Archive for the 'Exchange' Category

Interview with Frank Carius

Another TechEd video! Microsoft MVP Frank Carius from http://www.msxfaq.de describes how PowerShell helps him manage Exchange 2007 and 2010, and Lync Server 2010, how he creates and debugs his scripts, and how he uses automated policies for secure mailbox access provisioning:

Enjoy!

Manage Email addresses without Exchange cmdlets

AD cmdlets 1.4 added new cmdlets and parameters which let you manage email addresses in your environment even if you do not have Exchange Management Shell. This is very handy if you are on Exchange 2003, do not have Exchange cmdlets installed, or just don’t want to switch between snapins.

Here’s the quick overview of what we have added:

Retrieving accounts by any proxy addresses:

Now Get-QADObject, Get-QADGroup, and Get-QADUser all have PrimaryProxyAddress, ProxyAddress and SecondaryProxyAddress parameters which can let you be more specific in your queries and thus retrieve objects much faster (compared to just supplying the address as identity parameter and relying on default resolution).

For example, you could do:

Get-QADUser -ProxyAddress 'x400:C=US;A= ;P=Quest Software;O=Aliso Viejo;S=Sotnikov;G=Dmitry;I=A;'

or

Get-QADUser -SecondaryProxyAddress '*Sotnikov@algorithm.aelita.com'

Adding email addresses:

Just use Add-QADProxyAddress and specify various parameters for specifics (pair with Clear-QADProxyAddress to replace previous addresses):

Get-QADUser company\jsmith |
  Add-QADProxyAddress -Address 'smtp:jsmith@company.com' |
  Add-QADProxyAddress -Type SMTP -Address 'john.smith@company.com' -Primary |
  Add-QADProxyAddress -CustomType 'sip' -Address 'john.smith@company.com'

Removing all addresses:

Did I mention Clear-QADProxyAddress?

Get-QADUser company\jsmith |
  Clear-QADProxyAddress |
  Add-QADProxyAddress -Address 'smtp:jsmith@company.com' |
  Add-QADProxyAddress -Type SMTP -Address 'john.smith@company.com' -Primary |
  Add-QADProxyAddress -CustomType 'sip' -Address 'john.smith@company.com'

Removing individual addresses:

Use Remove-QADProxyAddress and it’s parameters to operate on a specific address or a set of addresses:

Get-QADUser |
  Remove-QADProxyAddress -Pattern '*@company.com'

Modifying addresses:

Set-QADProxyAddress lets you pick and replace specific addresses:

Get-QADUser |
  Set-QADProxyAddress -From '*@source.com' -MakePrimary

or

Get-QADUser |
  Set-QADProxyAddress -From '*@before.com' -To '*@after.com'

Enabling or disabling email address policy:

Enable-QADEmailAddressPolicy and Disable-QADEmailAddressPolicy are your respective friends and can be applied to individual objects. For example:

Get-QADUser DomainName\UserName | Disable-QADEmailAddressPolicy
Get-QADUser -City London | Enable-QADEmailAddressPolicy

Happy scripting!

What’s New in AD cmdlets 1.4

Don’t get confused by the version number – this is a major update to the free QAD cmdlets adding significant new functionality and making Active Directory management from PowerShell easier than ever before.

Here is a quick list of what is new in this release.

You can read more about each cmdlet and parameter by following the corresponding links – or waiting till I blog about all the new functionality throughout the coming weeks.

32 new cmdlets!

Certificate and Public Key Infrastructure (PKI) management

Email address management

Auxiliary cmdlets for Progress Bar and Inactive Account Reporting

20 New Parameters

Parameters Added for Cmdlets
ExpiredFor

Inactive

InactiveFor

NotLoggedOnFor

PasswordNotChangedFor

Get-QADUser
Inactive

InactiveFor

NotLoggedOnFor

PasswordNotChangedFor

Get-QADComputer
PrimaryProxyAddress

ProxyAddress

SecondaryProxyAddress

Get-QADObject

Get-QADGroup

Get-QADUser

ShowProgress

ProgressThreshold

Activity

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADManagedObject

Get-QADMemberOf

Get-QADObject

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSWorkflowDefinition

Disabled

Enabled

KeepForeignSecurityPrincipals

Get-QADGroupMember
ResolveForeignSecurityPrincipals Get-QADObject
Control Add-QADGroupMember

