PowerShell Script Relating to Azure

admin • 2022-12-08 01:29 • 好物分享

This post is to collect some userful powershell commands I met during my daily IT work.

Test remote port if open - Test-NetConnection

PS C:/Users/test1> Test-NetConnection  ComputerName : internetbeacon.msedge.net
RemoteAddress : 13.107.4.52
InterfaceAlias : Ethernet0
SourceAddress : 192.168.2.141
PingSucceeded : True
PingReplyDetails (RTT) : 14 ms


PS C:/Users/test1>

Test remote Azure File Share port 445 if opened:

PS C:/Users/test1> Test-NetConnection -ComputerName fileshare2cool.file.core.windows.net -Port 445
WARNING: TCP connect to (52.239.170.104 : 445) failed
WARNING: Ping to 52.239.170.104 failed with status: TimedOut


ComputerName : fileshare2cool.file.core.windows.net
RemoteAddress : 52.239.170.104
RemotePort : 445
InterfaceAlias : Ethernet0
SourceAddress : 192.168.2.141
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False

To check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet. To use the Test-NetConnection cmdlet, the Azure PowerShell module must be installed, see Install Azure PowerShell module for more information. Remember to replace <your-storage-account-name> and <your-resource-group-name> with the relevant names for your storage account.

$resourceGroupName = "<your-resource-group-name>"
$storageAccountName = "<your-storage-account-name>"

# This command requires you to be logged into your Azure account, run Login-AzAccount if you haven't
# already logged in.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName

# The ComputerName, or host, is <storage-account>.file.core.windows.net for Azure Public Regions.
# $storageAccount.Context.FileEndpoint is used because non-Public Azure regions, such as sovereign clouds
# or Azure Stack deployments, will have different hosts for Azure file shares (and other storage resources).
Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445

Get DNS Name Resolution Policy Table (NRPT) Details

Usually after P2S connection, you might want to check DNS Policy Table

PS C:/Users/jon> Get-DnsClientNrptPolicy

Namespace : .file.core.windows.net
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers :
DirectAccessEnabled :
DirectAccessProxyType : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers : {10.3.0.19, 10.5.99.19}
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping
Namespace : .corp.51sec.com
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers :
DirectAccessEnabled :
DirectAccessProxyType : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers : {10.3.0.19, 10.5.99.19}
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping
Namespace : https://azuregateway-db380066-8803-43f0-ba5a-1111-22222222fad333.vpn.azure.com
QueryPolicy :
SecureNameQueryFallback :
DirectAccessIPsecCARestriction :
DirectAccessProxyName :
DirectAccessDnsServers :
DirectAccessEnabled :
DirectAccessProxyType : NoProxy
DirectAccessQueryIPsecEncryption :
DirectAccessQueryIPsecRequired : False
NameServers :
DnsSecIPsecCARestriction :
DnsSecQueryIPsecEncryption :
DnsSecQueryIPsecRequired : False
DnsSecValidationRequired : False
NameEncoding : Utf8WithoutMapping