showing posts tagged with 'powershell'
by lunarg on September 12th 2017, at 10:31

One of the most common Exchange admin tasks is setting mailbox delegations. Personally, I usually do this through EAC but once you're familiar with the Powershell counterparts, it can be quicker to use that instead. I've created this post as a reference to do just that.

In the reference below, the user "Ellen Somebody" requires access to the mailbox of "John Doe".

Send on Behalf

Set-Mailbox john.doe -GrantSendOnBehalfTo ellen.somebody

Send As

Add-ADPermission john.doe -ExtendedRights Send-As -user ellen.somebody

Full Access

Add-MailboxPermission -Identity john.doe -User ellen.somebody -AccessRights FullAccess -InheritanceType All
by lunarg on April 6th 2017, at 10:35
Differentiating users that are synchronized from an on-premise AD and users created in Office 365 is easy when logged in through the Office 365 Portal. When using Powershell, it's another matter. While there's a parameter for Get-MsolUser to show only synchronized users, the ability to filter on only cloud users is missing. However, as cloud-only users do not have the ImmutableID set, you can build your own filter.

This one's obvious:

Get-MsolUser -All -Synchronized

You can filter on ImmutableID as it's not set for cloud-only users:

Get-MsolUser -All | ? ImmutableID -eq $null

If you want to filter out external users (i.e. if you shared something in Sharepoint Online with users that aren  ...
by lunarg on January 31st 2017, at 15:55
When using credentials in Powershell, you usually use Get-Credential, which essentially creates PSCredential objects. Creating such an object prompts the user to enter a username and password, which is not really usable in unattended scripts. There's a method where you can specify an unencrypted password but this is not secure. Fortunately, there's also a method where you can store the encrypted password in a file and use it to set the password.

To create a password file, run this from a Powershell window:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File path-to-file

You will not get a real prompt: simply type the password will show * in the console. Type the password twice  ...
by lunarg on January 23rd 2017, at 10:17

If you have the Exchange Management Tools installed, you can easily import the Exchange module into a standard Powershell by running the Add-PSSnapin cmdlet.

Depending on the Exchange version, the module to add is slightly different:

Exchange 2007Microsoft.Exchange.Management.PowerShell.Admin
Exchange 2010Microsoft.Exchange.Management.PowerShell.E2010
Exchange 2013Microsoft.Exchange.Management.PowerShell.SnapIn

If you're not sure about the version, you can also use wildcard characters:

Add-PSSnapin *Exchange*

If you don't want to install the management tools, you can also use PS remoting to remotely access the management shell from a standard Powershell.

by lunarg on January 9th 2017, at 16:33
A new Powershell module, called Azure AD v2 is available to manage Office365 from Powershell, and is now the preferred method for managing Office365 tenants from Powershell. Unlike the older MSOnline module, you need to download and install this version from the Powershell Gallery, for which there is no direct download link.

Windows 10 already has the PowershellGet module needed to download modules from Powershell Gallery, so all you need to do is run the following in an elevated Powershell:

Install-Module AzureAD

You may get a message about NuGet provider is required to continue. You can safely confirm this.

Everything pre-Windows 10 and starting from Windows 7 SP1 and 2008R2 SP1, you n  ...
by lunarg on November 18th 2016, at 14:44

When running Get-ReceiveConnector, the contents of the RemoteIPRanges field may be truncated if there are a lot of entries. You can "expand" the list:

Get-ReceiveConnector MyConnector | Select -expand RemoteIPRanges | FT

This will expand each of the IP range objects and FT makes sure it's nicely formatted in a table. For single addresses, you only need the LowerBound column, but if ranges have been specified, you probably want both columns.

by lunarg on October 12th 2016, at 15:46
I found this little snippet online that allows you to preparse your Powershell scripts to ensure there are no syntax errors in it. This is useful if you need to know the script is error-free but are otherwise unable to run it.

Source: Contents of file TestScript.ps1param($path, [switch]$verbose)if ($verbose) { $VerbosePreference = ‘Continue’}trap { Write-Warning $_; $false; continue }& `{ $contents = get-content $path $contents = [string]::Join([Environment]::NewLine, $contents) [void]$ExecutionContext.InvokeCommand.NewScriptBlock($contents) Write-Verbose "Pars  ...
by lunarg on August 10th 2016, at 15:31
It may not seem evident to find out which mailboxes are accessible by a particular user or group. Through EAC, there is no apparent way to do this, as giving access for a user to a (shared) mailbox can only be done through the shared mailbox and then providing the user/group access. There is no way to query a particular user/group and show a list of mailboxes that user/group has access to. Fortunately, it seems that Powershell (EMS) does provide an easier answer.

These cmdlets work in both Office365 and on-premise Exchange 2007 or newer.

List mailboxes to which a user/group has access to:

Get-Mailbox | Get-MailboxPermission -User user1

Although the cmdlet states a user name, replacing th  ...
by lunarg on August 4th 2016, at 10:57

Using ADUC, it can be quite a hassle to find and/or unlock AD accounts. Powershell solves this by providing some neat commands for a system administrator to use.

To list all locked out AD accounts:

Search-ADAccount -LockedOut

To get more info about these accounts, you can do a Full-List:

Search-ADAccount -LockedOut | FL

Furthermore, you can pipe the output to quickly unlock some/all AD accounts:

Search-ADAccount -LockedOut | Unlock-ADAccount
by lunarg on May 25th 2016, at 15:59

You can quickly check which mailbox has e-mail forwarding settings enabled through the EMS:

Get-Mailbox -Filter {ForwardingAddress -ne $null} | FT Name,ForwardingAddress,DeliverToMailboxAndForward -Autosize

You can use the cmdlet above and process its output or export it to a CSV (using Export-CSV).

by lunarg on April 20th 2016, at 15:47
A few steps to enable management of your Office 365 subscription using Powershell. One uses Powershell because not all configuration is available through the Office 365 Portal, and it's also useful for automation.

UPDATE (2016-04-20): updated links and information.

Download and install the Microsoft Online Services Sign-In Assistant.This is required in order to be able to sign in to Office 365.

Download and install Azure Active Directory Module for Windows PowerShell (64-bit version).Note: 32-bit users, see below.

Optionally, you can also download and install modules to manage Sharepoint Online and Skype for Business Online.

32-bit Azure AD Module
From October 20, 2014, the Azure Ac  ...
by lunarg on March 17th 2016, at 13:30
There are a variety of methods to enable Remote Desktop and Remote Management from a script. This is particularly useful if you have many Core Servers and no SCCM or some other deployment system.


(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1,1)Set-ExecutionPolicy Unrestricted -ForceEnable-PSRemoting -Force

This enables Remote Desktop with NLA (first param), adjust the required firewall rules (second param), and finally, enables Remote Management.


cscript %windir%\system32\scregedit.wsf /ar 0cscript %windir%\system32\scregedit.wsf /cs 1

Like the PS variant, this enables Remote Desktop while the second line   ...
by lunarg on December 15th 2015, at 15:21
Dell's AppAssure has a module for Powershell which allows manipulation of AppAssure through several cmdlets. This comes in handy if you want to do some automation, and more importantly, it's a lot faster than the web interface.

To load the AppAssure module for PowerShell:

Import-Module appassurepowershellmodule

Then, to get a list of all available cmdlets for AppAssure, run:

Get-Command -Module appassurepowershellmodule

The majority of core and agent functions are available through PS. There are quite a few, and it would go beyond the scope of the article to explain them all. You can get (limited) help by prepending a cmdlet with the keyword help.

Suspend all backups for all machines:
by lunarg on November 26th 2015, at 15:10
When scheduling the run of a Powershell script through Task Scheduler, it is highly recommended to set up the task to run accordingly:

powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "path\to\script.ps1"

Scheduling Powershell scripts in this manner will prevent the dreaded 0x1 exit code from happening.

-NoProfile prevents loading of the user's profile, speeding up the startup of the script and preventing the script from depending on user-specific settings and scripts.

-NonInteractive will allow a script to exit rather than waiting indefinitely when a user prompt occurs.

Setting the -ExecutionPolicy to ByPass or Unrestricted will allow unsigned s  ...
by lunarg on November 5th 2015, at 11:03

Sometimes you may want to set or clear attributes of an AD object (e.g. the extensionAttributes of an AD user) through Powershell.

To set an attribute:

Set-ADUser -Identity "AnyADUser" -Add @{extensionAttribute15="SomeValue"}

To clear an attribute (i.e. unset the attribute):

Set-ADUser -Identity "AnyADUser" -Clear extensionAttribute15
by lunarg on November 5th 2015, at 10:49

The Office365 Admin portal clearly shows which users are synced to AD and which are cloud only. In Powershell, this is less clear. To find out which are cloud-only, you need to check the value of LastDirSyncTime. If it is empty, then the user was never synced from AD, and thus, is a cloud-only user.

Log on to your Office 365 tenant through Powershell, then run:

Get cloud-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -eq $null }

Get synchronized-only users:

Get-MsolUser -All | Where { $_.LastDirSyncTime -ne $null }
by lunarg on September 21st 2015, at 12:40

This one-liner will output a list of installed programs, similar to what you get when looking it up through Control Panel → Add/Remove Programs.

Get-WmiObject -Class Win32_Product | Select-Object -Property Name

The advantage of this cmdlet is that you can dump it to a text file:

Get-WmiObject -Class Win32_Product | Select-Object -Property Name > Software.txt

And through PS remoting, you can also run this on remote systems.

by lunarg on September 21st 2015, at 12:31

You can easily perform 'diff' style text comparisons with Powershell:

Compare-Object -ReferenceObject (Get-Content file1.txt) -DifferenceObject (Get-Content file2.txt)
by lunarg on September 15th 2015, at 15:56
Rather than installing the Exchange 2013 management tools, you could also connect to the Exchange Management Shell (EMS) through Powershell "remoting".

Connect to EMS using the current credentials (i.e. the user running Powershell):

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchange-server-fqdn/PowerShell -Authentication KerberosImport-PSSession $session

Replace exchange-server-fqdn with the FQDN or IP address of the Exchange server you wish to connect to. With this command, you will be using the credentials of the current logged in user, and authenticate through Kerberos. If the user is not a organizational admin, you will be able to l  ...
by lunarg on September 11th 2015, at 10:39
This is a very crude script to defrag (using eseutil) Exchange mailbox databases.

The script takes the database name as a mandatory parameter. It then dismounts the database, checks whether the database state has been shutdown cleanly, performs the defrag, verifies the state again, and finally, mounts it again.

Note that this is an offline process. The specified mailbox database will be offline, meaning that all mailboxes in the database will not be accessible until the process has been completed.

Use with caution!
This script has not been tested extensively and does not account for everything that can go wrong. I merely provide it as a good starting point to extend the script to somethin  ...
showing posts tagged with 'powershell'