Owner' role.
  As of 16 March 2018 the following default roles are defined:
    API Management Service Contributor
    Application Insights Component Contributor
    Automation Operator
    BizTalk Contributor
    Classic Network Contributor
    Classic Storage Account Contributor
    Classic Storage Account Key Operator Service Role
    Classic Virtual Machine Contributor
    ClearDB MySQL DB Contributor
    Contributor
    Cosmos DB Account Reader Role
    Data Factory Contributor
    Data Lake Analytics Developer
    DevTest Labs User
    DNS Zone Contributor
    DocumentDB Account Contributor
    Intelligent Systems Account Contributor
    Log Analytics Contributor
    Log Analytics Reader
    Network Contributor
    New Relic APM Account Contributor
    Owner
    Reader
    Redis Cache Contributor
    Scheduler Job Collections Contributor
    Search Service Contributor
    Security Manager
    SQL DB Contributor
    SQL Security Manager
    SQL Server Contributor
    Storage Account Contributor
    Storage Account Key Operator Service Role
    Traffic Manager Contributor
    User Access Administrator
    Virtual Machine Contributor
    Web Plan Contributor
    Website Contributor
  For more details on roles, type in:
    Get-AzureRmRoleDefinition | select name,description,actions | Out-GridView
 
 .EXAMPLE
  $SPList = New-SBAZServicePrincipal -ServicePrincipalName samtest1,sam1demo
 
 .EXAMPLE
  $SPN = New-SBAZServicePrincipal -ServicePrincipalName PowerShell05 -Environment AzureUSGovernment
  # The above line creates the SPN and gives it 'Owner' permission/role in the current subscription
  $SPN | Export-Csv .\PowerShell05-SPN.csv -NoTypeInformation # This line saves the $SPN to CSV (not the password)
 
  # To use the SPN in future automations:
  # $SPN = Import-Csv .\PowerShell05-SPN.csv
  # Login-AzureRmAccount -Credential (Get-SBCredential $SPN.ServicePrincipalName) -ServicePrincipal -TenantId $SPN.TenantID -Environment $SPN.Environment
 
 .OUTPUTS
  The function returns a PS Object for each input Service Principal Name containing the following properties:
    ServicePrincipalName
    TenantId
    Environment
    Role
 
 .LINK
  https://superwidgets.wordpress.com/2018/03/15/new-sbazserviceprincipal-cmdlet-to-create-new-azure-ad-service-principal-added-to-azsbtools-powershell-module/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 March 2018
  v0.2 - 15 March 2018 - Added 'Environment' parameter
  v0.3 - 16 March 2018 - Added 'Role' parameter, changed output to a custom PS Object
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String[]]$ServicePrincipalName,
        [Parameter(Mandatory=$false)][ValidateSet('AzureCloud','AzureUSGovernment','AzureGermanCloud','AzureChinaCloud')][String]$Environment = 'AzureCloud',
        [Parameter(Mandatory=$false)][String]$Role = 'Owner'
    )

    Begin { 
        $Subscription = Connect-AzureRmAccount -Environment $Environment  
    }

    Process {
        
        if ($Subscription.Context.Subscription.Name) { 

            Write-Log 'Identified',$Subscription.Context.Subscription.Name,'subscription in the',$Subscription.Context.Environment.Name,'cloud' Green,Cyan,Green,Cyan,Green

            $SPList = foreach ($AppName in $ServicePrincipalName) {

                $AppCred = Get-SBCredential -UserName $AppName
        
                #region Create/Validate Azure AD App
                Remove-Variable App -EA 0 
                if ($App = Get-AzureRmADApplication -DisplayName $AppName) {
                    Write-Log 'Validated app:',$App.Displayname Green,Cyan 
                } else {
                    $App = New-AzureRmADApplication -DisplayName $AppName -IdentifierUris $AppName
                    Write-Log 'Created app:',$App.Displayname Green,Cyan 
                }            
                #endregion

                #region Create/Validate Azure AD Service Principal
                Remove-Variable ServicePrincipal -EA 0 
                if ($ServicePrincipal = Get-AzureRmADServicePrincipal | where { $PSItem.ApplicationId -eq $App.ApplicationId.Guid }) {
                    Write-Log 'Validated Service Principal:',($ServicePrincipal.SerVicePrincipalNames -join ', ') Green,Cyan 
                } else {
                    $ServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $App.ApplicationId.Guid -Password $AppCred.Password
                    Write-Log 'Created Service Principal:',($ServicePrincipal.SerVicePrincipalNames -join ', ') Green,Cyan 
                }            
                #endregion

                #region Assign Role (Permissions)
                Write-Log 'Assigning role',$Role Green,Cyan -NoNewLine
                $Result = try {
                    New-AzureRmRoleAssignment -ObjectId $ServicePrincipal.Id -RoleDefinitionName $Role -Scope "/subscriptions/$($Subscription.Context.Subscription.Id)" -EA 1
                    Write-Log 'done' Green
                } catch {
                    Write-Log $PSItem.Exception.Message Yellow
                }
                #endregion

                [PSCustomObject][Ordered]@{
                    ServicePrincipalName = $AppName
                    TenantId             = (Get-AzureRmTenant).Id 
                    Environment          = $Environment
                    Role                 = $Role
                }

            }
                    
        } else {
            Write-Log 'No subscriptions found for account',$Subscription.Context.Account.Id,'in the',$Subscription.Context.Environment.Name,'cloud' Magenta,Yellow,Magenta,Yellow,Magenta
        }        

    }

    End {
        $SPList
    }
}

function Deploy-AzureARMVM {
<#
 .SYNOPSIS
  Function to automate provisioning of Azure ARM VM(s)
 
 .DESCRIPTION
  Function to automate provisioning of Azure ARM VM(s)
 
 .PARAMETER SubscriptionName
    Name of existing Azure subscription
 
 .PARAMETER Location
    Name of Azure Data center/Location
    Example: 'eastus'
    To see location list use:
        Get-AzureRmLocation | sort Location | Select Location
 
 .PARAMETER ResourceGroup
    Name of Resource Group.
    Example: 'VMGroup17'
    The script will create it if it does not exist
 
 .PARAMETER AvailabilitySetName
    Example: 'Availability17'
     The script will create it if it does not exist
 
 .PARAMETER ConfirmShutdown
    This switch accepts $true or $False, and defaaults to $False
    If adding existing VMs to Availaibility set, the script must shut down the VMs
 
 .PARAMETER StorageAccountPrefix
    Only lower case letters and numbers, must be Azure (globally) unique
 
 .PARAMETER AdminName
    Example: 'myAdmin17'
    This will be the new VM local administrator
 
 .PARAMETER VMName
    Example: ('vm01','vm02')
    Name(s) of VM(s) to be created. Each is 15 characters maximum. If VMs exist, they will be added to Availability Set
 
 .PARAMETER VMSize
    Example: 'Standard_A1_v2'
    To see available sizes in this Azure location use:
        (Get-AzureRoleSize).RoleSizeLabel
 
 .PARAMETER WinOSImage
    This defaults to '2012-R2-Datacenter'
    Available options:
        '2008-R2-SP1','2012-Datacenter','2012-R2-Datacenter','2016-Datacenter','2016-Datacenter-Server-Core','2016-Datacenter-with-Containers','2016-Nano-Server'
    To see current options in a given Azure Location use:
        (Get-AzureRMVMImageSku -Location usgovvirginia -Publisher MicrosoftWindowsServer -Offer WindowsServer).Skus
    For more information see https://docs.microsoft.com/en-us/azure/virtual-machines/windows/cli-ps-findimage
 
 .PARAMETER vNetName
    Example: 'Seventeen'
    This will be the name of the virtual network to be created/updated if exist
 
 .PARAMETER vNetPrefix
    Example: '10.17.0.0/16'
    To be created/updated
 
 .PARAMETER SubnetName
    Example: 'vmSubnet'
    This will be the name of the subnet to be created/updated
 
 .PARAMETER SubnetPrefix
    Example: '10.17.0.0/24'
    Must be subset of vNetPrefix above - to be created/updated
 
 .PARAMETER LogFile'
    Path to log file where this scrit will log its commands and output
    Default is ".\Logs\Deploy-AzureARMVM-$($VMName -join '_')-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
 
 .EXAMPLE
    Connect-AzureRmAccount -Environment AzureUSGovernment
    $myParamters = @{
        SubscriptionName = 'Azure Government T1'
        Location = 'usgovvirginia'
        ResourceGroup = 'EncryptionTest01'
        AvailabilitySetName = 'AvailabilityTest01'
        ConfirmShutdown = $false
        StorageAccountPrefix = 'sam150318a'
        AdminName = 'myAdmin150318a'
        VMName = @('vm01','vm02','vm03')
        VMSize = 'Standard_A0'
        WinOSImage = '2016-Datacenter'
        vNetName = 'EncryptionTest01VNet'
        vNetPrefix = '10.3.0.0/16'
        SubnetName = 'vmSubnet'
        SubnetPrefix = '10.3.15.0/24'
    }
    Deploy-AzureARMVM @myParamters
 
 .LINK
  http://www.exigent.net/blog/microsoft-azure/provisioning-and-tearing-down-azure-virtual-machines/
 
 .NOTES
  Function by Sam Boutros
    3 January 2017 - v0.1 - Initial release
    19 January 2017 - v0.2
        Updated parameters - set to mandatory
        Updated Storage Account creation region, create a separate storage account for each VM
        Updated Initialize region; removing subscription login, adding input echo, adding error handling
        Added functionality to configure VMs in availability set
    5 March 2018 - v0.3 Cosmetic updates
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$SubscriptionName         , # Example: 'Sam Test 1' # Name of existing Azure subscription
        [Parameter(Mandatory=$true)][String]$Location                 , # Example: 'eastus' # Get-AzureRmLocation | sort Location | Select Location
        [Parameter(Mandatory=$true)][String]$ResourceGroup            , # Example: 'VMGroup17' # To be created if not exist
        [Parameter(Mandatory=$false)][String]$AvailabilitySetName     , # Example: 'Availability17' # To be created if not exist
        [Parameter(Mandatory=$false)][Switch]$ConfirmShutdown = $false, # If adding existing VMs to Availaibility set, the script must shut down the VMs
        [Parameter(Mandatory=$false)][String]$StorageAccountPrefix    , # To be created if not exist, only lower case letters and numbers, must be Azure unique
        [Parameter(Mandatory=$true)][String]$AdminName                , # Example: 'myAdmin17' # This will be the new VM local administrator
        [Parameter(Mandatory=$true)][String[]]$VMName                 , # Example: ('vm01','vm02') # Name(s) of VM(s) to be created. Each is 15 characters maximum. If VMs exist, they will be added to Availability Set
        [Parameter(Mandatory=$true)][String]$VMSize                   , # Example: 'Standard_A1_v2' # (Get-AzureRoleSize).RoleSizeLabel to see available sizes in this Azure location
        [Parameter(Mandatory=$false)][ValidateSet('2008-R2-SP1','2012-Datacenter','2012-R2-Datacenter','2016-Datacenter','2016-Datacenter-Server-Core','2016-Datacenter-with-Containers','2016-Nano-Server')]
            [String]$WinOSImage = '2012-R2-Datacenter'               , # https://docs.microsoft.com/en-us/azure/virtual-machines/windows/cli-ps-findimage
        [Parameter(Mandatory=$true)][String]$vNetName                 , # Example: 'Seventeen' # This will be the name of the virtual network to be created/updated if exist
        [Parameter(Mandatory=$true)][String]$vNetPrefix               , # Example: '10.17.0.0/16' # To be created/updated
        [Parameter(Mandatory=$true)][String]$SubnetName               , # Example: 'vmSubnet' # This will be the name of the subnet to be created/updated
        [Parameter(Mandatory=$true)][String]$SubnetPrefix             , # Example: '10.17.0.0/24' # Must be subset of vNetPrefix above - to be created/updated
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Logs\Deploy-AzureARMVM-$($VMName -join '_')-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {

        #region Initialize
        if (!(Test-Path (Split-Path $LogFile))) { New-Item -Path (Split-Path $LogFile) -ItemType directory -Force | Out-Null }
        Write-Log 'Input received:' Green $LogFile
        write-log " SubscriptionName: $SubscriptionName" Cyan $LogFile
        write-log " Location: $Location" Cyan $LogFile
        write-log " ResourceGroup: $ResourceGroup" Cyan $LogFile
        write-log " AvailabilitySetName: $AvailabilitySetName" Cyan $LogFile
        write-log " ConfirmShutdown: $ConfirmShutdown" Cyan $LogFile
        write-log " StorageAccountPrefix: $StorageAccountPrefix" Cyan $LogFile
        write-log " AdminName: $AdminName" Cyan $LogFile
        write-log " VMName(s): $($VMName -join ', ')" Cyan $LogFile
        write-log " VMSize: $VMSize" Cyan $LogFile
        write-log " vNetName: $vNetName" Cyan $LogFile
        write-log " vNetPrefix: $vNetPrefix" Cyan $LogFile
        write-log " SubnetName: $SubnetName" Cyan $LogFile
        write-log " SubnetPrefix: $SubnetPrefix"  Cyan $LogFile
        $Cred = Get-SBCredential -UserName $AdminName 
        #endregion

        #region Connect to Azure subscription
        Write-Log 'Connecting to Azure subscription',$SubscriptionName Green,Cyan $LogFile -NoNewLine
        try { 
            $Result = Get-AzureRmSubscription –SubscriptionName $SubscriptionName -ErrorAction Stop | Select-AzureRmSubscription 
            Write-Log 'done' Green $LogFile    
            Write-Log ($Result | Out-String).Trim() Cyan $LogFile
        } catch {
            throw "unable to get Azure Subscription '$SubscriptionName'"
        }
        #endregion

        #region Create/Update Resource group
        Write-Log 'Create/Update Resource group',$ResourceGroup Green,Cyan $LogFile -NoNewLine
        try {
            $Result = New-AzureRmResourceGroup -Name $ResourceGroup -Location $Location -Force -ErrorAction Stop
            Write-Log 'done' Green $LogFile    
            Write-Log ($Result | Out-String).Trim() Cyan $LogFile
        } catch {
            throw "Failed to create Resource Group '$ResourceGroup'"
        }
        #endregion

        #region Create/Update Subnet and vNet
        Write-Log 'Creating/updating vNet',$vNetName,$vNetPrefix,'and subnet',$SubnetName,$SubnetPrefix Cyan,Green,DarkYellow,Cyan,Green,DarkYellow $LogFile -NoNewLine
        $Subnet = New-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix $SubnetPrefix
        $vNet = New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $ResourceGroup -Location $Location -AddressPrefix $vNetPrefix -Subnet $Subnet -Force
        Write-Log 'done' Green
        #endregion

    }

    Process {
        foreach ($Name in $VMName) { # Provision Azure VM(s)

            #region Create Storage Account if it does not exist
            $StorageAccountName = "stor$($StorageAccountPrefix.ToLower())$($Name.ToLower())"
            if ($StorageAccountName.Length -gt 20) { 
                Write-Log 'Storage account name',$StorageAccountName,'is too long, using first 20 characters only..' Green,Yellow,Green $LogFile
                $StorageAccountName = $StorageAccountName.Substring(0,19) 
            }  
            Write-Log 'Creating Storage Account',$StorageAccountName Green,Cyan $LogFile
            try {
                $StorageAccount = Get-AzureRmStorageAccount -Name $StorageAccountName -ResourceGroupName $ResourceGroup -ErrorAction Stop
                Write-Log 'Using existing storage account',$StorageAccountName Green,Cyan $LogFile
            } catch {
                $i=0
                $DesiredStorageAccountName = $StorageAccountName
                while (!(Get-AzureRmStorageAccountNameAvailability $StorageAccountName).NameAvailable) {
                    $i++
                    $StorageAccountName = "$StorageAccountName$i"
                }
                if ($DesiredStorageAccountName -ne $StorageAccountName ) {
                    Write-Log 'Storage account',$DesiredStorageAccountName,'is taken, using',$StorageAccountName,'instead (available)' Greem,Yellow,Green,Cyan,Green $LogFile
                }
                try {
                    $Splatt = @{
                        ResourceGroupName = $ResourceGroup
                        Name              = $StorageAccountName 
                        SkuName           = 'Standard_LRS' 
                        Kind              = 'Storage' 
                        Location          = $Location 
                        ErrorAction       = 'Stop'
                    }
                    $StorageAccount = New-AzureRmStorageAccount @Splatt
                    Write-Log 'Created storage account',$StorageAccountName Green,Cyan $LogFile
                } catch {
                    Write-Log 'Failed to create storage account',$StorageAccountName Magenta,Yellow $LogFile
                    throw $PSItem.exception.message
                }
            }
            #endregion

            #region Create/validate Availability Set
            if ($AvailabilitySetName) {
                Write-Log 'Creating/verifying Availability Set',$AvailabilitySetName Green,Cyan $LogFile
                try {
                    $AvailabilitySet = Get-AzureRmAvailabilitySet -ResourceGroupName $ResourceGroup -Name $AvailabilitySetName -ErrorAction Stop
                    Write-Log 'Availability Set',$AvailabilitySetName,'already exists' Green,Yellow,Green $LogFile
                    Write-Log ($AvailabilitySet | Out-String).Trim() Cyan $LogFile
                } catch {
                    try {
                        $AvailabilitySet = New-AzureRmAvailabilitySet -ResourceGroupName $ResourceGroup -Name $AvailabilitySetName -Location $Location -ErrorAction Stop
                        Write-Log 'Created Availability Set',$AvailabilitySetName Green,Cyan $LogFile
                    } catch {
                        Write-Log 'Failed to create Availability Set',$AvailabilitySetName Magenta,Yellow $LogFile
                        throw $PSItem.exception.message
                    }
                }
                if ($AvailabilitySet.Location -ne $Location) {
                    Write-Log 'Unable to proceed, Availability set must be in the same location',$AvailabilitySet.Location,'as the desired VM location',$Location Magenta,Yellow,Magenta,Yellow $LogFile
                    break
                }
            }
        #endregion

            try {
                $ExistingVM = Get-AzureRmVM -ResourceGroupName $ResourceGroup -Name $Name -ErrorAction Stop
                Write-Log 'VM',$ExistingVM.Name,'already exists' Green,Yellow,Gree $LogFile
                if ($AvailabilitySetName) {
                    if ($ConfirmShutdown) {
                        Write-Log 'Shutting down VM',$Name,'to add it to Availability set',$AvailabilitySetName Green,Cayn,Green,Cyan $LogFile
                        Stop-AzureRmVM -Name $Name -Force -StayProvisioned -ResourceGroupName $ResourceGroup -Confirm:$false

                        # Remove current VM
                        Remove-AzureRmVM -ResourceGroupName $ResourceGroup -Name $Name -Force -Confirm:$false

                        # Prepare to recreate VM
                        $VM = New-AzureRmVMConfig -VMName $ExistingVM.Name -VMSize $ExistingVM.HardwareProfile.VmSize -AvailabilitySetId $AvailabilitySet.Id
                        Set-AzureRmVMOSDisk -VM $VM -VhdUri $ExistingVM.StorageProfile.OsDisk.Vhd.Uri -Name $ExistingVM.Name -CreateOption Attach -Windows

                        #Add Data Disks
                        foreach ($Disk in $ExistingVM.StorageProfile.DataDisks) { 
                            Add-AzureRmVMDataDisk -VM $VM -Name $Disk.Name -VhdUri $Disk.Vhd.Uri -Caching $Disk.Caching -Lun $Disk.Lun -CreateOption Attach -DiskSizeInGB $Disk.DiskSizeGB
                        }

                        #Add NIC(s)
                        foreach ($NIC in $ExistingVM.NetworkInterfaceIDs) {
                            Add-AzureRmVMNetworkInterface -VM $VM -Id $NIC
                        }

                        # Recreate the VM as part of the Availability Set
                        New-AzureRmVM -ResourceGroupName $ResourceGroup -Location $ExistingVM.Location -VM $VM -DisableBginfoExtension
                    } else {
                        Write-Log 'To add existing VM(s) to availability set, the VM(s) must be shut down. Use the','-ConfirmShutdown:$true','switch' Yellow,Cyan,Yellow $LogFile
                        break
                    }
                }
            } catch {
                Write-Log 'Preparing to create new VM',$Name Green,Cyan $LogFile

                Write-Log 'Requesting/updating public IP address assignment',"$Name-PublicIP" Green,Cyan $LogFile 
                $PublicIp = New-AzureRmPublicIpAddress -Name "$Name-PublicIP" -ResourceGroupName $ResourceGroup -Location $Location -AllocationMethod Dynamic -Force

                Write-Log 'Provisining/updating vNIC',"$Name-vNIC" Green,Cyan $LogFile
                $vNIC = New-AzureRmNetworkInterface -Name "$Name-vNIC" -ResourceGroupName $ResourceGroup -Location $Location -SubnetId $vNet.Subnets[0].Id -PublicIpAddressId $PublicIp.Id -Force

                Write-Log 'Provisioning VM configuration object for VM',$Name Green,Cyan $LogFile
                if ($AvailabilitySetName) {
                    $VM = New-AzureRmVMConfig -VMName $Name -VMSize $VMSize -AvailabilitySetId $AvailabilitySet.Id
                } else {
                    $VM = New-AzureRmVMConfig -VMName $Name -VMSize $VMSize 
                }

                Write-Log 'Configuring VM OS (Windows),',$Cred.UserName,'local admin' Green,Cyan,Green $LogFile
                $VM = Set-AzureRmVMOperatingSystem -VM $VM -Windows -ComputerName $Name -Credential $Cred -ProvisionVMAgent -EnableAutoUpdate

                Write-Log 'Selecting VM image - Latest',$WinOSImage Green,Cyan $LogFile
                $VM = Set-AzureRmVMSourceImage -VM $VM -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus $WinOSImage -Version "latest"

                Write-Log 'Adding vNIC' Green $LogFile
                $VM = Add-AzureRmVMNetworkInterface -VM $VM -Id $vNIC.Id 

                $VhdUri = "$($StorageAccount.PrimaryEndpoints.Blob.ToString())vhds/$($Name)-OsDisk1.vhd"
                Write-Log 'Configuring OS Disk',$VhdUri Green,Cyan $LogFile
                $VM = Set-AzureRmVMOSDisk -VM $VM -Name 'OSDisk' -VhdUri $VhdUri -CreateOption FromImage

                Write-Log 'Creating VM..' Green -NoNewLine
                New-AzureRmVM -ResourceGroupName $ResourceGroup -Location $Location -VM $VM 
                Write-Log 'done' Green $LogFile
                $DoneVM = Get-AzureRmVM | where { $_.Name -eq $Name } | FT -a 
                Write-Log ($DoneVM | Out-String).Trim() cyan $LogFile
            }
        }
    }

    End {
        if ($AvailabilitySetName) {
            $AvailabilitySet = Get-AzureRmAvailabilitySet -ResourceGroupName $ResourceGroup -Name $AvailabilitySetName
            $VMDomains = $AvailabilitySet.VirtualMachinesReferences | foreach { 
                $VM = Get-AzureRMVM -Name (Get-AzureRmResource -Id $_.id).Name -ResourceGroup $ResourceGroup -Status
                [PSCustomObject][Ordered]@{
                    Name         = $VM.Name
                    FaultDomain  = $VM.PlatformFaultDomain
                    UpdateDomain = $VM.PlatformUpdateDomain
                }
            }
            Write-Log ($VMDomains | sort Name | FT -a | Out-String).Trim() Cyan $LogFile
        } 
    }

}

function Tag-AzResource {

    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$true)][String]$ResourceId,
        [Parameter(Mandatory=$true)][HashTable]$TagList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Tag-AzResource-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { }

    Process {
        try {
            $Resource = Get-AzResource -ResourceId $ResourceId -EA 1
        } catch {
            Write-Log '[Tag-AzResource] Error:' Magenta $LogFile
            Write-Log $PSItem.Exception.Message Yellow $LogFile
            return
        }

        $OK2Save = $false
        if ($Resource.Tags) {
            [HashTable]$CurrentTags = $Resource.Tags
            foreach ($key in $TagList.Keys) {
                if (-not($CurrentTags.keys -icontains $key)) {
                    Write-Log ' Tag',$key,'is not set for resource',$Resource.Name,'setting as',$TagList.$key Green,Cyan,Yellow,Cyan,Green,Cyan $LogFile
                    $UpdatedTagList = $CurrentTags + @{ $key = $TagList.$key }
                    $OK2Save = $true
                } elseif ($CurrentTags[$key] -eq $TagList[$key]) {
                    Write-Log ' Tag',$key,'is already set for resource',$Resource.Name,'value:',$CurrentTags[$key],'skipping..' Green,Cyan,Green,Cyan,Green,Cyan,Green $LogFile
                } else {
                    Write-Log ' Tag',$key,'is already set for resource',$Resource.Name,'value:',$CurrentTags[$key],'updating to',$TagList.$key Green,Cyan,Green,Cyan,Green,Yellow,Green,Cyan $LogFile
                    $Resource.Tags.$key = $TagList.$key
                    [HashTable]$UpdatedTagList = $Resource.Tags
                    $OK2Save = $true
                }
            }
        } else {
            $UpdatedTagList = $TagList
            Write-Log ' No tags configured for resource',$Resource.Name,'adding tag(s)',($UpdatedTagList.Keys -join ','),'value(s)',($UpdatedTagList.Values -join ',') Green,Cyan,Green,Cyan,Green,Cyan $LogFile
            $OK2Save = $true
        }

        if ($OK2Save) {
            try {
                Set-AzResource -Tag $UpdatedTagList -ResourceId $ResourceId -Force -EA 1 | Out-Null
                Write-Log 'done' Green $LogFile
            } catch {
                Write-Log 'failed' Magenta $LogFile
                Write-Log $PSItem.Exception.Message Yellow $LogFile
            }
        }
    }

    End { }

}

function Tag-AzVM {

<#
 .SYNOPSIS
  Function to apply one or more Azure resource tags to one or more VMs and its related objects

 .DESCRIPTION
  Function to apply one or more Azure resource tags to one or more VMs and its related objects.
  Curently this function supports the following related VM objects:
    NICs
    Managed OS Disks
    Managed Data Disks
  This function is intended for Azure ARM VMs not ASM VMs.

 .PARAMETER $VMObj
  This is an objct of Type Microsoft.Azure.Commands.Compute.Models.PSVirtualMachine
  that can be obtained via the Get-AzVM cmdlet of the Az.Compute PS module

 .PARAMETER TagList
  This is a HashTable of desired tags. Example:
    @{
        COMPANY = 'my company'
        OWNER = 'Sam.Boutros'
    }

 .PARAMETER LogFile
  Path to the file where this function will save time-stamped entries of its console output

 .EXAMPLE
  Tag-AzVM -VMObj (Get-AzVM -Name myVMName -ResourceGroupName myResourceGroup) -TagList @{ CostCenter = 'myCostCenter'; COMPANY = 'myCompany' }

 .OUTPUTS
  None

 .LINK
  https://superwidgets.wordpress.com/category/powershell/

 .NOTES
  Function by Sam Boutros
  v0.1 - 4 June 2018 - Initial release
  v0.2 - 14 June 2018 - Parameterized, added error handling and documentation
  v0.3 - 9 April 2020 - Rewrite to work with Az PS module instead of AzureRM, update logic

#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$true)][Microsoft.Azure.Commands.Compute.Models.PSVirtualMachine]$VMObj,
        [Parameter(Mandatory=$true)][HashTable]$TagList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Tag-AzVM-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { }

    Process {
        Write-Log 'Processing VM',$VMObj.Name,'in resource group',$VMObj.ResourceGroupName Green,Cyan,Green,Cyan $LogFile

        # Tag VM
        Tag-AzResource -ResourceId $VMObj.Id -TagList $TagList -LogFile $LogFile

        # Tag managed OS disk
        if ($OSDiskId = $VMObj.StorageProfile.OsDisk.ManagedDisk.Id) {
            Tag-AzResource -ResourceId $OSDiskId -TagList $TagList -LogFile $LogFile
        }

        # Tag managed Data disks
        if ($DataDiskName = $VMObj.StorageProfile.DataDisks.ManagedDisk.Name) {
            foreach ($Name in $DataDiskName) {
                $Id = (Get-AzDisk -ResourceGroupName $VMObj.ResourceGroupName -DiskName $Name).Id
                Tag-AzResource -ResourceId $Id -TagList $TagList -LogFile $LogFile
            }
        }

        # Tag NICs
        if ($NICId = $VMobj.NetworkProfile.NetworkInterfaces.Id) {
            foreach ($Id in $NICId) {
                Tag-AzResource -ResourceId $Id -TagList $TagList -LogFile $LogFile
            }
        }
    }

    End { }
}

function Expand-Json {
<#
 .SYNOPSIS
  Function to expand a custom PowerShell object in a more readable format
 
 .DESCRIPTION
  Function to expand a custom PowerShell object in a more readable format
  The ConvertFrom-Json cmdlet of the Microsoft.PowerShell.Utility module outputs
  a PS Custom Object that often contains sub objects and so on.
  This function expands all objects and displays the key/value pairs in a
  more humanly readable format - see the example
 
 .PARAMETER Json
  PS Custom Object, typically the output of ConvertFrom-Json cmdlet - see the example
 
 .PARAMETER Parent
  This is optional parameter used to show sub-objects when using the function recursively
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Get-Content E:\Scripts\ARMTemplates\Storage1.json | ConvertFrom-Json | Expand-Json
  where the contents of Storage1.json file are:
 
    {
      "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
      "contentVersion": "1.0.0.0",
      "parameters": {
        "storageAccountType": {
          "type": "string",
          "defaultValue": "Standard_LRS",
          "allowedValues": [
            "Standard_LRS",
            "Standard_GRS",
            "Standard_ZRS",
            "Premium_LRS"
          ],
          "metadata": {
            "description": "Storage Account type"
          }
        }
      },
      "variables": {
        "storageAccountName": "[concat(uniquestring(resourceGroup().id), 'standardsa')]"
      },
      "resources": [
        {
          "type": "Microsoft.Storage/storageAccounts",
          "name": "[variables('storageAccountName')]",
          "apiVersion": "2016-01-01",
          "location": "[resourceGroup().location]",
          "sku": {
              "name": "[parameters('storageAccountType')]"
          },
          "kind": "Storage",
          "properties": {
          }
        }
      ],
      "outputs": {
          "storageAccountName": {
              "type": "string",
              "value": "[variables('storageAccountName')]"
          }
      }
    }
   
  The output of Get-Content E:\Scripts\ARMTemplates\Storage1.json | ConvertFrom-Json would look like:
 
    $schema : https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
    contentVersion : 1.0.0.0
    parameters : @{storageAccountType=}
    variables : @{storageAccountName=[concat(uniquestring(resourceGroup().id), 'standardsa')]}
    resources : {@{type=Microsoft.Storage/storageAccounts; name=[variables('storageAccountName')]; apiVersion=2016-01-01; location=[resourceGroup().location]; sku=; kind=Storage; properties=}}
    outputs : @{storageAccountName=}
 
  which does not show sub-objects such as parameters.storageAccountType.allowedValues, parameters.storageAccountType.defaultValue, ...
 
  However, the output of Get-Content E:\Scripts\ARMTemplates\Storage1.json | ConvertFrom-Json | Expand-Json
  shows all objects, sub-objects, and their key/pair values:
 
    $schema: https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#
    contentVersion: 1.0.0.0
    outputs.storageAccountName.type: string
    outputs.storageAccountName.value: [variables('storageAccountName')]
    parameters.storageAccountType.allowedValues: Standard_LRS, Standard_GRS, Standard_ZRS, Premium_LRS
    parameters.storageAccountType.defaultValue: Standard_LRS
    parameters.storageAccountType.metadata.description: Storage Account type
    parameters.storageAccountType.type: string
    resources.apiVersion: 2016-01-01
    resources.kind: Storage
    resources.location: [resourceGroup().location]
    resources.name: [variables('storageAccountName')]
    resources.sku.name: [parameters('storageAccountType')]
    resources.type: Microsoft.Storage/storageAccounts
    variables.storageAccountName: [concat(uniquestring(resourceGroup().id), 'standardsa')]
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 28 March 2018
  v0.2 - 20 June 2019 - Added Log feature to allow logging output to file
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeLine=$true,ValueFromPipeLineByPropertyName=$true)][PSCustomObject]$JSON,
        [Parameter(Mandatory=$false)][String[]]$Parent,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Expand-Json - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        Write-Verbose "JSON: $($JSON | Out-String)"
        Write-Verbose "Parent: $($Parent -join '.')"
    }

    Process {
        foreach ($NoteProperty in ($JSON | Get-Member -MemberType NoteProperty)) {
            if ($NoteProperty.Definition -match 'PSCustomObject') {
                Expand-Json -JSON $JSON.($NoteProperty.Name) -Parent ($Parent + $NoteProperty.Name)
            } else {
                if (($JSON.($NoteProperty.Name) -join '').Trim()) {
                    Write-Log "$(($Parent + $NoteProperty.Name) -join '.'):",($JSON.($NoteProperty.Name) -join ', ') Green,Cyan $LogFile
                } else {
                    Expand-Json -JSON $JSON.($NoteProperty.Name) -Parent ($Parent + $NoteProperty.Name) -EA 0
                }
            } 
        }
    }

    End { }
}

function Report-AzureRMVM {

# Requires -Modules Az, ImportExcel
# Requires -Version 5

<#
 .SYNOPSIS
  Function to report on Azure VM population in a given Azure subscription
 
 .DESCRIPTION
  Function to report on Azure VM population in a given Azure subscription
  The report is saved to xlsx file
  This function uses ImportExcel PowerShell module available in the PowerShell gallery
  This function reports on Azure ARM VMs only (not classic ASM VMs)
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER OutputFile
  Path to xlsx file, where the function will write its output
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Report-AzureRMVM -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -Verbose
 
 .EXAMPLE
  $SubscriptionList = Get-AzSubscription | where Name -Match Citrix
  $myVMList = foreach ($SubscriptionName in $SubscriptionList.Name) {
    Report-AzureRMVM -LoginName 'does not matter' -SubscriptionName $SubscriptionName -Verbose
  }
  $OutputFile = ".\Report-AzureRMVM - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').xlsx"
  $myVMList | Export-Excel -Path $OutputFile -AutoSize -FreezeTopRowFirstColumn -ConditionalText $(
      ($myVMList | Get-Member -MemberType NoteProperty).Name | foreach { New-ConditionalText $_ White SteelBlue }
  )
  This example will create a single report for VMs from several subscriptions
 
 .OUTPUTS
  Array of PS Custom objects, one for each ARM VM found with the following properties/example:
    VMName : AZ-abcBDEV-01
    ResourceGroup : AZ-abcEV-RG
    Status : VM running
    Subscription : abc Enterprise Dev/Test
    Size : Standard_D2s_v3
    Cores : 2
    RAM(GB) : 8
    HybridLicense : False
    Location : eastus
    MACAddress : 00-0D-3A-1C-87-11
    IPv4Address : 172.129.132.112
    AdminName : cdabcadmin
    OperatingSystem : Windows
    OSDiskSize(GB) : 127
    DataDisks : (AZ-abcBDEV-01_SQLDATA, 1028 GB, LUN 0), (AZ-abcBDEV-01_SQLLOG, 1028 GB, LUN 1)
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 June 2018 - Initial release
  v0.2 - 14 June 2018 - Parameterized, added error handling and documentation
  v0.3 - 23 January 2019 - Added logfile parameter,
            updated subscription login section,
            added HybridLicense property to output
  v0.4 - 28 February 2019 - Added Status (running/deallocated)
  v0.5 - 24 May 2019 - Update to use AZ module instead of AzureRM
  v0.6 - 7 April 2020 - Added AzLogon Switch to bypass Azure Logon check (for use with Azure Cloud Shell)
    Added auto-install of ImportExcel PS module
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$false)][Switch]$AzLogon,
        [Parameter(Mandatory=$false)][String]$OutputFile = ".\Report-AzureRMVM - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').xlsx",
        [Parameter(Mandatory=$false)][String]$LogFile    = ".\Report-AzureRMVM - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if ($AzLogon) {
            if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
        }

        if (-not (Get-Module Import-Excel -ListAvailable)) { Install-Module ImportExcel -Force }

        if ($OutputFile -match '/' ) { $OutputFile = $OutputFile.Replace('/','_') }
    }

    Process {
        $VMList = Get-AzVM -WA 0 -EA 0
        if (-not $VMList) { 
            Write-Log 'No ARM VMs found in subscription',$SubscriptionName Green,Yellow $LogFile
            break
        }
        $LocationList = $VMList.Location | select -Unique
        $VMTagList = $VMList | % { $_.Tags.Keys } | % { $_.ToString().ToLower().Trim() } | select -Unique | sort
        $ResourceGroupList = $VMList.ResourceGroupName | select -Unique
        Write-Log 'Identified',$VMList.Count,'VMs' Green,Cyan,Green $Logfile
        Write-Log 'Identified Azure site(s)',($LocationList -join ', ') Green,Cyan $Logfile
        Write-Log 'Identified',$ResourceGroupList.Count,'Resource Groups' Green,Cyan,Green $Logfile

        $myVMList = foreach ($VM in $VMList) {

            Write-Verbose "Processing VM ($($VM.Name)) in Resource Group ($($VM.ResourceGroupName))"
            $VMSize = Get-AzVMSize -Location $VM.Location | where { $_.Name -eq $VM.HardWareProfile.VmSize }
            $myOutput = [PSCustomObject][Ordered]@{
                VMName           = $VM.Name
                ResourceGroup    = $VM.ResourceGroupName
                Status           = (Get-AzVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name -Status -WA 0).Statuses[1].DisplayStatus
                Subscription     = $SubscriptionName
                Size             = $VM.HardWareProfile.VmSize
                Cores            = $VMSize.NumberOfCores              
                'RAM(GB)'        = $VMSize.MemoryInMB/1KB
                HybridLicense    = $(if ($VM.LicenseType -eq 'Windows_Server') { $true } else { $false })
                Location         = $VM.Location
                MACAddress       = ($VM.NetworkProfile.NetworkInterfaces.id | foreach { (Get-AzResource -ResourceId $_).Properties.MacAddress }) -join ', '
                IPv4Address      = ((Get-AzNetworkInterface -ResourceGroupName $VM.ResourceGroupName | 
                                    where {$PSItem.virtualmachine.id -match $VM.Name } | Get-AzNetworkInterfaceIpConfig).PrivateIPAddress) -join ', '
                AdminName        = $VM.OSProfile.AdminUsername
                OperatingSystem  = $VM.StorageProfile.OsDisk.OsType
                'OSDiskSize(GB)' = $VM.StorageProfile.OsDisk.DiskSizeGB
                DataDisks        = $(
                    if ($VM.StorageProfile.DataDisks) {
                        ($VM.StorageProfile.DataDisks | foreach { "($($_.Name), $($_.DiskSizeGB) GB, LUN $($_.Lun))" }) -join ', '
                    } else {
                        'None'
                    }
                )
            }

            foreach ($TagName in $VMTagList) {
                $myOutput | Add-Member -MemberType NoteProperty -Name "Tag: $TagName" -Value $(
                    $myTagList = $VM.Tags.Keys | foreach { "$_=$($VM.Tags.$_)" }
                    if  ($FoundTag = $myTagList | where { $_ -match $TagName }) { $FoundTag.Split('=')[1] }
                ) 
            }

            $myOutput
        } 
    } 

    End {
        try {
            if (Test-Path $OutputFile) { Remove-Item -Path $OutputFile -Force -Confirm:$false -EA 1 }
            $myVMList | Export-Excel -Path $OutputFile -ConditionalText $(
                ($myVMList | Get-Member -MemberType NoteProperty).Name | foreach { New-ConditionalText $_ White SteelBlue }
            ) -AutoSize -FreezeTopRowFirstColumn 
        } catch {
            Write-Log 'Output file',$OutputFile,'already open!!??' Magenta,Yellow,Magenta $Logfile
        }

        $myVMList
    }
}

function Set-AzVMHybridLicense {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to enable/disable Windows Hybrid Licensing feature on a given Azure VM
 
 .DESCRIPTION
  Function to enable/disable Windows Hybrid Licensing feature on a given Azure VM
  This function uses Az PowerShell module available in the PowerShell gallery
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER VMName
  The name of the VM. This is a required parameter
 
 .PARAMETER ResourceGroupName
  The name of the Resource Group where the VM lives. This is only required if you
  have more than1 VM with the same name in the provided subscription
 
 .PARAMETER EnableHybridLicensing
  This is a switch that defaults to true causing the function to enable Windows Hybrid Licensing feature
  When set to false, the function disables the Windows Hybrid Licensing feature for the given VM
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Set-AzVMHybridLicense -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -VMName 'myvm1'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 23 January 2019
  v0.2 - 25 January 2019 - Added logic to weed out Linux VMs
  v0.3 - 3 June 2019 - Updated to use Az module instead of AzureRM
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$true)][String]$VMName,
        [Parameter(Mandatory=$false)][String]$ResourceGroupName,
        [Parameter(Mandatory=$false)][Switch]$EnableHybridLicensing = $true,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Set-AzVMHybridLicense - $VMName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        
        $Proceed = $false
        if ($VM = Get-AzVM | where Name -EQ $VMName) {
            if ($VM.Count -gt 1) {
                if ($ResourceGroupName) {
                    if ($VM = Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VMName) {
                        $Proceed = $true
                    } else {
                        Write-Log 'No VM named',$VMName,'found in subscription',$SubscriptionName,'under Resource Group',$ResourceGroupName Magenta,Yellow,Magenta,Yellow,Magenta,Yellow $LogFile
                    }
                } else {
                    Write-Log 'More than 1 VM named',$VMName,'found in subscription', $SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
                    Write-Log ' You must specify ''ResourceGroupName'' parameter for this VM' Yellow $LogFile
                }                
            } else {
                $Proceed = $true
            }
        } else {
            Write-Log 'VM',$VMName,'not found in subscription', $SubscriptionName Magenta,Yellow,Magenta,Yellow $LogFile
        }

        if ($VM.StorageProfile.OsDisk.OsType -ne 'Windows') {
            Write-Log 'VM',$VM.Name,'has OS',$VM.StorageProfile.OsDisk.OsType,'skipping..' Green,Cyan,Green,Yellow,Green $LogFile
            $Proceed = $false
        }

        if ($Proceed) {
            if ($VM.LicenseType -eq 'Windows_Server') {
                if ($EnableHybridLicensing) {
                    Write-Log 'Windows hybrid licensing for VM',$VM.Name,'in Resource Group',$VM.ResourceGroupName,'is already enabled' Green,Cyan,Green,Cyan,Yellow $LogFile
                } else {
                    Write-Log 'Disabling Windows hybrid licensing for VM',$VM.Name,'in Resource Group',$VM.ResourceGroupName Green,Cyan,Green,Cyan $LogFile -NoNewLine
                    $VM.LicenseType = 'None'
                    Update-AzVM -ResourceGroupName $VM.ResourceGroupName -VM $VM | Out-Null
                    $VM = Get-AzureRmVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name
                    if ($VM.LicenseType -eq 'Windows_Server') {
                        Write-Log 'failed' Yellow $LogFile
                    } else {
                        Write-Log 'done and validated' Green $LogFile
                    }
                }                
            } else {
                if ($EnableHybridLicensing) {
                    Write-Log 'Enabling Windows hybrid licensing for VM',$VM.Name,'in Resource Group',$VM.ResourceGroupName Green,Cyan,Green,Cyan $LogFile -NoNewLine
                    $VM.LicenseType = 'Windows_Server'
                    Update-AzVM -ResourceGroupName $VM.ResourceGroupName -VM $VM | Out-Null
                    $VM = Get-AzVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name
                    if ($VM.LicenseType -eq 'Windows_Server') {
                        Write-Log 'done and validated' Green $LogFile
                    } else {
                        Write-Log 'failed' Yellow $LogFile
                    }
                } else {
                    Write-Log 'Windows hybrid licensing for VM',$VM.Name,'in Resource Group',$VM.ResourceGroupName,'is already disabled' Green,Cyan,Green,Cyan,Yellow $LogFile
                }  
            }
        }

    } 

    End { } 
    
}

function Report-AzureClassicResources {

# Requires -Modules AzureRM
# Requires -Version 5

<#
 .SYNOPSIS
  Function to report on Azure classic ASM in a given Azure subscription
 
 .DESCRIPTION
  Function to report on Azure classic ASM in a given Azure subscription
  This function uses AzureRM PowerShell module available in the PowerShell gallery
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Report-AzureClassicResources -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here' -Verbose
 
 .OUTPUTS
  Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.PSResource objects for each classic ASM resource found
  Example:
    Name : txxxxxxxx8
    ResourceGroupName : aaaServer
    ResourceType : Microsoft.ClassicCompute/virtualMachines
    Location : eastus
    ResourceId : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/aaaServer/providers/Microsoft.ClassicCompute/virtualMachines/txxxxxxxx8
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 6 February 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Report-AzureClassicResources - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzureRMSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
        $ResourceProviderList = Get-AzureRmResourceProvider -ListAvailable | 
            where ProviderNamespace -Match 'Microsoft' | select ProviderNamespace,ResourceTypes
        $ResourceTypeList = foreach ($Provider in $ResourceProviderList) { 
            foreach ($Type in $Provider.ResourceTypes) {
                "$($Provider.ProviderNamespace)/$($Type.ResourceTypeName)"
            }
        }
        $ClassicTypes = $ResourceTypeList -match 'classic' | sort
        Write-Log 'Reporting on',$ClassicTypes.Count,'classic ASM resources types' Green,Cyan,Green $LogFile
        Write-Verbose ($ClassicTypes | Out-String).Trim() 

        if ($ClassicResourceList = Get-AzureRmResource | where { $_.ResourceType -in $ClassicTypes }) {
            Write-Log 'Identified',$ClassicResourceList.Count,'classic ASM resources in subscription',$SubscriptionName Green,Yellow,Green,Yellow $LogFile
            $ClassicResourceList
        } else {
            Write-Log 'No classic ASM resources found in subscription', $SubscriptionName Green,Cyan $LogFile
        }
    } 

    End { }
}

function Report-AzureResourceTags {

# Requires -Modules AZ,ImportExcel
# Requires -Version 5

<#
 .SYNOPSIS
  Function to report on Azure Tags of ARM resources in a given Azure subscription
 
 .DESCRIPTION
  Function to report on Azure Tags of ARM resources in a given Azure subscription
  This function uses and depends on Az and ImportExcel PowerShell modules available in the PowerShell gallery
 
 .PARAMETER LoginName
  The username required to authenticate to Azure
  Example: samb@mydomain.com
 
 .PARAMETER SubscriptionName
  The Azure subscription name such as 'My Dev EA subscription'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .PARAMETER Output
  This is an optional parameter that specifies the path to the XLSX file where the script Excel output report is saved
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Report-AzureResourceTags -LoginName 'samb@mydomain.com' -SubscriptionName 'my azure subscription name here'
 
 .OUTPUTS
  PowerShell object for each ARM resource found with the following properties/example
  Example:
    SubscriptionName : my azure subscription name here
    ResourceName : wxxx9170
    ResourceGroupName : Wxxxr
    ResourceType : Microsoft.Storage/storageAccounts
    ResourceLocation : eastus
  Note that there will be an additional property for each Azure tag found in the given subscription
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 6 February 2019
  v0.2 - 9 May 2019 - update for AZ module instead of AzureRM
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$LoginName,
        [Parameter(Mandatory=$true)][String]$SubscriptionName,
        [Parameter(Mandatory=$false)][String]$OutputFile = ".\Report-AzureResourceTags - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').xlsx",
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Report-AzureResourceTags - $SubscriptionName - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        if (-not ($Login = Login-AzSubscription -LoginName $LoginName -SubscriptionName $SubscriptionName -LogFile $LogFile)) { break }
    }

    Process {
<#
        Write-Log 'Checking if there are any classic ASM resources..' Green $LogFile
        if ($ClassicResources = Report-AzureClassicResources -LoginName $LoginName -SubscriptionName $SubscriptionName) {
            Write-Log 'skipping classic ASM reources..' Green $LogFile
        }
#>

        if ($ResourceList = Get-AzResource | where ResourceType -NotMatch 'classic') {
            $TagList = @()
            $TagList += ($ResourceList | % { $_.Tags | % { $_.Keys } }) -notmatch 'hidden' | select -Unique
            if ($TagList) {
                Write-Log 'Identified',$ResourceList.Count,'ARM resources bearing',$TagList.Count,'unique tag(s)..' Green,Cyan,Green,Cyan,Green $LogFile
                
                # Create output object definition with dynamic property list (tags)
                $Proplist = @('SubscriptionName','ResourceName','ResourceGroupName','ResourceType','Location')
                $TagList | foreach { $Proplist += "Tag:$_" -as [String] }

                $myOutput = foreach ($Resource in $ResourceList) {
                    # Instantiate output object with dynamic property list (tags)
                    $myObj = New-Object -TypeName PSObject 
                    $Proplist | foreach { Add-Member -InputObject $myObj -MemberType NoteProperty -Name $_ -Value $null -EA 0 }

                    # Populate output object properties
                    $myObj.SubscriptionName  = $SubscriptionName
                    $myObj.ResourceName      = $Resource.Name
                    $myObj.ResourceGroupName = $Resource.ResourceGroupName
                    $myObj.ResourceType      = $Resource.ResourceType
                    $myObj.Location          = $Resource.Location
                    foreach ($Tag in $TagList) { $myObj.("Tag:$Tag") = $Resource.Tags.$Tag }
                    $myObj
                }            
                
                Remove-Item -Path $OutputFile -Force -Confirm:$false -EA 0
                try {
                    $myOutput | Export-Excel -Path $OutputFile -ConditionalText $(
                        ($myOutput | Get-Member -MemberType NoteProperty).Name | foreach { New-ConditionalText $_ White SteelBlue }
                    ) -AutoSize -FreezeTopRowFirstColumn 
                } catch {
                    Write-Log 'Output file',$OutputFile,'already open!!??' Magenta,Yellow,Magenta $Logfile
                } 
                         
                $myOutput   
                              
            } else {
                Write-Log 'Identified',$ResourceList.Count,'ARM resources bearing','NO','tags..' Green,Cyan,Green,yellow,Green $LogFile
            } # if $TagList

        } else {
            Write-Log 'No ARM resources found in subscription',$SubscriptionName Magenta,Yellow $LogFile
        } # if $ResourceList
    } 

    End { }
}

function Report-AzureCustomRBACRoles {

# Requires -Modules AZ,ImportExcel
# Requires -Version 5

<#
 .SYNOPSIS
  Function to report on Azure custom RBAC roles in one or more Azure subscriptions
 
 .DESCRIPTION
  Function to report on Azure custom RBAC roles in one or more Azure subscriptions
  This function uses and depends on Az and ImportExcel PowerShell modules available in the PowerShell gallery
  This function expects to be authenticated to Azure before it's invoked (Connect-AzAccount)
 
 .PARAMETER SubscriptionId
  One or more Azure subscription Ids such as 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .PARAMETER Output
  This is an optional parameter that specifies the path to the XLSX file where the script Excel output report is saved
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Report-AzureCustomRBACRoles -SubscriptionId 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .EXAMPLE
  $CustomRoles = Report-AzureCustomRBACRoles -SubscriptionId (Get-AzSubscription).Id
 
 .OUTPUTS
  PowerShell object for each ARM resource found with the following properties/example
  Example:
    SubscriptionName : my azure subscription name here
    SubscriptionId : abcdabcd-abcd-abcd-abcd-abcdabcdabcd
    Role : Azure Infra Admin
    AssignedTo : user1@domain1.com, user2@domain1.com, AD-Group1
    Actions : *
    NotActions : Microsoft.Authorization/*/Delete, Microsoft.Authorization/*/Write,
  Note that there will be an additional property for each Azure tag found in the given subscription
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 10 May 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String[]]$SubscriptionId,
        [Parameter(Mandatory=$false)][String]$OutputFile = ".\Report-AzureCustomRBACRoles - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').xlsx",
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Report-AzureCustomRBACRoles - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        try {
            $AllSubscriptionList = Get-AzSubscription -EA 1 
        } catch {
            Write-Log 'Unable to list subscriptions','are we logged on to Azure?' Magenta,Yellow $LogFile
            break
        } 
        if ($SubscriptionList = $SubscriptionId | where { $_ -in $AllSubscriptionList.Id } | select -Unique) {
            $SubscriptionList = $SubscriptionList | foreach { Get-AzSubscription -SubscriptionId $_ }
            Write-Log 'The following',$SubscriptionList.Count,'subscriptions are found under the current tenant:' Green,Cyan,Green $LogFile
            Write-Log ($SubscriptionList.Name | Out-String).Trim() Cyan $LogFile
        } else {
            Write-Log 'The provided subscription Id(s)','are not found under the current tenant' Magenta,Yellow $LogFile
            break
        }
    }

    Process {        
        $CustomRoles = foreach ($Subscription in $SubscriptionList) {
            Get-AzSubscription -SubscriptionId $Subscription.Id | Set-AzContext | Out-Null  
            Write-Log 'Checking for RBAC custom roles in subscription',$Subscription.Name Green,Cyan $LogFile -NoNewLine
            try {
                $RoleList = Get-AzRoleDefinition -Custom -EA 1
            } catch {
                Write-Log 'no access -' Magenta $LogFile -NoNewLine
            }
            if ($RoleList) {
                Write-Log 'found',$RoleList.count,'custom roles' Green,Yellow,Green $LogFile
                foreach ($Role in $RoleList) {
                    [PSCustomObject][Ordered]@{
                        SubscriptionName = $Subscription.Name
                        SubscriptionId   = $Subscription.Id
                        Role             = $Role.Name
                        AssignedTo       = (Get-AzRoleAssignment -RoleDefinitionName $Role.Name).DisplayName -join ', '
                        Actions          = $Role.Actions -join ', '
                        NotActions       = $Role.NotActions -join ', '
                    }
                }
            } else {
                Write-Log 'found','no','custom roles' Green,Yellow,Green $LogFile
            }
        }
    } 

    End { 
        Remove-Item -Path $OutputFile -Force -Confirm:$false -EA 0
        if ($CustomRoles) {
            try {
                $CustomRoles | Export-Excel -Path $OutputFile -EA 1 -AutoSize -FreezeTopRowFirstColumn -ConditionalText $(
                    ($CustomRoles | Get-Member -MemberType NoteProperty).Name | foreach { New-ConditionalText $_ White SteelBlue }
                ) 
            } catch {
                Write-Log 'Output file',$OutputFile,'already open!!??' Magenta,Yellow,Magenta $Logfile
            }
        }  
        $CustomRoles     
    }
}

function Deploy-AzRBACRoleDefinition {

<#
 .SYNOPSIS
  Function to deploy custom RBAC role definitions in one or more Azure subscriptions
 
 .DESCRIPTION
  Function to deploy the following custom RBAC role definitions in one or more Azure subscriptions
    1. Network Admin:
        Manage Vnets, Subnets, Express Routes and Routing and Switching Manage NSGs and ASGs,
        Manage WAF Devices, Manage Internal and External Load Balancers
        "Actions":
            "Microsoft.Network/*",
            "Microsoft.Compute/*/read",
            "Microsoft.Resources/deployments/*",
            "Microsoft.Resources/deployments/validate/action",
            "Microsoft.Resources/subscriptions/resourceGroups/read",
            "Microsoft.Support/*"
    2. Infra Admin:
        Access to all Resources except Networking and user access administration,
        Manage VMs, Availability Sets, Assign Static IP, Static MAC, Add or Remove NICs
        "Actions": "*"
        "NotActions":
            "Microsoft.Authorization/*/Delete",
            "Microsoft.Authorization/*/Write",
            "Microsoft.Authorization/elevateAccess/Action",
            "Microsoft.Network/applicationGateways/delete",
            "Microsoft.Network/dnsZones/delete",
            "Microsoft.Network/expressRouteCrossConnections/delete",
            "Microsoft.Network/expressRouteGateways/delete",
            "Microsoft.Network/expressRouteCircuits/delete",
            "Microsoft.Network/expressRoutePorts/delete",
            "Microsoft.Network/frontDoors/delete",
            "Microsoft.Network/networkWatchers/delete",
            "Microsoft.Network/routeFilters/delete",
            "Microsoft.Network/routeTables/delete",
            "Microsoft.Network/serviceEndpointPolicies/delete",
            "Microsoft.Network/trafficManagerProfiles/delete",
            "Microsoft.Network/virtualNetworkGateways/delete",
            "Microsoft.Network/loadBalancers/delete",
            "Microsoft.Network/networkSecurityGroups/delete",
            "Microsoft.Network/virtualNetworks/delete",
            "Microsoft.Network/localNetworkGateways/delete",
            "Microsoft.Network/applicationGateways/write",
            "Microsoft.Network/dnsZones/write",
            "Microsoft.Network/expressRouteCrossConnections/write",
            "Microsoft.Network/expressRouteGateways/write",
            "Microsoft.Network/expressRouteCircuits/write",
            "Microsoft.Network/expressRoutePorts/write",
            "Microsoft.Network/frontDoors/write",
            "Microsoft.Network/networkWatchers/write",
            "Microsoft.Network/routeFilters/write",
            "Microsoft.Network/routeTables/write",
            "Microsoft.Network/serviceEndpointPolicies/write",
            "Microsoft.Network/trafficManagerProfiles/write",
            "Microsoft.Network/virtualNetworkGateways/write",
            "Microsoft.Network/loadBalancers/write",
            "Microsoft.Network/networkSecurityGroups/write",
            "Microsoft.Network/virtualNetworks/write",
            "Microsoft.Network/localNetworkGateways/write",
            "Microsoft.Blueprint/blueprintAssignments/write",
            "Microsoft.Blueprint/blueprintAssignments/delete"
    3. Tag Editor:
        Manage (Add/modify/delete) Azure tags for VMs, VM disks, and VM NICs
        "Actions":
            "*/read",
            "Microsoft.Compute/VirtualMachines/write",
            "Microsoft.Compute/Disks/write",
            "Microsoft.Network/networkInterfaces/write",
            "Microsoft.Resources/subscriptions/resourceGroups/read",
            "Microsoft.Support/*"
  This function uses and depends on Az PowerShell module available in the PowerShell gallery
  This function expects to be authenticated to Azure before it's invoked (Connect-AzAccount)
 
 .PARAMETER SubscriptionId
  One or more Azure subscription Ids such as 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .PARAMETER RoleList
  One or more of the roles defined in this script
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Deploy-AzRBACRoleDefinition -SubscriptionId 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 May 2019
  v0.2 - 3 June 2019 - Updated built-in help to provide role definition details
  v0.3 - 10 April, 2020 - Added TagEditor role, added RoleList parameter
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String[]]$SubscriptionId,
        [Parameter(Mandatory=$true)][ValidateSet('NetworkAdmin','InfraAdmin','TagEditor')][String[]]$RoleList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Deploy-AzRBACRoleDefinition - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        try {
            $AllSubscriptionList = Get-AzSubscription -EA 1 
        } catch {
            Write-Log 'Unable to list subscriptions','are we using AZ module and logged on to Azure?' Magenta,Yellow $LogFile
            break
        } 
        if ($SubscriptionList = $SubscriptionId | where { $_ -in $AllSubscriptionList.Id } | select -Unique) {
            $SubscriptionList = $SubscriptionList | foreach { Get-AzSubscription -SubscriptionId $_ }
            Write-Log 'The following',$SubscriptionList.Count,'subscriptions are found under the current tenant:' Green,Cyan,Green $LogFile
            Write-Log ($SubscriptionList.Name | Out-String).Trim() Cyan $LogFile
        } else {
            Write-Log 'The provided subscription Id(s)','are not found under the current tenant' Magenta,Yellow $LogFile
            break
        }
    }

    Process {        
        foreach ($Subscription in $SubscriptionList) {
            $Subscription | Set-AzContext | Out-Null  
            $JSONFile = New-TemporaryFile

            if ('TagEditor' -in $RoleList) {
                # Putting the subscription Id in the Role definition name since they must be all unique in AAD !!??
                $RoleName = "TagEditor_($($Subscription.Id.ToCharArray()[-8..-1] -join ''))"
@"
                {
                    "Name": "$RoleName",
                    "Description": "Manage (Add/modify/delete) Azure tags for VMs, VM disks, and VM NICs",
                    "Actions": [
                                    "*/read",
                                    "Microsoft.Compute/VirtualMachines/write",
                                    "Microsoft.Compute/Disks/write",
                                    "Microsoft.Network/networkInterfaces/write",
                                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                                    "Microsoft.Support/*"
                                ],
                    "NotActions": [ ],
                    "AssignableScopes": [ "/subscriptions/$($Subscription.Id)" ]
                }
"@
 | Out-File $JSONFile
                try {
                    $Result = New-AzRoleDefinition -InputFile $JSONFile -EA 1
                    Write-Log ($Result|Out-String).Trim() Green $LogFile
                } catch {
                    Write-Log 'Unable to deploy role defintion',$RoleName,'in subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow $LogFile
                    Write-log " $($_.Exception.Message)" Yellow $LogFile
                }
            }

            if ('NetworkAdmin' -in $RoleList) {
                # Putting the subscription Id in the Role definition name since they must be all unique in AAD !!??
                $RoleName = "NetworkAdmin_($($Subscription.Id.ToCharArray()[-8..-1] -join ''))"
@"
                {
                    "Name": "$RoleName",
                    "Description": "Manage (Add/modify/delete) network resources",
                    "Actions": [
                                    "Microsoft.Network/*",
                                    "Microsoft.Compute/*/read",
                                    "Microsoft.Resources/deployments/*",
                                    "Microsoft.Resources/deployments/validate/action",
                                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                                    "Microsoft.Support/*"
                                ],
                    "NotActions": [ ],
                    "AssignableScopes": [ "/subscriptions/$($Subscription.Id)" ]
                }
"@
 | Out-File $JSONFile
                try {
                    $Result = New-AzRoleDefinition -InputFile $JSONFile -EA 1
                    Write-Log ($Result|Out-String).Trim() Green $LogFile
                } catch {
                    Write-Log 'Unable to deploy role defintion',$RoleName,'in subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow $LogFile
                    Write-log " $($_.Exception.Message)" Yellow $LogFile
                }
            }

            if ('InfraAdmin' -in $RoleList) {
                # Putting the subscription Id in the Role definition name since they must be all unique in AAD !!??
                $RoleName = "InfraAdmin ($($Subscription.Id.ToCharArray()[-8..-1] -join ''))"
@"
                {
                    "Name": "$RoleName",
                    "IsCustom": true,
                    "Description": "Access to (Create/Modify/Delete) all Resources except Networking and User Access administration",
                    "Actions": [ "*" ],
                    "NotActions": [
                            "Microsoft.Authorization/*/Delete",
                            "Microsoft.Authorization/*/Write",
                            "Microsoft.Authorization/elevateAccess/Action",
                            "Microsoft.Network/applicationGateways/delete",
                            "Microsoft.Network/dnsZones/delete",
                            "Microsoft.Network/expressRouteCrossConnections/delete",
                            "Microsoft.Network/expressRouteGateways/delete",
                            "Microsoft.Network/expressRouteCircuits/delete",
                            "Microsoft.Network/expressRoutePorts/delete",
                            "Microsoft.Network/frontDoors/delete",
                            "Microsoft.Network/networkWatchers/delete",
                            "Microsoft.Network/routeFilters/delete",
                            "Microsoft.Network/routeTables/delete",
                            "Microsoft.Network/serviceEndpointPolicies/delete",
                            "Microsoft.Network/trafficManagerProfiles/delete",
                            "Microsoft.Network/virtualNetworkGateways/delete",
                            "Microsoft.Network/loadBalancers/delete",
                            "Microsoft.Network/networkSecurityGroups/delete",
                            "Microsoft.Network/virtualNetworks/delete",
                            "Microsoft.Network/localNetworkGateways/delete",
                            "Microsoft.Network/applicationGateways/write",
                            "Microsoft.Network/dnsZones/write",
                            "Microsoft.Network/expressRouteCrossConnections/write",
                            "Microsoft.Network/expressRouteGateways/write",
                            "Microsoft.Network/expressRouteCircuits/write",
                            "Microsoft.Network/expressRoutePorts/write",
                            "Microsoft.Network/frontDoors/write",
                            "Microsoft.Network/networkWatchers/write",
                            "Microsoft.Network/routeFilters/write",
                            "Microsoft.Network/routeTables/write",
                            "Microsoft.Network/serviceEndpointPolicies/write",
                            "Microsoft.Network/trafficManagerProfiles/write",
                            "Microsoft.Network/virtualNetworkGateways/write",
                            "Microsoft.Network/loadBalancers/write",
                            "Microsoft.Network/networkSecurityGroups/write",
                            "Microsoft.Network/virtualNetworks/write",
                            "Microsoft.Network/localNetworkGateways/write",
                            "Microsoft.Blueprint/blueprintAssignments/write",
                            "Microsoft.Blueprint/blueprintAssignments/delete"
                        ],
                    "AssignableScopes": [ "/subscriptions/$($Subscription.Id)" ]
    }
"@
 | Out-File $JSONFile
                try {
                    $Result = New-AzRoleDefinition -InputFile $JSONFile -EA 1
                    Write-Log ($Result|Out-String).Trim() Green $LogFile
                } catch {
                    Write-Log 'Unable to deploy role',$RoleName,'defintion in subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow $LogFile
                    Write-log " $($_.Exception.Message)" Yellow $LogFile
                }
            }

        }
    } 

    End {  }
}

function Deploy-AzPolicy {

# Requires -Modules AZ
# Requires -Version 5

<#
 .SYNOPSIS
  Function to deploy custom RBAC role definitions in one or more Azure subscriptions
 
 .DESCRIPTION
  Function to deploy custom RBAC role definitions in one or more Azure subscriptions
  This function uses and depends on Az PowerShell module available in the PowerShell gallery
  This function expects to be authenticated to Azure before it's invoked (Connect-AzAccount)
 
 .PARAMETER SubscriptionId
  One or more Azure subscription Ids such as 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
  Deploy-AzPolicy -SubscriptionId 'abcdabcd-abcd-abcd-abcd-abcdabcdabcd'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 May 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String[]]$SubscriptionId,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Deploy-AzPolicy - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {
        try {
            $AllSubscriptionList = Get-AzSubscription -EA 1 
        } catch {
            Write-Log 'Unable to list subscriptions','are we using AZ module and logged on to Azure?' Magenta,Yellow $LogFile
            break
        } 
        if ($SubscriptionList = $SubscriptionId | where { $_ -in $AllSubscriptionList.Id } | select -Unique) {
            $SubscriptionList = $SubscriptionList | foreach { Get-AzSubscription -SubscriptionId $_ }
            Write-Log 'The following',$SubscriptionList.Count,'subscriptions are found under the current tenant:' Green,Cyan,Green $LogFile
            Write-Log ($SubscriptionList.Name | Out-String).Trim() Cyan $LogFile
        } else {
            Write-Log 'The provided subscription Id(s)','are not found under the current tenant' Magenta,Yellow $LogFile
            break
        }
    }

    Process {        
        foreach ($Subscription in $SubscriptionList) {
            $Subscription | Set-AzContext | Out-Null  
            $JSONFile = New-TemporaryFile

            #region Network Admin
            # Putting the subscription Id in the Role definition name since they must be all unique in AAD !!??
            $RoleName = "Azure Network Admin ($($Subscription.Id.ToCharArray()[-8..-1] -join ''))"
@"
            {
                "Name": "$RoleName",
                "Description": "Manage (Add/modify/delete) network resources",
                "Actions": [
                                "Microsoft.Network/*",
                                "Microsoft.Compute/*/read",
                                "Microsoft.Resources/deployments/*",
                                "Microsoft.Resources/deployments/validate/action",
                                "Microsoft.Resources/subscriptions/resourceGroups/read",
                                "Microsoft.Support/*"
                            ],
                "NotActions": [ ],
                "AssignableScopes": [ "/subscriptions/$($Subscription.Id)" ]
            }
"@
 | Out-File $JSONFile
            try {
                $Result = New-AzRoleDefinition -InputFile $JSONFile -EA 1
                Write-Log ($Result|Out-String).Trim() Green $LogFile
            } catch {
                Write-Log 'Unable to deploy role',$RoleName,'defintion in subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow $LogFile
                Write-log " $($_.Exception.Message)" Yellow $LogFile
            }
            
            #endregion

            #region Infra Admin
            # Putting the subscription Id in the Role definition name since they must be all unique in AAD !!??
            $RoleName = "Azure Infra Admin ($($Subscription.Id.ToCharArray()[-8..-1] -join ''))"
@"
            {
                "Name": "$RoleName",
                "IsCustom": true,
                "Description": "Access to (Create/Modify/Delete) all Resources except Networking and User Access administration",
                "Actions": [ "*" ],
                "NotActions": [
                        "Microsoft.Authorization/*/Delete",
                        "Microsoft.Authorization/*/Write",
                        "Microsoft.Authorization/elevateAccess/Action",
                        "Microsoft.Network/applicationGateways/delete",
                        "Microsoft.Network/dnsZones/delete",
                        "Microsoft.Network/expressRouteCrossConnections/delete",
                        "Microsoft.Network/expressRouteGateways/delete",
                        "Microsoft.Network/expressRouteCircuits/delete",
                        "Microsoft.Network/expressRoutePorts/delete",
                        "Microsoft.Network/frontDoors/delete",
                        "Microsoft.Network/networkWatchers/delete",
                        "Microsoft.Network/routeFilters/delete",
                        "Microsoft.Network/routeTables/delete",
                        "Microsoft.Network/serviceEndpointPolicies/delete",
                        "Microsoft.Network/trafficManagerProfiles/delete",
                        "Microsoft.Network/virtualNetworkGateways/delete",
                        "Microsoft.Network/loadBalancers/delete",
                        "Microsoft.Network/networkSecurityGroups/delete",
                        "Microsoft.Network/virtualNetworks/delete",
                        "Microsoft.Network/localNetworkGateways/delete",
                        "Microsoft.Network/applicationGateways/write",
                        "Microsoft.Network/dnsZones/write",
                        "Microsoft.Network/expressRouteCrossConnections/write",
                        "Microsoft.Network/expressRouteGateways/write",
                        "Microsoft.Network/expressRouteCircuits/write",
                        "Microsoft.Network/expressRoutePorts/write",
                        "Microsoft.Network/frontDoors/write",
                        "Microsoft.Network/networkWatchers/write",
                        "Microsoft.Network/routeFilters/write",
                        "Microsoft.Network/routeTables/write",
                        "Microsoft.Network/serviceEndpointPolicies/write",
                        "Microsoft.Network/trafficManagerProfiles/write",
                        "Microsoft.Network/virtualNetworkGateways/write",
                        "Microsoft.Network/loadBalancers/write",
                        "Microsoft.Network/networkSecurityGroups/write",
                        "Microsoft.Network/virtualNetworks/write",
                        "Microsoft.Network/localNetworkGateways/write",
                        "Microsoft.Blueprint/blueprintAssignments/write",
                        "Microsoft.Blueprint/blueprintAssignments/delete"
                    ],
                "AssignableScopes": [ "/subscriptions/$($Subscription.Id)" ]
}
"@
 | Out-File $JSONFile
            try {
                $Result = New-AzRoleDefinition -InputFile $JSONFile -EA 1
                Write-Log ($Result|Out-String).Trim() Green $LogFile
            } catch {
                Write-Log 'Unable to deploy role',$RoleName,'defintion in subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow $LogFile
                Write-log " $($_.Exception.Message)" Yellow $LogFile
            }
            #endregion

        }
    } 

    End { 
    
    }
}

function Assign-AzPolicy {

# Requires -Modules AZ
# Requires -Version 5

<#
 .SYNOPSIS
  Function to assign an Azure Policy definition to an Azure subscription scope
 
 .DESCRIPTION
  Function to assign an Azure Policy definition to an Azure subscription scope
  This function uses and depends on Az PowerShell module available in the PowerShell gallery
  This function expects to be authenticated to Azure before it's invoked (Connect-AzAccount)
 
 .PARAMETER Subscription
  Azure subscription object obtained from Get-AzSubscription Cmdlet of the Az PS module
 
 .PARAMETER PolicyDefinition
  PS Custom object obtained from New-AzPolicyDefinition Cmdlet of the Az PS module
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Connect-AzAccount
    $Subscription = Get-AzSubscription -SubscriptionName 'My Subscription Name here'
    $PolicyName = 'Policy (Standardization) > Resource Group names start with AZ-'
    # '1234567890123456789012345678901234567890123456789012345678901234' 64 characters max
    $ParameterSet = @{
        Name = $PolicyName
        DisplayName = $PolicyName
        Description = $PolicyName
        Mode = 'All'
        Policy = @'
            {
                "if": {
                    "allOf": [
                        {
                            "field": "type",
                            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
                        },
                        {
                            "not": {
                                "field": "name",
                                "Like": "AZ-*"
                            }
                        },
                    ]
                },
                "then": {
                    "effect": "deny"
                }
            }
'@
        ErrorAction = 1
    }
    $PolicyDefinition = New-AzPolicyDefinition @ParameterSet
    AssignAzPolicy -Subscription $Subscription -PolicyDefinition $PolicyDefinition
 
 .OUTPUTS
    TypeName: System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    Name NoteProperty string Name=test Policy (Standardization) start with AZ-
    PolicyAssignmentId NoteProperty string PolicyAssignmentId=/subscriptions/f0caexxxx142/providers/Microsoft.Authorization/policyAssignmen...
    Properties NoteProperty System.Management.Automation.PSCustomObject Properties=@{displayName=test Policy (Standardization) start with AZ-; policyDefini...
    ResourceId NoteProperty string ResourceId=/subscriptions/f0caexxxxx142/providers/Microsoft.Authorization/policyAssignments/test ...
    ResourceName NoteProperty string ResourceName=test Policy (Standardization) start with AZ-
    ResourceType NoteProperty string ResourceType=Microsoft.Authorization/policyAssignments
    Sku NoteProperty System.Management.Automation.PSCustomObject Sku=@{name=A0; tier=Free}
    SubscriptionId NoteProperty string SubscriptionId=f0caexxxxx142
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 5 June 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][Microsoft.Azure.Commands.Profile.Models.PSAzureSubscription]$Subscription,
        [Parameter(Mandatory=$true)][PSCustomObject]$PolicyDefinition,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Assign-AzPolicy - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { }

    Process {                
        $ParameterSet = @{
            Name             = $PolicyDefinition.Name 
            DisplayName      = $PolicyDefinition.Name  
            Description      = $PolicyDefinition.Name  
            Scope            = "/subscriptions/$($Subscription.Id)"
            PolicyDefinition = $PolicyDefinition 
            ErrorAction      = 1
        }
        try {
            New-AzPolicyAssignment @ParameterSet 
            Write-Log 'Assigned policy definition',$PolicyDefinition.Name,'in subscription',$Subscription.Name,'to scope',"/subscriptions/$($Subscription.Id)" Green,Cyan,Green,Cyan,Green,Cyan $LogFile
        } catch {
            Write-Log 'Unable to assign policy definition',$PolicyDefinition.Name,'to scope',"/subscriptions/$($Subscription.Id)",'for subscription',$Subscription.Name Magenta,Yellow,Magenta,Yellow,Magenta,Yellow $LogFile
            Write-Log $_.Exception.Message Yellow $LogFile
        }
    } 

    End { }
}

function Test-AzVMConnection {

# Requires -Modules Az
# Requires -Version 5

<#
 .SYNOPSIS
  Function to test TCP connectivity between 2 Azure VMs over one or more ports
 
 .DESCRIPTION
  Function to test TCP connectivity between 2 Azure VMs over one or more ports
  This function uses Az PowerShell module available in the PowerShell gallery
  This function will display color-coded console output similar to:
    Testing connectivity from AZ-Jump1-VM (10.5.255.164) to AZ-myApp1SQL-VM (10.6.2.4)
        TCP Port 111 failed
        TCP Port 135 failed
        TCP Port 22 failed
        TCP Port 3389 passed
        TCP Port 25 failed
        TCP Port 80 failed
        TCP Port 443 failed
        TCP Port 5985 passed
        TCP Port 5986 failed
  This function will test connectivity from/to private IPs only not public IPs
  If a source or target VMs has more than 1 NIC, all NICs will be tested
 
 .PARAMETER FromVM
  This is the source VM. This object can be obtained via the Get-AzVM cmdlet
 
 .PARAMETER ToVM
  This is the target VM. This object can be obtained via the Get-AzVM cmdlet
 
 .PARAMETER TCPPortList
  One or more TCP ports.
  If not provided the following ports will be tested:
    TCP Port 111 ==> Linux VM connectivity
    TCP Port 135 ==> Windows VM connectivity
    TCP Port 22 ==> SSH
    TCP Port 3389 ==> RDP
    TCP Port 25 ==> SMTP
    TCP Port 80 ==> HTTP
    TCP Port 443 ==> HTTPS
    TCP Port 5985 ==> PS Remoting (WinRM) over HTTP
    TCP Port 5986 ==> PS Remoting (WinRM) over HTTPS
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
   Test-AzVMConnection -FromVM (Get-AzVM -Name AZ-Jump1-VM) -ToVM (Get-AzVM -Name AZ-myApp1SQL-VM)
 
 .OUTPUTS
  This function returns a PS Custom object similar to:
    SourceComputer SourceIP TargetComputer TargetIP TCPPort CanConnect
    -------------- -------- -------------- -------- ------- ----------
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 111 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 135 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 22 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 3389 True
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 25 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 80 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 443 False
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 5985 True
    AZ-Jump1-VM 10.5.255.164 AZ-myApp1SQL-VM 10.6.2.4 5986 False
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 June 2019
 
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][Microsoft.Azure.Commands.Compute.Models.PSVirtualMachine]$FromVM,
        [Parameter(Mandatory=$true)][Microsoft.Azure.Commands.Compute.Models.PSVirtualMachine]$ToVM,
        [Parameter(Mandatory=$false)][Int[]]$TCPPortList = @(111,135,22,3389,25,80,443,5985,5986),
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Test-AzVMConnection - $FromVM - $ToVM - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { }

    Process {
        $TempFile = New-TemporaryFile 
        $FromInterfaceNameList = $FromVM.NetworkProfile.NetworkInterfaces.Id | foreach { Split-Path $_ -Leaf }
        $myOutput = foreach ($FromInterfaceName in $FromInterfaceNameList) {
            $FromPrivateIP = (Get-AzNetworkInterface -ResourceGroupName $FromVM.ResourceGroupName -Name $FromInterfaceName).IpConfigurations.PrivateIpAddress
            $ToInterfaceNameList = $ToVM.NetworkProfile.NetworkInterfaces.Id | foreach { Split-Path $_ -Leaf }
            foreach ($ToInterfaceName in $ToInterfaceNameList) {
                $ToPrivateIP = (Get-AzNetworkInterface -ResourceGroupName $ToVM.ResourceGroupName -Name $ToInterfaceName).IpConfigurations.PrivateIpAddress
                Write-Log 'Testing connectivity from',"$($FromVM.Name) ($FromPrivateIP)","to $($ToVM.Name) ($ToPrivateIP)" DarkYellow,Green,Cyan $LogFile 
                foreach ($Port in $TCPPortList) {
                    "Test-SBNetConnection -ComputerName $ToPrivateIP -Port $Port -WA 0" | Out-File $TempFile  
                    $Result = Invoke-AzVMRunCommand -ResourceGroupName $FromVM.ResourceGroupName -Name $FromVM.Name -CommandId 'RunPowerShellScript' -ScriptPath $TempFile
                    if ($Result.Value[0].Message -match 'True') {
                        Write-Log " TCP Port $Port".PadRight(20,' '),'passed' Green,Cyan $LogFile
                        [PSCustomObject]@{
                            SourceComputer = $FromVM.Name
                            SourceIP       = $FromPrivateIP
                            TargetComputer = $ToVM.Name
                            TargetIP       = $ToPrivateIP
                            TCPPort        = $Port
                            CanConnect     = $true
                        }
                    } else {
                        Write-Log " TCP Port $Port".PadRight(20,' '),"failed $($Result.Value[1].Message)" Green,Yellow $LogFile
                        [PSCustomObject]@{
                            SourceComputer = $FromVM.Name
                            SourceIP       = $FromPrivateIP
                            TargetComputer = $ToVM.Name
                            TargetIP       = $ToPrivateIP
                            TCPPort        = $Port
                            CanConnect     = $false
                        }
                    } 
                }
            }
        }
    } 

    End { $myOutput } 
    
}

function Fix-Json {
<#
 .SYNOPSIS
  Function to fix bug with ConvertTo-Json where nested object appear as a hash table - see example
 
 .DESCRIPTION
  Function to fix bug with ConvertTo-Json where nested object appear as a hash table - see example
 
 .PARAMETER FilePath
  Path to JSON File. This is expected to be a file similar in syntax to the example below.
 
 .EXAMPLE
@'
{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "ApplicationName": {
            "type": "string",
            "maxLength": 3,
            "metadata": {
                "description": "my desc"
            }
        },
        "plan_name": {
            "type": "String"
        }
    },
    "variables": {
        "resourceNames": {
            "name": "EDSENDGRID06",
            "commonResourceGroup": "[tolower(concat(parameters('ApplicationName'),'-',parameters('Environment'),'-',parameters('shortlocation'),'-',parameters('tenant'),'-rgp-','01'))]"
        },
        "TemplateURLs": {
            "sendgrid": "[concat(parameters('artifacts_baseUri'),'/ArmTemplates/master/Public/lib/linkedTemplates/sendgrid.json')]"
        }
    }
}
'@ | ConvertFrom-Json | ConvertTo-Json
 
    This shows the bug where the 'metadata' object is not represented properly:
        "metadata": "@{description=my desc}"
    instead of it should be:
        "metadata": {
            "description": "my desc"
        }
    as seen in the source input.
 
    This function fixes this issue as in:
$TempFile = New-TemporaryFile
@'
{
    "$schema": "https://schema.management.azure.com/schemas/2018-05-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "ApplicationName": {
            "type": "string",
            "maxLength": 3,
            "metadata": {
                "description": "my desc"
            }
        },
        "plan_name": {
            "type": "String"
        }
    },
    "variables": {
        "resourceNames": {
            "name": "EDSENDGRID06",
            "commonResourceGroup": "[tolower(concat(parameters('ApplicationName'),'-',parameters('Environment'),'-',parameters('shortlocation'),'-',parameters('tenant'),'-rgp-','01'))]"
        },
        "TemplateURLs": {
            "sendgrid": "[concat(parameters('artifacts_baseUri'),'/ArmTemplates/master/Public/lib/linkedTemplates/sendgrid.json')]"
        }
    }
}
'@ | ConvertFrom-Json | ConvertTo-Json | Out-File $TempFile
Fix-Json $TempFile
 
 .LINK
  https://superwidgets.wordpress.com/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 17 July 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,ValueFromPipeLine=$true,ValueFromPipeLineByPropertyName=$true)]
            [ValidateScript({Test-Path $_})][String]$FilePath
    )

    Begin { }

    Process {
        $myOutput = foreach ($Line in (Get-Content $FilePath)) {
            if ($Line -match '@') {
                Write-Log 'Fixing bad line',$Line Green,Cyan 
                $Indent = $Line.Split('"')[0].ToCharArray().Count 
                "$($Line.Split('"')[0])""$($Line.Split('"')[1])""$($Line.Split('"')[2]){"               # Line 1
                $Temp = $Line.Split('"')[3].replace('@','').replace('{','').replace('}','')
                ' ' * ($Indent + 4) + '"' + $Temp.Split('=')[0] + '": "' + $Temp.Split('=')[1] + '"'    # Line 2
                ' ' * $Indent + "}"                                                                     # Line 3
            } else {
                $Line
            }
        }
    }

    End { $myOutput }
}

function Azure-PFC {

<#
    Function used internally in AZSBTools PowerShell module,
    do perform the following basic validations for functions using Azure:
        - Validate/Install AZ PowerShell module
        - Validate connection to Azure
        - Validate Azure subscription (if SubscriptionId is provided)
    Function returns $true if all checks pass or $false if any of the checks fail
    Function by Sam Boutros - samb@townsware.com
    11 February 2020
 
#>

    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$false)][String]$SubscriptionId,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Azure-PFC - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { $Go = $true }

    Process {   
                 
        #region Validate/Install AZ PowerShell module
        if (Get-Module AZ.* -ListAvailable) { 
            Write-Log 'Validated AZ module' Green $LogFile
        } else {
            Write-Log 'AZ PowerShell module is not installed, installing from the PowerShell Gallery..' Yellow $LogFile -NoNewLine
            try {
                Install-Module AZ -Scope CurrentUser -AllowClobber -Force -SkipPublisherCheck -EA 1 
                if (Get-Module AZ.* -ListAvailable) { 
                    Write-Log 'done' Green $LogFile 
                } else { 
                    Write-Log 'failed' Magenta $LogFile
                    $Go = $false 
                }
            } catch {
                Write-Log 'failed' Magenta $LogFile
                $Go = $false
            }
        }
        #endregion

        #region Validate connection to Azure
        if (Get-AzSubscription) { 
            $AzContext = Get-AzContext 
            Write-Log ' Connected to subscription',($AzContext.Name).Split('(')[0].Trim(),'Id',$AzContext.Subscription,'as',$AzContext.Account Green,Cyan,Green,Cyan,Green,Cyan $LogFile
        } else {
            Write-Log 'You need to be connected to Azure before invoking this function. Use "Login-AzAccount"' Yellow $LogFile
            $Go = $false
        }
        #endregion

        #region Validate Azure subscription (if SubscriptionId is provided)
        if ($SubscriptionId) {
            try {
                Get-AzSubscription -SubscriptionId $SubscriptionId -WA 0 -EA 1 | Set-AzContext | Out-Null 
                $AzContext = Get-AzContext 
                Write-Log 'Now connected to subscription',($AzContext.Name).Split('(')[0].Trim(),'Id',$AzContext.Subscription,'as',$AzContext.Account Green,Cyan,Green,Cyan,Green,Cyan $LogFile
            } catch {
                Write-Log 'Unable to find SubcriptionId',$SubscriptionId Magenta,Yellow $LogFile
                Write-Log 'Available subscriptions:' Yellow $LogFile
                Write-Log (Get-AzSubscription|Out-String).Trim() Yellow $LogFile
                $Go = $false
            }
        }
        #endregion

    } 

    End { $Go }
}

function Deploy-ARMVnet {

<#
 .SYNOPSIS
  Function to Deploy Vnet to Azure subscription via ARM template
 
 .DESCRIPTION
  Function to Deploy Vnet to Azure subscription via ARM template
  This function requires PowerShell version 5 and AZ PowerShell module.
  This function uses API version 2019-09-01 which addresses the issue
  of having to make each subnet dependent on prior subnets - see
  https://github.com/Azure/azure-powershell/issues/1817
  Caution:
  Although ARM templates are deployed in 'incremental mode' by default -
  (https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-modes),
  where resources in the template are added to the resource group,
  without deleting resources not specified in the ARM template.
  However, Subnets are considered part of the Vnet resource,
  meaning that this script may delete existing subnets, and
  only subnets specified in the input of this function will remain.
  This function will display verbose details during Template processing.
 
 .PARAMETER SubscriptionId
  Azure subscription Id that can be obtained from Get-AzSubscription Cmdlet of the Az PS module
  This is an optional parameter. If specified, this function will change context to deploy in the specified subscription.
 
 .PARAMETER ResourceGroupName
  Name of the Resource Group where the Vnet will be deployed
 
 .PARAMETER AzureLocation
  Name of the Azure Location where the Vnet will be deployed
  For a list of Azure locations use: "(Get-AzLocation).Location"
  Example: westus
 
 .PARAMETER VnetName
  Name of the Vnet to deploy, example: "Picard_Hub_Vnet"
 
 .PARAMETER VnetPrefix
  IPv4 address space for this Vnet in CIDR notation, example: "10.11.0.0/16"
 
 .PARAMETER DdosProtection
  This is a switch that defaults to False.
  The False setting enables 'Basic DDoS Protection'
  The True setting enables 'Standard DDoS Protection'
  See https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview for more details
 
 .PARAMETER ShowTemplate
  This is a switch that defaults to False.
  When set to True, this function will display the resulting ARM template in notepad and
  will also make it part of the script log file
 
 .PARAMETER SubnetList
  This is an optional parameter that has information on one or more subnets to be provisioned within this Vnet.
  Only Subnets listed here will remain in the Vnet when this function is invoked.
  For example, if subnets sub1 and sub2 are specified here, and the Vnet exists with subnets sub1 and sub3,
  when this function is invoked sub3 will be deleted and sub2 will be added.
  If no value is provided for this parameter, all existing subnets will be removed from this Vnet.
  Example (1 subnet):
    $SubnetList = @{ Name = 'Hub_Gateway_Subnet'; Prefix = '10.11.0.0/27' }
  Example (3 subnets):
    $SubnetList = @(
        @{ Name = 'Hub_Gateway_Subnet'; Prefix = '10.11.0.0/27' }
        @{ Name = 'Hub_NVA_Subnet'; Prefix = '10.11.0.32/27' }
        @{ Name = 'Hub_Infra_Subnet'; Prefix = '10.11.0.64/27' }
    )
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Connect-AzAccount # To connect to Azure tenant
    $Subscription = Get-AzSubscription -SubscriptionName 'My Subscription Name here'
    $ParameterSet = @{
        SubscriptionId = $Subscription.Id
        ResourceGroupName = 'MyOrg_Hub_RG'
        AzureLocation = 'centralus'
        VnetName = 'MyOrg_Hub_Vnet'
        VnetPrefix = '10.11.0.0/16'
        SubnetList = @(
            @{ Name = 'Hub_Gateway_Subnet'; Prefix = '10.11.0.0/27' }
            @{ Name = 'Hub_NVA_Subnet'; Prefix = '10.11.0.32/27' }
            @{ Name = 'Hub_Infra_Subnet'; Prefix = '10.11.0.64/27' }
        )
        DdosProtection = $false
        ShowTemplate = $true
    }
    Deploy-ARMVnet @ParameterSet
 
 .OUTPUTS
    None
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 11 February 2020
#>


    [CmdletBinding(ConfirmImpact='High')] 
    Param(
        [Parameter(Mandatory=$false, HelpMessage='Azure Subscription Id, Use "help Deploy-ARMVnet -Show" for more details')]
            [String]$SubscriptionId,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Resource Group where this Vnet will be deployed, example: "Picard_Hub_RG"')]
            [String]$ResourceGroupName,
        [Parameter(Mandatory=$true, HelpMessage='For a list of Azure locations use: "(Get-AzLocation).Location"')]
            [String]$AzureLocation,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Vnet to deploy, example: "Picard_Hub_Vnet"')]
            [String]$VnetName,
        [Parameter(Mandatory=$true, HelpMessage='IPv4 address space for this Vnet in CIDR notation, example: "10.11.0.0/16"')]
            [String]$VnetPrefix,
        [Parameter(Mandatory=$false, HelpMessage='True or False, Use "help Deploy-ARMVnet -Show" for more details')]
            [Switch]$DdosProtection = $false,
        [Parameter(Mandatory=$false, HelpMessage='True or False, Use "help Deploy-ARMVnet -Show" for more details')]
            [Switch]$ShowTemplate = $false,
        [Parameter(Mandatory=$false, HelpMessage='One or more Subnets, Use "help Deploy-ARMVnet -Show" to see example')]
            [Hashtable[]]$SubnetList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Deploy-ARMVnet - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        if (-not (Azure-PFC -SubscriptionId $SubscriptionId -LogFile $LogFile)) { break }
    }

    Process {                
        try {
            New-AzResourceGroup -Name $ResourceGroupName -Location $AzureLocation -Force -EA 1 | Out-Null
            Write-Log 'Created/Validated Resource Group',$ResourceGroupName Green,Cyan $LogFile
        } catch {
            Write-Log 'Failed to create Resource Group',$ResourceGroupName Magenta,Yellow $LogFile; break
        }

        #region Build ARM template
        $TemplateFile = New-TemporaryFile 
        @'
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
'@
 | Out-File $TemplateFile 
        @"
    "parameters": {
        "vnetName": {
            "type": "string",
            "DefaultValue": "$VnetName",
        },
        "location": {
            "type": "string",
            "DefaultValue": "$AzureLocation",
        },
        "resourceGroup": {
            "type": "string",
            "DefaultValue": "$ResourceGroupName",
        },
        "vnetAddressPrefix": {
            "type": "string",
            "DefaultValue": "$VnetPrefix",
        },
        "enableDdosProtection": {
            "type": "bool",
            "DefaultValue": $(if ($DdosProtection) { 'true' } else { 'false' }),
        },
"@
 | Out-File $TemplateFile -Append
        $n = 0
        foreach ($Subnet in $SubnetList) {
            $n++
            @"
        "subnet$($n)Name": {
            "type": "string",
            "DefaultValue": "$($Subnet.Name)",
        },
        "subnet$($n)Prefix": {
            "type": "string",
            "DefaultValue": "$($Subnet.Prefix)",
        },
"@
 | Out-File $TemplateFile -Append
        }
        @"
    },
    "resources": [
        {
            "apiVersion": "2019-09-01",
            "name": "[parameters('vnetName')]",
            "type": "Microsoft.Network/virtualNetworks",
            "location": "[parameters('location')]",
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "[parameters('vnetAddressPrefix')]"
                    ]
                },
                "subnets": [
"@
 | Out-File $TemplateFile -Append
        $n = 0
        foreach ($Subnet in $SubnetList) {
            $n++
                @"
                    {
                        "name": "[parameters('subnet$($n)Name')]",
                        "properties": {
                            "addressPrefix": "[parameters('subnet$($n)Prefix')]",
                            "addressPrefixes": []
                        }
                    },
"@
 | Out-File $TemplateFile -Append
        }
        @"
                ],
                "enableDdosProtection": "[parameters('enableDdosProtection')]"
            }
        }
    ]
}
"@
 | Out-File $TemplateFile -Append
        #endregion

        if ($ShowTemplate) {
            Write-Log (Get-Content $TemplateFile | Out-String) Green $LogFile
            notepad $TemplateFile
        }

        try {
            New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $TemplateFile -Verbose -EA 1 | Out-Null
        } catch {
            Write-Log 'failed' Magenta $LogFile
            Write-Log $_.Exception.Message Yellow $LogFile
        }
    } 

    End { }
}

function Deploy-ARMNIC {

<#
 .SYNOPSIS
  Function to Deploy a network interface to Azure subscription via ARM template
 
 .DESCRIPTION
  Function to Deploy network interface to Azure subscription via ARM template
  This function requires PowerShell version 5 and AZ PowerShell module.
  This is typically done before deploying a VM (Virtual Machine)
  This function will display verbose details during Template processing.
 
 .PARAMETER SubscriptionId
  Azure subscription Id that can be obtained from Get-AzSubscription Cmdlet of the Az PS module
  This is a required parameter. This function will change context to deploy in the specified subscription.
 
 .PARAMETER ResourceGroupName
  Name of the Resource Group where the NIC will be deployed
 
 .PARAMETER AzureLocation
  Name of the Azure Location where the NIC will be deployed
  NIC must be deployed in the same Azure location where the VNet is
  For a list of Azure locations use: "(Get-AzLocation).Location"
  Example: westus
 
 .PARAMETER NICName
  Name of the NIC to deploy, example: "Picard-DC01-NIC"
 
 .PARAMETER VnetName
  Name of the Vnet to deploy this NIC into, example: "Picard_Hub_Vnet"
 
 .PARAMETER SubnetName
  Name of the Subnet to deploy this NIC into, example: "Hub_Infra_Subnet"
 
 .PARAMETER ShowTemplate
  This is a switch that defaults to False.
  When set to True, this function will display the resulting ARM template in notepad and
  will also make it part of the script log file
 
 .PARAMETER TagList
  Zero or more tags, each in a hashtable containing Name and Value keys - see example below
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Connect-AzAccount # To connect to Azure tenant
    $Subscription = Get-AzSubscription -SubscriptionName 'My Subscription Name here'
    $ParameterSet = @{
        SubscriptionId = $Subscription.Id
        ResourceGroupName = 'Picard_Hub_RG'
        AzureLocation = 'centralus'
        NICName = 'Picard-DC01-NIC'
        VnetName = 'Picard_Hub_Vnet'
        SubnetName = 'Hub_Infra_Subnet'
        ShowTemplate = $true
        TagList = @(
            @{ Name = 'Owner'; Value = 'Sam Boutros' }
            @{ Name = 'CostCenter'; Value = 'My Azure Demo' }
            @{ Name = 'DateProvisioned'; Value = $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt') }
        )
    }
    Deploy-ARMNIC @ParameterSet
 
 .OUTPUTS
    None
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 12 February 2020
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true, HelpMessage='Azure Subscription Id, Use "help Deploy-ARMNIC -Show" for more details')]
            [String]$SubscriptionId,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Resource Group where this NIC will be deployed, example: "Picard_Hub_RG"')]
            [String]$ResourceGroupName,
        [Parameter(Mandatory=$true, HelpMessage='For a list of Azure locations use: "(Get-AzLocation).Location"')]
            [String]$AzureLocation,
        [Parameter(Mandatory=$true, HelpMessage='Name of the NIC to deploy, example: "Picard-DC01-NIC"')]
            [String]$NICName,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Vnet to attach this NIC to, example: "Picard_Hub_Vnet"')]
            [String]$VnetName,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Subnet to attach this NIC to, example: "Hub_Infra_Subnet"')]
            [String]$SubnetName,
        [Parameter(Mandatory=$false, HelpMessage='True or False, Use "help Deploy-ARMNIC -Show" for more details')]
            [Switch]$ShowTemplate = $false,
        [Parameter(Mandatory=$false, HelpMessage='One or more Tags, Use "help Deploy-ARMNIC -Show" to see example')]
            [Hashtable[]]$TagList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Deploy-ARMNIC - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        if (-not (Azure-PFC -SubscriptionId $SubscriptionId -LogFile $LogFile)) { break }
    }

    Process {                
        try {
            New-AzResourceGroup -Name $ResourceGroupName -Location $AzureLocation -Force -EA 1 | Out-Null
            Write-Log 'Created/Validated Resource Group',$ResourceGroupName Green,Cyan $LogFile
        } catch {
            Write-Log 'Failed to create Resource Group',$ResourceGroupName Magenta,Yellow $LogFile; break
        }

        #region Build ARM template
        $TemplateFile = New-TemporaryFile 
        @'
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
'@
 | Out-File $TemplateFile 
        @"
    "parameters": {
        "networkInterfaceName": {
            "type": "string",
            "defaultvalue": "$NICName"
        },
        "location": {
            "type": "string",
            "defaultvalue": "$AzureLocation"
        },
        "subnetId": {
            "type": "string",
            "defaultvalue": "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Network/virtualNetworks/$VnetName/subnets/$SubnetName"
        },
        "privateIPAllocationMethod": {
            "type": "string",
            "defaultvalue": "Dynamic"
        }
    },
    "resources": [
        {
            "name": "[parameters('networkInterfaceName')]",
            "type": "Microsoft.Network/networkInterfaces",
            "apiVersion": "2019-07-01",
            "location": "[parameters('location')]",
            "dependsOn": [],
            "properties": {
                "ipConfigurations": [
                    {
                        "name": "ipconfig1",
                        "properties": {
                            "privateIpAddressVersion": "IPv4",
                            "privateIPAllocationMethod": "[parameters('privateIPAllocationMethod')]",
                            "subnet": {
                                "id": "[parameters('subnetId')]"
                            }
                        }
                    }
                ]
            },
"@
 | Out-File $TemplateFile -Append
        if ($TagList) {
            @'
            "tags": {
'@
 | Out-File $TemplateFile -Append
            foreach ($Tag in $TagList) {
                @"
                "$($Tag.Name)": "$($Tag.Value)",
"@
 | Out-File $TemplateFile -Append
            }
            @'
            }
'@
 | Out-File $TemplateFile -Append            
        }
@"
        }
    ]
}
"@
 | Out-File $TemplateFile -Append
        #endregion

        if ($ShowTemplate) {
            Write-Log (Get-Content $TemplateFile | Out-String) Green $LogFile
            notepad $TemplateFile
        }

        try {
            New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $TemplateFile -Verbose -EA 1 | Out-Null
        } catch {
            Write-Log 'failed' Magenta $LogFile
            Write-Log $_.Exception.Message Yellow $LogFile
        }
    } 

    End { }
}

function Deploy-ARMStorageAccount {

<#
 .SYNOPSIS
  Function to Deploy a Storage Account to Azure subscription via ARM template
 
 .DESCRIPTION
  Function to Deploy Storage Account to Azure subscription via ARM template
  This function requires PowerShell version 5 and AZ PowerShell module.
  This is typically done before deploying a VM (Virtual Machine)
  This function will display verbose details during Template processing.
 
 .PARAMETER SubscriptionId
  Azure subscription Id that can be obtained from Get-AzSubscription Cmdlet of the Az PS module
  This is an optional parameter. This function will change context to deploy in the specified subscription.
 
 .PARAMETER ResourceGroupName
  Name of the Resource Group where the Storage Account will be deployed
 
 .PARAMETER AzureLocation
  Name of the Azure Location where the Storage Account will be deployed
  For a list of Azure locations use: "(Get-AzLocation).Location"
  Example: westus
 
 .PARAMETER storageAccountName
  Name of the Storage Account to deploy, example: "picard02122020"
  Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only.
  Storage account name must be unique within Azure. No two storage accounts can have the same name.
  See https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview#naming-storage-accounts
 
 .PARAMETER storageAccountType
  As of 12 February 2020, this can be either:
    Premium_LRS
    Premium_ZRS
    Standard_LRS
    Standard_ZRS
    Standard_GRS
    Standard_RAGRS
  This is an optional parameter that defaults to Standard_LRS
 
 .PARAMETER storageAccountKind
  As of 12 February 2020, this can be either:
    BlobStorage
    BlockBlobStorage
    FileStorage
    Storage
    StorageV2
  This is an optional parameter that defaults to StorageV2
 
 .PARAMETER ShowTemplate
  This is a switch that defaults to False.
  When set to True, this function will display the resulting ARM template in notepad and
  will also make it part of the script log file
 
 .PARAMETER TagList
  Zero or more tags, each in a hashtable containing Name and Value keys - see example below
 
 .PARAMETER LogFile
  This is an optional parameter that specifies the path to the log file where the script logs its progress
  This defaults to a file in the current folder where the script is running
 
 .EXAMPLE
    Connect-AzAccount # To connect to Azure tenant
    $Subscription = Get-AzSubscription -SubscriptionName 'My Subscription Name here'
    $ParameterSet = @{
        SubscriptionId = $Subscription.Id
        ResourceGroupName = 'Picard_Hub_RG'
        AzureLocation = 'centralus'
        storageAccountName = "picardhubdisks$(Get-Random -Minimum 111111 -Maximum 999999)"
        ShowTemplate = $true
        TagList = @(
            @{ Name = 'Owner'; Value = 'Sam Boutros' }
            @{ Name = 'CostCenter'; Value = 'My Azure Demo' }
            @{ Name = 'DateProvisioned'; Value = $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt') }
        )
    }
    Deploy-ARMStorageAccount @ParameterSet
 
 .OUTPUTS
    None
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 12 February 2020
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false, HelpMessage='Azure Subscription Id, Use "help Deploy-ARMStorageAccount -Show" for more details')]
            [String]$SubscriptionId,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Resource Group where this Storage Account will be deployed, example: "Picard_Hub_RG"')]
            [String]$ResourceGroupName,
        [Parameter(Mandatory=$true, HelpMessage='For a list of Azure locations use: "(Get-AzLocation).Location"')]
            [String]$AzureLocation,
        [Parameter(Mandatory=$true, HelpMessage='Name of the Storage Account to deploy, example: "picard02122020"')]
            [String]$storageAccountName,
        [Parameter(Mandatory=$false, HelpMessage='The type of storage account, example: "Standard_LRS"')]
            [ValidateSet('Premium_LRS','Premium_ZRS','Standard_LRS','Standard_ZRS','Standard_GRS','Standard_RAGRS')]
            [String]$storageAccountType = 'Standard_LRS',
        [Parameter(Mandatory=$false, HelpMessage='The kind of storage account, example: "StorageV2"')]
            [ValidateSet('BlobStorage','BlockBlobStorage','FileStorage','Storage','StorageV2')]
            [String]$storageAccountKind = 'StorageV2',
        [Parameter(Mandatory=$false, HelpMessage='True or False, Use "help Deploy-ARMStorageAccount -Show" for more details')]
            [Switch]$ShowTemplate = $false,
        [Parameter(Mandatory=$false, HelpMessage='One or more Tags, Use "help Deploy-ARMStorageAccount -Show" to see example')]
            [Hashtable[]]$TagList,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Deploy-ARMStorageAccount - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        if (-not (Azure-PFC -SubscriptionId $SubscriptionId -LogFile $LogFile)) { break }
    }

    Process {                
        try {
            New-AzResourceGroup -Name $ResourceGroupName -Location $AzureLocation -Force -EA 1 | Out-Null
            Write-Log 'Created/Validated Resource Group',$ResourceGroupName Green,Cyan $LogFile
        } catch {
            Write-Log 'Failed to create Resource Group',$ResourceGroupName Magenta,Yellow $LogFile; break
        }

        #region Build ARM template
        $TemplateFile = New-TemporaryFile 
        @'
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
'@
 | Out-File $TemplateFile 
        @"
    "parameters": {
        "location": {
            "type": "string",
            "defaultvalue": "$AzureLocation"
        },
        "storageAccountName": {
            "type": "string",
            "defaultvalue": "$storageAccountName"
        },
        "storageAccountType": {
            "type": "string",
            "defaultvalue": "$storageAccountType"
        },
        "storageAccountKind": {
            "type": "string",
            "defaultvalue": "$storageAccountKind"
        }
    },
    "resources": [
        {
            "name": "[parameters('storageAccountName')]",
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2019-06-01",
            "location": "[parameters('location')]",
            "properties": {},
            "kind": "[parameters('storageAccountKind')]",
            "sku": {
                "name": "[parameters('storageAccountType')]"
            },
"@
 | Out-File $TemplateFile -Append
        if ($TagList) {
            @'
            "tags": {
'@
 | Out-File $TemplateFile -Append
            foreach ($Tag in $TagList) {
                @"
                "$($Tag.Name)": "$($Tag.Value)",
"@
 | Out-File $TemplateFile -Append
            }
            @'
            }
'@
 | Out-File $TemplateFile -Append            
        }
@"
        }
    ]
}
"@
 | Out-File $TemplateFile -Append
        #endregion

        if ($ShowTemplate) {
            Write-Log (Get-Content $TemplateFile | Out-String) Green $LogFile
            notepad $TemplateFile
        }

        try {
            New-AzResourceGroupDeployment -ResourceGroupName $ResourceGroupName -TemplateFile $TemplateFile -Verbose -EA 1 | Out-Null
        } catch {
            Write-Log 'failed' Magenta $LogFile
            Write-Log $_.Exception.Message Yellow $LogFile
        }
    } 

    End { }
}

#endregion

#region Core functions

function Function-Template {
<#
 .SYNOPSIS
  Function to return the Geographical location of an Internet IP address
 
 .DESCRIPTION
  Function to return the Geographical location of an Internet IP address
  This function depends on ip-api.com and ipinfo.io
 
 .PARAMETER Source
  One or more URLs
  This is an optional parameter. These URLs will be queried for WAN IP.
 
 .EXAMPLE
  Get-MyWANIP
 
 .OUTPUTS
  This cmdlet returns a System.Net.IPAddress object such as:
    Address : 1132553623
    AddressFamily : InterNetwork
    ScopeId :
    IsIPv6Multicast : False
    IsIPv6LinkLocal : False
    IsIPv6SiteLocal : False
    IsIPv6Teredo : False
    IsIPv4MappedToIPv6 : False
    IPAddressToString : 151.101.129.67
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 12 April 2020
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][IPAddress[]]$IPAddress = (Get-MyWANIP)
    )

    Begin {  }

    Process {      

    }

    End {  }
} 

function Write-Log {
<#
 .SYNOPSIS
  Function to log input string to file and display it to screen
 
 .DESCRIPTION
  Function to log input string to file and display it to screen.
  Log entries in the log file are time stamped.
  Function allows for displaying text to screen in different colors.
 
 .PARAMETER String
  The string to be displayed to the screen and saved to the log file
 
 .PARAMETER Color
  The color in which to display the input string on the screen
  Default is White
  16 valid options for [System.ConsoleColor] type are
    Black
    Blue
    Cyan
    DarkBlue
    DarkCyan
    DarkGray
    DarkGreen
    DarkMagenta
    DarkRed
    DarkYellow
    Gray
    Green
    Magenta
    Red
    White
    Yellow
 
 .PARAMETER LogFile
  Path to the file where the input string should be saved.
  Example: c:\log.txt
  If absent, the input string will be displayed to the screen only and not saved to log file
 
 .EXAMPLE
  Write-Log -String "Hello World" -Color Yellow -LogFile c:\log.txt
  This example displays the "Hello World" string to the console in yellow, and adds it as a new line to the file c:\log.txt
  If c:\log.txt does not exist it will be created.
  Log entries in the log file are time stamped. Sample output:
    2014.08.06 06:52:17 AM: Hello World
 
 .EXAMPLE
  Write-Log "$((Get-Location).Path)" Cyan
  This example displays current path in Cyan, and does not log the displayed text to log file.
 
 .EXAMPLE
  "$((Get-Process | select -First 1).name) process ID is $((Get-Process | select -First 1).id)" | Write-Log -color DarkYellow
  Sample output of this example:
    "MDM process ID is 4492" in dark yellow
 
 .EXAMPLE
  Write-Log 'Found',(Get-ChildItem -Path .\ -File).Count,'files in folder',(Get-Item .\).FullName Green,Yellow,Green,Cyan .\mylog.txt
  Sample output will look like:
    Found 520 files in folder D:\Sandbox - and will have the listed foreground colors
 
 .EXAMPLE
  Write-Log (Get-Volume | sort DriveLetter | Out-String).Trim() Cyan .\mylog.txt
  Sample output will look like (in Cyan, and will also be written to .\mylog.txt):
    DriveLetter FriendlyName FileSystemType DriveType HealthStatus OperationalStatus SizeRemaining Size
    ----------- ------------ -------------- --------- ------------ ----------------- ------------- ----
                Recovery NTFS Fixed Healthy OK 101.98 MB 450 MB
    C NTFS Fixed Healthy OK 7.23 GB 39.45 GB
    D Unknown CD-ROM Healthy Unknown 0 B 0 B
    E Data NTFS Fixed Healthy OK 26.13 GB 49.87 GB
 
 .LINK
  https://superwidgets.wordpress.com/2014/12/01/powershell-script-function-to-display-text-to-the-console-in-several-colors-and-save-it-to-log-with-timedate-stamp/
 
 .NOTES
  Function by Sam Boutros
  v1.0 - 6 August 2014
  v1.1 - 1 December 2014 - added multi-color display in the same line
  v1.2 - 8 August 2016 - updated date time stamp format, protect against bad LogFile name
  v1.3 - 22 September 2017 - Re-write: Error handling for no -String parameter, bad color(s), and bad -LogFile without errors
                                        Add Verbose messages
  v1.4 - 27 March 2020 - Update to skip writing to file if LogFile parameter is not provided
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [String[]]$String, 
        [Parameter(Mandatory=$false,Position=1)][String[]]$Color, 
        [Parameter(Mandatory=$false,Position=2)][String]$LogFile,
        [Parameter(Mandatory=$false,Position=3)][Switch]$NoNewLine
    )

    if ($String) {
        $ConsoleColor = @('Black','Blue','Cyan','DarkBlue','DarkCyan','DarkGray','DarkGreen','DarkMagenta',
                          'DarkRed','DarkYellow','Gray','Green','Magenta','Red','White','Yellow')
        $ColorList = $Color | foreach { if ($_ -in $ConsoleColor) { $_ } else { 'White' } }
        if (-not $ColorList) { $ColorList = 'Green' }

        if ($String.Count -gt 1) {
            $i=0
            foreach ($item in $String) { 
                if ($ColorList.Count -gt 1) {
                    if ($ColorList[$i]) { $col = $ColorList[$i] } else { $col = 'White' }
                } else {
                    if ($i -eq 0) { $col = $ColorList } else { $col = 'White' }
                }
                Write-Host "$item " -ForegroundColor $col -NoNewline
                $i++
            }
        } else { # 1 String
            if ($ColorList.Count -gt 1) { $col = $ColorList[0] } else { $col = $ColorList }
            Write-Host "$String " -ForegroundColor $col -NoNewline
        }

        if (-not $NoNewLine) { Write-Host ' ' }

        if ($LogFile) {
            try {
                "$(Get-Date -format 'dd MMMM yyyy hh:mm:ss tt'): $($String -join ' ')" | 
                    Out-File -Filepath $Logfile -Append -ErrorAction Stop
            } catch {
                Write-Verbose 'Write-Log: Bad LogFile name. Will not save input string(s) to log file..'
            }
        } else {
            Write-Verbose 'Write-Log: Missing -LogFile parameter. Will not save input string(s) to log file..'
        }
    } else {
        Write-Verbose 'Write-Log: Missing -String parameter - nothing to write or log..'
    }
}

function Get-SBCredential {
<#
 .SYNOPSIS
  Function to get a credential, save encrypted password to file for future automation
 
 .DESCRIPTION
  Function to get a credential, save encrypted password to file for future automation
  The function will use saved password if the password file exists
  The function will prompt for the password if the password file does not exist,
    or the -Refresh switch is used
  Note that the function does not validate whether the UserName exists in any directory,
  or that the password entered is valid. It merely creates a Credential object to be used
  securely for future automation, eleminating the need to type in the password every time
  the function is needed, or the need to type in password in clear text in scripts.
 
 .PARAMETER UserName
  This can be in the format 'myusername' or 'domain\username'
  If not provided, the function assumes username under which the function is executed
   
 .PARAMETER CredPath
  This is the folder where this function will save the pwd encrypted file.
  It defaults to $env:Temp folder, like C:\Users\myname\AppData\Local\Temp
 
 .PARAMETER Refresh
  This switch will force the function to prompt for the password and over-write the password file
 
 .OUTPUTS
  The function returns a PSCredential object that can be used with other cmdlets that use the -Credential parameter
 
 .EXAMPLE
  $MyCred = Get-SBCredential
 
 .EXAMPLE
  $Cred2 = Get-SBCredential -UserName 'sboutros' -Verbose -Refresh
 
 .EXAMPLE
  $Cred3 = 'domain2\ADSuperUser' | Get-SBCredential
  Disable-ADAccount -Identity 'Someone' -Server 'MyDomainController' -Credential $Cred3
  This example obtains and saves credential of 'domain2\ADSuperUser' in $Cred3 varialble
  Second line uses that credential to disable an AD account of 'Someone'
 
 .LINK
  https://superwidgets.wordpress.com/2016/08/05/powershell-script-to-provide-a-ps-credential-object-saving-password-securely/
 
 .NOTES
  Function by Sam Boutros
  5 August 2016 - v0.1
  1 April 2020 - v0.2 - Parameterized CredPath
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [String]$UserName = "$env:USERDOMAIN\$env:USERNAME", 
        [Parameter(Mandatory=$false,Position=1)][ValidateScript({Test-Path $_})][String]$CredPath = $env:TEMP,
        [Parameter(Mandatory=$false,Position=2)][Switch]$Refresh = $false 
    )

    Begin {
        $CredFile = "$CredPath\$($UserName.Replace('\','_').Replace('/','_')).txt"
        if ($Refresh) { Remove-Item -Path $CredFile -Force -Confirm:$false -ErrorAction SilentlyContinue } 
    }

    Process {
        
        if (-not (Test-Path -Path $CredFile)) {
            Read-Host "Enter the pwd for $UserName" -AsSecureString | ConvertFrom-SecureString | Out-File $CredFile 
        }   
        $Pwd = Get-Content $CredFile | ConvertTo-SecureString    
    }

    End {
        New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $Pwd 
    }
}

function ConvertTo-EnhancedHTML {
<#
.SYNOPSIS
Provides an enhanced version of the ConvertTo-HTML command that includes
inserting an embedded CSS style sheet, JQuery, and JQuery Data Tables for
interactivity. Intended to be used with HTML fragments that are produced
by ConvertTo-EnhancedHTMLFragment. This command does not accept pipeline
input.
 
.PARAMETER jQueryURI
A Uniform Resource Indicator (URI) pointing to the location of the
jQuery script file. You can download jQuery from www.jquery.com; you should
host the script file on a local intranet Web server and provide a URI
that starts with http:// or https://. Alternately, you can also provide
a file system path to the script file, although this may create security
issues for the Web browser in some configurations.
 
Tested with v1.8.2.
 
Defaults to http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.2.min.js, which
will pull the file from Microsoft's ASP.NET Content Delivery Network.
 
.PARAMETER jQueryDataTableURI
A Uniform Resource Indicator (URI) pointing to the location of the
jQuery Data Table script file. You can download this from www.datatables.net;
you should host the script file on a local intranet Web server and provide a URI
that starts with http:// or https://. Alternately, you can also provide
a file system path to the script file, although this may create security
issues for the Web browser in some configurations.
 
Tested with jQuery DataTable v1.9.4
 
Defaults to http://ajax.aspnetcdn.com/ajax/jquery.dataTables/1.9.3/jquery.dataTables.min.js,
which will pull the file from Microsoft's ASP.NET Content Delivery Network.
 
.PARAMETER CssStyleSheet
The CSS style sheet content - not a file name. If you have a CSS file,
you can load it into this parameter as follows:
 
    -CSSStyleSheet (Get-Content MyCSSFile.css)
 
Alternately, you may link to a Web server-hosted CSS file by using the
-CssUri parameter.
 
.PARAMETER CssUri
A Uniform Resource Indicator (URI) to a Web server-hosted CSS file.
Must start with either http:// or https://. If you omit this, you
can still provide an embedded style sheet, which makes the resulting
HTML page more standalone. To provide an embedded style sheet, use
the -CSSStyleSheet parameter.
 
.PARAMETER Title
A plain-text title that will be displayed in the Web browser's window
title bar. Note that not all browsers will display this.
 
.PARAMETER PreContent
Raw HTML to insert before all HTML fragments. Use this to specify a main
title for the report:
 
    -PreContent "<H1>My HTML Report</H1>"
 
.PARAMETER PostContent
Raw HTML to insert after all HTML fragments. Use this to specify a
report footer:
 
    -PostContent "Created on $(Get-Date)"
 
.PARAMETER HTMLFragments
One or more HTML fragments, as produced by ConvertTo-EnhancedHTMLFragment.
 
    -HTMLFragments $part1,$part2,$part3
.EXAMPLE
The following is a complete example script showing how to use
ConvertTo-EnhancedHTMLFragment and ConvertTo-EnhancedHTML. The
example queries 6 pieces of information from the local computer
and produces a report in C:\. This example uses most of the
avaiable options. It relies on Internet connectivity to retrieve
JavaScript from Microsoft's Content Delivery Network. This
example uses an embedded stylesheet, which is defined as a here-string
at the top of the script.
 
$computername = 'localhost'
$path = 'c:\'
$style = @"
<style>
body {
    color:#333333;
    font-family:Calibri,Tahoma;
    font-size: 10pt;
}
h1 {
    text-align:center;
}
h2 {
    border-top:1px solid #666666;
}
 
 
th {
    font-weight:bold;
    color:#eeeeee;
    background-color:#333333;
    cursor:pointer;
}
.odd { background-color:#ffffff; }
.even { background-color:#dddddd; }
.paginate_enabled_next, .paginate_enabled_previous {
    cursor:pointer;
    border:1px solid #222222;
    background-color:#dddddd;
    padding:2px;
    margin:4px;
    border-radius:2px;
}
.paginate_disabled_previous, .paginate_disabled_next {
    color:#666666;
    cursor:pointer;
    background-color:#dddddd;
    padding:2px;
    margin:4px;
    border-radius:2px;
}
.dataTables_info { margin-bottom:4px; }
.sectionheader { cursor:pointer; }
.sectionheader:hover { color:red; }
.grid { width:100% }
.red {
    color:red;
    font-weight:bold;
}
</style>
"@
 
function Get-InfoOS {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $os = Get-WmiObject -class Win32_OperatingSystem -ComputerName $ComputerName
    $props = @{'OSVersion'=$os.version;
               'SPVersion'=$os.servicepackmajorversion;
               'OSBuild'=$os.buildnumber}
    New-Object -TypeName PSObject -Property $props
}
 
function Get-InfoCompSystem {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $cs = Get-WmiObject -class Win32_ComputerSystem -ComputerName $ComputerName
    $props = @{'Model'=$cs.model;
               'Manufacturer'=$cs.manufacturer;
               'RAM (GB)'="{0:N2}" -f ($cs.totalphysicalmemory / 1GB);
               'Sockets'=$cs.numberofprocessors;
               'Cores'=$cs.numberoflogicalprocessors}
    New-Object -TypeName PSObject -Property $props
}
 
function Get-InfoBadService {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $svcs = Get-WmiObject -class Win32_Service -ComputerName $ComputerName `
           -Filter "StartMode='Auto' AND State<>'Running'"
    foreach ($svc in $svcs) {
        $props = @{'ServiceName'=$svc.name;
                   'LogonAccount'=$svc.startname;
                   'DisplayName'=$svc.displayname}
        New-Object -TypeName PSObject -Property $props
    }
}
 
function Get-InfoProc {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $procs = Get-WmiObject -class Win32_Process -ComputerName $ComputerName
    foreach ($proc in $procs) {
        $props = @{'ProcName'=$proc.name;
                   'Executable'=$proc.ExecutablePath}
        New-Object -TypeName PSObject -Property $props
    }
}
 
function Get-InfoNIC {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $nics = Get-WmiObject -class Win32_NetworkAdapter -ComputerName $ComputerName `
           -Filter "PhysicalAdapter=True"
    foreach ($nic in $nics) {
        $props = @{'NICName'=$nic.servicename;
                   'Speed'=$nic.speed / 1MB -as [int];
                   'Manufacturer'=$nic.manufacturer;
                   'MACAddress'=$nic.macaddress}
        New-Object -TypeName PSObject -Property $props
    }
}
 
function Get-InfoDisk {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True)][string]$ComputerName
    )
    $drives = Get-WmiObject -class Win32_LogicalDisk -ComputerName $ComputerName `
           -Filter "DriveType=3"
    foreach ($drive in $drives) {
        $props = @{'Drive'=$drive.DeviceID;
                   'Size'=$drive.size / 1GB -as [int];
                   'Free'="{0:N2}" -f ($drive.freespace / 1GB);
                   'FreePct'=$drive.freespace / $drive.size * 100 -as [int]}
        New-Object -TypeName PSObject -Property $props
    }
}
 
foreach ($computer in $computername) {
    try {
        $everything_ok = $true
        Write-Verbose "Checking connectivity to $computer"
        Get-WmiObject -class Win32_BIOS -ComputerName $Computer -EA Stop | Out-Null
    } catch {
        Write-Warning "$computer failed"
        $everything_ok = $false
    }
 
    if ($everything_ok) {
        $filepath = Join-Path -Path $Path -ChildPath "$computer.html"
 
        $params = @{'As'='List';
                    'PreContent'='<h2>OS</h2>'}
        $html_os = Get-InfoOS -ComputerName $computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'As'='List';
                    'PreContent'='<h2>Computer System</h2>'}
        $html_cs = Get-InfoCompSystem -ComputerName $computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'As'='Table';
                    'PreContent'='<h2>&diams; Local Disks</h2>';
                    'EvenRowCssClass'='even';
                    'OddRowCssClass'='odd';
                    'MakeTableDynamic'=$true;
                    'TableCssClass'='grid';
                    'Properties'='Drive',
                                 @{n='Size(GB)';e={$_.Size}},
                                 @{n='Free(GB)';e={$_.Free};css={if ($_.FreePct -lt 80) { 'red' }}},
                                 @{n='Free(%)';e={$_.FreePct};css={if ($_.FreeePct -lt 80) { 'red' }}}}
        $html_dr = Get-InfoDisk -ComputerName $computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'As'='Table';
                    'PreContent'='<h2>&diams; Processes</h2>';
                    'MakeTableDynamic'=$true;
                    'TableCssClass'='grid'}
        $html_pr = Get-InfoProc -ComputerName $computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'As'='Table';
                    'PreContent'='<h2>&diams; Services to Check</h2>';
                    'EvenRowCssClass'='even';
                    'OddRowCssClass'='odd';
                    'MakeHiddenSection'=$true;
                    'TableCssClass'='grid'}
        $html_sv = Get-InfoBadService -ComputerName $computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'As'='Table';
                    'PreContent'='<h2>&diams; NICs</h2>';
                    'EvenRowCssClass'='even';
                    'OddRowCssClass'='odd';
                    'MakeHiddenSection'=$true;
                    'TableCssClass'='grid'}
        $html_na = Get-InfoNIC -ComputerName $Computer |
                   ConvertTo-EnhancedHTMLFragment @params
 
        $params = @{'CssStyleSheet'=$style;
                    'Title'="System Report for $computer";
                    'PreContent'="<h1>System Report for $computer</h1>";
                    'HTMLFragments'=@($html_os,$html_cs,$html_dr,$html_pr,$html_sv,$html_na)}
        ConvertTo-EnhancedHTML @params |
        Out-File -FilePath $filepath
    }
}
 
 .Notes
  Function by Don Jones
  Generated on: 9/10/2013
  For more information see Powershell.org
  included in AZSBTools module with permission by Don Jones
   
#>

    [CmdletBinding()]
    param(
        [string]$jQueryURI = 'http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.8.2.min.js',
        [string]$jQueryDataTableURI = 'http://ajax.aspnetcdn.com/ajax/jquery.dataTables/1.9.3/jquery.dataTables.min.js',
        [Parameter(ParameterSetName='CSSContent')][string[]]$CssStyleSheet,
        [Parameter(ParameterSetName='CSSURI')][string[]]$CssUri,
        [string]$Title = 'Report',
        [string]$PreContent,
        [string]$PostContent,
        [Parameter(Mandatory=$True)][string[]]$HTMLFragments
    )


    <#
        Add CSS style sheet. If provided in -CssUri, add a <link> element.
        If provided in -CssStyleSheet, embed in the <head> section.
        Note that BOTH may be supplied - this is legitimate in HTML.
    #>

    Write-Verbose "Making CSS style sheet"
    $stylesheet = ""
    if ($PSBoundParameters.ContainsKey('CssUri')) {
        $stylesheet = "<link rel=`"stylesheet`" href=`"$CssUri`" type=`"text/css`" />"
    }
    if ($PSBoundParameters.ContainsKey('CssStyleSheet')) {
        $stylesheet = "<style>$CssStyleSheet</style>" | Out-String
    }


    <#
        Create the HTML tags for the page title, and for
        our main javascripts.
    #>

    Write-Verbose "Creating <TITLE> and <SCRIPT> tags"
    $titletag = ""
    if ($PSBoundParameters.ContainsKey('title')) {
        $titletag = "<title>$title</title>"
    }
    $script += "<script type=`"text/javascript`" src=`"$jQueryURI`"></script>`n<script type=`"text/javascript`" src=`"$jQueryDataTableURI`"></script>"


    <#
        Render supplied HTML fragments as one giant string
    #>

    Write-Verbose "Combining HTML fragments"
    $body = $HTMLFragments | Out-String


    <#
        If supplied, add pre- and post-content strings
    #>

    Write-Verbose "Adding Pre and Post content"
    if ($PSBoundParameters.ContainsKey('precontent')) {
        $body = "$PreContent`n$body"
    }
    if ($PSBoundParameters.ContainsKey('postcontent')) {
        $body = "$body`n$PostContent"
    }


    <#
        Add a final script that calls the datatable code
        We dynamic-ize all tables with the .enhancedhtml-dynamic-table
        class, which is added by ConvertTo-EnhancedHTMLFragment.
    #>

    Write-Verbose "Adding interactivity calls"
    $datatable = ""
    $datatable = "<script type=`"text/javascript`">"
    $datatable += '$(document).ready(function () {'
    $datatable += "`$('.enhancedhtml-dynamic-table').dataTable();"
    $datatable += '} );'
    $datatable += "</script>"


    <#
        Datatables expect a <thead> section containing the
        table header row; ConvertTo-HTML doesn't produce that
        so we have to fix it.
    #>

    Write-Verbose "Fixing table HTML"
    $body = $body -replace '<tr><th>','<thead><tr><th>'
    $body = $body -replace '</th></tr>','</th></tr></thead>'


    <#
        Produce the final HTML. We've more or less hand-made
        the <head> amd <body> sections, but we let ConvertTo-HTML
        produce the other bits of the page.
    #>

    Write-Verbose "Producing final HTML"
    ConvertTo-HTML -Head "$stylesheet`n$titletag`n$script`n$datatable" -Body $body  
    Write-Debug "Finished producing final HTML"


}

function ConvertTo-EnhancedHTMLFragment {
<#
.SYNOPSIS
Creates an HTML fragment (much like ConvertTo-HTML with the -Fragment switch
that includes CSS class names for table rows, CSS class and ID names for the
table, and wraps the table in a <DIV> tag that has a CSS class and ID name.
 
.PARAMETER InputObject
The object to be converted to HTML. You cannot select properties using this
command; precede this command with Select-Object if you need a subset of
the objects' properties.
 
.PARAMETER EvenRowCssClass
The CSS class name applied to even-numbered <TR> tags. Optional, but if you
use it you must also include -OddRowCssClass.
 
.PARAMETER OddRowCssClass
The CSS class name applied to odd-numbered <TR> tags. Optional, but if you
use it you must also include -EvenRowCssClass.
 
.PARAMETER TableCssID
Optional. The CSS ID name applied to the <TABLE> tag.
 
.PARAMETER DivCssID
Optional. The CSS ID name applied to the <DIV> tag which is wrapped around the table.
 
.PARAMETER TableCssClass
Optional. The CSS class name to apply to the <TABLE> tag.
 
.PARAMETER DivCssClass
Optional. The CSS class name to apply to the wrapping <DIV> tag.
 
.PARAMETER As
Must be 'List' or 'Table.' Defaults to Table. Actually produces an HTML
table either way; with Table the output is a grid-like display. With
List the output is a two-column table with properties in the left column
and values in the right column.
 
.PARAMETER Properties
A comma-separated list of properties to include in the HTML fragment.
This can be * (which is the default) to include all properties of the
piped-in object(s). In addition to property names, you can also use a
hashtable similar to that used with Select-Object. For example:
 
 Get-Process | ConvertTo-EnhancedHTMLFragment -As Table `
               -Properties Name,ID,@{n='VM';
                                     e={$_.VM};
                                     css={if ($_.VM -gt 100) { 'red' }
                                          else { 'green' }}}
 
This will create table cell rows with the calculated CSS class names.
E.g., for a process with a VM greater than 100, you'd get:
 
  <TD class="red">475858</TD>
   
You can use this feature to specify a CSS class for each table cell
based upon the contents of that cell. Valid keys in the hashtable are:
 
  n, name, l, or label: The table column header
  e or expression: The table cell contents
  css or csslcass: The CSS class name to apply to the <TD> tag
   
Another example:
 
  @{n='Free(MB)';
    e={$_.FreeSpace / 1MB -as [int]};
    css={ if ($_.FreeSpace -lt 100) { 'red' } else { 'blue' }}
     
This example creates a column titled "Free(MB)". It will contain
the input object's FreeSpace property, divided by 1MB and cast
as a whole number (integer). If the value is less than 100, the
table cell will be given the CSS class "red." If not, the table
cell will be given the CSS class "blue." The supplied cascading
style sheet must define ".red" and ".blue" for those to have any
effect.
 
.PARAMETER PreContent
Raw HTML content to be placed before the wrapping <DIV> tag.
For example:
 
    -PreContent "<h2>Section A</h2>"
 
.PARAMETER PostContent
Raw HTML content to be placed after the wrapping <DIV> tag.
For example:
 
    -PostContent "<hr />"
 
.PARAMETER MakeHiddenSection
Used in conjunction with -PreContent. Adding this switch, which
needs no value, turns your -PreContent into clickable report
section header. The section will be hidden by default, and clicking
the header will toggle its visibility.
 
When using this parameter, consider adding a symbol to your -PreContent
that helps indicate this is an expandable section. For example:
 
    -PreContent '<h2>&diams; My Section</h2>'
 
If you use -MakeHiddenSection, you MUST provide -PreContent also, or
the hidden section will not have a section header and will not be
visible.
 
.PARAMETER MakeTableDynamic
When using "-As Table", makes the table dynamic. Will be ignored
if you use "-As List". Dynamic tables are sortable, searchable, and
are paginated.
 
You should not use even/odd styling with tables that are made
dynamic. Dynamic tables automatically have their own even/odd
styling. You can apply CSS classes named ".odd" and ".even" in
your CSS to style the even/odd in a dynamic table.
 
.EXAMPLE
 $fragment = Get-WmiObject -Class Win32_LogicalDisk |
             Select-Object -Property PSComputerName,DeviceID,FreeSpace,Size |
             ConvertTo-HTMLFragment -EvenRowClass 'even' `
                                    -OddRowClass 'odd' `
                                    -PreContent '<h2>Disk Report</h2>' `
                                    -MakeHiddenSection `
                                    -MakeTableDynamic
 
 You will usually save fragments to a variable, so that multiple fragments
 (each in its own variable) can be passed to ConvertTo-EnhancedHTML.
.NOTES
Consider adding the following to your CSS when using dynamic tables:
 
    .paginate_enabled_next, .paginate_enabled_previous {
        cursor:pointer;
        border:1px solid #222222;
        background-color:#dddddd;
        padding:2px;
        margin:4px;
        border-radius:2px;
    }
    .paginate_disabled_previous, .paginate_disabled_next {
        color:#666666;
        cursor:pointer;
        background-color:#dddddd;
        padding:2px;
        margin:4px;
        border-radius:2px;
    }
    .dataTables_info { margin-bottom:4px; }
 
This applies appropriate coloring to the next/previous buttons,
and applies a small amount of space after the dynamic table.
 
If you choose to make sections hidden (meaning they can be shown
and hidden by clicking on the section header), consider adding
the following to your CSS:
 
    .sectionheader { cursor:pointer; }
    .sectionheader:hover { color:red; }
 
This will apply a hover-over color, and change the cursor icon,
to help visually indicate that the section can be toggled.
 
 .Notes
  Function by Don Jones
  Generated on: 9/10/2013
  For more information see Powershell.org
  included in AZSBTools module with permission by Don Jones
 
#>

    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$True,ValueFromPipeline=$True)]
        [object[]]$InputObject,
        [string]$EvenRowCssClass,
        [string]$OddRowCssClass,
        [string]$TableCssID,
        [string]$DivCssID,
        [string]$DivCssClass,
        [string]$TableCssClass,
        [ValidateSet('List','Table')]
        [string]$As = 'Table',
        [object[]]$Properties = '*',
        [string]$PreContent,
        [switch]$MakeHiddenSection,
        [switch]$MakeTableDynamic,
        [string]$PostContent
    )
    BEGIN {
        <#
            Accumulate output in a variable so that we don't
            produce an array of strings to the pipeline, but
            instead produce a single string.
        #>

        $out = ''
        <#
            Add the section header (pre-content). If asked to
            make this section of the report hidden, set the
            appropriate code on the section header to toggle
            the underlying table. Note that we generate a GUID
            to use as an additional ID on the <div>, so that
            we can uniquely refer to it without relying on the
            user supplying us with a unique ID.
        #>

        Write-Verbose "Precontent"
        if ($PSBoundParameters.ContainsKey('PreContent')) {
            if ($PSBoundParameters.ContainsKey('MakeHiddenSection')) {
               [string]$tempid = [System.Guid]::NewGuid()
               $out += "<span class=`"sectionheader`" onclick=`"`$('#$tempid').toggle(500);`">$PreContent</span>`n"
            } else {
                $out += $PreContent
                $tempid = ''
            }
        }
        <#
            The table will be wrapped in a <div> tag for styling
            purposes. Note that THIS, not the table per se, is what
            we hide for -MakeHiddenSection. So we will hide the section
            if asked to do so.
        #>

        Write-Verbose "DIV"
        if ($PSBoundParameters.ContainsKey('DivCSSClass')) {
            $temp = " class=`"$DivCSSClass`""
        } else {
            $temp = ""
        }
        if ($PSBoundParameters.ContainsKey('MakeHiddenSection')) {
            $temp += " id=`"$tempid`" style=`"display:none;`""
        } else {
            $tempid = ''
        }
        if ($PSBoundParameters.ContainsKey('DivCSSID')) {
            $temp += " id=`"$DivCSSID`""
        }
        $out += "<div $temp>"
        <#
            Create the table header. If asked to make the table dynamic,
            we add the CSS style that ConvertTo-EnhancedHTML will look for
            to dynamic-ize tables.
        #>

        Write-Verbose "TABLE"
        $_TableCssClass = ''
        if ($PSBoundParameters.ContainsKey('MakeTableDynamic') -and $As -eq 'Table') {
            $_TableCssClass += 'enhancedhtml-dynamic-table '
        }
        if ($PSBoundParameters.ContainsKey('TableCssClass')) {
            $_TableCssClass += $TableCssClass
        }
        if ($_TableCssClass -ne '') {
            $css = "class=`"$_TableCSSClass`""
        } else {
            $css = ""
        }
        if ($PSBoundParameters.ContainsKey('TableCSSID')) {
            $css += "id=`"$TableCSSID`""
        } else {
            if ($tempid -ne '') {
                $css += "id=`"$tempid`""
            }
        }
        $out += "<table $css>"
        <#
            We're now setting up to run through our input objects
            and create the table rows
        #>

        $fragment = ''
        $wrote_first_line = $false
        $even_row = $false

        if ($properties -eq '*') {
            $all_properties = $true
        } else {
            $all_properties = $false
        }

    }
    PROCESS {

        foreach ($object in $inputobject) {
            Write-Verbose "Processing object"
            $datarow = ''
            $headerrow = ''

            <#
                Apply even/odd row class. Note that this will mess up the output
                if the table is made dynamic. That's noted in the help.
            #>

            if ($PSBoundParameters.ContainsKey('EvenRowCSSClass') -and $PSBoundParameters.ContainsKey('OddRowCssClass')) {
                if ($even_row) {
                    $row_css = $OddRowCSSClass
                    $even_row = $false
                    Write-Verbose "Even row"
                } else {
                    $row_css = $EvenRowCSSClass
                    $even_row = $true
                    Write-Verbose "Odd row"
                }
            } else {
                $row_css = ''
                Write-Verbose "No row CSS class"
            }


            <#
                If asked to include all object properties, get them.
            #>

            if ($all_properties) {
                $properties = $object | Get-Member -MemberType Properties | Select -ExpandProperty Name
            }


            <#
                We either have a list of all properties, or a hashtable of
                properties to play with. Process the list.
            #>

            foreach ($prop in $properties) {
                Write-Verbose "Processing property"
                $name = $null
                $value = $null
                $cell_css = ''


                <#
                    $prop is a simple string if we are doing "all properties,"
                    otherwise it is a hashtable. If it's a string, then we
                    can easily get the name (it's the string) and the value.
                #>

                if ($prop -is [string]) {
                    Write-Verbose "Property $prop"
                    $name = $Prop
                    $value = $object.($prop)
                } elseif ($prop -is [hashtable]) {
                    Write-Verbose "Property hashtable"
                    <#
                        For key "css" or "cssclass," execute the supplied script block.
                        It's expected to output a class name; we embed that in the "class"
                        attribute later.
                    #>

                    if ($prop.ContainsKey('cssclass')) { $cell_css = $Object | ForEach $prop['cssclass'] }
                    if ($prop.ContainsKey('css')) { $cell_css = $Object | ForEach $prop['css'] }


                    <#
                        Get the current property name.
                    #>

                    if ($prop.ContainsKey('n')) { $name = $prop['n'] }
                    if ($prop.ContainsKey('name')) { $name = $prop['name'] }
                    if ($prop.ContainsKey('label')) { $name = $prop['label'] }
                    if ($prop.ContainsKey('l')) { $name = $prop['l'] }


                    <#
                        Execute the "expression" or "e" key to get the value of the property.
                    #>

                    if ($prop.ContainsKey('e')) { $value = $Object | ForEach $prop['e'] }
                    if ($prop.ContainsKey('expression')) { $value = $tObject | ForEach $prop['expression'] }


                    <#
                        Make sure we have a name and a value at this point.
                    #>

                    if ($name -eq $null -or $value -eq $null) {
                        Write-Error "Hashtable missing Name and/or Expression key"
                    }
                } else {
                    <#
                        We got a property list that wasn't strings and
                        wasn't hashtables. Bad input.
                    #>

                    Write-Warning "Unhandled property $prop"
                }


                <#
                    When constructing a table, we have to remember the
                    property names so that we can build the table header.
                    In a list, it's easier - we output the property name
                    and the value at the same time, since they both live
                    on the same row of the output.
                #>

                if ($As -eq 'table') {
                    Write-Verbose "Adding $name to header and $value to row"
                    $headerrow += "<th>$name</th>"
                    $datarow += "<td$(if ($cell_css -ne '') { ' class="'+$cell_css+'"' })>$value</td>"
                } else {
                    $wrote_first_line = $true
                    $headerrow = ""
                    $datarow = "<td$(if ($cell_css -ne '') { ' class="'+$cell_css+'"' })>$name :</td><td$(if ($cell_css -ne '') { ' class="'+$cell_css+'"' })>$value</td>"
                    $out += "<tr$(if ($row_css -ne '') { ' class="'+$row_css+'"' })>$datarow</tr>"
                }
            }


            <#
                Write the table header, if we're doing a table.
            #>

            if (-not $wrote_first_line -and $as -eq 'Table') {
                Write-Verbose "Writing header row"
                $out += "<tr>$headerrow</tr><tbody>"
                $wrote_first_line = $true
            }


            <#
                In table mode, write the data row.
            #>

            if ($as -eq 'table') {
                Write-Verbose "Writing data row"
                $out += "<tr$(if ($row_css -ne '') { ' class="'+$row_css+'"' })>$datarow</tr>"
            }
        }
    }
    END {
        <#
            Finally, post-content code, the end of the table,
            the end of the <div>, and write the final string.
        #>

        Write-Verbose "PostContent"
        if ($PSBoundParameters.ContainsKey('PostContent')) {
            $out += "`n$PostContent"
        }
        Write-Verbose "Done"
        $out += "</tbody></table></div>"
        Write-Output $out
    }
}

Function Get-SBWMI {
<#
 .SYNOPSIS
  Function query WMI with Timeout
 
 .DESCRIPTION
  Function query WMI with Timeout
 
 .PARAMETER Class
  Class name such as 'Win32_computerSystem'
 
 .PARAMETER Property
  Property name such as 'NumberofLogicalProcessors'
 
 .PARAMETER Filter
  In the format Property=Value such as DriveLetter=G:
 
 .PARAMETER ComputerName
  Computer name
 
 .PARAMETER NameSpace
  Default is 'root\cimv2'
  To see name spaces type:
    (Get-WmiObject -Namespace 'root' -Class '__Namespace').Name
 
 .PARAMETER Cred
  PS Credential object
 
 .PARAMETER TimeOut
  In seconds
 
 .EXAMPLE
  Get-SBWMI -Class Win32_computerSystem -Property NumberofLogicalProcessors
 
 .EXAMPLE
  Get-SBWMI -Class Win32_Volume -Filter 'DriveType=3'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 September 2017
  v0.2 - 29 September 2017 - Added parameter to use a different credential other than the one running the script
                             Added error checking for failure to WMI connect
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)][string]$Class,
        [Parameter(Mandatory=$false)][String[]]$Property = '*',
        [Parameter(Mandatory=$false)][String]$Filter,
        [Parameter(Mandatory=$false)][String]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory=$false)][String]$NameSpace = 'root\cimv2',
        [Parameter(Mandatory=$false)][PSCredential]$Cred,
        [Parameter(Mandatory=$false)][int]$TimeOut=20
    )

    Begin {
        if ($Filter) {
            if ($Filter -match '=') {
                $FilterProperty = $Filter.Split('=')[0].Trim()
                $FilterValue    = $Filter.Split('=')[1].Trim()
            } else {
                Write-Log 'Get-SBWMI Input Error:','Filter',', supported syntax is','Property=Value','such as','DriveLetter=G' Magenta,Yellow,Magenta,Yellow,Magenta,Yellow
                Write-Log ' ignoring filter',$Filter Magenta,Yellow 
            }
        }
    }

    Process{
        $ConnOpt = New-Object System.Management.ConnectionOptions 
        if ($ComputerName -ne $env:COMPUTERNAME -and $Cred) { # User credentials cannot be used for local connections
            $ConnOpt.EnablePrivileges = $true
            $ConnOpt.Username = $Cred.UserName
            $ConnOpt.SecurePassword = $Cred.Password
        }
        $Scope = New-Object System.Management.ManagementScope “\\$ComputerName\$NameSpace", $ConnOpt
        try { 
            $Scope.Connect()
        } catch {
            $Message = $_.Exception.InnerException
        }
        if ($Scope.IsConnected) {
            $EnumOptions = New-Object System.Management.EnumerationOptions
            $EnumOptions.set_timeout((New-TimeSpan -seconds $TimeOut))
            $Search = New-Object System.Management.ManagementObjectSearcher 
            $Search.set_options($EnumOptions) 
            $Search.Query = “SELECT $Property FROM $Class” 
            $Search.Scope = $Scope
            $Result = $Search.get()
        } else {
            Write-Warning "Get-SBWMI: Error: $(($Message|Out-String).Trim())"
        }
    } 

    End {
        if ($Result){
            if ($Filter) {
                if ($FilterProperty -in ($Result | Get-Member -MemberType Property).Name) {
                    $Result | where { $_.$FilterProperty -eq $FilterValue }
                } else {
                    Write-Log 'Class',$Class,'doesn''t contain filter property',$FilterProperty Magenta,Yellow,Magenta,Yellow
                    Write-Log 'Class',$Class,'has the following properties:' Cyan,Yellow,Cyan
                    Write-Log (($Result | Get-Member -MemberType Property).Name | ? { $_ -notmatch '__' } | Out-String).Trim() Cyan
                }
            } else {
                $Result
            }
        }
    }
}

function Get-SBDisk {
<#
 .SYNOPSIS
  Function to get disk information including block (allocation unit) size
 
 .DESCRIPTION
  Function to get disk information including block (allocation unit) size
  Function returns information on all fixed disks (Type 3)
  Function will fail to return computer disk information if:
    - Target computer is offline or name is misspelled
    - Function/script is run under an account with no read permission on the target computer
    - WMI services not running on the target computer
    - Target computer firewall or AntiVirus blocks WMI or RPC calls
 
 .PARAMETER ComputerName
  The name or IP address of computer(s) to collect disk information on
  Default value is local computer name
 
 .PARAMETER WMITimeOut
  Timeout in seconds. The default value is 20
 
 .PARAMETER Cred
  PS Credential object
 
 .PARAMETER IncludeRecoveryVolume
  This parameter takes a $true or $false value, and is set to $false by default
  When set to $true the script will return information on Recovery Volume
 
 .EXAMPLE
  Get-SBDisk
  Returns fixed disk information of local computer
 
 .EXAMPLE
  Get-SBDisk computer1, 192.168.19.26, computer3 -Verbose
  Returns fixed disk information of the 3 listed computers
  The 'verbose' parameter will display a message if the target computer cannot be reached
 
 .OUTPUTS
  The script returns a PS Object with the following properties:
    ComputerName
    VolumeName
    DriveLetterOrMountPoint
    BlockSizeKB
    SizeGB
    FreeGB
    'Free%'
    FileSystem
    Compressed
 
 .LINK
  https://superwidgets.wordpress.com/2017/01/09/powershell-script-to-get-disk-information-including-block-size/
 
 .NOTES
  Function by Sam Boutros - v1.0 - 9 January 2017
    v2.0 - 24 January 2017
        Used WMI object Win32_Volume instead of Win32_LogicalDisk to capture mount points as well
        Added parameter to skip Recovery Volume
        Updated output object properties
    v3.0 - 12 July 2017
        Updated output object to change data types to Int32 instead of the default String for BlockSizeKB,SizeGB,FreeGB,'Free%'
    v4.0 - 20 September 2017 - Used Get-SBWMI instead to take advanrage of the default 20 sec Timeout
    v4.1 - 22 September 2017 - Added WMITimeout parameter,
        removed -Filter parameter from Get-SBWMI call and filtered via updated if statement to speed processing by 200%
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [String[]]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory=$false)][Int32]$WMITimeOut = 20,
        [Parameter(Mandatory=$false)][System.Management.Automation.PSCredential]$Cred = (Get-SBCredential -UserName "$env:USERDOMAIN\$env:USERNAME"),
        [Parameter(Mandatory=$false)][Switch]$IncludeRecoveryVolume
    )

    foreach ($Computer in $ComputerName) {
        try {
            Get-SBWMI -ComputerName $Computer -Class Win32_Volume -TimeOut $WMITimeOut -Cred $Cred -ErrorAction Stop | % {
                if ($_.DriveType -eq 3 -and ($_.Label-notlike'Recovery' -or $IncludeRecoveryVolume)) {
                    [PSCustomObject][Ordered]@{
                        ComputerName    = $Computer
                        VolumeName      = $_.Label
                        DriveLetterOrMountPoint = $(if ($_.Name.Contains(':')) {$_.Name} else {'<Not mounted>'})
                        BlockSizeKB     = [Int32]($_.Blocksize/1KB)
                        SizeGB          = [Math]::Round($_.Capacity/1GB,1)
                        FreeGB          = [Math]::Round($_.FreeSpace/1GB,1)
                        'Free%'         = [Math]::Round($_.FreeSpace/$_.Capacity*100,1)
                        FileSystem      = $_.FileSystem
                        Compressed      = $_.Compressed
                        Indexed         = $_.IndexingEnabled
                        Automount       = $_.Automount
                        QuotasEnabled   = $_.QuotasEnabled
                        PageFilePresent = $_.PageFilePresent
                        BootVolume      = $_.BootVolume
                        SystemVolume    = $_.SystemVolume
                    } # PSCustomObject
                } # if
            } # Get-SBWMI
        } catch {
            Write-Verbose "Unable to read disk information from computer $Computer"
        }
    }
}

function Format-SBCounter {
<#
 .SYNOPSIS
  Function to format the output of Get-Counter cmdlet
 
 .DESCRIPTION
  Function to format the output of Get-Counter cmdlet of the Microsoft.PowerShell.Diagnostics PS module
 
 .PARAMETER CounterSample
  This is of type Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet
  which can be obtained from the output of the Get-Counter cmdlet
 
 .EXAMPLE
  Get-Counter | Format-SBCounter
 
 .OUTPUTS
  The script returns a PS Object with the following properties/example:
    DateTime : 3/1/2019 12:43:57 PM
    ComputerName : mycomputernamehere
    CounterSet : physicaldisk(_total)
    Counter : current disk queue length
    Value : 0
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros - v0.1 - 1 March 2019
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    param (
        [Parameter(Mandatory,ValueFromPipeline)]
        [Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet]$CounterSample
    )

    Begin {}

    Process {
        foreach ($Counter in $CounterSample.CounterSamples){
            $Temp = $Counter.Path.Split('\')
            [PSCustomObject][Ordered]@{
                DateTime     = $Counter.Timestamp
                ComputerName = $Temp[2]
                CounterSet   = $Temp[3]
                Counter      = $Temp[4]
                Value        = $Counter.CookedValue
            } 
        }
    }
     
    End {} 
}

function Validate-WindowsCredential {
<#
 .SYNOPSIS
  Function to validate whether a provided Credential is correct on a provided target Windows Computer
 
 .DESCRIPTION
  Function to validate whether a provided Credential is correct on a provided target Windows Computer
 
 .PARAMETER Credential
  PSCredential object. This can be obtained from the Get-Credential cmdlet of the Microsoft.PowerShell.Security,
  or the Get-SBCredential function of the SB-Tools PS module
 
 .PARAMETER Session
  PSSession object. This can be obtained via the New-PSSession cmdlet of the Microsoft.PowerShell.Core
 
 .OUTPUTS
  The script outputs a TRUE/FALSE result if the provided PSSession is valid and opened.
 
 .EXAMPLE
  $Session = New-PSSession -ComputerName test-vm0116.test.domain.com -Credential (Get-SBCredential 'test\superuser')
  Validate-WindowsCredential -Credential (Get-SBCredential '.\administrator') -Session $Session
  A 'TRUE' result indicates that the local administrator account of the test-vm0116.test.domain.com is valid (name and password)
  A 'FALSE' result indicates failure to authenticate. This can be due to bad username or password, or locked or disabled account..
 
 .EXAMPLE
  $Session = New-PSSession -ComputerName test-vm0116.test.domain.com -Credential (Get-SBCredential 'test\superuser')
  Validate-WindowsCredential -Credential (Get-SBCredential 'test\OtherUser') -Session $Session
  A 'TRUE' result indicates that the test\OtherUser account on the test-vm0116.test.domain.com is valid (name and password)
 
 .LINK
  https://superwidgets.wordpress.com/2017/11/28/validate-windowscredential-and-validate-linuxcredential-powershell-functions/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 November 2017
  v0.2 - 17 May 2019 - Added feature to work against local computer making $Session an optional parameter
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][System.Management.Automation.PSCredential]$Credential,
        [Parameter(Mandatory=$false)][System.Management.Automation.Runspaces.PSSession]$Session
    )

    Begin { }

    Process{
        if ($Session) {
            if ($Session.State -eq 'Opened') {
                Invoke-Command -Session $Session -ScriptBlock {
                    $Credential = $Using:Credential
                    Add-Type -AssemblyName System.DirectoryServices.AccountManagement
                    $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
                    $DS.ValidateCredentials($Credential.UserName.Split('\')[1], $Credential.GetNetworkCredential().Password)      
                } 
            } else { 
                Write-Log 'Validate-WindowsCredential: Error: Session provided is not ''opened'':' Magenta
                Write-Log ($Session|FT -a|Out-String).Trim() Yellow      
            }
        } else {
            Add-Type -AssemblyName System.DirectoryServices.AccountManagement
            $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
            $DS.ValidateCredentials($Credential.UserName.Split('\')[1], $Credential.GetNetworkCredential().Password)  
        }
    } 

    End { }
}

function Validate-LinuxCredential {
<#
 .SYNOPSIS
  Function to validate whether a provided Credential is correct on a provided target Linux Computer
 
 .DESCRIPTION
  Function to validate whether a provided Credential is correct on a provided target Linux Computer
 
 .PARAMETER Credential
  PSCredential object. This can be obtained from the Get-Credential cmdlet of the Microsoft.PowerShell.Security,
  or the Get-SBCredential function of the SB-Tools PS module
 
 .PARAMETER Session
  SSH.SshSession object. This can be obtained via the New-SSHSession cmdlet of the POSH-SSH PS module
 
 .OUTPUTS
  The script outputs a TRUE/FALSE result if the provided SSHSession is valid and Connected.
 
 .EXAMPLE
  $Session = New-SSHSession -ComputerName test-vm0112.test.domain.com -Credential (Get-SBCredential 'opsuser') -AcceptKey
  Validate-LinuxCredential -Credential (Get-SBCredential 'root') -Session $Session
  A 'TRUE' result indicates that the local administrator account of the test-vm0116.test.domain.com is valid (name and password)
  A 'FALSE' result indicates failure to authenticate. This can be due to bad username or password, or locked or disabled account..
 
 .LINK
  https://superwidgets.wordpress.com/2017/11/28/validate-windowscredential-and-validate-linuxcredential-powershell-functions/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 November 2017
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][System.Management.Automation.PSCredential]$Credential,
        [Parameter(Mandatory=$true)][SSH.SshSession]$Session
    )

    Begin { }

    Process{
        if ($Session.Connected) {
            [String]$ConnectedUserName = (Invoke-SSHCommand -SessionId $Session.SessionId -Command 'whoami').Output 
            $ConnectedCred = Get-SBCredential $ConnectedUserName
            $myCommand = "echo '$($ConnectedCred.GetNetworkCredential().Password)' | sudo -S cat /etc/shadow | grep $($Credential.UserName)"
            $Result = Invoke-SSHCommand -SessionId $Session.SessionId -Command $myCommand
            if ($Result.ExitStatus) {
                Write-Log 'Validate-LinuxCredential: Error:' Magenta $LogFile
                if ($Result.Output) { Write-Log ($Result.Output | Out-String).Trim() Yellow }
            } else {
                if ($Hash = $Result.Output) { 
                    Write-Log 'Obtained user',$Credential.UserName,'hash',$Hash Green,Cyan,Green,Cyan
                    $Salt = $Hash.Split('$')[2]
                    $myCommand = "echo '$($Credential.GetNetworkCredential().Password)' | openssl passwd -1 -salt $Salt"
                    $Result = Invoke-SSHCommand -SessionId $Session.SessionId -Command $myCommand
                    if ($Result.ExitStatus) {
                        Write-Log 'Validate-LinuxCredential: Error:' Magenta $LogFile
                        if ($Result.Output) { Write-Log ($Result.Output | Out-String).Trim() Yellow }
                    } else {
                        $Hash.Split('$')[3].Split(':')[0] -eq $Result.Output.Split('$')[3]
                    }
                }
            }             
        } else { 
            Write-Log 'Validate-LinuxCredential: Error: Session provided is not ''Connected'':' Magenta
            Write-Log ($Session|FT -a|Out-String).Trim() Yellow      
        }
    } 

    End { }
}

function Flatten-XML {

<#
 .SYNOPSIS
  Function to flatten the heirachical structure of an XML input
 
 .DESCRIPTION
  Function to flatten the heirachical structure of an XML input
  This produces a collection of PS Custom Objects that can be combined
  into a single PS Custom Object using the Combine-Objects function of
  this PS module
 
 .PARAMETER XML
  This is the required XML input.
  For example this can be obtained via
    [XML]$XML = SCHTASKS /Query /XML /TN '\Microsoft\Windows\Time Synchronization\SynchronizeTime'
 
 .PARAMETER SkipElement
  Optional one or more elements to be ignored.
  This defaults to 'version','xmlns', and 'xml'
 
 .EXAMPLE
    [XML]$XML = SCHTASKS /Query /XML /TN '\Microsoft\Windows\Time Synchronization\SynchronizeTime'
    Flatten-XML -XML $XML | Combine-Objects
  This example prvides the details of a given scheduled task as an easy to use PS object such as:
    StopIfGoingOnBatteries : true
    Period : P1D
    Deadline : P2D
    Description : $(@%systemroot%\system32\w32time.dll,-201)
    Source : $(@%systemroot%\system32\w32time.dll,-200)
    UserId : S-1-5-19
    Author : $(@%systemroot%\system32\w32time.dll,-202)
    Context : LocalService
    MultipleInstancesPolicy : IgnoreNew
    DisallowStartIfOnBatteries : true
    Arguments : start w32time task_started
    UseUnifiedSchedulingEngine : true
    URI : \Microsoft\Windows\Time Synchronization\SynchronizeTime
    StopOnIdleEnd : true
    RunLevel : HighestAvailable
    id : LocalService
    RunOnlyIfNetworkAvailable : true
    Command : %windir%\system32\sc.exe
    RestartOnIdle : false
    Triggers :
    StartWhenAvailable : true
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 29 July 2019
#>


    param(
        [Parameter(Mandatory=$true)]$XML,
        [Parameter(Mandatory=$false)][String[]]$SkipElement = @('version','xmlns','xml')
    )
    
    Begin { }

    Process {
        foreach ($Property in ($XML | Get-Member -MemberType Property).Name) {
            $Value = $XML.$Property
            if ($Value.GetType().Name -ne 'XmlElement') {
                if ($Property -in $SkipElement) {
                    Write-Log 'Skipping property',$Property,'value',$Value Green,Yellow,Green,Yellow
                } else {
                    Write-Log 'Processing property',$Property,'value',$Value Green,cyan,Green,Cyan
                    [PSCustomObject]@{ $Property = $Value }
                }
            } else {
                Flatten-XML -XML $Value 
            }
        }
    }

    End { }
}

function Combine-Objects {

<#
 .SYNOPSIS
  Function to combine a collection of PS Custom Objects into one.
 
 .DESCRIPTION
  Function to combine a collection of PS Custom Objects into one.
  This is often used with Flatten-XML function of this PS module
 
 .PARAMETER Object
  One or more PS Custom Object
 
 .EXAMPLE
    [XML]$XML = SCHTASKS /Query /XML /TN '\Microsoft\Windows\Time Synchronization\SynchronizeTime'
    Flatten-XML -XML $XML | Combine-Objects
  This example prvides the details of a given scheduled task as an easy to use PS object such as:
    StopIfGoingOnBatteries : true
    Period : P1D
    Deadline : P2D
    Description : $(@%systemroot%\system32\w32time.dll,-201)
    Source : $(@%systemroot%\system32\w32time.dll,-200)
    UserId : S-1-5-19
    Author : $(@%systemroot%\system32\w32time.dll,-202)
    Context : LocalService
    MultipleInstancesPolicy : IgnoreNew
    DisallowStartIfOnBatteries : true
    Arguments : start w32time task_started
    UseUnifiedSchedulingEngine : true
    URI : \Microsoft\Windows\Time Synchronization\SynchronizeTime
    StopOnIdleEnd : true
    RunLevel : HighestAvailable
    id : LocalService
    RunOnlyIfNetworkAvailable : true
    Command : %windir%\system32\sc.exe
    RestartOnIdle : false
    Triggers :
    StartWhenAvailable : true
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 29 July 2019
#>


    param(
        [Parameter(ValueFromPipeline,Mandatory=$true)][PSCustomObject[]]$Object
    )
    
    Begin { }

    Process {
        foreach ($Item in $Object) {
            foreach ($Property in ($Item | Get-Member -MemberType NoteProperty).Name){
                $ArgumentList += @{ $Property = $Item.$Property }        
            }
        }
    }

    End { [PSCustomObject]$ArgumentList }
}

function Grant-UserRight {

<#
 .SYNOPSIS
  Function to grant the provided local user(s) the provided user right
 
 .DESCRIPTION
  Function to grant the provided local user(s) the provided user right
  This function modifies Local Security Policy - see secpol.msc
 
 .PARAMETER UserName
  One or more local users
 
 .EXAMPLE
  Grant-UserRight -UserName samb,notthere -UserRight 'SeManageVolumePrivilege'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  3 October 2019 - v0.1
#>


    param(
        [Parameter(Mandatory=$true)][String[]]$UserName,        # Must be local user
        [Parameter(Mandatory=$true)][ValidateSet(
            'SeAssignPrimaryTokenPrivilege',
            'SeAuditPrivilege',
            'SeBackupPrivilege',
            'SeBatchLogonRight',
            'SeChangeNotifyPrivilege',
            'SeCreateGlobalPrivilege',
            'SeCreatePagefilePrivilege',
            'SeCreateSymbolicLinkPrivilege',
            'SeDebugPrivilege',
            'SeDelegateSessionUserImpersonatePrivilege',
            'SeImpersonatePrivilege',
            'SeIncreaseBasePriorityPrivilege',
            'SeIncreaseQuotaPrivilege',
            'SeIncreaseWorkingSetPrivilege',
            'SeLoadDriverPrivilege',
            'SeManageVolumePrivilege',
            'SeNetworkLogonRight',
            'SeProfileSingleProcessPrivilege',
            'SeRemoteInteractiveLogonRight',
            'SeRemoteShutdownPrivilege',
            'SeRestorePrivilege',
            'SeSecurityPrivilege',
            'SeServiceLogonRight',
            'SeShutdownPrivilege',
            'SeSystemEnvironmentPrivilege',
            'SeSystemProfilePrivilege',
            'SeSystemtimePrivilege',
            'SeTakeOwnershipPrivilege',
            'SeTimeZonePrivilege',
            'SeUndockPrivilege'
        )][String]$userRight,       
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Grant-UserRight - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )
    
    Begin { }

    Process {
        Write-Log 'Backing up current Local Security Policy..' Green -NoNewLine $Logfile
        $FileName = "$env:TEMP\policies-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').inf" # No spaces
        $ExitCode = (Start-Process secedit -ArgumentList "/export /areas USER_RIGHTS /cfg $FileName" -Wait -PassThru).ExitCode
        if ($ExitCode -eq 0) {
            Write-Log 'done',(Get-Item $FileName).FullName Cyan,DarkYellow $LogFile
        } else {
            Write-Log 'failed, stopping..' Yellow $LogFile
            break
        }

        $Policy = Get-Content $FileName
        # $Policy | % { if ($_ -match '= \*') { "'$($_.Split('=')[0].Trim())'," } } | sort

        foreach ($LocalUser in $UserName) {
            try {
                $Sid = ((Get-LocalUser $LocalUser -EA 1).SID).Value
                Write-Log 'Identified local user',$LocalUser,'Sid',$Sid Green,Cyan,Green,Cyan $LogFile
                $Policy = foreach ($Line in $Policy) {
                    if ($Line -match $userRight) {
                        if ($Line -match $Sid) {
                            Write-Log ' Local user',$LocalUser,'already has the right',$userRight Green,Cyan,Green,Cyan $LogFile
                            $Line
                        } else {
                            Write-Log     'Granting local user',$LocalUser,'the right',$userRight Green,Cyan,Green,Cyan $LogFile
                            "$Line,*$Sid"
                        }                
                    } else {
                        $Line
                    } 
                }            
            } catch {
                Write-Log ' Local user',$LocalUser,'not found, skipping..' Magenta,Yellow,Magenta $LogFile
            }
        }

        $Policy | Out-File $FileName -Force

        $ExitCode = (Start-Process secedit -ArgumentList "/configure /db $env:windir\security\database\secedit.sdb /cfg $FileName /areas USER_RIGHTS /log $($FileName.Replace('.inf','.log'))" -Wait -PassThru).ExitCode
        if ($ExitCode -eq 0) {
            Write-Log ' done' Cyan $LogFile
        } else {
            Write-Log ' failed','no changes made to Local Policies' Yellow,Magenta $LogFile
            Write-Log (Get-Content $FileName.Replace('.inf','.log') | Out-String).Trim() Yellow $LogFile
        }
        <#
        Error 1208: An extended error has occurred.
             Error creating database.
        Error 12: The access code is invalid.
        https://social.technet.microsoft.com/Forums/en-US/0c888948-3a0d-49e4-ac81-e71138c8d5b8/facing-an-issue-while-running-quotseceditquot-command?forum=ws2016
        https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/secedit
        https://support.microsoft.com/en-us/help/324383/troubleshooting-scecli-1202-events
        #>

        Remove-Item -Path $FileName -Force
    }

    End { }
}

Function Monitor-Service {
<#
 .SYNOPSIS
  Function to query one or more TCP ports
 
 .DESCRIPTION
  Function query WMI with Timeout
 
 .PARAMETER Class
  Class name such as 'Win32_computerSystem'
 
 .PARAMETER Property
  Property name such as 'NumberofLogicalProcessors'
 
 .PARAMETER Filter
  In the format Property=Value such as DriveLetter=G:
 
 .PARAMETER ComputerName
  Computer name
 
 .PARAMETER NameSpace
  Default is 'root\cimv2'
  To see name spaces type:
    (Get-WmiObject -Namespace 'root' -Class '__Namespace').Name
 
 .PARAMETER Cred
  PS Credential object
 
 .PARAMETER TimeOut
  In seconds
 
 .EXAMPLE
  Get-SBWMI -Class Win32_computerSystem -Property NumberofLogicalProcessors
 
 .EXAMPLE
  Get-SBWMI -Class Win32_Volume -Filter 'DriveType=3'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 September 2017
  v0.2 - 29 September 2017 - Added parameter to use a different credential other than the one running the script
                             Added error checking for failure to WMI connect
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][Object[]]$MontitoredPort = @(
            [PSCustomObject]@{
                FromIP       = 'Any'      # 'Any' Or valid IPv4 address
                ToIP         = 'cnn.com'  # FQDN or IPv4
                ToPort       = 80         # TCP port (0-65536)
            }
        ),
        [Parameter(Mandatory=$false)][Int]$Frequency    = 5,          # Number of minutes between checks
        [Parameter(Mandatory=$false)][Int]$CountToAlert = 2,          # Number of failed checks before alert is triggered
        [Parameter(Mandatory=$true)][String]$SenderEmail,             
        [Parameter(Mandatory=$true)][String]$AlertTo,                 # one or more email addresses
        [Parameter(Mandatory=$true)][String]$SMTPRelayServer = 20,    # IP address or FQDN of SMTP relay server
        [Parameter(Mandatory=$false)][PSCrednetial]$SMTPCred          # Credential needed to use SMTP server
    )

    Begin {
        # Validate input
        $ProprtyList = @('FromIP','ToIP','ToPort')
        $PortList = foreach ($PortSpec in $MontitoredPort) {
            $ThisPropList = ($PortSpec | Get-Member -MemberType NoteProperty).Name
            $Keep = $true
            foreach ($Property in $ProprtyList) {
                if ($Property -notin $ThisPropList) { 
                    Write-Log 'Input MonitoredPort missing required property',$Property Magenta,Yellow 
                    $Keep = $false
                }
            }
            if ($Keep) { $PortSpec }
        }        
    }

    Process{
        if ($PortList) {
            Write-Log 'Monitoring' Green
            Write-Log ($PortList | FT -a | Out-String).Trim() Cyan
            foreach ($PortSpec in $PortList) {
                if ($PortSpec.FromIP.ToLower() -eq 'any') {
                    $Result = Test-SBNetConnection -ComputerName $PortSpec.ToIP -PortNumber $PortSpec.ToPort 
                    foreach ($Ping in $Result) {
                        if ($Ping.TcpTestSucceeded) {
                            if ($PortSpec.ToIP -eq $Ping.ComputerName) {
                                Write-Log "$($Ping.ComputerName)",'online' Cyan,Green
                            } else {
                                Write-Log "$($Ping.ComputerName)($($PortSpec.ToIP))",'online' Cyan,Green
                            }
                        } else {
                            if ($PortSpec.ToIP -eq $Ping.ComputerName) {
                                Write-Log "$($Ping.ComputerName)",'unreacheable' Cyan,Yellow
                            } else {
                                Write-Log "$($Ping.ComputerName)($($PortSpec.ToIP))",'unreacheable' Cyan,Yellow
                            }
                        }
                    }
                } else {

                }
            }
        }
    } 

    End {
        
    }
}

function Get-VssWriters {

<#
 .Synopsis
  Function to get information about VSS Writers on one or more computers
 
 .Description
  Function will parse information from VSSAdmin tool and return object containing
  WriterName, StateID, StateDesc, and LastError
   
 .PARAMETER ComputerName
  This is the name of one or more computers.
  If absent, localhost is assumed.
 
 .Example
  Get-VssWriters
  This example will return a list of VSS Writers on localhost
 
 .Example
  # Get VSS Writers on localhost, sort list by WriterName
  $VssWriters = Get-VssWriters | Sort "WriterName"
  $VssWriters | FT -AutoSize # Displays it on screen
  $VssWriters | Out-GridView # Displays it in GridView
  $VssWriters | Export-CSV ".\myVSSWriterReport.csv" -NoTypeInformation # Exports it to CSV
 
 .Example
  # Get VSS Writers on the list of $Computers, sort list by ComputerName
  $Computers = "xHost11","notThere","xHost12",$env:ComputerName
  $VssWriters = Get-VssWriters -ComputerName $Computers -Verbose | Sort "ComputerName"
  $VssWriters | FT -AutoSize # Displays it on screen
  $VssWriters | Out-GridView # Displays it in GridView
  $VssWriters | Export-CSV ".\myVSSWriterReport.csv" -NoTypeInformation # Exports it to CSV
 
 .Example
  # Reports any errors on VSS Writers on the computers listed in MyComputerList.txt, sorts list by ComputerName
  $Computers = Get-Content ".\MyComputerList.txt"
  $VssWriters = Get-VssWriters $Computers -Verbose |
    Where { $_.StateDesc -ne 'Stable' } | Sort "ComputerName"
  $VssWriters | FT -AutoSize # Displays it on screen
  $VssWriters | Out-GridView # Displays it in GridView
  $VssWriters | Export-CSV ".\myVSSWriterReport.csv" -NoTypeInformation # Exports it to CSV
  
 .Example
  # Get VSS Writers on all computers in current AD domain, sort list by ComputerName
  $Computers = (Get-ADComputer -Filter *).Name
  $VssWriters = Get-VssWriters $Computers -Verbose | Sort "ComputerName"
  $VssWriters | Out-GridView # Displays it in GridView
  $VssWriters | Export-CSV ".\myVSSWriterReport.csv" -NoTypeInformation # Exports it to CSV
 
 .EXAMPLE
  # Get VSS Writers on all Hyper-V hosts in current AD domain, sort list by ComputerName
  $Computers = (Get-ADComputer -Filter *).Name
  $FilteredComputerList = Foreach ($Computer in $Computers) {
      if (Get-WindowsFeature -ComputerName $Computer -ErrorAction SilentlyContinue |
        where { $_.Name -eq "Hyper-V" -and $_.InstallState -eq "Installed"}) { $Computer }
  }
  $VssWriters = Get-VssWriters $FilteredComputerList -Verbose | Sort "ComputerName"
  $VssWriters | FT -AutoSize # Displays it on screen
  $VssWriters | Out-GridView # Displays it in GridView
  $VssWriters | Export-CSV ".\myVSSWriterReport.csv" -NoTypeInformation # Exports it to CSV
 
 .OUTPUTS
  Scripts returns a PS Object with the following properties:
    ComputerName
    WriterName
    StateID
    StateDesc
    LastError
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
  https://gallery.technet.microsoft.com/scriptcenter/Powershell-ScriptFunction-415e9e70
 
 .NOTES
  Function by Sam Boutros
    v1.0 - 17 September 2014
    v1.1 - 12 February 2020 - Rewrite, improved parsing and error handling
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [ValidateNotNullorEmpty()]
            [String[]]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Get-VssWriters - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin {  }

    Process {                
        foreach ($Computer in $ComputerName) {
            Write-Log 'Processing computer',$Computer Green,Cyan $LogFile
            $Raw = if ($Computer -eq $env:COMPUTERNAME) {
                try { VssAdmin List Writers } catch { $_.Exception.Message }
            } else {
                try {
                    Invoke-Command -ComputerName $Computer -EA 1 -ScriptBlock {
                        try { VssAdmin List Writers } catch { $_.Exception.Message }
                    }
                } catch {  
                    $_.Exception.Message
                }
            }
            
            # Parse $Raw
            # $n=0; $Raw | % { "Line $($n): $_"; $n++ }
            if ($Raw -match "The term 'VssAdmin' is not recognized" -or
                $Raw -match "Connecting to remote server $Computer failed with the following error message") {
                Write-Log 'Error with Computer',$Computer Magenta,Yellow $LogFile
                Write-Log ($Raw | Out-String).Trim() Yellow $LogFile
            } elseif ($Raw[3] -match "Error: You don't have the correct permissions to run this command") {
                Write-Log 'Error with Computer',$Computer Magenta,Yellow $LogFile
                Write-Log ("$($Raw[3]) $($Raw[4])").Trim() Yellow $LogFile
            } else {
                if ($Raw -match 'Writer Name') {
                    $n=0; $WriterStartLines = foreach ($Line in $Raw) { if ($Line -match 'Writer Name') { $n }; $n++ }
                    foreach ($Writer in $WriterStartLines) {
                        [PSCustomObject]@{
                            ComputerName = $Computer
                            WriterName   = $Raw[$Writer].Split(':')[1].Trim().Replace("'","")
                            StateId      = $Raw[$Writer+3].Split(':')[1].Trim().Split(']')[0].Replace('[','')
                            StateDesc    = $Raw[$Writer+3].Split(':')[1].Trim().Split(']')[1].Trim()
                            LastError    = $Raw[$Writer+4].Split(':')[1].Trim()
                        }
                    }
                } else {
                    Write-Log 'No VSS Writers identified on Computer',$Computer,'- details:' Magenta,Yellow,Magenta $LogFile
                    Write-Log ($Raw | Out-String).Trim() Yellow $LogFile
                }
            }
        }
    } 

    End { }
}

function Get-DayOfMonth {
<#
 .SYNOPSIS
  Function to get a given day of the week such as Sunday of a given Month/Year like March/2020
 
 .DESCRIPTION
  Function to get a given day of the week such as Sunday of a given Month/Year like March/2020
   
 .PARAMETER DayOfWeek
  Optional parameter that defaults to 'Sunday'
  Valid options are 'Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday'
   
 .PARAMETER First
  Optional switch parameter. By default it retuns the first day of the month
  When set to $true, it returns the last day of month
   
 .PARAMETER Month
  Optional parameter from 1 to 12
   
 .PARAMETER Year
  Optional parameter from 1 to 10,000
   
 .EXAMPLE
    Get-DayOfMonth
    This will return the last Sunday of the current Month/Year as in:
    Sunday, March 29, 2020 12:26:49 PM
 
 .EXAMPLE
    Get-DayOfMonth -DayofWeek Monday
    This will return the last Monday of the current Month/Year as in:
    Monday, March 30, 2020 12:27:34 PM
 
 .EXAMPLE
    Get-DayOfMonth -DayofWeek Saturday -First
    This will return the first Saturday of the current Month/Year as in:
    Saturday, March 7, 2020 12:28:25 PM
 
 .EXAMPLE
    Get-DayOfMonth -DayofWeek Friday -Month 3 -Year 1945
    This will return the last Friday of March 1945 as in:
    Friday, March 30, 1945 12:29:54 PM
 
 .OUTPUTS
  This cmdlet returns a DateTime object
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 26 March 2020
 
#>


    [CmdletBinding(ConfirmImpact = 'Low')]
    Param(
        [Parameter(Mandatory=$false)][ValidateSet('Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday')][String]$DayofWeek = 'Sunday',
        [Parameter(Mandatory=$false)][Switch]$First, 
        [Parameter(Mandatory=$false)][ValidateRange(1,12)][Int]$Month = (Get-Date).Month,
        [Parameter(Mandatory=$false)][ValidateRange(1,10000)][Int]$Year = (Get-Date).Year
    )

    Begin { }

    Process {
        $Days = 0..31 | foreach { 
            (Get-Date -Year $Year -Month $Month -Day 1).AddDays($_) | 
                where { $_.Month -eq $Month -and $_.DayOfWeek -eq $DayofWeek }
        }
    }

    End { 
        if ($First) { $Days | select -First 1 } else { $Days | select -last 1 }
    }
} 

function Get-PCInfo {
<#
 .SYNOPSIS
  Function to ping and report on given one or more Windows computers.
 
 .DESCRIPTION
  Function to ping and report on given one or more Windows computers.
  If the computer has more than one network interface, this function will report all IP and MAC addresses
 
 .PARAMETER ComputerName
  One or more computer names to be reported on. This defaults to the current computer.
 
 .PARAMETER Cred
  PS Credential object that can be obtained from Get-Credential or Get-SBCredential
 
 .PARAMETER Refresh
  This switch will supress progress messages to speed up processing.
 
 .OUTPUTS
  The function returns a PS object that has the following properties/example:
    ComputerName : WIN10G2-Sam1
    Status : Online
    IPAddress : 192.168.214.118
    MACAddress : 00:xx:xx:xx:xx:xx
    DateBuilt : 9/6/2019 10:38:13 AM
    OSVersion : 10.0.18363
    OSCaption : Microsoft Windows 10 Enterprise
    OSArchitecture : 64-bit
    Model : Virtual Machine
    Manufacturer : Microsoft Corporation
    VM : True
    LastBootTime : 3/26/2020 9:38:45 PM
 
 .EXAMPLE
  Get-PCInfo
  This returns the current PC information
 
 .EXAMPLE
  $PCInfo = Get-PCInfo -ComputerName @('PC1','PC2','PC3')
  This checks the listed computers and saves the collected information in $PCInfo variable
 
 .EXAMPLE
  (Import-Csv .\ComputerList1.csv).ComputerName | Get-PCInfo | Export-Csv .\ComputerReport.csv -NoType
  This example will read a list of computer names from the CSV file provided which has a 'ComputerName' column,
  gather each computer information and save it to the provided CSV output file.
 
 .EXAMPLE
  Get-PCInfo -ComputerName Server111 -Cred (Get-SBCredential 'domain\user')
  This example will report on information of the provided computer using the provided credentials
 
 .LINK
  https://superwidgets.wordpress.com/2017/01/04/powershell-script-to-report-on-computer-inventory/
 
 .NOTES
  Function by Sam Boutros
    31 October 2014 v0.1
    4 January 2017 v0.2
    17 March 2017 v0.3 - chnaged the logic to output 1 record per computer even when it has several NICs
    2 April 2020 v0.4 - Added Silent switch to speed up processing of large number of computers
        Switched to using Get-SBWMI instead of Get-WMIObject
        Added Cred Parameter to be able to query computers outside the domain
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
            [String[]]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory=$false)][PSCredential]$Cred,
        [Parameter(Mandatory=$false)][Switch]$Silent
    )

    Begin { }

    Process {
        
        foreach ($PC in $ComputerName) {
            if (-not $Silent) { Write-Log 'Checking computer',$PC Green,Cyan -NoNewLine }
            try {
                $Result = Test-Connection -ComputerName $PC -Count 2 -ErrorAction Stop 
                if ($Cred) {
                    $OS = Get-SBWMI -ComputerName $PC -Class Win32_OperatingSystem -Cred $Cred -EA 0
                    $Mfg = Get-SBWMI -ComputerName $PC -Class Win32_ComputerSystem -Cred $Cred -EA 0
                    $IPs = (Get-SBWMI -ComputerName $PC -Class Win32_NetworkAdapterConfiguration -Cred $Cred -EA 0 | 
                            Where { $_.IpEnabled }).IPAddress | where { $_ -match "\." } # IPv4 only
                } else {
                    $OS = Get-SBWMI -ComputerName $PC -Class Win32_OperatingSystem -EA 0
                    $Mfg = Get-SBWMI -ComputerName $PC -Class Win32_ComputerSystem -EA 0
                    $IPs = (Get-SBWMI -ComputerName $PC -Class Win32_NetworkAdapterConfiguration -EA 0 | 
                            Where { $_.IpEnabled }).IPAddress | where { $_ -match "\." } # IPv4 only
                }
                $MACs = foreach ($IPAddress in $IPs) {
                    if ($Cred) {
                        (Get-SBWMI -ComputerName $PC -Class Win32_NetworkAdapterConfiguration -Cred $Cred -EA 0 | 
                            Where { $_.IPAddress -eq $IPAddress }).MACAddress
                    } else {
                        (Get-SBWMI -ComputerName $PC -Class Win32_NetworkAdapterConfiguration -EA 0 | 
                            Where { $_.IPAddress -eq $IPAddress }).MACAddress
                    }                        
                }
                if (-not $Silent) { Write-Log 'done' Green }
                [PSCustomObject]@{
                    ComputerName   = $PC
                    Status         = 'Online'
                    IPAddress      = $IPs -join ', '
                    MACAddress     = $MACs -join ', '
                    DateBuilt      = ([WMI]'').ConvertToDateTime($OS.InstallDate)
                    OSVersion      = $OS.Version
                    OSCaption      = $OS.Caption
                    OSArchitecture = $OS.OSArchitecture
                    Model          = $Mfg.model
                    Manufacturer   = $Mfg.Manufacturer
                    VM             = $(if ($Mfg.Manufacturer -match 'vmware' -or $Mfg.Manufacturer -match 'microsoft') { $true } else { $false })
                    LastBootTime   = ([WMI]'').ConvertToDateTime($OS.LastBootUpTime)
                }
            } catch { # either ping failed or access denied
                if ($Result) {
                    if (-not $Silent) { Write-Log 'done' Magenta }
                    [PSCustomObject]@{
                        ComputerName   = $PC
                        Status         = $Error[0].Exception
                    }
                } else {
                    if (-not $Silent) { Write-Log 'done' Yellow }
                    [PSCustomObject]@{
                        ComputerName   = $PC
                        Status         = 'No response to ping'
                    }
                }
            }
        }
    }

    End { }
}

function Parse-String {

<#
 .Synopsis
  Function to parse an input string returning values between Start Marker and End Marker strings
 
 .Description
  Function to parse an input string returning values between Start Marker and End Marker strings
  Start and End marker strings cannot be the same
  This function will return multiple values if the $InputString has several occurances of the Start and End Markers
  For useful results look for unqiue Start and End markers in your $InputString
  This function can be useful in parsing the Message property of Windows Event Logs
   
 .PARAMETER InputString
  The input string
 
 .PARAMETER StartMarker
  The Start Marker string
 
 .PARAMETER EndMarker
  The End Marker string
 
 .Example
  $InputString = 'A sleek red fox emerged from its deep under ground burrow A sleek green fox emerged from its deep under ground burrow'
  Parse-String -InputString $InputString -StartMarker 'sleek' -EndMarker 'emerged'
  This example will parse the input string and return values between 'sleek' and 'emerged'
 
 .Example
  if ($LogEntry = Get-EventLog -LogName Security -EntryType FailureAudit | select -First 1) {
    $LogonType = Parse-String -InputString $LogEntry.Message -StartMarker 'Logon Type:' -EndMarker 'Account For Which Logon Failed:'
    $AccountAttempted = Parse-String -InputString $LogEntry.Message -StartMarker 'Account Name:' -EndMarker 'Account Domain:'
    $IPAttemptedFrom = Parse-String -InputString $LogEntry.Message -StartMarker 'Source Network Address:' -EndMarker 'Source Port:'
    "Logon Type: $LogonType (2 = interactive, 3 = network)"
    "Account Attempted: $($AccountAttempted | where { $_ -ne '-' })"
    "IP Address from which Logon was attempted: $IPAttemptedFrom"
  }
  This example will find the first AuditFailure event in the Security EventLog, and will parse its Message property
  to show Logon Type, Account Attempted, and IP Address from which Logon was attempted
 
 .OUTPUTS
  This function returns one or more strings
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
    v0.1 - 12 April 2020
    v0.2 - 14 April 2020
        Updated logic to report errors as verbose output
        Updated logic to continue on error
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$InputString,
        [Parameter(Mandatory=$true)][String]$StartMarker,
        [Parameter(Mandatory=$true)][String]$EndMarker
    )

    Begin { 
        Write-Verbose "InputString: $InputString"
        Write-Verbose "StartMarker: $StartMarker"
        Write-Verbose "EndMarker: $EndMarker"
        $GO = $true
        if ($StartMarker -eq $EndMarker) {
            Write-Verbose "Parse-String Error: $StartMarker and $EndMarker parameters cannot be the same"
            $GO = $false
        }
        if ($InputString -notmatch $StartMarker) {
            Write-Verbose = $false "Parse-String Error: $StartMarker not found in $InputString"
            $GO = $false
        }
        if ($InputString -notmatch $EndMarker) {
            Write-Verbose "Parse-String Error: $EndMarker not found in $InputString"
            $GO = $false
        }
    }

    Process {    
        
        if ($GO) {
            $StartMarkerCount = ($InputString -split $StartMarker).Count - 1 
            $EndMarkerCount   = ($InputString -split $EndMarker).Count - 1 
        
            foreach ($Occurance in (1..$StartMarkerCount)) {
                (($InputString -split $StartMarker)[$Occurance].Trim() -split $EndMarker)[0].Trim()
            }
        }
        
    } 

    End { }
}

function Report-FailureAudit {

<#
 .Synopsis
  Function to search and parse Windows Security EventLog for Failure Audit events
 
 .Description
  Function to search and parse Windows Security EventLog for Failure Audit events (EventID 4625, 5061, 140)
   
 .PARAMETER MaxCount
  If an integer value of this optional parameter is provided,
  this function will limits its search to the newest $MaxCount events of each of the
  Security and Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational event logs
 
 .PARAMETER Summarize
  Optional paramter that provides Attack analysis such as:
    Reading Security Event Log on computer myPC .. read 256160 events in 0:1:12 (hh:mm:ss)
    Reading 'Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational' Event Log on computer myPC .. read 103 events in 0:0:2 (hh:mm:ss)
    Processing Security Log events 4625 and 5061 on computer myPC .. done in 0:3:51 (hh:mm:ss)
    Processing 'Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational' Log events 140 on computer myPC .. done in 0:0:0 (hh:mm:ss)
    Processing summary report for computer myPC .. done in 0:2:59 (hh:mm:ss)
    All done in 0:8:42 (hh:mm:ss)
   
    #####################################################################
   
    Computer information:
    ComputerName : myPC
    LAN_IP : 10.11.12.13
    OS : Microsoft Windows Server 2016 Datacenter
    Type : Virtual Machine
    WAN_IP : 172.217.11.46
    WAN_Location : New York City, New York, 10004 - US (40.7143,-74.0060)
    WAN_rDNS : lga25s61-in-f14.1e100.net
    WAN_TimeZone : America/New_York
   
    Security Event summary:
    EventCount : 256,160
    FirstEventTime : 4/11/2020 10:12:46 PM
    LastEventTime : 4/15/2020 6:02:19 AM
    Duration : 3:7:49:33 (dd:hh:mm:ss)
    AttemptsPerHour : 3,209
    EventLog : Security
    EventType : FailureAudit
    EventId : 4625
   
    RDP Event summary:
    EventCount : 103
    FirstEventTime : 4/15/2020 6:02:00 AM
    LastEventTime : 4/15/2020 6:03:32 AM
    Duration : 0:0:1:31 (dd:hh:mm:ss)
    AttemptsPerHour : 4,055
    EventLog : RdpCoreTS
    EventType : Bad user name or password
    EventId : 140
   
    Attack analysis:
   
    Source IP:
    IPAddress ReverseDNS IPLocation IPOrg IPTimeZone AttemptCount Percent
    --------- ---------- ---------- ----- ---------- ------------ -------
    185.202.2.180 Strasbourg, Grand Est, 67000 - FR (48.5839,7.7455) AS57043 HOSTKEY B.V. Europe/Paris 111067 43.34 %
    185.202.2.11 Strasbourg, Grand Est, 67000 - FR (48.5839,7.7455) AS57043 HOSTKEY B.V. Europe/Paris 81480 31.80 %
    185.202.2.179 Strasbourg, Grand Est, 67000 - FR (48.5839,7.7455) AS57043 HOSTKEY B.V. Europe/Paris 31312 12.22 %
    185.202.2.170 Strasbourg, Grand Est, 67000 - FR (48.5839,7.7455) AS57043 HOSTKEY B.V. Europe/Paris 27873 10.88 %
    - Novosibirsk, Novosibirsk Oblast, 630091 - RU (55.0411,82.9344) AS202729 OOO "Patent-Media" Asia/Novosibirsk 4401 1.72 %
    185.202.1.19 Strasbourg, Grand Est, 67000 - FR (48.5839,7.7455) AS57043 HOSTKEY B.V. Europe/Paris 92 0.04 %
    45.143.200.15 Novosibirsk, Novosibirsk Oblast, 630091 - RU (55.0411,82.9344) AS202729 OOO "Patent-Media" Asia/Novosibirsk 38 0.01 %
   
    Logon Attempt Type:
    LogonType AttemptCount Percent
    --------- ------------ -------
    Network 256160 99.96 %
    Not reported in RdpCoreTS Log 103 0.04 %
   
    Attempted Account(s):
    Account AttemptCount Percent
    ------- ------------ -------
    \administrator 69609 27.16 %
    \admin 69328 27.05 %
    abcd\administrator 64176 25.04 %
    abcd\admin 17291 6.75 %
    myPC\Guest 4401 1.72 %
    Not reported in RdpCoreTS Log 103 0.04 %
    \Administrador 5 0.00 %
    \izxadm 2 0.00 %
    \nufadmin 2 0.00 %
    \tttadmin 2 0.00 %
 
 .PARAMETER MaxCount
  Path to a file where this script will log its console output such as the attack summary
 
 .Example
  Report-FailureAudit
  This example will return information of Failure Audit events in the Windows Security EventLog
 
 .Example
  Report-FailureAudit -MaxCount 10 -Verbose
  This example will return information of the 10 most recent Failure Audit events in the Windows Security EventLog
 
 .Example
  $EventList = Report-FailureAudit -MaxCount 4000 -Summarize -LogFile "C:\myFolder\Report-FailureAudit_$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
  This example will return information of the 4000 most recent Failure Audit events in the Windows Security EventLog and provide attack summary
 
 .OUTPUTS
  PS Objects for each event such as:
    EventID : 4625
    ComputerName : computername.domain.com
    LogName : Security
    EventType : FailureAudit
    LogonType : Network
    Account : \gvradmin
    SourceIP : 185.202.2.179
    SourceName : Remmina
    TimeGenerated : 4/11/2020 10:12:46 PM
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
    v0.1 - 12 April 2020
    v0.2 - 14 April 2020
        Updated summary reporting
        Added parsing for event 5061 in addition to event 4625
        Added reading of event 140 of the Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational event log
        Added duration tracking of each processing section
    v0.3 - 15 April 2020
        Read event details from $Event.ReplacementStrings instead of parsing $Event.Message
        Added source IP geolocation details in the IP summary section
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][Int]$MaxCount,
        [Parameter(Mandatory=$false)][Switch]$Summarize,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Report-FailureAudit_$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        $StartTime = Get-Date
        function Get-LogonType ($LogonCode) {
            switch ($LogonCode) {
                2  { 'Interactive' }
                3  { 'Network' }
                4  { 'Batch' }
                5  { 'Service' }
                7  { 'Unlock' }
                8  { 'NetworkCleartext' }
                9  { 'NewCredentials' }
                10 { 'RemoteInteractive' }
                11 { 'CachedInteractive' }
                default { $LogonCode }
            }
        }
        Write-Verbose "MaxCount: $MaxCount"
        Write-Verbose "Summarize: $Summarize"
        Write-Verbose "LogFile: $LogFile"
        Write-Log 'Reading Security Event Log on computer',$env:COMPUTERNAME Green,Cyan $LogFile -NoNewLine
        $Duration = Measure-Command {
            try {
                if ($MaxCount) {
                    $EventList = Get-EventLog -LogName Security -EntryType FailureAudit -EA 1 -Newest $MaxCount
                } else {
                    $EventList = Get-EventLog -LogName Security -EntryType FailureAudit -EA 1 
                }            
            } catch {
                if ($_.Exception.Message -match 'No matches found') {
                    Write-Log 'No FailureAudit events found in Security Event Log for computer',$env:COMPUTERNAME Green,Cyan $LogFile
                } else {
                    Write-Log 'Report-FailureAudit Error: unable to read Windows Security EventLog for computer',$env:COMPUTERNAME Magenta,Yellow $LogFile
                    Write-Log 'This function needs to run under elevated permissions' DarkYellow $LogFile
                    Write-Log $_.Exception.Message Magenta $LogFile
                }           
            }
        }
        if ($EventList) { Write-Log '..','read',$EventList.Count,'events in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" white,Green,Cyan,Green,DarkYellow $LogFile }

        Write-Log 'Reading ''Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational'' Event Log on computer',$env:COMPUTERNAME Green,Cyan $LogFile -NoNewLine
        $Duration = Measure-Command {
            try {
                if ($MaxCount) {
                    $RDPList = Get-WinEvent -LogName 'Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational' -EA 1 -MaxEvents $MaxCount | where Id -EQ 140
                } else {
                    $RDPList = Get-WinEvent -LogName 'Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational' -EA 1 | where Id -EQ 140
                }            
            } catch {
                if ($_.Exception.Message -match 'No events were found') {
                    Write-Log 'No RDP 140 events found in RdpCoreTS Event Log for computer',$env:COMPUTERNAME Green,Cyan $LogFile
                } else {
                    Write-Log 'Report-FailureAudit Error: unable to read Windows RdpCoreTS EventLog for computer',$env:COMPUTERNAME Magenta,Yellow $LogFile
                    Write-Log 'This function needs to run under elevated permissions' DarkYellow $LogFile
                    Write-Log $_.Exception.Message Magenta $LogFile
                } 

                Write-Log 'Report-FailureAudit Error: unable to read ''Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational'' EventLog for computer',$env:COMPUTERNAME Magenta,Yellow $LogFile
                Write-Log 'This function needs to run under elevated permissions' DarkYellow $LogFile
                Write-Log $_.Exception.Message Magenta $LogFile
            }
        }
        if ($RDPList) { Write-Log '..','read',$RDPList.Count,'events in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" white,Green,Cyan,Green,DarkYellow $LogFile }
    }

    Process {    
 
        if ($EventList) {
            $EventList = $EventList | sort TimeGenerated
            Write-Log 'Processing Security Log events 4625 and 5061 on computer',$env:COMPUTERNAME Green,Cyan $LogFile -NoNewLine
            $Duration = Measure-Command {
                $myOutput = foreach ($Event in $EventList) {
                    Switch ($Event.EventID) {
                        4625 {
                            [PSCustomObject][Ordered]@{
                                EventID       = $Event.EventID
                                ComputerName  = $Event.MachineName
                                LogName       = 'Security'
                                EventType     = $Event.EntryType
                                LogonType     = Get-LogonType $Event.ReplacementStrings[10]
                                Account       = "$($Event.ReplacementStrings[6])\$($Event.ReplacementStrings[5])"
                                SourceIP      = $Event.ReplacementStrings[19]
                                SourceName    = $Event.ReplacementStrings[13]
                                TimeGenerated = $Event.TimeGenerated
                            }
                        }
                        5061 {
                            [PSCustomObject][Ordered]@{
                                EventID       = $Event.EventID
                                ComputerName  = $Event.MachineName
                                LogName       = 'Security'
                                EventType     = $Event.EntryType
                                LogonType     = 'Not reported in event 5061'
                                Account       = "$($Event.ReplacementStrings[2])\$($Event.ReplacementStrings[1])"                    
                                SourceIP      = 'Not reported in event 5061'
                                SourceName    = 'Not reported in event 5061'
                                TimeGenerated = $Event.TimeGenerated
                            }
                        }
                        Default { 
                            Write-Log 'Report-FailureAudit: Encountered unknown FailureAudit Event: ID', $Event.EventID Yellow,Cyan $LogFile 
                        }
                    }
                }
            }
            Write-Log '..','done in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" white,Green,DarkYellow $LogFile
        } else {
            Write-Log 'No events of type FailureAudit found in the Windows Security EventLog' Green $LogFile
        }

        if ($RDPList) {
            $RDPList = $RDPList | sort TimeCreated
            Write-Log 'Processing ''Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational'' Log events 140 on computer',$env:COMPUTERNAME Green,Cyan $LogFile -NoNewLine
            $Duration = Measure-Command {
                $myOutput += foreach ($Event in $RDPList) {
                    [PSCustomObject][Ordered]@{
                        EventID       = $Event.Id
                        ComputerName  = $Event.MachineName
                        LogName       = 'RdpCoreTS'
                        EventType     = 'Not reported in RdpCoreTS Log'
                        LogonType     = 'Not reported in RdpCoreTS Log'
                        Account       = 'Not reported in RdpCoreTS Log'
                        SourceIP      = $Event.Properties.Value
                        SourceName    = 'Not reported in RdpCoreTS Log'
                        TimeGenerated = $Event.TimeCreated
                    }
                }
            }
            Write-Log '..','done in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" white,Green,DarkYellow $LogFile
        } else {
            Write-Log 'No Events 140 found in the ''Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational'' EventLog' Green $LogFile
        }

        if ($myOutput) {
            $myOutput = $myOutput | sort TimeGenerated
            $myOutput
        }
        

    } 

    End { 
        if ($Summarize -and $myOutput) {
            Write-Log 'Processing summary report for computer',$env:COMPUTERNAME Green,Cyan $LogFile -NoNewLine
            $Duration = Measure-Command {
                $PCInfo = Get-PCInfo -Silent
                $IPLocation = Get-IPLocation (Get-MyWANIP).IPAddressToString
                $ServerSummary = [PSCustomObject][Ordered]@{
                    ComputerName = $PCInfo.ComputerName
                    LAN_IP       = $PCInfo.IPAddress
                    OS           = $PCInfo.OSCaption
                    Type         = $PCInfo.Model
                    WAN_IP       = $IPLocation.IPAddress
                    WAN_Location = "$($IPLocation.City), $($IPLocation.Region), $($IPLocation.ZipCode) - $($IPLocation.Country) ($($IPLocation.Coords))"
                    WAN_rDNS     = $IPLocation.ReverseDNS
                    WAN_TimeZone = $IPLocation.TimeZone
                }
                $LD = New-TimeSpan -Start $EventList[0].TimeGenerated -End $EventList[-1].TimeGenerated
                $SecurityEventSummary = [PSCustomObject][Ordered]@{
                    EventCount      = '{0:N0}' -f $EventList.Count
                    FirstEventTime  = $EventList[0].TimeGenerated
                    LastEventTime   = $EventList[-1].TimeGenerated 
                    Duration        = "$($LD.Days):$($LD.Hours):$($LD.Minutes):$($LD.Seconds) (dd:hh:mm:ss)"
                    AttemptsPerHour = '{0:N0}' -f ($EventList.Count/$LD.TotalHours)
                    EventLog        = 'Security'
                    EventType       = 'FailureAudit'
                    EventId         = $(($EventList.EventId | select -Unique) -join ', ')
                }
                $LD = New-TimeSpan -Start $RDPList[0].TimeCreated -End $RDPList[-1].TimeCreated
                $RDPEventSummary = [PSCustomObject][Ordered]@{
                    EventCount      = '{0:N0}' -f $RDPList.Count
                    FirstEventTime  = $RDPList[0].TimeCreated
                    LastEventTime   = $RDPList[-1].TimeCreated 
                    Duration        = "$($LD.Days):$($LD.Hours):$($LD.Minutes):$($LD.Seconds) (dd:hh:mm:ss)"
                    AttemptsPerHour = '{0:N0}' -f ($RDPList.Count/$LD.TotalHours)
                    EventLog        = 'RdpCoreTS'
                    EventType       = 'Bad user name or password'
                    EventId         = $(($RDPList.Id | select -Unique) -join ', ')
                }
                $SourceIP = foreach ($Group in ( $myOutput | group SourceIP)) {
                    $IPLocation = Get-IPLocation $Group.Name
                    [PSCustomObject][Ordered]@{
                        IPAddress    = $Group.Name
                        ReverseDNS   = $IPLocation.ReverseDNS
                        IPLocation   = "$($IPLocation.City), $($IPLocation.Region), $($IPLocation.ZipCode) - $($IPLocation.Country) ($($IPLocation.Coords))"
                        IPOrg        = $IPLocation.Org
                        IPTimeZone   = $IPLocation.TimeZone
                        AttemptCount = $Group.Count
                        Percent      = ($Group.Count/$myOutput.Count).tostring("P")
                    }
                }
                $SourceIP = $SourceIP | sort AttemptCount -Descending
                $LogonType = $myOutput | group LogonType | select @{n='LogonType';e={$_.Name}},
                    @{n='AttemptCount';e={$_.Count}},
                    @{n='Percent';e={($_.Count/$myOutput.Count).tostring("P")}} | sort AttemptCount -Descending
                $Account = $myOutput | group Account | sort count -Descending | select -First 10 | 
                    select @{n='Account';e={$_.Name}},@{n='AttemptCount';e={$_.Count}},
                    @{n='Percent';e={($_.Count/$myOutput.Count).tostring("P")}} | sort AttemptCount -Descending
            }
            Write-Log '..','done in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" white,Green,DarkYellow $LogFile
            $Duration = New-TimeSpan -Start $StartTime -End (Get-Date)
            Write-Log 'All done in',"$($Duration.Hours):$($Duration.Minutes):$($Duration.Seconds) (hh:mm:ss)" Green,DarkYellow $LogFile

            Write-Host ' '
            Write-Host $('#'*69) -ForegroundColor DarkYellow
            Write-Host ' '
            Write-Log 'Computer information:' Green $LogFile
            Write-Log ($ServerSummary | FL * | Out-String).Trim() Cyan $LogFile

            Write-Host ' '
            Write-Log 'Security Event summary:' Green $LogFile
            Write-Log ($SecurityEventSummary | FL * | Out-String).Trim() Cyan $LogFile

            Write-Host ' '
            Write-Log 'RDP Event summary:' Green $LogFile
            Write-Log ($RDPEventSummary | FL * | Out-String).Trim() Cyan $LogFile

            Write-Host ' '
            Write-Log 'Attack analysis:' Green $LogFile
            Write-Host ' '
            Write-Log 'Source IP:' Green $LogFile
            Write-Log ($SourceIP | FT -a | Out-String).Trim() Cyan $LogFile
            Write-Host ' '
            Write-Log 'Logon Attempt Type:' Green $LogFile
            Write-Log ($LogonType | FT -a | Out-String).Trim() Cyan $LogFile 
            Write-Host ' '
            Write-Log 'Attempted Account(s):' Green $LogFile
            Write-Log ($Account | FT -a | Out-String).Trim() Cyan $LogFile  
        }
    }
}

function Update-PSModule {
<#
 .SYNOPSIS
  Function to update one or more PowerShell Modules from the PowerShellGalery.com
 
 .DESCRIPTION
  Function to update one or more PowerShell Modules from the PowerShellGalery.com
 
 .PARAMETER ModuleList
  One or more Module names
  This is an optional parameter that defaults to AZSBTools and ImportExcel
 
 .EXAMPLE
  Update-PSModule -ModuleList AZSBTools,ImportExcel
 
 .OUTPUTS
  This cmdlet returns PS Objects for each module such as:
    Name Version
    ---- -------
    AZSBTools 1.173.107
    ImportExcel 7.1.0
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 13 April 2020
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][String[]]$ModuleList = @('AZSBTools','ImportExcel')
    )

    Begin {  }

    Process {

        Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
        $Elevated = (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
        $Length = $ModuleList | foreach { $_.Length } | sort | select -Last 1

        $myOutput = foreach ($Module in $ModuleList) {
            try {
                $NewModule = Find-Module $Module -EA 1 
                $CurrentModule = Get-Module $Module -ListAvailable | sort Version | select -Last 1
                $CurrentVersion = if ($CurrentModule) {$CurrentModule.Version.ToString()} else {'None'}
                Write-Log 'Validating PS module',"$Module".PadRight($Length+1),'version',($NewModule.Version.ToString()).PadRight(10) Green,Cyan,Green,Cyan -NoNewLine
                if ($CurrentVersion -eq $NewModule.Version) {
                    Write-Log 'Validated' DarkYellow
                } else {
                    Write-Log "Not (Current Version $CurrentVersion), installing.." Yellow -NoNewline
                    if ($Elevated) {
                        Install-Module $Module -Force -AllowClobber
                        Remove-Module $Module -Force -EA 0 # To allow for auto-loading the latest version
                        # Remove older copies of the module under 'CurrentUser' scope, because they get prioritized for auto-loading:
                        Remove-Item "$([Environment]::GetFolderPath('MyDocuments'))\WindowsPowerShell\Modules\$Module" -Recurse -Force -EA 0 
                    } else {
                        Install-Module $Module -Force -AllowClobber -Scope CurrentUser
                        Remove-Module $Module -Force -EA 0
                    }
                    Write-Log 'done' Green
                }
                $CurrentModule = Get-Module $Module -ListAvailable | sort Version | select -Last 1
                $CurrentVersion = if ($CurrentModule) {$CurrentModule.Version.ToString()} else {'None'}
            } catch {
                $CurrentVersion = 'Not found in PS Gallery'
                Write-Log $_.Exception.Message Magenta
            }
            [PSCustomObject][Ordered]@{
                Name    = $Module
                Version = $CurrentVersion
            }            
        }
    }

    End { $myOutput }
} 

function New-PSProfile {
<#
 .SYNOPSIS
  Function to create a PS profile
 
 .DESCRIPTION
  Function to create a PS profile
  If a profile file exists, this function appends $FileContent to it
 
 .PARAMETER FileContent
  This is an optional parameter that defaults 'Update-PSModule',
  which defaults to updating AZSBTools and ImportExcel PS Modules
 
 .EXAMPLE
  New-PSProfile
 
 .OUTPUTS
  None
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 13 April 2020
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][String]$Content = 'Update-PSModule'
    )

    Begin {  }

    Process {

        if (Test-Path $profile) {
            $OldContent = Get-Content $profile
            Write-Log 'Current PS Profile',$profile Green,Cyan
            Write-Log (Get-Content $profile -Raw) Yellow
            if (-not ($OldContent -match $Content)) { 
                Write-Log 'Updating PS Profile file',$profile Green,Cyan 
                $NewContent = $OldContent += $Content
                $NewContent | Out-File $profile -Force # Over write the content to avoid file encoding issues
                New-PSProfile -Content $Content
            }
        } else {
            Write-Log 'Creating new PS Profile file',$profile Green,Cyan 
            New-Item "$([Environment]::GetFolderPath('MyDocuments'))\WindowsPowerShell" -ItemType Directory -Force -EA 0 | Out-Null
            $Content | Out-File $profile -Force
            New-PSProfile -Content $Content
        }

    }

    End {  }
} 

function Get-IPLocation {
<#
 .SYNOPSIS
  Function to return the Geographical location of an Internet IP address
 
 .DESCRIPTION
  Function to return the Geographical location of an Internet IP address
  This function depends on ip-api.com and/or ipinfo.io
  This function defaults to querying ipinfo.io because it also provides reverse dns
 
 .PARAMETER Uri
  One or more URLs
  This is an optional parameter. These URLs will be queried for WAN IP.
 
 .PARAMETER IPAddress
  One or more IP addresses
  This is an optional parameter that defaults to the current WAN IP.
 
 .PARAMETER ReportAll
  This is an optional switch. When set to True, this function will return
  information from every Uri source on every provided IP address
 
 .EXAMPLE
  Get-IPLocation (Resolve-DnsName CNN.com -Type A).IPAddress -Verbose
  This example will return information of all IP addresses of CNN.com from ipinfo.io
 
 .EXAMPLE
  Get-IPLocation (Resolve-DnsName Google.com -Type A).IPAddress -ReportAll -Verbose
  This example will return information of the IP address of Google.com from ipinfo.io and ip-api.com
 
 .EXAMPLE
  Get-IPLocation -ReportAll 192.168.1.1 -Verbose
  This example returns no data. This function returns no data for Private IP addresses
 
 .OUTPUTS
  This cmdlet returns aa object such as:
    IPAddress : 172.217.11.46
    ReverseDNS : lga25s61-in-f14.1e100.net
    Country : US
    Region : New York
    City : New York City
    ZipCode : 10004
    Coords : 40.7143,-74.0060
    TimeZone : America/New_York
    Org : AS15169 Google LLC
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 14 April 2020
  v0.2 - 15 April 2020 - Manually validate that the IP input is a valid IP Address
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][String[]]$IPAddress = (Get-MyWANIP).IPAddressToString,
        [Parameter(Mandatory=$false)][String[]]$Uri = @('http://ip-api.com/json','http://ipinfo.io'),
        [Parameter(Mandatory=$false)][Switch]$ReportAll = $false
    )

    Begin { 
        function GetInfoFrom-IPAPI  {
            [CmdletBinding(ConfirmImpact='Low')]
            Param( [Parameter(Mandatory=$true)][String]$Uri)
            try {
                $Result = Invoke-RestMethod -Method Get -Uri $Uri -UseBasicParsing -EA 1 
                if ($Result.status -eq 'success') {
                    [PSCustomObject][Ordered]@{
                        IPAddress = $Result.query
                        Country   = $Result.country
                        Region    = $Result.regionname
                        City      = $Result.city
                        ZipCode   = $Result.zip
                        Coords    = "$($Result.lat),$($Result.lon)"
                        TimeZone  = $Result.timezone
                        Org       = "$($Result.as) ($($Result.org))"
                    }
                }
            } catch {
                Write-Verbose $_.Message.Exception
            }
        }
        function GetInfoFrom-IPINFO {
            [CmdletBinding(ConfirmImpact='Low')]
            Param( [Parameter(Mandatory=$true)][String]$Uri)
            try {
                $Result = Invoke-RestMethod -Method Get -Uri $Uri -UseBasicParsing -EA 1 
                if (-not $Result.bogon) {
                    [PSCustomObject][Ordered]@{
                        IPAddress  = $Result.ip
                        ReverseDNS = $Result.hostname
                        Country    = $Result.country
                        Region     = $Result.region
                        City       = $Result.city
                        ZipCode    = $Result.postal
                        Coords     = $Result.loc
                        TimeZone   = $Result.timezone
                        Org        = $Result.org
                    }
                }
            } catch {
                Write-Verbose $_.Message.Exception
            }
        }
        Write-Verbose 'Received input:'
        Write-Verbose "IPAddress: $($IPAddress -join ', ')"
        Write-Verbose "Uri: $($Uri -join ', ')"
        Write-Verbose "ReportAll: $ReportAll"
    }

    Process {    
        foreach ($IP in $IPAddress) {
            try {
                $IP = [IPAddress]$IP.trim() # Manually validate that the IP input is a valid IP Address
                $IP = $IP.IPAddressToString
                if ($ReportAll) {
                    foreach ($1Uri in $Uri) {
                        switch ($1Uri) {
                            'http://ip-api.com/json' { GetInfoFrom-IPAPI  "$1Uri/$IP" }
                            'http://ipinfo.io'       { GetInfoFrom-IPINFO "$1Uri/$IP" }
                            default { Invoke-RestMethod -Method Get -Uri "$1Uri/$IP" -UseBasicParsing }
                        }
                    }
                } else { # Prefer ipinfo.io because it also provides reverse dns
                    if       ($Uri -match 'ipinfo.io') { GetInfoFrom-IPINFO "$($Uri -match 'ipinfo.io')/$IP"
                    } elseif ($Uri -match 'ip-api.com') { GetInfoFrom-IPAPI "$($Uri -match 'ip-api.com')/$IP"
                    } else { # return raw
                        Invoke-RestMethod -Method Get -Uri "$($Uri | select -First 1)/$IP" -UseBasicParsing
                    }
                }
            } catch {
                Write-Verbose "Get-IPLocation Error: invalid IP address input received: $IP"
            }
        }
    }

    End {  }
} 

#endregion

#region Networking

function Validate-NameResolution {
<#
 .SYNOPSIS
  Function to validate that a given computer name resolves to the same IP address by all domain controllers
 
 .DESCRIPTION
  Function to validate that a given computer name resolves to the same IP address by all domain controllers
 
 .PARAMETER ComputerName
  One or more computer names
 
 .EXAMPLE
  Validate-NameResolution -ComputerName 'myTestPC'
 
 .EXAMPLE
  $DNSValidationResult = Validate-NameResolution @('comp1','comp2','comp3')
 
 .OUTPUTS
  This cmdlet returns PSCustom Objects, one for each resolved IP address with the following properties/example:
    ComputerName ResolvesTo DNSServer
    ------------ ---------- ---------
    devtestaaav47 10.70.122.134 {DEVaaaDCRWV01.dev.tst.local, DEVaaaDCRWV02.dev.tst.local, tstCJRDCRWV01.tst.local, tstJUNDCRWV01.tst.local...}
    devtestaaav47 10.19.133.168 {DEVCJRDCRWV01.dev.tst.local, tstaaaDCRWV03.tst.local}
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 July 2018
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param([Parameter(Mandatory=$true,ValueFromPipeLineByPropertyName=$true)][String[]]$ComputerName)

    Begin { $DCList = Get-DCList }

    Process {       
        $myOutput = foreach ($Computer in $ComputerName) {
            $NameResolutionList = foreach ($DC in ($DCList | where { $_.Forest })) { Resolve-DnsName -Name $Computer -Server $DC.Name | 
                select @{n='ComputerName';e={$_.Name}},Type,TTL,IPAddress,@{n='DNSServer';e={$DC.Name}} | sort IPAddress
            }

            if (($Groups = $NameResolutionList | group IPAddress).Count.Count -gt 1) { # Yes .Count twice, not a typo :)
                Write-Log 'Identified name resolution inconsistency:',$Computer,'resolves to',(($NameResolutionList.IPAddress | select -Unique) -join ', ') Magenta,Yellow,Magenta,Yellow
            } else {
                Write-Log 'All DNS servers resolved',$Computer,'to the same IP address',($NameResolutionList.IPAddress | select -Unique) Green,Cyan,Green,Cyan
            }  
                          
            $Groups | foreach {
                [PSCustomObject][Ordered]@{
                    ComputerName = $Computer
                    ResolvesTo   = $_.Name
                    DNSServer    = $_.Group.DNSServer
                }
            }
        }
    }

    End { $myOutput }
} 
  
function Test-SBNetConnection {
<#
 .SYNOPSIS
  Function to test open TCP ports
 
 .DESCRIPTION
  Function to test open TCP ports
  Compared to the Test-NetConnection native function of the NetTCPIP module,
  this command is much faster particularly when it comes across closed ports.
  In addition, the timeout value is adjustable by using the TimeoutSec parameter.
 
 .PARAMETER ComputerName
  This parameter accepts a computer name or IPv4 Address.
  If a computer name is provided, the function attempts to resolve it to an IP address
 
 .PARAMETER PortNumber
  This is one or more TCP port number(s) with valid values from 1 to 65535
  It defaults to 111,135,22,3389,25,80,5985,5986
  Ports 111,135 help identify the system as a Linux or Windows system respectively
  Ports 22,3389 are Linux/SSH and Windows/RDP ports
  Ports 25,80 are SMTP and HTTP ports
  Ports 5895,5986 are PowerShell/WinRM ports over HTTP and HTTPS respectively
 
 .PARAMETER TimeoutSec
  Time out in seconds
  This defaults to 1, and accepts valid values from 1 to 300 seconds.
 
 .OUTPUTS
  The script outputs a PS array of objects, one for each open port including the following properties/example:
    ComputerName RemotePort TcpTestSucceeded
    ------------ ---------- ----------------
    10.127.73.195 53 True
    10.127.73.195 135 True
    10.127.73.195 389 True
    10.127.73.195 443 False
    10.127.73.195 5723 False
    10.127.73.195 5985 True
    10.127.73.195 5986 True
 
 .EXAMPLE
  Test-SBNetConnection -ComputerName 10.127.73.195
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 18 October 2017
  v0.2 - 5 January 2018 - Fixed bug to account for computers that resolve to more than 1 IP
  v0.3 - 20 December 2019 - added code to exclude IPv6 addresses
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][String]$ComputerName,
        [Parameter(Mandatory=$false)][uInt16[]]$PortNumber = @(111,135,22,3389,25,80,5985,5986),
        [Parameter(Mandatory=$false)][ValidateRange(1,300)][Int16]$TimeoutSec = 1
    )

    Begin { }

    Process{
        if (!($IPv4Address = $Computername -as 'IPAddress')) {
            try {
                [IPAddress[]]$IPv4Address = (Resolve-DnsName -Name $ComputerName -EA 1).IPAddress
                $IPv4Address = $IPv4Address | where AddressFamily -EQ InterNetwork # Exclude IPv6 addresses
            } catch {
                Write-Warning "Unable to resolve computer name '$ComputerName'"
            }        
        }
        if ($IPv4Address) {
            foreach ($IP in $IPv4Address.IPAddressToString) {
                foreach ($Item in $PortNumber) {
                    $TCP = New-Object System.Net.Sockets.TcpClient
                    $AsyncResult = $TCP.BeginConnect("$IP","$Item",$null,$null)
                    $PortOpen = $false
                    if ($AsyncResult.AsyncWaitHandle.WaitOne($TimeoutSec*1000,$false)) {
                        try {
                            $TCP.EndConnect($AsyncResult)
                            $PortOpen = $true
                        } catch {
                            Write-Warning $_.Exception.InnerException 
                        }                        
                    } else {
                        Write-Warning "TCP connect to $($IP):$Item timed out ($TimeoutSec sec)"
                    } # if $AsyncResult
                    $TCP.Close()
                    [PSCustomObject][Ordered]@{
                        ComputerName     = $IP
                        RemotePort       = $Item
                        TcpTestSucceeded = $PortOpen
                    } # PSCustomObject
                } # foreach port
            } # foreach IP
        } # if $IPv4Address
    } # Process

    End { }
}

function Convert-IpAddressToMaskLength {
<#
 .SYNOPSIS
  Function to return the length of an IPv4 subnet mask
 
 .DESCRIPTION
  Function to return the length of an IPv4 subnet mask
  For example, 255.255.255.0 will return 24
 
 .PARAMETER DottedDecimalIP
  Dotted IPv4 address (subnet mask) such as 255.255.224.0
 
 .EXAMPLE
  Convert-IpAddressToMaskLength -DottedDecimalIP 255.255.255.0
  This will return 24
 
 .EXAMPLE
  Convert-IpAddressToMaskLength 255.0.0.0,255.192.0.0,255.255.255.224
  This will return 8, 10, and 27
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [String[]]$DottedDecimalIP
    )

    Begin {  }

    Process{
        foreach ($Address in $DottedDecimalIP) {
            $Result = 0
            [IPAddress]$IPv4 = $Address
            foreach ($Octet in ($IPv4.IPAddressToString.Split('.'))) {
                while ($Octet -ne 0) {
                    $Octet = ($Octet -shl 1) -band [byte]::MaxValue
                    $Result ++
                } # while
            } # foreach
            $Result        
        } # foreach
    } # Process

    End {  }
}

function Convert-MaskLengthToIpAddress {
<#
 .SYNOPSIS
  Function to return the IPv4 subnet mask provided a mask length
 
 .DESCRIPTION
  Function to return the IPv4 subnet mask provided a mask length
  For example, 10 will return 255.192.0.0
 
 .PARAMETER MaskLength
  IPv4 subnet mask length. Valid values are 1 to 32
 
 .EXAMPLE
  Convert-MaskLengthToIpAddress -MaskLength 12
  This will return 255.240.0.0
 
 .EXAMPLE
  8,10,20,27 | Convert-MaskLengthToIpAddress
  This will return
    255.0.0.0
    255.192.0.0
    255.255.240.0
    255.255.255.224
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,
                   ValueFromPipeLine=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [ValidateRange(1,32)]
            [UInt32[]]$MaskLength
    )

    Begin {    }

    Process{
        foreach ($Item in $MaskLength) { 
            if ($Item -lt 9) {
                "$((1..$Item | % { [math]::Pow(2,8-$_) } | measure -Sum).Sum).0.0.0"
            } elseif ($Item -lt 17) {
                "255.$((1..$($Item-8) | % { [math]::Pow(2,8-$_) } | measure -Sum).Sum).0.0"
            } elseif ($Item -lt 25) {
                "255.255.$((1..$($Item-16) | % { [math]::Pow(2,8-$_) } | measure -Sum).Sum).0"
            } else {
                "255.255.255.$((1..$($Item-24) | % { [math]::Pow(2,8-$_) } | measure -Sum).Sum)"
            }            
        } # foreach
    } # Process

    End {    }
}

function Get-IPv4Details {
<#
 .SYNOPSIS
  Function to return the details of a given IPv4 address
 
 .DESCRIPTION
  Function to return the details of a given IPv4 address
 
 .PARAMETER CIDRAddress
  IPv4 address in CIDR notation such as 11.12.13.64/27
  Part of the 'CIDR' Parameter Set.
  When provided, IPAddress and SubnetMask are not required
 
 .PARAMETER IPAddress
  Dotted decimal IPv4 address such as 11.12.13.14
  Part of the 'Mask' Parameter Set.
 
 .PARAMETER SubnetMask
  Dotted decimal IPv4 subnet mask such as 255.255.0.0
  Part of the 'Mask' Parameter Set.
 
 .OUTPUTS
  This function returns a PS object with the following properties (and example):
    IPDottedDecimal : 10.120.30.11
    IPDecimal : 186546186
    IPBitLength : 12
    IPDottedBinary : 00001010.01111000.00011110.00001011
    MaskDottedDecimal : 255.255.240.0
    MaskDecimal : 15794175
    MaskBitLength : 20
    MaskDottedBinary : 11111111.11111111.11110000.00000000
    NetDottedDecimal : 10.120.16.0
    NetDecimal : 1079306
    NetCIDR : 255.255.240.0/20
    NetDottedBinary : 00001010.01111000.00010000.00000000
    HostDottedDecimal : 0.0.14.11
    HostDecimal : 185466880
    HostDottedBinary : 00000000.00000000.00001110.00001011
    FirstSubnetIP : 10.120.16.1
    LastSubnetIP : 10.120.31.254
    SubnetMaximumHosts : 4094
 
 .EXAMPLE
  Get-IPv4Details -IPAddress 10.120.30.11 -SubnetMask 255.255.240.0
 
 .EXAMPLE
  Get-IPv4Details -CIDRAddress 10.120.30.64/27
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
  v0.2 - 1 July 2019 - updates to properly address /32 mask
  v0.3 - 12 February 2020 - Added Parameter Set to accept IP input in CIDR format
        Known issue: Extreme cases are not detailed properly such as /31 and /32 mask
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,ParameterSetName='CIDR')][String]$CIDRAddress,
        [Parameter(Mandatory=$true,ParameterSetName='Mask')][Alias('IPv4','IP')][IPAddress]$IPAddress,
        [Parameter(Mandatory=$true,ParameterSetName='Mask')][Alias('Mask','NetMAsk')][IPAddress]$SubnetMask
    )

    Begin { 
        # Extract $IPAddress, $MaskLength, and $SubnetMask from $CIDRAddress if provided
        if ($CIDRAddress) {
            if ($CIDRAddress -match '/') {
                if ($CIDRAddress.Split('/').Count -eq 2) {
                    $MaskLength = $CIDRAddress.Split('/')[1] -as [Int]
                    if ($MaskLength -gt 32 -or $MaskLength -lt 0) {
                        Write-Log 'Get-IPv4Details Error: CIDRAddress',$CIDRAddress,'must have a mask length between 0 and 32' Magenta,Yellow,Magenta 
                        break
                    }
                    [IPAddress]$SubnetMask = Convert-MaskLengthToIpAddress -MaskLength $MaskLength
                    if (-not ($IPAddress = $CIDRAddress.Split('/')[0] -as [IPAddress])) {
                        Write-Log 'Get-IPv4Details Error: CIDRAddress',$CIDRAddressv,'must be in the format DottedDecimalIPv4Address/MaskLength as in 10.1.2.0/24' Magenta,Yellow,Magenta 
                        break
                    } else {
                        [IPAddress]$IPAddress = $CIDRAddress.Split('/')[0] -as [IPAddress]
                    }
                } else {
                    Write-Log 'Get-IPv4Details Error: CIDRAddress',$CIDRAddress,'must be in the format DottedDecimalIPv4Address/MaskLength as in 10.1.2.0/24' Magenta,Yellow,Magenta 
                    break
                }
            } else {
                Write-Log 'Get-IPv4Details Error: CIDRAddress',$CIDRAddress,'must be in the format DottedDecimalIPv4Address/MaskLength as in 10.1.2.0/24' Magenta,Yellow,Magenta 
                break
            } 
        } 
    }

    Process{
        if (-not ($MaskLength)) {
            $MaskLength = 0
            foreach($Octet in ($SubnetMask.GetAddressBytes())) {
                while ($Octet -ne 0) { $Octet = $Octet*2 -band 255; $MaskLength ++ }
            }
        } 
        $IPLength = 32 - $MaskLength
        $IPBinary = $IPAddress.GetAddressBytes()  | % { [Convert]::ToString($_,2).PadLeft(8,'0') }
        $MaskBinary = $SubnetMask.GetAddressBytes() | % { [Convert]::ToString($_,2).PadLeft(8,'0') }
        $NetAddress = [IPAddress]($IPAddress.Address -band $SubnetMask.Address)
        $NetBinary = $NetAddress.GetAddressBytes() | % { [Convert]::ToString($_,2).PadLeft(8,'0') }
        $Temp = foreach ($Octet in $MaskBinary) { 0..7 | % { if ($Octet[$_] -eq '1') { '0' } else { '1' } } }
        $MaskMirrorBinary = @(); 0,8,16,24 | % {$MaskMirrorBinary += ($Temp -join '').Substring($_,8)  }
        [IPAddress]$MaskMirror = ($MaskMirrorBinary | % { [Convert]::ToInt32($_,2) }) -join '.'
        $HostAddress = [IPAddress]($IPAddress.Address -band $MaskMirror.Address)
        $HostBinary = $HostAddress.GetAddressBytes() | % { [Convert]::ToString($_,2).PadLeft(8,'0') }
        $FirstSubnetIP = Next-IP -IPAddress $NetAddress.IPAddressToString
        if (([Math]::Pow(2,$IPLength) - 2) -lt 0) {
            $LastSubnetIP = $FirstSubnetIP
        } else {
            $LastSubnetIP = Next-IP -IPAddress $NetAddress.IPAddressToString -Increment ([Math]::Pow(2,$IPLength) - 2)
        }
        
        [PSCustomObject]@{
            IPDottedDecimal    = $IPAddress.IPAddressToString
            IPDecimal          = $IPAddress.Address
            IPBitLength        = $IPLength
            IPDottedBinary     = $IPBinary -join '.'

            MaskDottedDecimal  = $SubnetMask.IPAddressToString
            MaskDecimal        = $SubnetMask.Address
            MaskBitLength      = $MaskLength
            MaskDottedBinary   = $MaskBinary -join '.'

            NetDottedDecimal   = $NetAddress.IPAddressToString
            NetDecimal         = $NetAddress.Address
            NetCIDR            = "$($NetAddress.IPAddressToString)/$MaskLength"
            NetDottedBinary    = $NetBinary -join '.'

            HostDottedDecimal  = $HostAddress.IPAddressToString
            HostDecimal        = $HostAddress.Address
            HostDottedBinary   = $HostBinary -join '.'

            FirstSubnetIP      = $FirstSubnetIP
            LastSubnetIP       = $LastSubnetIP
            SubnetMaximumHosts = if (([Math]::Pow(2,$IPLength) - 2) -lt 0) { 0 } else { ([Math]::Pow(2,$IPLength) - 2) }
        }
    }

    End { }
}

function Next-IP {
<#
 .SYNOPSIS
  Function to return an IP address relative to the input IP address
 
 .DESCRIPTION
  Function to return an IP address relative to the input IP address
 
 .PARAMETER IPAddress
  Dotted IPv4 address such as 10.12.13.15
 
 .PARAMETER Increment
  A whole number between -4294967294 and 4294967295
  For example when using 1, the function will return the next IP address
  This defaults to 1
 
 .EXAMPLE
  Next-IP -IPAddress 10.10.10.11 -Increment 1
    Will return 10.10.10.12
 
 .EXAMPLE
  Next-IP -IPAddress 201.120.252.253 -Verbose
    Will return 201.120.252.254
 
 .EXAMPLE
  Next-IP -IPAddress 201.120.252.253 -Increment 100 -Verbose
    Will return 201.120.253.97
 
 .EXAMPLE
  Next-IP -IPAddress 201.120.252.253 -Increment -500 -Verbose
    Will return 201.120.251.9
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][Alias('IPv4','IP')][IPAddress]$IPAddress,
        [Parameter(Mandatory=$false)][ValidateRange(-4294967294,4294967295)][Int64]$Increment = 1
    )

    Begin { }

    Process{
        $DecimalArray = $IPAddress.GetAddressBytes()
        [Array]::Reverse($DecimalArray)
        $Decimal = ([IPAddress]($DecimalArray -join '.')).Address
        $Decimal = $Decimal + $Increment
        if ($Decimal -le 4294967295 -and $Decimal -ge -4294967294) {
            $DecimalArray = ([IPAddress]$Decimal).GetAddressBytes()
            [Array]::Reverse($DecimalArray)
            $DecimalArray -join '.'  
        } else {
            Write-Verbose "Cannot increment/decrement the provided IP addresses '$($IPAddress.IPAddressToString)' by '$Increment'"
            Write-Verbose "The resulting address '$Decimal' would exceed a 32-bit address (-4294967294 to 4294967295)"
        }      
    }

    End { }
}

function Test-SameSubnet {
<#
 .SYNOPSIS
  Function to compare a pair of IPv4 addresess and their subnet masks and
  identify if they're on the same subnet or not
 
 .DESCRIPTION
  Function to compare a pair of IPv4 addresess and their subnet masks
  If the 2 IPs are on the same subnet, the function retirns the subnet ID in CIDR format,
  otherwise it returns False
 
 .PARAMETER IP1
  Dotted decimal IPv4 address such as 11.12.13.14
 
 .PARAMETER Mask1
  Dotted decimal IPv4 subnet mask such as 255.255.0.0
 
 .PARAMETER IP2
  Dotted decimal IPv4 address such as 11.12.13.15
 
 .PARAMETER Mask2
  Dotted decimal IPv4 subnet mask such as 255.255.240.0
 
 .EXAMPLE
  Test-SameSubnet -IP1 10.124.170.1 -Mask1 255.255.252.0 -IP2 10.124.170.2 -Mask2 255.255.252.0
  This will return 10.124.168.0/22
 
 .EXAMPLE
  Test-SameSubnet -IP1 10.124.170.117 -Mask1 255.255.255.240 -IP2 10.124.170.2 -Mask2 255.255.255.240
  This will return False
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][IPAddress]$IP1,
        [Parameter(Mandatory=$true)][IPAddress]$Mask1,
        [Parameter(Mandatory=$true)][IPAddress]$IP2,
        [Parameter(Mandatory=$true)][IPAddress]$Mask2
    )

    Begin { }

    Process{
        $Network1 = (Get-IPv4Details -IPAddress $IP1 -SubnetMask $Mask1).NetDecimal
        $Network2 = (Get-IPv4Details -IPAddress $IP2 -SubnetMask $Mask2).NetDecimal
        if ($Network1 -eq $Network2) { 
            [IPAddress]$IP = 0
            $IP.Address = $Network1
            "$($IP.IPAddressToString)/$(Convert-IpAddressToMaskLength -DottedDecimalIP $Mask1)"
        } else {
            $false
        }
    }

    End { }
}

function Get-IPv4Summary {
<#
 .SYNOPSIS
  Function to return IPv4 information of enabled network adapters
 
 .DESCRIPTION
  Function to return IPv4 information of enabled network adapters
  This function requires the Convert-IpAddressToMaskLength function
  available in the SB-Tools modules in the PowerShell Gallery
 
 .PARAMETER ServiceName
  This is set to 'netvsc' by default
  To see available Service Names use:
  Get-WmiObject -Class Win32_NetworkAdapterConfiguration | FT Description,Index,IPAddress,ServiceName,DefaultIPGateway -a
 
 .EXAMPLE
  Get-IPv4Summary -Verbose
  
 .EXAMPLE
  Get-IPv4Summary -ServiceName 'vmsmp' -Verbose
  
 .OUTPUTS
  This function/cmdlet returns a PS object for each netvsc NIC with the following properties/example:
    IPv4Address : 192.168.124.44
    IPv4Subnet : 255.255.255.0
    MaskLength : 24
    DefaultGateway : 192.168.124.1
    DNSServers : {8.8.8.8,4.4.4.4}
    Description : Ethernet Network Adapter
    DHCPEnabled : False
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param([Parameter(Mandatory=$false)][String]$ServiceName = 'netvsc') # 'vmsmp'

    Begin { }

    Process{
        $AdapterList = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "servicename = ""$ServiceName""" | ? { $_.IPAddress }
        if ($AdapterList) {
            $myOutput = foreach ($NIC in $AdapterList) {
                Write-Verbose "Get-IPv4Summary: Processing adapter '$($NIC.Description)'"
                if (($NIC.IPSubnet -match '\.').Count -eq 1) { 
                    $IPv4Subnet = $NIC.IPSubnet -match '\.' | select -First 1 
                    $MaskLength = Convert-IpAddressToMaskLength $IPv4Subnet 
                } else {
                    $IPv4Subnet = $NIC.IPSubnet -match '\.'
                    $MaskLength = $IPv4Subnet | % {Convert-IpAddressToMaskLength $_}
                }
                if (($NIC.IPAddress -match '\.').Count -eq 1) { 
                    $IPv4Address = $NIC.IPAddress -match '\.' | select -First 1 
                } else {
                    $IPv4Address = $NIC.IPAddress -match '\.'
                }
                if (($NIC.DefaultIPGateway -match '\.').Count -eq 1) { 
                    $DefaultGateway = $NIC.DefaultIPGateway -match '\.' | select -First 1 
                } else {
                    $DefaultGateway = $NIC.DefaultIPGateway -match '\.'
                }
                if (($NIC.DNSServerSearchOrder -match '\.').Count -eq 1) { 
                    $DNSServers = $NIC.DNSServerSearchOrder -match '\.' | select -First 1 
                } else {
                    $DNSServers = $NIC.DNSServerSearchOrder -match '\.'
                }
                [PSCustomObject]@{
                    IPv4Address    = $IPv4Address
                    IPv4Subnet     = $IPv4Subnet
                    MaskLength     = $MaskLength
                    DefaultGateway = $DefaultGateway
                    DNSServers     = $DNSServers
                    Description    = $NIC.Description
                    DHCPEnabled    = $NIC.DHCPEnabled
                } # PSCustomObject
            } # foreach $NIC
            $myOutput
        } else {
            Write-Verbose "Bad ServiceName '$ServiceName' provided, available Service Names are: $( Get-WmiObject -Class Win32_NetworkAdapterConfiguration | FT description,Index,IPAddress,ServiceName,DefaultIPGateway -a | Out-String)"
        } 
    }

    End { }
}

function Get-FTPFileList {
<#
 .SYNOPSIS
  Function to get file list from FTP site
 
 .DESCRIPTION
  Function to get file list from FTP site
 
 .PARAMETER FTPURL
  For example: ftp://site.domain.com
  This is the URL to the FTP site
 
 .PARAMETER Port
  Optional parameter that defaults to port 21
 
 .PARAMETER Cred
  PSCredential object obtained via Get-Credential or Get-SBCredential
  It is used to authenticate to the FTP site.
  For anonymous FTP create a credential that has the name 'anonymous' and any password
 
 .PARAMETER Recurse
  Optional switch parameter. When set to True, the function will return all files and subfolders
 
 .EXAMPLE
  Get-FTPFileList -FTPURL ftp://123.45.56.78 -Cred (Get-SBCredential 'samb@mysite.ftpdomain.com') | FT -a
  This example list the files listed from the given FTP site
  
 .EXAMPLE
  $myFileList = Get-FTPFileList -FTPURL ftp://mysite.ftpsite.com -Cred (Get-SBCredential 'samb@mysite.ftpdomain.com') -Recurse
  $FileOnlyList = $myFileList | where Type -EQ 'File'
  Write-log 'File and directory listing contains', $myFileList.Count, 'items' Green,Cyan,Green
  Write-log ' including', ($myFileList.Count-$FileOnlyList.Count), 'directories' Green,Cyan,Green
  Write-log ' and', $FileOnlyList.Count, 'files' Green,Cyan,Green
  Write-log 'Calculating total size...' Green -noNew
  $SizeBytes = ($myFileList | measure SizeBytes -Sum).Sum
  Write-log $SizeBytes, 'bytes', "($([Math]::Round($SizeBytes/1GB,2)) GB)" Cyan,Green,Cyan
 
 
 .OUTPUTS
  The function returns an object for each file/directory found with the following properties/example:
    Type Name Path SizeBytes Date Permission
    ---- ---- ---- --------- ---- ----------
    File 8xxxx5 ftp://mysite.ftpsite.com//8xxxx5/8xxxx5 47 12/27/2014 12:00:00 AM -r--r--r--
    File 8xxxx5.zip ftp://mysite.ftpsite.com//8xxxx5/8xxxx5.zip 61728 12/27/2014 12:00:00 AM -r--r--r--
    Directory June Amazon ftp://mysite.ftpsite.com//Amazon/June Amazon 0 6/9/2015 12:00:00 AM drwxr-xr-x
    File MANIFEST.txt ftp://mysite.ftpsite.com//Amazon/MANIFEST.txt 636 3/18/2015 12:00:00 AM -r--r--r--
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  17 October 2018 - v0.1
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,HelpMessage='Such as ftp://site.domain.com')][String]$FTPURL,  
        [Parameter(Mandatory=$false)][Int]$Port = 21,
        [Parameter(Mandatory=$true)][PSCredential]$Cred,
        [Parameter(Mandatory=$false)][Switch]$Recurse = $false
    )

    Begin {
        # Compile URL from FTPURL and Port
        if (($FTPURL -as [system.uri]).AbsoluteUri) {
            $Temp = $FTPURL -as [system.uri]
            [system.uri]$FTPURL = "ftp://$($Temp.Host):$Port$($Temp.LocalPath)"
            Write-Log 'Get-FTPFileList: Processing URL:',$FTPURL.AbsoluteUri Green,Cyan
        } else {
            Write-Log 'Get-FTPFileList: Error: bad FTPURL received:',$FTPURL,"expecting FTP URL such as ftp://site.domain.com" Magenta,Yellow,Magenta
            break
        }
    }

    Process {
        try {
        
            $FTPRequest = [System.Net.FtpWebRequest]::Create($FTPURL)
            $FTPRequest.Credentials = $Cred
            $FTPRequest.Method = [System.Net.WebRequestMethods+Ftp]::ListDirectoryDetails 
            $FTPResponse = $FTPRequest.GetResponse() 
            $ResponseStream = $FTPResponse.GetResponseStream()
            $StreamReader = New-Object System.IO.StreamReader $ResponseStream  
            $FileList = New-Object System.Collections.ArrayList
            While ($File = $StreamReader.ReadLine()) { [void]$FileList.add($File) }

        } catch {
            Write-Log $_.Exception.InnerException.Message Yellow
            break
        }

        $StreamReader.close()
        $ResponseStream.close()
        $FTPResponse.Close()

        $myOutput = foreach ($FileLine in $FileList) {
            $Name = $FileLine.Substring(49,$FileLine.Length-49)
            [PSCustomObject][Ordered]@{
                Type       = $(if ($FileLine.Substring(0,1) -eq 'd') { 'Directory' } else { 'File' })
                Name       = $Name
                Path       = "$($FTPURL.AbsoluteUri)/$Name"
                SizeBytes  = $FileLine.Substring(20,15).Trim() -as [Int64]
                Date       = $FileLine.Substring(35,13) -as [DateTime]
                Permission = $FileLine.Substring(0,10) -as [String]
            }
        }

        if ($Recurse) {
            foreach ($Directory in ($myOutput | where Type -EQ 'Directory')) { 
                Get-FTPFileList -FTPURL $Directory.Path -Cred $Cred 
            }
        }
    } 

    End { $myOutput }
}

function Listen-Port {
<#
 .SYNOPSIS
  Function to listen on a given TCP port
 
 .DESCRIPTION
  Function to listen on a given TCP port
  This is typically useful for testing firewall rules
  This port listener will auto-shutdown in 1 minute after it's invoked.
  This duration can be increased via a parameter up to 1440 minutes (1 day)
 
 .PARAMETER TCPPort
  TCP port number - required
 
 .PARAMETER IPAddress
  Optional parameter for the computer IPv4 address
 
 .PARAMETER AddFirewallRule
  Optional parameter to create a windows firewall rule to allow testing that TCP port listener
  The script will remove this temporary rule upon its completion
 
 .PARAMETER AutoShutdownMinutes
  Optional paramter that defaults to 1 minute
  Can be as high as 1440 minutes (1 day)
 
 .EXAMPLE
  Listen-Port 12345
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 19 June 2019
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][ValidateRange(0,65535)][Int32]$TCPPort,
        [Parameter(Mandatory=$false)][String]$IPAddress = 'any',
        [Parameter(Mandatory=$false)][ValidateRange(1,1440)][Int16]$AutoShutdownMinutes = 1,
        [Parameter(Mandatory=$false)][Switch]$AddFirewallRule =$true
    )

    Begin {
        if ($AddFirewallRule) {
            Write-Log 'Adding',"Listen-Port-$TCPPort",'firewall rule' Green,Cyan,Green -NoNewLine
            try {
                $ParameterSet = @{
                    DisplayName = "Listen-Port-$TCPPort" 
                    Direction   = 'inbound' 
                    LocalPort   = $TCPPort 
                    Protocol    = 'TCP' 
                    Action      = 'Allow' 
                    Enabled     = 'True' 
                    Profile     = 'Any' 
                    ErrorAction = 'Stop'
                
                }
                $Rule = New-NetFirewallRule @ParameterSet
                Write-Log 'done' DarkYellow
             } catch {
                Write-Log 'failed' Magenta
                Write-Log $_.Exception.Message Yellow  
             }
         }

        $PingingJob = Start-Job -ScriptBlock {
            0..($Using:AutoShutdownMinutes*6+4) | foreach { 
                Test-SBNetConnection -ComputerName $env:COMPUTERNAME -Port $Using:TCPPort -EA 0 -WA 0 
                Start-Sleep -Seconds 10 
            }
        } 
    }

    Process{
        $IPEndPoint  = New-Object System.Net.IPEndPoint ([IPAddress]::$IPAddress, $TCPPort)    
        $TcpListener = New-Object System.Net.Sockets.TcpListener $IPEndPoint
        $TcpListener.Start()   
        $StartTime = Get-Date 
        $Running = $true
        try {
            While ($Running) {
                if (-not $TcpListener.Pending()) { Start-Sleep -Seconds 1 }
                $TCPClient = $TcpListener.AcceptTcpClient()
                $TimeRemaining =  New-TimeSpan -Start (Get-Date) -End $StartTime.AddMinutes($AutoShutdownMinutes)
                if ($TimeRemaining -le 0) { 
                    $Running = $false 
                    Write-Log 'Auto-shutdown duration exceeded, shutting down..' Green
                } else {
                    Write-Log 'Listening on port',"$TCPPort,",'auto-shutdown in',"$($TimeRemaining.Hours):$($TimeRemaining.Minutes):$($TimeRemaining.Seconds)",'''hh:mm:ss''' Green,Cyan,Green,Yellow,Green
                }
                $TCPClient.Close()
            }
        } catch {
            Write-Log $_.Exception.Message Yellow       
        } finally {
            $TcpListener.Stop()            
        }
    }

    End { 
        if ($AddFirewallRule) { Remove-NetFirewallRule -DisplayName "Listen-Port-$TCPPort" -EA 0 }
        $PingingJob | Remove-Job -Force
    }

}

function Get-MyWANIP {
<#
 .SYNOPSIS
  Function to return current WAN IP address
 
 .DESCRIPTION
  Function to return current WAN IP address
 
 .PARAMETER Source
  One or more URLs
  This is an optional parameter. These URLs will be queried for WAN IP.
 
 .EXAMPLE
  Get-MyWANIP
 
 .OUTPUTS
  This cmdlet returns a System.Net.IPAddress object such as:
    Address : 1132553623
    AddressFamily : InterNetwork
    ScopeId :
    IsIPv6Multicast : False
    IsIPv6LinkLocal : False
    IsIPv6SiteLocal : False
    IsIPv6Teredo : False
    IsIPv4MappedToIPv6 : False
    IPAddressToString : 151.101.129.67
       
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 December 2019
  v0.2 - 12 April 2020 - Added -UseBasicParsing Switch to Invoke-WebRequest Cmdlet call
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][String[]]$Source = @(
            'http://ipinfo.io/ip'
            'http://ifconfig.me/ip'
            'http://icanhazip.com'
            'http://ident.me'
            'http://smart-ip.net/myip'
        )    
    )

    Begin { }

    Process {      
        Remove-Variable FoundIP -Force -EA 0 
        foreach ($SourceURL in $Source) {
            $FoundIP = (Invoke-WebRequest -uri $SourceURL -EA 0 -UseBasicParsing).Content
            $FoundIP = $FoundIP.Trim()
            if ($FoundIP -as [IPAddress]) { 
                $FoundIP = [IPaddress]$FoundIP
                break
            }
        }
    }

    End { $FoundIP }
} 

#endregion

#region Remoting

Function Export-SessionCommand {
<#
 .SYNOPSIS
  Function to export one or more session commands
 
 .DESCRIPTION
  Function to export one or more session commands
  This function takes one or more Powershell script functions/commands from current session
  and exports them to a remote PS session
  This function will ignore and not export binary functions
  Exported functions will persist on the remote computer for the user profile used with the PS remote session
 
 .PARAMETER Command
  This is one or more script commands available in the current PS session
  For example Update-SmbMultichannelConnection cmdlet/function of the SmbShare PS module
  To see available script commands, you can use:
    Get-Command | ? { $_.CommandType -eq 'function' }
 
 .PARAMETER ModuleName
  This is the name of the module that this function will create on the remote computer
  under the user profile of the remote PS session
  This will over-write prior existing module with the same name
 
 .PARAMETER Session
  PSSession object usually obtained by using New-PSSession cmdlet.
 
 .EXAMPLE
  Export-SessionCommand get-saervice,get-sbdisk,bla,get-bitlockerstatus,get-service -Session $Session -Verbose
 
 .OUTPUTS
  The function returns a list of successfully exported commands/functions, or $false if it fails
  Example:
    CommandType Name ModuleName
    ----------- ---- ----------
    Function Get-BitLockerStatus SBjr
    Function Get-SBDisk SBjr
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 12 July 2018
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)][string[]]$Command,
        [Parameter(Mandatory=$false)][String]$ModuleName = 'SBjr',
        [Parameter(Mandatory=$true)][System.Management.Automation.Runspaces.PSSession]$Session
    )

    Begin { 
        if ($Session.State -ne 'Opened') {
            Write-Log 'Export-SessionCommand: Error: Session State is not ''opened''' Magenta
            Write-Log ($Session|Out-String).Trim() Yellow
            break
        }

        $FunctionList = foreach ($Name in $Command) {
            try { 
                Get-Command $Name -EA 1 | Out-Null
                if ((Get-Command $Name).ScriptBlock) {
                    $Name
                } else {
                    Write-Warning "Command '$Name' is not a script command, ignoring"
                }
            } catch {
                Write-Warning "Command '$Name' not found, ignoring"
            }
        }
        $FunctionList = $FunctionList | select -Unique 
        Write-Log 'Exporting function(s):',($FunctionList -join ', ') Green,Cyan 
    }

    Process{ 
        $FirstCommand = $true
        $FunctionList | % {
            $myCommand = Get-Command $_
            Write-Verbose "Exporting command '$($myCommand.Name)' to module '$ModuleName'"
            Invoke-Command -Session $Session -ScriptBlock { 
                $ModPath = "$env:USERPROFILE\Documents\WindowsPowerShell\Modules\$Using:ModuleName"
                $PSM     = "$ModPath\$Using:ModuleName.psm1"
                if ($Using:FirstCommand) {
                    New-Item -Path $ModPath -ItemType Directory -Force | Out-Null 
                    "Function $($Using:myCommand.Name) {" | Out-File $PSM                        
                } else {
                    "Function $($Using:myCommand.Name) {" | Out-File $PSM -Append
                }
                                       
                $Using:myCommand.ScriptBlock,'}',' ' | % { $_ | Out-File $PSM -Append }
            }
            $FirstCommand = $false 
        }

    } # Process

    End {         
        Invoke-Command -Session $Session -ScriptBlock { 
            ' ','Export-ModuleMember -Function *' | % { $_ | Out-File $PSM -Append }
            Remove-Module $Using:ModuleName -Force -Confirm:$false -EA 0
            Import-Module $Using:ModuleName
            try { Get-Command -Module $Using:ModuleName -EA 1 | FT -a } catch { $false }
        }
    }

}

function Import-SessionCommands {
<#
 .SYNOPSIS
  Function to import commands from another computer
 
 .DESCRIPTION
  Function will import commands from remote computer from the module(s) listed.
 
 .PARAMETER ModuleName
  Name(s) of the module(s) that we want to import their commands into the current
  PS console.
  Note that session commands will not be available in other PS instances.
 
 .PARAMETER ComputerName
  Computer name that has the module(s) that we need to import their commands.
 
 .PARAMETER Keep
  This is a switch. When selected, the function will export the imported module(s)
  locally under "C:\Program Files\WindowsPowerShell\Modules" if it's in the PSModulePath,
  otherwise, it will export it to the default path "$home\Documents\WindowsPowerShell\Modules"
  - Note 1: Exported modules and their commands can be used directly from any PS instance
            after a module has been exported with the -keep switch
  - Note 2: Even though a module has been exported locally, everytime you try to use one of
            its commands, PS will start an implicit remoting session to the server where the
            module was imported from.
 
 .EXAMPLE
  Import-SessionCommands -ModuleName ActiveDirectory -ComputerName DC01
  This example imports all the commands from the ActiveDirectory module from the DC01 server
  So, in this PS console instance we can use AD commands like Get-ADComputer without the need
  to install AD features, tools, or PS modules on this computer!
 
 .EXAMPLE
  Import-SessionCommands SQLPS,Storage V-2012R2-SQL1 -Verbose
  This example imports all the commands from the PSSQL and Storage modules from the MySQLServer
  server into the current PS instance
 
 .EXAMPLE
  Import-SessionCommands WebAdministration,BestPractices,MMAgent CM01 -keep
  This example imports all the commands from the WebAdministration, BestPractices, and MMAgent
  modules from the CM01 server into the current PS instance, and exports them locally.
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  Requires PS 3.0
  v1.0 - 08/17/2014
    Although we need to eventually run:
    Remove-PSSession -Session $Session
    We cannot do that in the function as we'll lose the imported session commands
    Two things to consider:
    1. The session will be automatically removed when the PS console is closed
    2. If in the parent script that's using this function a blanket Remove-PSSession
    command is run, like:
    Get-PSSession | Remove-PSSession
    We'll lose this session and its commands, which could cripple the parent script
#>

    
    [CmdletBinding(SupportsShouldProcess=$true,ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=0)]
            [String[]]$ModuleName, 
        [Parameter(Mandatory=$true,
                   ValueFromPipeLineByPropertyName=$true,
                   Position=1)]
            [String]$ComputerName,
        [Parameter(Mandatory=$false,
                   Position=2)]
            [Switch]$Keep
    )
    
    # Get a random session name:
    Do { $SessionName = "Import" + (Get-Random -Minimum 10000000 -Maximum 99999999) }
        While (Get-PSSession -Name $SessionName -ErrorAction SilentlyContinue) 
    Write-Verbose "New PSSession name: $SessionName"
    if ($Env:PSModulePath.Split(';') -contains 'C:\Program Files\WindowsPowerShell\Modules') {
        $ExportTo = 'C:\Program Files\WindowsPowerShell\Modules'
    } else {
        $ExportTo = "$home\Documents\WindowsPowerShell\Modules"
    }
    try { 
        Write-Log 'Connecting to computer', $ComputerName Green,Cyan
        $CurrentSessions = Get-PSSession -ErrorAction SilentlyContinue -ComputerName $ComputerName
        if ($CurrentSessions.ComputerName -Contains $ComputerName) {
            $Session = $CurrentSessions[0]
        } else {
            $Session = New-PSSession -ComputerName $ComputerName -Name $SessionName -ErrorAction Stop
        }
        Write-Verbose "Current PSSessions: $(Get-PSSession)"
        $RemoteModules = Invoke-Command -ScriptBlock { Get-Module -ListAvailable | Select Name } -Session $Session 
        $LocalModules = Get-Module -ListAvailable | Select Name
        foreach ($Module in $ModuleName) {
            if ($LocalModules.Name -Contains $Module -or $LocalModules.Name -Contains "Imported-$Module") {
                Write-Log 'Module', $Module, 'exists locally, not importing..' Yellow,Cyan,Yellow
            } else {
                if ($RemoteModules.Name -Contains $Module) {
                    Write-Log 'Found module', $Module, 'on computer', $ComputerName, 'importing its commands..' Green,Cyan,Green,Cyan,Green
                    Invoke-Command -Session $Session -ArgumentList $Module -ScriptBlock { 
                        Param($Module)
                        Import-Module $Module 
                    }
                    try { 
                        $ImportedModule = Import-PSSession -Session $Session -Module $Module -DisableNameChecking -ErrorAction Stop 
                        if ($Keep) {
                            Write-Log 'Keeping module', $Module, 'locally..' Green,Cyan,Green
                            Remove-Module -Name $ImportedModule.Name
                            Export-PSSession -Module $Module -OutputModule "$ExportTo\Imported-$Module" -Session $Session -Force
                            Import-Module -Name "Imported-$Module"
                        }
                    } catch { 
                        Write-Log 'Module', $Module, 'already imported, skipping..' Yellow,Cyan,Yellow
                    }
                } else {
                    Write-Log 'Error: module', $Module, 'not found on server', $ComputerName Magenta,Yellow,Magenta,Yellow
                }
            }
        }
    } catch {
        Write-Log 'Error: unable to connect to server', $ComputerName Magenta,Yellow
        Write-Log ' Check if', $ComputerName, 'exists, is online, ' Magenta,Yellow,Magenta
        Write-Log ' has WinRM enabled and configured, and ' Magenta
        Write-Log ' you have sufficient permissions to it' Magenta
    }
}

function Connect-Computer {
<#
 .SYNOPSIS
  Function to establish PowerShell Remoting session with a remote computer that's not domain member
 
 .DESCRIPTION
  Function to establish PowerShell Remoting session with a remote computer that's not domain member
 
 .PARAMETER ComputerName
  This can be a NetBios computer name like'mycomputer' or an IPv4 address like '10.20.30.40'
  If using a computer name, make sure it can be resolved to an IPv4 address
 
 .PARAMETER Credential
  This is a PSCredential Object not text.
 
 .EXAMPLE
  $Session = Connect-Computer -ComputerName '10.171.120.68' -Credential (Get-SBCredential -UserName '.\Administrator') -Verbose
  This establishes a session with 10.171.120.68
  To see built in help for the Get-SB-Credential function use: Get-Help Get-SBCredential -Show
  The returned PSSession object is stored in the $Session variable in this example, to used for further automation such as:
  Invoke-command -Session $Session -ScriptBlock { Get-Service }
 
 .OUTPUTS
  This function returns a PSSession object [System.Management.Automation.Runspaces.PSSession]
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 4 October 2018
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$true)]
            [String]$ComputerName,
        [Parameter(Mandatory=$true)]
            [System.Management.Automation.PSCredential]$Credential
    )

    Begin {
        Write-Verbose 'Connect-Computer: Checking Trusted Hosts list'
        $TrustedHosts = Get-Item wsman:\localhost\Client\TrustedHosts
        if ($TrustedHosts.Value -match $ComputerName) {
            Write-Verbose "Connect-Computer: $ComputerName is already in Trusted Hosts"
        } else {
            Write-Verbose "Connect-Computer: Adding $ComputerName to Trusted Hosts"
            try {
                Set-Item wsman:\localhost\Client\TrustedHosts $ComputerName -Concatenate -Force -ErrorAction Stop
                Write-Verbose 'done'
            } catch {
                throw "Failed to add $ComputerName to Trusted Hosts"
            }              
        }        
    }

    Process{
        Write-Verbose "Connect-Computer: Establishing PowerShell Remoting session with $ComputerName using Credential $($Credential.UserName)"
        try {
            New-PSSession -ComputerName $ComputerName -Credential $Credential -ErrorAction Stop
            Write-Verbose 'done'
        } catch {
            Write-Error "Failed to establish PowerShell Remoting session with $ComputerName"
            throw $_
        }         
    }

    End {    }
}

#endregion

#region PageFile

function Get-PageFile {
<#
 .SYNOPSIS
  List the drives that have page file(s) and their configuration
 
 .DESCRIPTION
  List the drives that have page file(s) and their configuration
  Note that 0 value for Initial or Maximum size indicate a system-managed page file
  This function does not require or accept any parameters
 
 .OUTPUTS
  This function returns a PS object for each drive that has a page file on it,
  each having the following 3 properties/example:
    DriveLetter InitialSizeMB MaximumSizeMB
    ----------- ------------- -------------
              C 0 0
              D 1024 4096
 
 .EXAMPLE
  Get-PageFile
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  https://superwidgets.wordpress.com/category/powershell/
  18 September 2018 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param()

    Begin { }

    Process {
        Get-WmiObject -Class Win32_PageFileSetting | 
            select  @{n='DriveLetter';  e={$_.Name[0]}},
                    @{n='InitialSizeMB';e={$_.InitialSize}},
                    @{n='MaximumSizeMB';e={$_.MaximumSize}}
        Write-Verbose '0 value for Initial or Maximum size indicate a system-managed page file'
    }

    End { }

}

function Set-PageFile {
<#
 .SYNOPSIS
  Function to set page file to be on a given drive
 
 .DESCRIPTION
  Function to set page file to be on a given drive
  Function will create page file if it does not exist on the provided drive
 
 .PARAMETER PageFile
  This is a PS Custom Object containing the following 3 properties:
    DriveLetter such as c
    InitialSizeMB such as 1024 (0 value indicate system managed page file)
    MaximumSizeMB such as 4096 (0 value indicate system managed page file)
  This object can be constructed manually as in:
  $PageFile = [PSCustomObject]@{
    DriveLetter = 'c'
    InitialSizeMB = 0
    MaximumSizeMB = 0
  }
  or obtained from the Get-PageFile function of this PS module
 
 .EXAMPLE
  Set-PageFile -PageFile ([PSCustomObject]@{
    DriveLetter = 'c'
    InitialSizeMB = 0
    MaximumSizeMB = 0
  })
  This example configures a system-managed page file on drive c
 
 .EXAMPLE
  Get-PageFile | foreach { $_.InitialSizeMB = 0; $_.MaximumSizeMB = 0; $_ } | Set-PageFile
  This example sets every page file to system-managed size
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  20 September 2018 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)][PSCustomObject]$PageFile = [PSCustomObject]@{
            DriveLetter   = ((Get-WmiObject Win32_Volume | where PageFilePresent).DriveLetter | foreach { $_[0] } | select -First 1)
            InitialSizeMB = 0 # 0 = System Managed Size
            MaximumSizeMB = 0 # 0 = System Managed Size
        }
    )

    Begin { 
        Write-Verbose 'Input received:'
        Write-Verbose ($PageFile | Out-String)
        
        $DriveletterList = (Get-WmiObject Win32_Volume | where PageFilePresent).DriveLetter | foreach { $_[0] } 
        if ($PageFile.DriveLetter -notin $DriveletterList) {
            Write-Log 'Set-PageFile error:','Provided drive letter',$PageFile.DriveLetter,
                'does not exist on this computer, available drive letters are',($DriveletterList -join ', ') Magenta,Yellow,Magenta,Yellow,Magenta 
            break
        } else {
            Write-Verbose "Validated that provided drive letter '$($PageFile.DriveLetter)' exists on this computer '$($env:COMPUTERNAME)'"
        }
    }

    Process {

        $CurrentPageFile = Get-PageFile | where { $_.DriveLetter -match $PageFile.DriveLetter }
        if ($CurrentPageFile.InitialSizeMB -eq $PageFile.InitialSizeMB -and $CurrentPageFile.MaximumSizeMB -eq $PageFile.MaximumSizeMB) {
            Write-Log 'Existing page file',($CurrentPageFile | Out-String),'already matches provided parameters' Green,Yellow,Green
        } else {
            Write-Log 'Updating page file',($CurrentPageFile | Out-String) Green,Cyan

            #region Disable AutomaticManagedPagefile feature
            $compObj = Get-WmiObject Win32_ComputerSystem -EnableAllPrivileges
            if ($compObj.AutomaticManagedPagefile) {
                $compObj.AutomaticManagedPagefile = $false
                $compObj.Put() | Out-Null
                $compObj = Get-WmiObject -Class Win32_compObj -EnableAllPrivileges
                if ($compObj.AutomaticManagedPagefile) { 
                    Write-Log 'Set-PageFile:','Unable to Disable AutomaticManagedPagefile feature','Get-WmiObject -Class Win32_compObj' Magenta,Yellow,Magenta
                    break
                } else {
                    Write-Log 'Disabled','AutomaticManagedPagefile','feature on',$compObj.Name Green,Cyan,Green,Cyan
                }
            } else {
                Write-Log 'Computer',$compObj.Name,'AutomaticManagedPagefile','feature is already disabled' Green,Cyan,Green,Cyan
            }
            #endregion

            # Change/Create Page File
            $pageFileSetting = Get-WmiObject -Class Win32_PageFileSetting | where { $_.Name.StartsWith($PageFile.DriveLetter) }
            if (-not $pageFileSetting) {
                Set-WmiInstance -Class Win32_PageFileSetting -Arguments @{
                    Name        = "$($PageFile.DriveLetter):\pagefile.sys"
                    InitialSize = 0
                    MaximumSize = 0
                } -EnableAllPrivileges | Out-Null
                $pageFileSetting = Get-WmiObject -Class Win32_PageFileSetting | where { $_.Name.StartsWith($PageFile.DriveLetter) }
            }
            $pageFileSetting.InitialSize = $PageFile.InitialSizeMB
            $pageFileSetting.MaximumSize = $PageFile.MaximumSizeMB
            $pageFileSetting.Put() | Out-Null
            $CurrentPageFile = Get-PageFile | where { $_.DriveLetter -match $PageFile.DriveLetter }
            Write-Verbose 'PageFile setting:'
            Write-Verbose ($PageFile | Out-String)
            Write-Verbose 'CurrentPageFile setting:'
            Write-Verbose ($CurrentPageFile | Out-String)
            if ($CurrentPageFile.InitialSizeMB -eq $PageFile.InitialSizeMB -and $CurrentPageFile.MaximumSizeMB -eq $PageFile.MaximumSizeMB) {
                Write-Log 'Successfully updated page file settings to',($CurrentPageFile | Out-String) Green,Cyan
                Write-Log 'Remember that a reboot is required to complete this process' Yellow
            } else {
                Write-log 'Unable to change Page File setting',($CurrentPageFile | Out-String) Magenta,Yellow
            }
        }

    }

    End { }

}

function Remove-PageFile {
<#
 .SYNOPSIS
  Function to remove page file from a given drive
 
 .DESCRIPTION
  Function to remove page file from a given drive
 
 .PARAMETER DriveLetter
  Drive such as 'c' or 'e' that has a page file to be removed
 
 .EXAMPLE
  Remove-PageFile 'c'
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  20 September 2018 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
            [String]$DriveLetter = ((Get-WmiObject Win32_Volume | where PageFilePresent).DriveLetter | foreach { $_[0] } | select -First 1)
    )

    Begin { 
        Write-Verbose "Input received: DriveLetter $DriveLetter"
        
        $DriveletterList = (Get-WmiObject Win32_Volume | where PageFilePresent).DriveLetter | foreach { $_[0] } 
        if ($DriveLetter -notin $DriveletterList) {
            Write-Log 'Remove-PageFile error:','Provided drive letter',$DriveLetter,
                'does not exist on this computer, available drive letters are',($DriveletterList -join ', ') Magenta,Yellow,Magenta,Yellow,Magenta 
            break
        } else {
            Write-Verbose "Validated that provided drive letter '$($DriveLetter)' exists on this computer '$($env:COMPUTERNAME)'"
        }
    }

    Process { 
        Write-Log 'Current page file(s):', (Get-PageFile|Out-String) Green,Cyan 

        if ($DriveLetter -in (Get-PageFile).DriveLetter) {
            (Get-WmiObject -Class Win32_PageFileSetting | where { $_.Name.StartsWith($DriveLetter) }).Delete()
            Write-Log 'Removed page file from drive',$DriveLetter Green,Cyan
            Write-Log 'Current page file(s):', (Get-PageFile|Out-String) Green,Cyan 
            Write-Log 'Remember that a reboot is required to complete this process' Yellow
        } else {
            Write-Log 'No page file found on drive',$DriveLetter Yellow,Cyan
        }
    }

    End { }

}

#endregion

#region Active Directory

function Get-DCList {
<#
 .SYNOPSIS
  Function to provide domain controller information for the current/given AD forest
 
 .DESCRIPTION
  Function to provide domain controller information for the current/given AD forest
   
 .PARAMETER DCName
  Optional parameter to be used to query other than current AD forest
   
 .PARAMETER Cred
  Optional parameter when querying cuurent AD forest (not providing a DCName)
  Required parameter when querying other than current AD forest.
  (Will default to current user credential if not provided when required)
   
 .EXAMPLE
  $myDCList = Get-DCList
  This returns information on the current forest to the console such as:
    Identified AD Forest ABC.local
        Identified the following domains:
    ForestName DomainName DomainLevel PDCEmulator DCCount
    ---------- ---------- ----------- ----------- -------
    ABC.local ABC.local 2012R2 XYZ-DC1.ABC.local 2
  as well as a PS object (stored in $myDCList variable) such as:
    ForestName : ABC.local
    DomainName : ABC.local
    DomainLevel : 2012R2
    PDCEmulator : XYZ-DC1.ABC.local
    DCList : {XYZ-DC1.ABC.local, XYZ-DC2.ABC.local}
 
 .EXAMPLE
  $myDCList = Get-DCList -DCName dc1.mydomain.com -Cred (Get-SBCredential 'mydomain\myname')
  This returns information on the current forest to the console such as:
 
 .OUTPUTS
  This cmdlet returns PSCustom Objects, one for each Domain containing the following properties/example:
    ForestName : ABC.local
    DomainName : ABC.local
    DomainLevel : 2012R2
    PDCEmulator : XYZ-DC1.ABC.local
    DCList : {XYZ-DC1.ABC.local, XYZ-DC2.ABC.local}
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 20 July 2018
  v0.2 - 14 January 2020
    - Rewrite to speed up processing (not quering individial DCs)
    - Added parameter 'DCName' and code to query other than current AD forest
    - Added parameter 'Cred' and code to query other than current AD forest using a different credential
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$false)][String]$DCName, # Full FQDN like server.domain.com
        [Parameter(Mandatory=$false)][PSCredential]$Cred 
    )

    Begin {
        if (-not (Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
            Write-Log 'Validate-TimeSync error: This cmdlet is designed to run from a domain joined computer' Magenta
            break
        }
    }

    Process {
        if ($DCName) {
            Write-log 'Querying DC',$DCName,'using',$Cred.UserName,'credential..' Green,Cyan,Green,Cyan,Green
            if (-not $Cred) { $Cred = Get-SBCredential "$env:USERDNSDOMAIN\$env:USERNAME" }
            $Context = New-Object -TypeName system.directoryservices.activedirectory.directorycontext -ArgumentList @(
                'DirectoryServer',$DCName,$Cred.UserName,$Cred.GetNetworkCredential().Password)
            try {
                $Forest = [system.directoryservices.activedirectory.Forest]::GetForest($Context) 
            } catch {
                Write-Log $_.Exception.Message Magenta
                break
            }
        } else {
            Write-log 'Identifying current AD forest, domains, domain controllers...' Green
            try {
                $Forest = [system.directoryservices.activedirectory.Forest]::GetCurrentForest()
            } catch {
                Write-Log $_.Exception.Message Magenta
                break
            }
        } 

        if ($Forest) {
            Write-Log 'Identified AD Forest',$Forest.Name Green,Cyan
            $DomainList = foreach ($Domain in $Forest.Domains) {
                [PSCustomObject]@{
                    ForestName  = $Forest.Name
                    DomainName  = $Domain.Name
                    DomainLevel = ($Domain.DomainMode | Out-String).Replace('Windows','').Replace('Domain','').Trim()
                    PDCEmulator = $Domain.PdcRoleOwner
                    DCList      = $Domain.DomainControllers
                }
            }
            if ($DomainList) {
                Write-Log ' Identified the following',$DomainList.Count,'domains:' Green,Cyan,Green
                Write-Log ($DomainList | FT ForestName,DomainName,DomainLevel,PDCEmulator,
                    @{n='DCCount';e={$_.DCList.Count}} -a | Out-String).Trim() Cyan
            } else {
                Write-Log ' AD Forest',$Forest.Name,'has no domains' Magenta,Yellow,Magenta
            }
        } else {
            Write-Log ' Failed to identify AD Forest' Magenta
            break
        }
        
        
# $DCList = [system.directoryservices.activedirectory.Forest]::GetCurrentForest().domains.domaincontrollers |
# select Forest,Name,CurrentTime,OSVersion,Roles,Domain,IPAddress,SiteName
# Write-Log 'Identified',$DCList.Count,'domain controllers in the',(($DCList.Domain.Name | select -Unique) -join ', '),
# 'domain(s), in the',(($DCList | select -First 1).Forest),'forest' Green,Cyan,Green,Cyan,Green,Cyan,Green
    }

    End { $DomainList }
} 

function Get-SBADComputer {
<#
.SYNOPSIS
 Function to get one or all computer objects' information from Active Directory
                       
.DESCRIPTION
 Function to get one or all computer objects' information from Active Directory using LDAP
 Does not need ActiveDirectory PowerShell module
 Must be run from a domain joined computer
                        
.PARAMETER ComputerName
 This is an optional parameter that takes a computer name
 This parameter accepts wild cards such as *
 
.PARAMETER DomainController
 This is an optional parameter to contain the FQDN of the Domain Controller to query, as DC1.myDomain.com
 If omitted, the function will query the currently logged on domain controller
                        
.PARAMETER OtherAttributeList
 This is an optional parameter that instructs this function to fetch one or more computer attributes
 in addition to the ones already provided.
                        
.PARAMETER MaxCount
 This is an optional number. When provided the output is limited to that many computers.
                        
.PARAMETER Quiet
 This is an optional parameter that takes either True or False values and defaults to False
 When set to True, it supresses console progress messages, speeding up prcessing
 
.EXAMPLE
 Get-SBADComputer
 Returns enabled computer information in the current AD domain
                        
.EXAMPLE
 Get-SBADComputer -ComputerName abc* -MaxCount 5 -OtherAttributeList objectsid,objectguid,memberof,dnshostnamelastlogontimestamp,accountexpires
 Returns the first 5 enabled computers in the current AD domain that start with abc
 showing the listed additional properties
                        
.OUTPUTS
 Returns a PowerShell object containing the following properties:
    ComputerName
    OSName ==> For example: Windows Server 2012 R2 Standard
    DN ==> Distinguished name, for example: CN=Server10V,OU=Domain Computer,DC=mydomain,DC=com
    AD_OU ==> Active Directory Organization Unit where the computer object is located
    LastLogon ==> Date of last time the computer object logged on to AD
    ADCreated ==> Date the computer object was created in AD
    SPN ==> The computer's Service Principal Name if any
    DomainController ==> The DC queried by this function to obtain the computer information
 Additional properties will be returnd if specified in the OtherAttributeList parameter
 Returns nothing if the computer name is not found or a matching computer object is found but disabled
                       
.LINK
 https://superwidgets.wordpress.com/category/powershell/
                       
.NOTES
 Function by Sam Boutros
 v0.1 - 10 September 2018
 v0.2 - 11 april 2020 - Added parameters: ComputerName, MaxCount, OtherAttributeList, DomainController, Quiet
#>

    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][String]$ComputerName,
        [Parameter(Mandatory=$false)][Int]$MaxCount,
        [Parameter(Mandatory=$false)][String[]]$OtherAttributeList,
        [Parameter(Mandatory=$false)][String]$DomainController = "$($env:LOGONSERVER.Replace('\\','')).$($env:USERDNSDOMAIN)",
        [Parameter(Mandatory=$false)][Switch]$Quiet = $false
    )
                      
    Begin {
        if (! (Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
            Write-Log 'This function','Get-SBADComputer','must be run from a domain joined computer' Magenta, Yellow, Magenta
            break
        }
    }
                      
    Process{
        if (-not $Quiet) {
            Write-Log 'Input received:' Green
            if ($ComputerName) { Write-Log ' ComputerName:',$ComputerName Green,Cyan }
            if ($OtherAttributeList) { 
                $OtherAttributeList = $OtherAttributeList.ToLower()
                Write-Log ' OtherAttributeList:',($OtherAttributeList -join ', ') Green,Cyan 
            }
            Write-Log ' DomainController:',$DomainController Green,Cyan
        }

        $adsi = [adsisearcher][adsi]"LDAP://$DomainController" 
        if ($ComputerName) {
            if (-not $Quiet) { Write-Log 'Processing ComputerName',$ComputerName,'from DC',$DomainController Green,Cyan,Green,Cyan }
            $adsi.filter = "(&(objectClass=Computer)(name=$ComputerName)(!userAccountControl:1.2.840.113556.1.4.803:=2))" 
        } else {
            if (-not $Quiet) { Write-Log 'Processing Computer objects from DC', $DomainController Green,Cyan }
            $adsi.filter = "(&(objectClass=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=2))" # To return only enabled computer objects
        }
        $adsi.PageSize = 1000000 
        $ComputerList = if ($MaxCount) { $adsi.FindAll() | select -First $MaxCount } else { $adsi.FindAll() } 
        $ComputerList | foreach {
            $obj = $_.Properties
            $myOutput = [PSCustomObject][ordered]@{
                ComputerName     = [string]$obj.name
                OSName           = [string]$obj.operatingsystem
                DN               = [string]$obj.distinguishedname
                AD_OU            = [string](($obj.distinguishedname) -replace '^CN=[\w\d-_]+,\w\w=','' -replace ',OU=','/' -replace ',DC=.*')
                LastLogon        = $(
                    try {
                        $Temp1 = [DateTime]::FromFileTime($($obj.lastlogon) -as [int64])
                        if ($Temp1 -le [DateTime]'1/1/1900') { 'Never' } else { $Temp1 }
                    } catch {'Never'}
                        
                )                 
                ADCreated        = ($obj.whencreated).ToShortDateString()
                SPN              = [string]$obj.serviceprincipalname
                DomainController = $DomainController
            }

            if ($OtherAttributeList) { 
                foreach ($PCAttribute in $OtherAttributeList) { 
                    $myOutput | Add-Member -MemberType NoteProperty -Name $PCAttribute -EA 0 -Value $(
                        if ($obj.$PCAttribute -and $PCAttribute -eq 'lastlogontimestamp') { 
                            try {
                                $Temp1 = [datetime]::FromFileTime($($obj.lastlogontimestamp) -as [int64])
                                if ($Temp1 -le [DateTime]'1/1/1900') { 'Never' } else { $Temp1 }
                            } catch {'Never'}
                        } elseif ($obj.$PCAttribute -and $PCAttribute -eq 'accountexpires') { 
                            try {
                                $Temp1 = [datetime]::FromFileTime($($obj.accountexpires) -as [int64])
                                if ($Temp1 -le [DateTime]'1/1/1900') { 'Never' } else { $Temp1 }
                            } catch {'Never'}
                        } elseif ($obj.$PCAttribute -and $PCAttribute -match 'sid') { 
                            # Translate sid from Binary Array to String
                            (New-Object System.Security.Principal.SecurityIdentifier($($obj.$PCAttribute),0)).Value
                        } elseif ($obj.$PCAttribute -and $PCAttribute -match 'guid') { 
                            # Translate guid from Octet Array to String
                            $i = 0
                            $($obj.$PCAttribute) | ForEach {
                                $i ++
                                if ($i -in (5,7,9,11)) { $guidAsString += '-' }
                                $guidAsString += $_.ToString('x2').ToUpper()
                            }
                            $guidAsString
                        } else {
                            $($obj.$PCAttribute)
                        }
                    )
                }
            }
            $myOutput
        }
    }
                      
    End { }
}

function Get-SBADUser {
<#
.SYNOPSIS
 Function to get user objects information from Active Directory
                       
.DESCRIPTION
 Function to get user objects information from Active Directory using LDAP
 Does not need ActiveDirectory PowerShell module
 Must be run from a domain joined computer
 Used samaccounttype reference:
    SAM_DOMAIN_OBJECT 0x0
    SAM_GROUP_OBJECT 0x10000000
    SAM_NON_SECURITY_GROUP_OBJECT 0x10000001
    SAM_ALIAS_OBJECT 0x20000000
    SAM_NON_SECURITY_ALIAS_OBJECT 0x20000001
    SAM_USER_OBJECT 0x30000000
    SAM_NORMAL_USER_ACCOUNT 0x30000000
    SAM_MACHINE_ACCOUNT 0x30000001
    SAM_TRUST_ACCOUNT 0x30000002
    SAM_APP_BASIC_GROUP 0x40000000
    SAM_APP_QUERY_GROUP 0x40000001
    SAM_ACCOUNT_TYPE_MAX 0x7fffffff
 Used UserAccountControl reference:
    0x00000002 ADS_UF_ACCOUNTDISABLE The user account is disabled.
    0x00000010 ADS_UF_LOCKOUT The account is currently locked out.
    0x00000200 ADS_UF_NORMAL_ACCOUNT This is a default account type that represents a typical user.
    0x00000800 ADS_UF_INTERDOMAIN_TRUST_ACCOUNT This is a permit to trust account for a system domain that trusts other domains.
    0x00001000 ADS_UF_WORKSTATION_TRUST_ACCOUNT This is a computer account for a computer that is a member of this domain.
    0x00002000 ADS_UF_SERVER_TRUST_ACCOUNT This is a computer account for a system backup domain controller that is a member of this domain.
    0x00010000 ADS_UF_DONT_EXPIRE_PASSWD The password for this account will never expire.
    0x00020000 ADS_UF_MNS_LOGON_ACCOUNT This is an MNS logon account.
    0x00040000 ADS_UF_SMARTCARD_REQUIRED The user must log on using a smart card.
    0x00080000 ADS_UF_TRUSTED_FOR_DELEGATION The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
    0x00100000 ADS_UF_NOT_DELEGATED The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
    0x00200000 ADS_UF_USE_DES_KEY_ONLY Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
    0x00400000 ADS_UF_DONT_REQUIRE_PREAUTH This account does not require Kerberos pre-authentication for logon.
    0x00800000 ADS_UF_PASSWORD_EXPIRED The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
    0x01000000 ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
 
.PARAMETER samaccountname
 This is an optional parameter that takes the user's login name AKA samaccountname
 If omitted, the function will return all user accounts (excluding computer accounts)
 This parameter accepts wild cards such as *
 
.PARAMETER firstname
 This is an optional parameter that takes the user's first name
 
.PARAMETER lastname
 This is an optional parameter that takes the user's last name
 
.PARAMETER DomainController
 This is an optional parameter to contain the FQDN of the Domain Controller to query, as DC1.myDomain.com
 If omitted, the function will query the currently logged on domain controller
                        
.PARAMETER OtherAttributeList
 This is an optional parameter that instructs this function to fetch one or more user attributes
 in addition to the ones already provided.
                        
.PARAMETER Quiet
 This is an optional parameter that takes either True or False values and defaults to False
 When set to True, it supresses console progress messages, speeding up prcessing
                        
.EXAMPLE
 Get-SBADUser
 Returns all users' information in the current AD domain
 
.Example
 Get-SBADUser *Sam*
 This will return all users that have 'sam' as part of the login name
 
.Example
 Get-SBADUser *test*
 This will return all users that have 'test' as part of the login name
 
.Example
 $UserList = Get-SBADUser
 $UserList | where useraccountcontrol -Match 'Normal' # list of normal working accounts
 $UserList | where useraccountcontrol -Match 'Disabled' # list of disabled accounts
 $UserList | where useraccountcontrol -Match 'PasswordNeverExpires' # list of account with passswords that never expire
 $UserList | where useraccountcontrol -Match 'Locked-Out' # list of locked out accounts
 $UserList | where useraccountcontrol -Match 'PasswordExpired' # list of accounts with expired passwords
 $UserList | where DN -Match 'OU=Partners,OU=Users,OU=Two,DC=One,DC=Domain,DC=com' | FT -a # list of accounts in the 'OU=Partners,OU=Users,OU=Two,DC=One,DC=Domain,DC=com' OU
 
.Example
 $UserName = 'samb' # Logon Name / SamName
 $DCList = Get-DCList # This may take a few minutes in large domains with many DCs across slow wan links
 $myUserLogins = foreach ($DC in ($DCList)) { Get-SBADUser -samaccountname $UserName -DomainController $DC.Name }
 $myUserLogins | where LastLogon -ne 'Never' | sort LastLogon |
    FT UserName,DomainController,
        @{n='DomainControllerIP';e={($DCList|where Name -eq $_.DomainController).IPAddress}},LastLogon -auto
 This example queries all domain controllers for a given user's information including lastlogon
 This is helpful to show where a given user has logged on last.
 This can be used along with event log analysis to audit user logons.
 
 .Example
  Get-SBADUser -FirstName sam -LastName boutros -OtherAttributeList objectguid,objectsid
 
.OUTPUTS
 Returns a PowerShell object for each returned user containing the following properties/example:
    UserName : Small, Robert
    samaccountname : Robert.Small
    DateCreated : 2/4/2016 1:04:05 PM
    useraccountcontrol : {Disabled, Normal}
    lastlogon : 10/10/2018 1:56:14 PM
    DateExpires : AccountNeverExpires
    DN : CN=Small\, Robert,OU=MyOU,DC=Mysubdomain,DC=mydomain,DC=com
  Additional properties will be returnd if specified in the OtherAttributeList parameter
  Notice the use of the '\' in the DN (Distinguished Name) as an escape character for the ',' part of the CN (Common Name)
  Note: DateExpires property speaks to the account expiration not the password expiration
  Conditions that may appear under useraccountcontrol include one or more of:
   Normal
   Disabled
   Locked-Out
   PasswordNeverExpires
   PasswordExpired
             
.LINK
 https://superwidgets.wordpress.com/category/powershell/
                       
.NOTES
 Function by Sam Boutros
 v0.1 - 9 October 2018
 v0.2 - 17 May 2019 - improved reporting lastlogon to show 'never' if older then 1/1/1900
        (zero value is 1/1/1601 12:00 AM UTC, in EST = GMT-5 - that would show as 12/31/1600 7:00 PM)
 v0.3 - 12 September 2019 - Added FirstName, LastName, and DisplayName properties
        Added parameters to allow finding a user by First or Last Name
        Added parameter to show custom/other user attributes
 v0.4 - 6 March 2020 - Added Byte Array to String transalation for sid properties
        Added Octet Array to String transalation for guid properties
        Added logic to filter by BOTH first and last names when both are provided
        Known issues:
        - GUID property translation from Octet Array to String may be inaccurate
        - SID property translation from Byte Array to String may fail
 v0.5 - 20 March 2020 - Minor updates to
        Avoid error message if attribute is provided to OtherAttribute parameter that's already in the user object
        Display Lastlogontimestamp attribute in DateTime format if requested
        Add -Quiet parameter to speed up processing by not displaying progress messages to the console
         
#>

    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][String]$samaccountname,
        [Parameter(Mandatory=$false)][String]$FirstName,
        [Parameter(Mandatory=$false)][String]$LastName,
        [Parameter(Mandatory=$false)][String[]]$OtherAttributeList,
        [Parameter(Mandatory=$false)][String]$DomainController = "$($env:LOGONSERVER.Replace('\\','')).$($env:USERDNSDOMAIN)",
        [Parameter(Mandatory=$false)][Switch]$Quiet = $false
    )
                      
    Begin {
        if (-not (Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
            Write-Log 'This function','Get-SBADUser','must be invoked from a domain-joined computer' Magenta, Yellow, Magenta
            break
        }
    }
                      
    Process {
        if (-not $Quiet) {
            Write-Log 'Input received:' Green
            if ($samaccountname) { Write-Log ' samaccountname:',$samaccountname Green,Cyan }
            if ($FirstName)      { Write-Log ' FirstName:',$FirstName Green,Cyan }
            if ($LastName)       { Write-Log ' LastName:',$LastName Green,Cyan }
            if ($OtherAttributeList) { 
                $OtherAttributeList = $OtherAttributeList.ToLower()
                Write-Log ' OtherAttributeList:',($OtherAttributeList -join ', ') Green,Cyan 
            }
            Write-Log ' DomainController:',$DomainController Green,Cyan
        }
        $adsi = [adsisearcher][adsi]"LDAP://$DomainController" 
        if ($samaccountname) {
            if (-not $Quiet) { Write-Log 'Processing user - samaccountname',$samaccountname,'from DC',$DomainController Green,Cyan,Green,Cyan }
            $adsi.filter = "(samaccountname=$samaccountname)" 
        } elseif ($FirstName -and $LastName) {
            if (-not $Quiet) { Write-Log 'Processing user - FirstName',$FirstName,'- LastName',$LastName,'from DC',$DomainController Green,Cyan,Green,Cyan,Green,Cyan }
            $adsi.filter = "(&(givenname=$FirstName)(sn=$LastName))" 
        } elseif ($FirstName) {
            if (-not $Quiet) { Write-Log 'Processing user - FirstName',$FirstName,'from DC',$DomainController Green,Cyan,Green,Cyan }
            $adsi.filter = "(givenname=$FirstName)" 
        } elseif ($LastName) {
            if (-not $Quiet) { Write-Log 'Processing user - LastName',$LastName,'from DC',$DomainController Green,Cyan,Green,Cyan }
            $adsi.filter = "(sn=$LastName)" 
        } else {
            if (-not $Quiet) { Write-Log 'Processing user objects from DC', $DomainController Green,Cyan }
            $adsi.filter = "(&(objectClass=person)(samaccounttype=805306368))" # Filtering on person class objects, and type user account (not computer account)
        }
        $adsi.PageSize = 1000000 
        try {
            $adsi.FindAll() | foreach {
                $obj = $_.Properties                # Property names are CASE SENSITIVE - all lowercase
                $myOutput = [PSCustomObject][ordered]@{
                    FirstName          = $($obj.givenname)
                    LastName           = $($obj.sn)
                    DisplayName        = $($obj.displayname)
                    UserName           = $($obj.name)
                    samaccountname     = $($obj.samaccountname)
                    DateCreated        = $($obj.whencreated)
                    useraccountcontrol = $(
                        $UAC = '{0:x}' -f $($obj.useraccountcontrol)
                        $mySubOutput = @()
                        if ($UAC[-1] -eq '2') { $mySubOutput += 'Disabled' }
                        if ($UAC[-2] -eq '1') { $mySubOutput += 'Locked-Out' }
                        if ($UAC[-3] -eq '2') { $mySubOutput += 'Normal' }
    # if ($UAC[-3] -eq '8') { $mySubOutput += 'INTERDOMAIN_TRUST_ACCOUNT' }
    # if ($UAC[-4] -eq '1') { $mySubOutput += 'ComputerAccount' }
    # if ($UAC[-4] -eq '2') { $mySubOutput += 'DomainControllerAccount' }
                        if ($UAC[-5] -eq '1') { $mySubOutput += 'PasswordNeverExpires' }
                        if ($UAC[-6] -eq '8') { $mySubOutput += 'PasswordExpired' }
                        $mySubOutput
                    )
# lastlogontimestamp = [datetime]::FromFileTime($($obj.lastlogontimestamp) -as [int64]) # Replicates after 14 days by default
                    DomainController   = $DomainController
                    Lastlogon          = $(
                        try {
                            $Temp1 = [datetime]::FromFileTime($($obj.lastlogon) -as [int64])
                            if ($Temp1 -le [DateTime]'1/1/1900') { 'Never' } else { $Temp1 }
                        } catch {'Never'}
                        
                    ) 
                    DateExpires        = $(try {[datetime]::FromFileTime($($obj.accountexpires) -as [int64])} catch {'Never'})
                    DN                 = $($obj.distinguishedname)
                    Description        = $($obj.description)
                    UserWorkstations   = $($obj.userworkstations)
                    PasswordLastSet    = $(try {[datetime]::FromFileTime($($obj.pwdlastset) -as [int64])} catch {'Never'})
                    MemberOf           = $($obj.memberof) -join ' - '
                }
                if ($OtherAttributeList) { 
                    foreach ($UserAttribute in $OtherAttributeList) { 
                        $myOutput | Add-Member -MemberType NoteProperty -Name $UserAttribute -EA 0 -Value $(
                            if ($obj.$UserAttribute -and $UserAttribute -eq 'lastlogontimestamp') { 
                                try {
                                    $Temp1 = [datetime]::FromFileTime($($obj.lastlogontimestamp) -as [int64])
                                    if ($Temp1 -le [DateTime]'1/1/1900') { 'Never' } else { $Temp1 }
                                } catch {'Never'}
                            } elseif ($obj.$UserAttribute -and $UserAttribute -match 'sid') { 
                                # Translate sid from Binary Array to String
                                (New-Object System.Security.Principal.SecurityIdentifier($($obj.$UserAttribute),0)).Value
                            } elseif ($obj.$UserAttribute -and $UserAttribute -match 'guid') { 
                                # Translate guid from Octet Array to String
                                $i = 0
                                $($obj.$UserAttribute) | ForEach {
                                    $i ++
                                    if ($i -in (5,7,9,11)) { $guidAsString += '-' }
                                    $guidAsString += $_.ToString('x2').ToUpper()
                                }
                                $guidAsString
                            } else {
                                $($obj.$UserAttribute)
                            }
                        )
                    }
                }
                $myOutput
            }
        } catch { Write-Log $_.Exception.Message Magenta }
    }
                      
    End { }
}

function Get-SBADGroup {
<#
.SYNOPSIS
 Function to get details of an AD group
                       
.DESCRIPTION
 Function to get details of an AD group from Active Directory using LDAP
 Does not need ActiveDirectory PowerShell module
 Must be run from a domain-joined computer
                        
.EXAMPLE
 Get-SBADGroup -GroupName 'DomainAdmins'
 Returns details and members of the 'DomainAdmins' AD group in the current AD domain
                        
.OUTPUTS
 Returns a PowerShell object containing the following properties/example:
    GroupName : My-Azure-Admin
    DN : CN=My-Azure-Admin,OU=Groups,OU=xxx,OU=xxx,DC=xxx,DC=MyCorp,DC=com
    AD_OU : Groups/xxx/xxx
    ADCreated : 12/7/2018
    ADChanged : 3/6/2019
    MemberDNs : {CN=My-nvxxx,OU=xxx,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=MyCorp,DC=com, CN=My-bgxxx,OU=xxx,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=MyCorp,DC=com,
                  CN=My-sbxxx,OU=xxx,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=MyCorp,DC=com, CN=My-pkxxxx,OU=xxx,OU=Users,OU=xxx,OU=xxx,DC=xxx,DC=MyCorp,DC=com...}
    MemberNames : {My-nvxxx, My-bgxxx, My-sbxxx, My-pkxxx...}
 Returns nothing if the group name is not found
                       
.LINK
 https://superwidgets.wordpress.com/category/powershell/
                       
.NOTES
 Function by Sam Boutros
 v0.1 - 14 March 2019
#>

    [CmdletBinding(ConfirmImpact='Low')] 
    Param( [Parameter(Mandatory=$false)][String[]]$GroupName )
                      
    Begin { }
                      
    Process{
        if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
            $adsi = [adsisearcher]"objectcategory=group"
            if ($GroupName) {
                $GroupList = foreach ($Group in $GroupName) {
                    $adsi.filter = "(&(objectCategory=group)(cn=$Group))"
                    ($adsi.FindAll()).Properties
                }                
            } else {
                $adsi.PageSize = 1000000 
                $adsi.filter   = '(objectCategory=group)'
                $GroupList     = ($adsi.FindAll()).Properties
            }

            foreach ($ADGroup in $GroupList) {
                Write-Log 'Processing group',$ADGroup.distinguishedname Green,Cyan
                [PSCustomObject][ordered]@{
                    GroupName   = [string]$ADGroup.name
                    DN          = [string]$ADGroup.distinguishedname
                    AD_OU       = [string](($ADGroup.distinguishedname) -replace '^CN=[\w\d-_]+,\w\w=','' -replace ',OU=','/' -replace ',DC=.*')
                    ADCreated   = ($ADGroup.whencreated).ToShortDateString()
                    ADChanged   = ($ADGroup.whenchanged).ToShortDateString()
                    MemberDNs   = $ADGroup.member
                    MemberNames = $( if ($ADGroup.member) { $ADGroup.member | foreach { $_.Split(',')[0].Split('=')[1] } } )
                }
            }
                       
        } else {
            Write-Log 'This function','Get-SBADGroup','must be invoked from a domain-joined computer' Magenta, Yellow, Magenta
        }
    }
                      
    End { }
}

function Get-SBADGroupMembers {
<#
.SYNOPSIS
 Function to get members of AD group including sub-groups
                       
.DESCRIPTION
 Function to get members of AD group including sub-groups using LDAP
 Does not need ActiveDirectory PowerShell module
 Must be run from a domain-joined computer
 
.PARAMETER GroupName
 Name of the AD group - required
               
.PARAMETER Parent
 Name of the parent AD group - optional - used to enable the recursive use to search sub-groups
               
.PARAMETER Recurse
 Switch that is set to True by default. It causes this function to search sub-groups
               
.EXAMPLE
 Get-SBADGroupMembers testgroup1
                        
.OUTPUTS
 Returns a PowerShell object containing the following properties/example:
    UserName DN OU MemberOf
    -------- -- -- --------
    testuser1 CN=testuser1,DC=abcd,DC=local abcd testgroup1
    testuser2 CN=testuser2,DC=abcd,DC=local abcd testgroup2.testgroup1
 Returns nothing if the group name is not found
                       
.LINK
 https://superwidgets.wordpress.com/category/powershell/
                       
.NOTES
 Function by Sam Boutros
    v0.1 - 15 June 2019
    v0.2 - 25 September 2019 - Fixed bug with Group members, added 'mail' property to to group members
#>

    [CmdletBinding(ConfirmImpact='Low')] 
    Param( 
        [Parameter(Mandatory=$true)][String]$GroupName,
        [Parameter(Mandatory=$false)][String]$Parent,
        [Parameter(Mandatory=$false)][Switch]$Recurse = $true 
    )
                      
    Begin { }
                      
    Process{
        $myOutput = if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
            $adsi = [adsisearcher]"objectcategory=group"
            $adsi.filter = "(&(objectCategory=group)(cn=$GroupName))"
            if ($ADGroup = ($adsi.FindAll()).Properties) {

                if ($Parent) {
                    Write-Log 'Processing child group',$ADGroup.distinguishedname,"(Parent: $Parent)" Green,Cyan,DarkYellow
                } else {
                    Write-Log 'Processing group ',$ADGroup.distinguishedname Green,Cyan
                }
                $GroupObj = [PSCustomObject][ordered]@{
                    GroupName   = [string]$ADGroup.name
                    MemberNames = $( if ($ADGroup.member) { $ADGroup.member | foreach { $_.Split(',')[0].Split('=')[1] } } )
                }    
                    
                foreach ($Member in $GroupObj.MemberNames) {
                    $adsi = [adsisearcher]''
                    $adsi.filter = "cn=$Member"
                    $MemberObj = ($adsi.FindAll()).Properties 
                    if ($MemberObj.objectclass -match 'group') { 
                         if ($Recurse) { Get-SBADGroupMembers $MemberObj.name -Parent $GroupObj.GroupName }
                    } else { 
                        [PSCustomObject][ordered]@{
                            UserName    = [string]$MemberObj.name
                            Mail        = [string]$MemberObj.mail
                            DN          = [string]$MemberObj.distinguishedname
                            OU          = [string](($MemberObj.distinguishedname) -replace '^CN=[\w\d-_]+,\w\w=','' -replace ',OU=','/' -replace ',DC=.*')
                            MemberOf    = $( 
                                if ($Parent) { "$($GroupObj.GroupName).$Parent" } else { $GroupObj.GroupName } 
                            )
                        } 
                    }
                }   
            
            }  else { 
                Write-Log 'Group',$GroupName,'not found' Green,Yellow,Cyan
            }       
 
        } else {
            Write-Log 'This function','Get-SBADGroupMembers','must be invoked from a domain-joined computer' Magenta, Yellow, Magenta
        }                            

    }
                      
    End { $myOutput }
}

#endregion

#region SQL functions

function Report-SQLServer {
<#
 .SYNOPSIS
  Function to report of databases of one or more SQL servers
 
 .DESCRIPTION
  Function to report of databases of one or more SQL servers
  The report is in plain text format
  The report lists the databases, their tables, columns, and optionally row count
 
 .PARAMETER ComputerName
  One or more computer names
  This is an optional parameter that defaults to the current computer name
 
 .PARAMETER IncludeSystemDatabases
  This is an optional parameter that defaults to False
  When set to True, the report includes system databases
 
 .PARAMETER IncludeRowCount
  This is an optional parameter that defaults to False
  When set to True, the report includes row count of every table found in every database
  This parameter requires either module SQLPS or SqlServer
  SqlServer is available in the PowerShell Gallery: Install-Module SqlServer
 
 .PARAMETER LogFile
  This is an optional parameter that contains the path to the log file where this function will log its output
 
 .EXAMPLE
  Report-SQLServer
  This example reports on all databases on the current server excluding system databases and not showing row counts
 
 .EXAMPLE
  Report-SQLServer -ComputerName SQL1,SQL2
  This example reports on all databases on the 2 provided SQL servers excluding system databases and not showing row counts
 
 .EXAMPLE
  Report-SQLServer -IncludeRowCount
  This example reports on all databases on the current server excluding system databases and showing row counts
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  23 February 2019 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false,ValueFromPipeline=$true)][String[]]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory=$false)][Switch]$IncludeSystemDatabases = $false,
        [Parameter(Mandatory=$false)][Switch]$IncludeRowCount = $false,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Report-SQLServer - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        [void][reflection.assembly]::LoadWithPartialName('Microsoft.SqlServer.Smo')
        if (Get-Module SQLPS,SqlServer -ListAvailable) { 
            $FoundSQL = $true 
        } else {
            if ($IncludeRowCount) {
                Write-Log 'Report-SQLServer: Error:','Missing PS module SQLPS and SqlServer (one of which is needed to get row count)' Magenta,Yellow $LogFile
                Write-Log ' SqlServer module is available in the PowerShell Gallery:','Install-module SqlServer' Yellow,Cyan $LogFile
            }
        }
    }

    Process {
        foreach ($Name in $ComputerName) {
            
            Write-Log 'Reporting on SQL server',$Name Green,Cyan $LogFile
            $Server = New-Object ('Microsoft.SqlServer.Management.Smo.Server') $Name

            if ($IncludeSystemDatabases) {
                $DatabaseList = $Server.databases 
            } else {
                $DatabaseList = $Server.databases | Where { -not $_.IsSystemObject }
            }            

            $DatabaseReport = ".\DBReport-$Name-$(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
            "Database report for server '$env:computername'" | Out-File $DatabaseReport 
            " generated on $(Get-Date)" | Out-File $DatabaseReport -Append
            ' ' | out-file $DatabaseReport -Append
            "Database list ($($DatabaseList.Count)):"  | Out-File $DatabaseReport -Append
            foreach ($DB in $DatabaseList) { " $($DB.Name)" | Out-File $DatabaseReport -Append }
            ' ' | out-file $DatabaseReport -Append
            $DatabaseReport = (Get-Item $DatabaseReport).FullName

            foreach ($DB in $DatabaseList) {
                ' ' | Out-File $DatabaseReport -Append
                "Database: $($DB.Name)" | Out-File $DatabaseReport -Append
                foreach ($Table in $DB.Tables) {
                    if ($IncludeRowCount) {
                        if ($FoundSQL) {
                            $RowCount = (Invoke-Sqlcmd -Query "USE $($DB.Name); SELECT COUNT(*) FROM $($Table.Name)" -EA 1).Column1 
                            $Rows = "($RowCount rows)"
                        } else {
                            $Rows = 'Need SqlServer PS module to get row count'
                        }
                        " Table: $($Table.Name) $Rows" | Out-File $DatabaseReport -Append
                        foreach ($Column in $Table.Columns) {
                            " Column: $($Column.Name)" | Out-File $DatabaseReport -Append        
                        } # foreach $Column
                    } # if $IncludeRowCount
                } # foreach $Table
            } # foreach $DB
        } # foreach $Name
    } # Process

    End {
        Write-Log 'Report saved to', $DatabaseReport Green,Cyan
    }

}

function Enable-SQLPageCompression {
<#
 .SYNOPSIS
  Function to enable database page compression on one or more databases
 
 .DESCRIPTION
  Function to enable database page compression on one or more databases
  Page compression is enabled for all database tables and indices
  https://docs.microsoft.com/en-us/sql/relational-databases/data-compression/page-compression-implementation
  https://docs.microsoft.com/en-us/sql/relational-databases/data-compression/enable-compression-on-a-table-or-index
 
 .PARAMETER DatabaseName
  This is an optional parameter. If absent, compression is turned on for all databases
  This function does not alter system databases
 
 .PARAMETER LogFile
  This is an optional parameter that contains the path to the log file where this function will log its output
 
 .EXAMPLE
  Enable-SQLPageCompression
  This example enables page compression on all non-system databases on the current SQL server
 
 .EXAMPLE
  Enable-SQLPageCompression -DatabaseName badname1,mydb1,badname2
  This example enables page compression on mydb1 skipping badname1 and badname2 (database that don;t exist on this SQL server)
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  2 October 2019 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][String[]]$DatabaseName,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Enable-SQLPageCompression - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        if (Get-Module SQLPS,SqlServer -ListAvailable) { 
            $FoundSQL = $true 
        } else {
            if ($IncludeRowCount) {
                Write-Log 'Report-SQLServer: Error:','Missing PS module SQLPS and SqlServer (one of which is needed to get row count)' Magenta,Yellow $LogFile
                Write-Log ' SqlServer module is available in the PowerShell Gallery:','Install-module SqlServer' Yellow,Cyan $LogFile
            }
        }

        $DatabaseList = (Invoke-Sqlcmd -Query "SELECT * FROM sys.databases" | Where { $_.database_id -gt 4 }).Name 
        if ($DatabaseName) {
            $DatabaseName = foreach ($DBName in $DatabaseName) {
                if ($DBName -in $DatabaseList) { 
                    $DBName
                } else {
                    Write-Log 'Database',$DBName,'not found on this SQL server',$env:computername,'skipping..' Magenta,Yellow,Magenta,Yellow,Magenta $LogFile
                }
            } 
        } else {
            $DatabaseName = $DatabaseList
            Write-Verbose "Database count: $($DatabaseName.Count)"    
            Write-Verbose ($DatabaseName -join ', ')
        }

        if ($DatabaseName) {
            Write-Log 'Enabling page compression on the following database(s):',($DatabaseName -join ', ') Green,Cyan $LogFile
        }
    }

    Process {
        foreach ($Database in $DatabaseName) {
            $Query = Invoke-Sqlcmd -Query "
                USE $Database
 
                --Creates the ALTER TABLE Statements
 
                SET NOCOUNT ON
                SELECT 'ALTER TABLE ' + '[' + s.[name] + ']'+'.' + '[' + o.[name] + ']' + ' REBUILD WITH (DATA_COMPRESSION=PAGE);'
                FROM sys.objects AS o WITH (NOLOCK)
                INNER JOIN sys.indexes AS i WITH (NOLOCK)
                ON o.[object_id] = i.[object_id]
                INNER JOIN sys.schemas AS s WITH (NOLOCK)
                ON o.[schema_id] = s.[schema_id]
                INNER JOIN sys.dm_db_partition_stats AS ps WITH (NOLOCK)
                ON i.[object_id] = ps.[object_id]
                AND ps.[index_id] = i.[index_id]
                WHERE o.[type] = 'U'
                ORDER BY ps.[reserved_page_count]
 
 
                --Creates the ALTER INDEX Statements
 
                SET NOCOUNT ON
                SELECT 'ALTER INDEX '+ '[' + i.[name] + ']' + ' ON ' + '[' + s.[name] + ']' + '.' + '[' + o.[name] + ']' + ' REBUILD WITH (DATA_COMPRESSION=PAGE);'
                FROM sys.objects AS o WITH (NOLOCK)
                INNER JOIN sys.indexes AS i WITH (NOLOCK)
                ON o.[object_id] = i.[object_id]
                INNER JOIN sys.schemas s WITH (NOLOCK)
                ON o.[schema_id] = s.[schema_id]
                INNER JOIN sys.dm_db_partition_stats AS ps WITH (NOLOCK)
                ON i.[object_id] = ps.[object_id]
                AND ps.[index_id] = i.[index_id]
                WHERE o.type = 'U' AND i.[index_id] >0
                ORDER BY ps.[reserved_page_count]
            "

            Write-Log 'Processing database',$Database Green,Cyan $LogFile -NoNewLine
            try {
                Invoke-Sqlcmd -Query "USE $Database; $($Query.Column1 -join ' ')" -EA 1 
                Write-Log 'done' DarkYellow $LogFile
            } catch {
                if ($_.Exception.Message -match 'Execution Timeout Expired') { # Default 30 sec
                    # https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.commandtimeout
                    Write-Log 'Database page compression set, actual compression in progress..' DarkYellow $LogFile
                } else {
                    Write-Log 'failed' Magenta $LogFile
                    Write-Log $_.Exception.Message Yellow $LogFile
                }
            }
        } 
    } 

    End { }

}

function Get-SQLDatabaseFile {
<#
 .SYNOPSIS
  Function to return a SQL database file information
 
 .DESCRIPTION
  Function to return a SQL database file information
 
 .PARAMETER DatabaseName
  One or more database names.
  This is an optional parameter.
  If absent, the function returns information on data files of all databases except system databases.
 
 .PARAMETER IncludeSystemDatabases
  This is an optional switch. If set to TRUE, this function will report on system databases as well.
 
 .PARAMETER IncludeLogFiles
  This is an optional parameter.
  This is an optional switch. If set to TRUE, this function will report on LOG files as well.
 
 .PARAMETER LogFile
  This is an optional parameter that contains the path to the log file where this function will log its output
 
 .EXAMPLE
  Get-SQLDatabaseFile
  This example reports on DATA files of all non-system databases on the current SQL server
 
 .EXAMPLE
  Get-SQLDatabaseFile -DatabaseName dmdire -IncludeLogFiles
  This example returns file information for database 'dmdire' including both DATA and LOG files
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  7 October 2019 - v0.1
 
#>


    [CmdletBinding(ConfirmImpact='Low')] 
    Param(
        [Parameter(Mandatory=$false)][String[]]$DatabaseName,
        [Parameter(Mandatory=$false)][Switch]$IncludeSystemDatabases,
        [Parameter(Mandatory=$false)][Switch]$IncludeLogFiles,
        [Parameter(Mandatory=$false)][String]$LogFile = ".\Get-SQLDatabaseFile - $(Get-Date -Format 'ddMMMMyyyy_hh-mm-ss_tt').txt"
    )

    Begin { 
        if (-not (Get-Module SQLPS,SqlServer -ListAvailable)) { 
            Write-Log 'Get-SQLDatabaseFile: Error:','Missing PS module SQLPS and SqlServer (one of which is needed to get row count)' Magenta,Yellow $LogFile
            Write-Log ' SqlServer module is available in the PowerShell Gallery:','Install-module SqlServer' Yellow,Cyan $LogFile
            break
        }
    }

    Process {
        $Missing = $false
        $myOutput = $DatabaseList = Invoke-Sqlcmd -Query "
            SELECT
                db.name AS DBName,
                db.is_auto_shrink_on AS AutoShrink,
                mf.name AS FileName,
                Physical_Name AS Location,
                db.database_id,
                type,
                size,
                max_size,
                growth,
                is_percent_growth
            FROM
                sys.master_files mf
            INNER JOIN
                sys.databases db ON db.database_id = mf.database_id"
 | select DBName,FileName,Location,AutoShrink
                @{n='Id';e={$_.database_id}},
                @{n='Type';e={if ($_.type -eq 0) {'Data'} else {'Log'}}},
                @{n='SizeMB';e={[Math]::Round($_.size/128,1)}},      # size is reported in 8 KB pages
                @{n='MaxSizeMB';e={
                    if ($_.max_size -gt 0) { 
                        [Math]::Round($_.max_size/128,1)             # size is reported in 8 KB pages
                    } elseif ($_.max_size -eq 0) { 
                        'None' 
                    } else {
                        'Unlimited'
                    }
                }},
                @{n='Growth';e={
                    if ($_.is_percent_growth) {
                        if ($_.growth -gt 0) { "$($_.growth)%" } else { 'None' }
                    } elseif ($_.growth -gt 0) {
                        "$([Math]::Round($_.growth/128,1))MB"        # growth is reported in 8 KB pages
                    } elseif ($_.growth -eq 0) {
                        'None'
                    } else {
                        'Unlimited'
                    }
                }}

        if (-not $IncludeSystemDatabases) {
            $myOutput = $myOutput | where { $_.Id -gt 4 }
        }

        if (-not $IncludeLogFiles) {
            $myOutput = $myOutput | where { $_.Type -eq 'Data' }
        }       
        
        $myOutput = if ($DatabaseName) {
            foreach ($Name in $DatabaseName) { 
                if ($Temp = $myOutput | where {$_.Name -eq $Name}) {
                    $Temp
                } else {
                    $Missing = $true
                    Write-Log 'Database',$Name,'not found on SQL server',$env:COMPUTERNAME Magenta,Yellow,Magenta,Yellow $LogFile
                }                 
             }
        } else {
            $myOutput
        }

        if ($Missing) {
            Write-Log 'Here''s the list of databases on this',$env:COMPUTERNAME,'SQL server' Green,Cyan,Green $LogFile
            $DatabaseList.Name | select -Unique | sort| foreach { Write-Log " $_" DarkYellow $LogFile }
        }

    } 

    End { $myOutput }

}

#endregion

#region IIS functions

function Get-WebSiteList {
<#
 .SYNOPSIS
  Function to provide Web site list from IIS servers on one or many Hyper-V hosts
 
 .DESCRIPTION
  Function to provide Web site list from IIS servers on one or many Hyper-V hosts
  This is usefull to get a web site list from all IIS servers in a Hyper-V farm
  This function uses PowerShell remoting which requires that Hyper-V hosts run Server 2016 or above,
  and IIS VMs run Server 2016 or above, or Windows 10
   
 .PARAMETER HvHostName
  Required parameter that provides one or many Hyper-V computer names
   
 .PARAMETER Cred
  Required parameter that can be obtained via Get-Credential or Get-SBCredential - see Example
   
 .PARAMETER IISVMNameStringMatch
  Optional parameter that defaults to 'IIS'. This function uses this string to identify which VMs are IIS VMs
   
 .PARAMETER IncludeNotStarted
  Optional parameter. When set to $True, the output will include web sites that are not 'Started'
   
 .PARAMETER IncludeDefault
  Optional parameter. When set to $True, the output will include 'Default web site'
 
 .EXAMPLE
  $myWebSiteList = Get-WebSiteList -HvHostName @('HV123','HV124','HV125') -Cred (Get-SBCredential 'domain\admin')
  This returns web site information such as:
    Name VMName HvHostName Bindings
    ---- ------ ---------- --------
    website11111.com vm123-IIS4 HV12345 {https *:443:website11111.com sslFlags=None, https *:443:www.website11111.com sslFlags=None}
    website11111.com-redirect vm123-IIS4 HV12345 {http *:80:website11111.com, http *:80:www.website11111.com}
    book.website22222.com vm124-IIS4 HV12346 {http *:80:book.website22222.com}
    reps-webs1.com vm124-IIS4 HV12346 {http *:80:reps-webs1.com, http *:80:www.reps-webs1.com}
 
 .OUTPUTS
  This cmdlet returns PSCustom Objects, one for each Domain containing the following properties/example:
    Name : wesiteaaa.com
    SSL : False
    VMName : vm222-IIS4
    HvHostName : HV345
    Bindings : {https *:443:wesiteaaa.com sslFlags=None, https *:443:www.wesiteaaa.com sslFlags=None}
 
 .LINK
  https://superwidgets.wordpress.com/category/powershell/
 
 .NOTES
  Function by Sam Boutros
  v0.1 - 23 March 2020
  v0.2 - 23 March 2020 - Added SSL True/False property in the output.
#>


    [CmdletBinding(ConfirmImpact='Low')]
    Param(
        [Parameter(Mandatory=$true)][String[]]$HvHostName,
        [Parameter(Mandatory=$true)][PSCredential]$Cred,
        [Parameter(Mandatory=$false)][String]$IISVMNameStringMatch = 'IIS',
        [Parameter(Mandatory=$false)][Switch]$IncludeNotStarted,  
        [Parameter(Mandatory=$false)][Switch]$IncludeDefault  
    )

    Begin { }

    Process {
        $WebSiteList = foreach ($ComputerName in $HvHostName) {
            try {
                $VMList = Get-VM -ComputerName $ComputerName -EA 1 
                Write-Log 'Identified',$VMList.Count,'VMs on Hyper-V host',$ComputerName Green,Cyan,Green,Cyan 
                $IISList = $VMList | where { $_.State -eq 'Running' -and $_.Name -match $IISVMNameStringMatch }
                Write-Log ' of which, there''s',$IISList.Count,'running IIS VM(s)' Green,Cyan,Green
                Write-Log ($IISList|Out-String).Trim() Cyan
                foreach ($VMId in $IISList.VMId) {
                    Invoke-Command -ComputerName $ComputerName -ScriptBlock {
                        try {
                            Invoke-Command -VMId $Using:VMId -Credential $Using:Cred -EA 1 -ScriptBlock { 
                                Get-IISSite | select Bindings,Name,State,@{n='VMName';e={$env:COMPUTERNAME}},
                                    @{n='SSL';e={$SSL=$False; $_.Bindings.CertificateHash|foreach{if($_){$SSL=$true}}; $SSL}}
                           } 
                        } catch {
                            Write-Log $_.Exception.Message Yellow
                            if ($_.Exception.Message -match 'An error has occurred which Windows PowerShell cannot handle.') {
                                Write-Log ' VM may not be running Server 2016 or Windows 10 OS, and PowerShell Direct won''t work..' DarkYellow
                            }
                        }
                    }
                }
            } catch {
                Write-Log $_.Exception.Message Magenta
            }
        }
    }

    End { 
        if ($IncludeNotStarted) {
            $WebSiteList = $WebSiteList | select Name,SSL,VMName,@{n='HvHostName';e={$_.PSComputerName}},Bindings
        } else {
            $WebSiteList = $WebSiteList | where State -match 'Started' | 
                select Name,SSL,VMName,@{n='HvHostName';e={$_.PSComputerName}},Bindings
        }

        if ($IncludeDefault) {
            $WebSiteList 
        } else {
            $WebSiteList | where Name -NotMatch 'Default Web Site' 
        }
    }
} 

#endregion

Export-ModuleMember -Function * -Variable *