Add-QADMemberOf

Add-QADPasswordSettingsObjectAppliesTo

Deprovision-QADUser

Disable-QADComputer

Disable-QADUser

Enable-QADComputer

Enable-QADUser

Get-QADComputer

Get-QADGroup

Get-QADGroupMember

Get-QADManagedObject

Get-QADMemberOf

Get-QADObject

Get-QADPasswordSettingsObject

Get-QADPasswordSettingsObjectAppliesTo

Get-QADUser

Get-QARSAccessTemplate

Get-QARSAccessTemplateLink

Get-QARSWorkflowDefinition

Move-QADObject

New-QADComputer

New-QADGroup

New-QADObject

New-QADPasswordSettingsObject

New-QADUser

New-QARSAccessTemplateLink

Publish-QARSGroup

Remove-QADGroupMember

Remove-QADMemberOf

Remove-QADObject

Remove-QADPasswordSettingsObjectAppliesTo

Remove-QARSAccessTemplateLink

Rename-QADObject

Reset-QADComputer

Restore-QADDeletedObject

Set-QADComputer

Set-QADGroup

Set-QADObject

Set-QADUser

Set-QARSAccessTemplateLink

Unlock-QADUser

Unpublish-QARSGroup

SearchRoot parameter now accepting arrays

This lets you retrieve objects from multiple containers with one call. The change affects the following cmdlets:

  • Get-QADComputer
  • Get-QADGroup
  • Get-QADObject
  • Get-QADPasswordSettingsObject
  • Get-QADUser
  • Get-QARSAccessTemplate
  • Get-QARSAccessTemplateLink
  • Get-QARSWorkflowDefinition
  • Summary

    To get full list of all QAD cmdlets please see AD cmdlets online reference.

    Download AD cmdlets 1.4 here and let us know what you think.

    Check who can send email to a group

    Today I wanted to get a list of people who had rights to send messages to a few distribution lists in our company. This information is not readily available in Outlook, but turned out to be very easy to retrieve using PowerShell – this is literally just a few attributes to retrieve from your Active Directory.

    Here’s a sample output of my script:

    PS:\> Get-DLRestriction "Worldwide Everyone"
    Checking restrictions for Worldwide Everyone
    
    The following users can send messages to this list:
    
    Anne Smith
    John Able
    
    Members of this group can send messages to this list: Domain\Communicators) :
    
    Susan Gallings
    Terry Adams
    
    Only authenticated users can send messages to this list.
    External senders get blocked.

    I’ve uploaded the script to poshcode, but for your convenience also posting it here:

    function Get-DLRestriction {
      param([System.String]  $DLName  )
    
      "Checking restrictions for $DLName"
    
      $DL = Get-QADGroup $DLName `
          -IncludedProperties AuthOrig, UnauthOrig, dLMemRejectPerms,`
                          dLMemSubmitPerms, msExchRequireAuthToSendTo
    
      # we'll set this to true if we see a restriction
      $restricted = $false
    
      # if the group with such a name is found
      if ( $DL -ne $null ) { 
        
        if ( $DL.AuthOrig -ne $null ) { 
          $restricted = $true
          "`nThe following users can send messages to this list:"
          $DL.AuthOrig | Get-QADUser
        }
        
        if ( $DL.UnauthOrig -ne $null ) { 
          $restricted = $true
          "`nAnyone BUT the following users can send messages to this list:"
          $DL.UnauthOrig | Get-QADUser
        }
        
        if ( $DL.dLMemSubmitPerms -ne $null ) { 
          $restricted = $true
          "`nMembers of this group can send messages to this list: $($DL.dLMemSubmitPerms | Get-QADGroup)) :"
          Get-QADGroupMember $DL.dLMemSubmitPerms
        }
        
        if ( $DL.dLMemRejectPerms -ne $null ) { 
          $restricted = $true
          "`nAnyone BUT members of this group can send messages to this list: $($DL.dLMemRejectPerms | Get-QADGroup)) :"
          Get-QADGroupMember $DL.dLMemRejectPerms
        }
        
        if ( $DL.msExchRequireAuthToSendTo ) { 
          $restricted = $true
          "`nOnly authenticated users can send messages to this list.`nExternal senders get blocked."
        }
        
        if ( -not $restricted ) {
          "`nThis list is not restricted. Anyone can email it."
        }
      } else {
        "`nDL $DLName not found."
      }
    }

    Exchange 2010 PowerPack is here

    For all PowerGUI administrators, Konrad Sagala has just posted his first release of PowerPack for Exchange Server 2010.

    PowerPacks are extensible open-source add-ons for PowerGUI Administrative Console. Once you import them into the console you get rich MMC-like UI for a new platform. It is great to see that Exchange 2010 support is now available for PowerGUI and great to see a member of the PowerGUI community stepping up to provide that!

    Download the Exchange 2010 PowerPack and post your comments to the page (log in required to post comments) to let Konrad know what you think.

    Exchange 2003 PowerPack Updated

    If you manage your Exch 2003 with PowerGUI make sure you upgrade to the latest version of the PowerPack which Jonathan Medd has made available.

    It adds a nice Database Whitespace report added, and more importantly autoupdate capabilities – so from now on getting new patches and features becomes way easier.

    Exchange Server 2003 Database Whitespace report

    Get the PowerPack here or read more in Jonathan’s blog here.

    The Experts Conference 2010

    TEC is one of the most advanced (400 level sessions are norm!) conferences you can find out there. This is probably the only event with so much technical information, amazing speakers (Microsoft product teams and real-world practitioners), and great audience (MVPs, chief IT architects, and so on.)

    The topics range from Active Directory and Forefront Identity Manager (FIM) to Exchange and SharePoint technologies (follow the links to read the abstracts of the sessions which have been announced).

    There will obviously be a fair bit of PowerShell on the way – e.g. Brandon Shell will be amazing everyone by totally scripting read-only domain controllers deployments.

    TEC 2010 takes place April 25-28, 2010, at the brand new JW Marriott LA Live Hotel in the heart of Los Angeles. Learn more at www.theexpertsconference.com, register today and ask for the early bird discount! 😉

    Skype for administrators

    Call any user in Active Directory or Exchange right from your administrative console, with a single click dial into any conference call (with participant passcode dialed for you ;)) – all of that is possible with the latest extension for PowerGUI.

    PowerGUI Skype PowerPack adds Call buttons for all user accounts and mailboxes, as well as people in your corporate organizational chart. In addition to this you can obviously call any of your Skype contacts or any conference call appointments listed in your Outlook.

    Check out this 7-minute demo here (highly recommended to watch in HD and full screen):

    As always, all the code behind any nodes and actions can be found in their properties, so you can learn how this actually works, modify the pack to suite your needs or extend it to add calling capabilities to whichever other systems you are managing!

    This blog post by Shafqat Ahmed helped me a lot when I started working on the PowerPack. My scripts in the pack are basically enhancements built on top of his excellent post.

    Download Skype PowerPack here and let us know what you think.

    Tags: , , , , , , ,

    TechEd South Africa session on PowerGUI

    If you are attending TechEd in Durban in a couple of weeks make sure you see Nicolas Blank delivering his UNC304 session:

    PowerShell and Unified Communications: Taking the Mystery out of AD, Exchange and OCS Management using PowerShell (UNC304)

    PowerShell is wonderful – if you know where to start or how to use it! This session will cover how to get started with PowerShell as well as moving into advanced areas of Exchange and OCS management with PowerShell. We will cover common management and migration scenarios where PowerShell can add value, learning how to run “one liners” that can “change the world” as well as using the Power of PowerShell in PowerGUI in order to have the best of both worlds – PowerShell flexibility and GUI management and much much more.

    UNC304 | Mon 3 Aug (12:00 – 13:00) | 300 – Advanced| Session Room B1 | Speaker: Nicolas Blank | Breakout Session

    Nicolas is an Exchange MVP and Unified Communications guru. He was one of the first guys who started using PowerShell to manage Exchange 2003 back in 2007. This year he is delivering 4 TechEd sessions! Quite an achievement. Congratulations to Nicolas and make sure you see him if you are at the show.

    Tags: , , , , ,

    Restore Exchange data from PowerShell

    Working with mail backups can be a pain. Especially when you need to do some kind of bulk operations like scan backups for particular mailboxes and find all emails with certain keywords and then export then to a PST or add them to a public folder.

    Quest has recently PowerShell-enabled its Exchange/Notes/PST backup/recovery product – and we got a lot of great functionality available for your scripts/command line.

    Here are a few examples:

    • Here’s how you can attach a standard Exchange backup and retrieve its messages as .msg files:

    Attach-RMEExchangeDB -EdbPath "C:\Data\Edb\EdbSearchTest\EdbSearchTest.edb" | Get-RMEMessage | Export-RMEMessage -ExportPath "C:\Data\Exported\Msg" -Type Msg

    • Or look for particular keywords in Lotus Notes data:

    Attach-RMELotusDB "C:\Data\Nsf" | Get-RMEMessage -SearchIn Subject, Body -Text "test" | Export-RMEMessage -ExportPath "C:\Data\Exported\Eml" -Type Eml

    • Or restore a folder to PST:

    Attach-RMEExchangeDB "C:\Data\Edb\EdbSearchTest\EdbSearchTest.edb" | Get-RMEFolder "John Doe\Inbox" | Restore-RMEFolder -TargetPath "C:\Data\Restored\Pst"
    Obviously you can restore to live mailboxes and public folders, work with attachments, and so on, and so forth.

    Here’s full list of the cmdlets – each of the pages has examples and details on parameters, etc.:

    Note that unlike AD cmdlets these are actually a part of commercial product so there is cost involved. You can get a trial license from the product page. If you are a Microsoft MVP you can also get a free NFR license by applying here.


    Legal

    The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

    © 2007-2014 Dmitry Sotnikov

    July 2020
    M T W T F S S
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  

    %d bloggers like this: