Archive for the 'Exchange' Category

Interview with Frank Carius

Another TechEd video! Microsoft MVP Frank Carius from http://www.msxfaq.de describes how PowerShell helps him manage Exchange 2007 and 2010, and Lync Server 2010, how he creates and debugs his scripts, and how he uses automated policies for secure mailbox access provisioning:

Enjoy!

Advertisements

Manage Email addresses without Exchange cmdlets

AD cmdlets 1.4 added new cmdlets and parameters which let you manage email addresses in your environment even if you do not have Exchange Management Shell. This is very handy if you are on Exchange 2003, do not have Exchange cmdlets installed, or just don’t want to switch between snapins.

Here’s the quick overview of what we have added:

Retrieving accounts by any proxy addresses:

Now Get-QADObject, Get-QADGroup, and Get-QADUser all have PrimaryProxyAddress, ProxyAddress and SecondaryProxyAddress parameters which can let you be more specific in your queries and thus retrieve objects much faster (compared to just supplying the address as identity parameter and relying on default resolution).

For example, you could do:

Get-QADUser -ProxyAddress 'x400:C=US;A= ;P=Quest Software;O=Aliso Viejo;S=Sotnikov;G=Dmitry;I=A;'

or

Get-QADUser -SecondaryProxyAddress '*Sotnikov@algorithm.aelita.com'

Adding email addresses:

Just use Add-QADProxyAddress and specify various parameters for specifics (pair with Clear-QADProxyAddress to replace previous addresses):

Get-QADUser company\jsmith |
  Add-QADProxyAddress -Address 'smtp:jsmith@company.com' |
  Add-QADProxyAddress -Type SMTP -Address 'john.smith@company.com' -Primary |
  Add-QADProxyAddress -CustomType 'sip' -Address 'john.smith@company.com'

Removing all addresses:

Did I mention Clear-QADProxyAddress?

Get-QADUser company\jsmith |
  Clear-QADProxyAddress |
  Add-QADProxyAddress -Address 'smtp:jsmith@company.com' |
  Add-QADProxyAddress -Type SMTP -Address 'john.smith@company.com' -Primary |
  Add-QADProxyAddress -CustomType 'sip' -Address 'john.smith@company.com'

Removing individual addresses:

Use Remove-QADProxyAddress and it’s parameters to operate on a specific address or a set of addresses:

Get-QADUser |
  Remove-QADProxyAddress -Pattern '*@company.com'

Modifying addresses:

Set-QADProxyAddress lets you pick and replace specific addresses:

Get-QADUser |
  Set-QADProxyAddress -From '*@source.com' -MakePrimary

or

Get-QADUser |
  Set-QADProxyAddress -From '*@before.com' -To '*@after.com'

Enabling or disabling email address policy:

Enable-QADEmailAddressPolicy and Disable-QADEmailAddressPolicy are your respective friends and can be applied to individual objects. For example:

Get-QADUser DomainName\UserName | Disable-QADEmailAddressPolicy
Get-QADUser -City London | Enable-QADEmailAddressPolicy

Happy scripting!

What’s New in AD cmdlets 1.4

Don’t get confused by the version number – this is a major update to the free QAD cmdlets adding significant new functionality and making Active Directory management from PowerShell easier than ever before.

Here is a quick list of what is new in this release.

You can read more about each cmdlet and parameter by following the corresponding links – or waiting till I blog about all the new functionality throughout the coming weeks.

32 new cmdlets!

Certificate and Public Key Infrastructure (PKI) management

Email address management

Auxiliary cmdlets for Progress Bar and Inactive Account Reporting

20 New Parameters

Parameters Added for Cmdlets
ExpiredFor

Inactive

InactiveFor

NotLoggedOnFor

PasswordNotChangedFor

Get-QADUser
Inactive

InactiveFor

NotLoggedOnFor

PasswordNotChangedFor

Get-QADComputer
PrimaryProxyAddress

ProxyAddress

SecondaryProxyAddress

Get-QADObject

Get-QADGroup

Get-QADUser

ShowProgress

ProgressThreshold

Activity

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADManagedObject

Get-QADMemberOf

Get-QADObject

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSWorkflowDefinition

Disabled

Enabled

KeepForeignSecurityPrincipals

Get-QADGroupMember
ResolveForeignSecurityPrincipals Get-QADObject
Control Add-QADGroupMember

Add-QADMemberOf

Add-QADPasswordSettingsObjectAppliesTo

Deprovision-QADUser

Disable-QADComputer

Disable-QADUser

Enable-QADComputer

Enable-QADUser

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADManagedObject

Get-QADMemberOf

Get-QADObject

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSWorkflowDefinition

Move-QADObject

New-QADComputer

New-QADGroup

New-QADObject

New-QADPasswordSettingsObject

New-QADUser

New-QARSAccessTemplateLink

Publish-QARSGroup

Remove-QADGroupMember

Remove-QADMemberOf

Remove-QADObject

Remove-QADPasswordSettingsObjectAppliesTo

Remove-QARSAccessTemplateLink

Rename-QADObject

Reset-QADComputer

Restore-QADDeletedObject

Set-QADComputer

Set-QADGroup

Set-QADObject

Set-QADUser

Set-QARSAccessTemplateLink

Unlock-QADUser

Unpublish-QARSGroup

SearchRoot parameter now accepting arrays

This lets you retrieve objects from multiple containers with one call. The change affects the following cmdlets:

  • Get-QADComputer
  • Get-QADGroup
  • Get-QADObject
  • Get-QADPasswordSettingsObject
  • Get-QADUser
  • Get-QARSAccessTemplate
  • Get-QARSAccessTemplateLink
  • Get-QARSWorkflowDefinition
  • Summary

    To get full list of all QAD cmdlets please see AD cmdlets online reference.

    Download AD cmdlets 1.4 here and let us know what you think.

    Check who can send email to a group

    Today I wanted to get a list of people who had rights to send messages to a few distribution lists in our company. This information is not readily available in Outlook, but turned out to be very easy to retrieve using PowerShell – this is literally just a few attributes to retrieve from your Active Directory.

    Here’s a sample output of my script:

    PS:\> Get-DLRestriction "Worldwide Everyone"
    Checking restrictions for Worldwide Everyone
    
    The following users can send messages to this list:
    
    Anne Smith
    John Able
    
    Members of this group can send messages to this list: Domain\Communicators) :
    
    Susan Gallings
    Terry Adams
    
    Only authenticated users can send messages to this list.
    External senders get blocked.

    I’ve uploaded the script to poshcode, but for your convenience also posting it here:

    function Get-DLRestriction {
      param([System.String]  $DLName  )
    
      "Checking restrictions for $DLName"
    
      $DL = Get-QADGroup $DLName `
          -IncludedProperties AuthOrig, UnauthOrig, dLMemRejectPerms,`
                          dLMemSubmitPerms, msExchRequireAuthToSendTo
    
      # we'll set this to true if we see a restriction
      $restricted = $false
    
      # if the group with such a name is found
      if ( $DL -ne $null ) { 
        
        if ( $DL.AuthOrig -ne $null ) { 
          $restricted = $true
          "`nThe following users can send messages to this list:"
          $DL.AuthOrig | Get-QADUser
        }
        
        if ( $DL.UnauthOrig -ne $null ) { 
          $restricted = $true
          "`nAnyone BUT the following users can send messages to this list:"
          $DL.UnauthOrig | Get-QADUser
        }
        
        if ( $DL.dLMemSubmitPerms -ne $null ) { 
          $restricted = $true
          "`nMembers of this group can send messages to this list: $($DL.dLMemSubmitPerms | Get-QADGroup)) :"
          Get-QADGroupMember $DL.dLMemSubmitPerms
        }
        
        if ( $DL.dLMemRejectPerms -ne $null ) { 
          $restricted = $true
          "`nAnyone BUT members of this group can send messages to this list: $($DL.dLMemRejectPerms | Get-QADGroup)) :"
          Get-QADGroupMember $DL.dLMemRejectPerms
        }
        
        if ( $DL.msExchRequireAuthToSendTo ) { 
          $restricted = $true
          "`nOnly authenticated users can send messages to this list.`nExternal senders get blocked."
        }
        
        if ( -not $restricted ) {
          "`nThis list is not restricted. Anyone can email it."
        }
      } else {
        "`nDL $DLName not found."
      }
    }

    Exchange 2010 PowerPack is here

    For all PowerGUI administrators, Konrad Sagala has just posted his first release of PowerPack for Exchange Server 2010.

    PowerPacks are extensible open-source add-ons for PowerGUI Administrative Console. Once you import them into the console you get rich MMC-like UI for a new platform. It is great to see that Exchange 2010 support is now available for PowerGUI and great to see a member of the PowerGUI community stepping up to provide that!

    Download the Exchange 2010 PowerPack and post your comments to the page (log in required to post comments) to let Konrad know what you think.

    Exchange 2003 PowerPack Updated

    If you manage your Exch 2003 with PowerGUI make sure you upgrade to the latest version of the PowerPack which Jonathan Medd has made available.

    It adds a nice Database Whitespace report added, and more importantly autoupdate capabilities – so from now on getting new patches and features becomes way easier.

    Exchange Server 2003 Database Whitespace report

    Get the PowerPack here or read more in Jonathan’s blog here.

    The Experts Conference 2010

    TEC is one of the most advanced (400 level sessions are norm!) conferences you can find out there. This is probably the only event with so much technical information, amazing speakers (Microsoft product teams and real-world practitioners), and great audience (MVPs, chief IT architects, and so on.)

    The topics range from Active Directory and Forefront Identity Manager (FIM) to Exchange and SharePoint technologies (follow the links to read the abstracts of the sessions which have been announced).

    There will obviously be a fair bit of PowerShell on the way – e.g. Brandon Shell will be amazing everyone by totally scripting read-only domain controllers deployments.

    TEC 2010 takes place April 25-28, 2010, at the brand new JW Marriott LA Live Hotel in the heart of Los Angeles. Learn more at www.theexpertsconference.com, register today and ask for the early bird discount! 😉


    My Recent Tweets

    Legal

    The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

    © 2007-2014 Dmitry Sotnikov

    October 2018
    M T W T F S S
    « Aug    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
    Advertisements

    %d bloggers like this: