Powershell - Adding Pictures to Office 365 Accounts

powershell.jpg

How many times have you corresponded with a co-worker, and either as a result of company size, or physical location not recognized the person when you met them?  Doesn't it feel at sometimes like we have a relationship with someone who we would never recognize if we met them on the street?  These are the two primary reasons that adding images to your Active Directory, or Office 365 Accounts could prove beneficial. Second to that Social Uniformity both within the business and personally becomes more important as we are presenting online personas to the public.  We have all had the misfortune of "Googling" a person to find out more about them, whether it's for a hiring choice, or an upcoming meeting.  There is something to be said when there is a uniform presentation of who that person is vice, a professional image, and that of a wild night partying.  After all we are only human and consistently have outside factors sway our opinions and perceptions.

As an Example, Outlook does a great job of adding pictures from not only social media, but also within AD to present a face to the e-mail address.  As illustrated below you can see up in the "To" Section you can see the picture of the person who sent the message, then again at the bottom all those who are part of the conversation.

img_55355ca59719e.png

If this person was part of your organization who you communicated with often, this would give you the insight to recognize them that next Holiday Party or Company Picnic.

Another option is to use the Social Plugin from within Outlook to connect your contacts to LinkedIn.  This will also bring in pictures if the user information matches a LinkedIn Profile.  This is where the uniformity should take place, a company picture that is  uploaded, the same or similar professional picture to both your Linkedin Profile, as well as your company website should you be featured.

Below is a very easy powershell script to upload pictures to each of your end users.  It assumes that you have done the following:

  1. Set the files in path directory to match the UPN (UserPrincipalName of the user)
  2. And that they are jpg files.  If they are not you just need to alter the extension in the script.
######################################### # # # Connect to O365 # # # ######################################### $msolcred = get-credential connect-msolservice -credential $msolcred ######################################### # # # Exchange Online # # # ######################################### $UserCredential = $msolcred $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxymethod=rps -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session ######################################### # # # Set $Path to Path # # # ######################################### $users = Get-MsolUser foreach ($person in $users) { $path = "<PATH TO FILES>" $user = $person.UserPrincipalName $photo = $path+$user+".jpg" Set-UserPhoto -Identity $person.UserPrincipalName -PictureData ([System.IO.File]::ReadAllBytes($photo)) -Confirm:$false
 
Test

Teamwork in Business "overhead" departments.

teamwork.jpg

Recently, teamwork spanning across departments has been at the forefront as a result of a project that has ramifications across all of the "Shared Services" departments.  By shared services, we are talking about your "overhead" departments in most mainstream business.  Departments such as Finance, Legal, IT, Marketing, Business Development, Admin Services.  Traditionally unless in a specific industry most of these departments are not revenue generating departments but considered an overhead expense of doing  business.  What each of these departments can do in order to curb spending is a whole other discussion, however its' important to note that just because they are overhead, that they should all be able to justify their value and bring cost consciousness to their decisions. Depending on the size of the business, the teamwork could vary at different levels in the organizational chart however there is a certain amount of teamwork that needs to exist through these departments.  As an example, the IT department couldn't institute any new policies without having the language cleared through Legal, and replaced in corporate documentation by HR.  A basic situation such as this also can illustrate where issues regarding teamwork could arise.  Legal and HR may not see the value in the updated policy, nor want to have to add the task to their workload.  Having a leader that can illustrate the value of breaking down the department "silo" mentality is instrumental in providing a higher level, consistent and efficient process for the end client.  In this case as an overhead department the end client is the employees of the company.  It is often lost on the Shared Service departments that the revenue generating employees are their client, many times they are thought of as peers.  Its important to keep the mindset, if our clients were external, would we treat them this way or would we provide a different effort?

The goal is to have the overhead departments working in unison, by being productive with streamlined efficiency in order to support the line of business activities of the company.  Keeping in mind, that without the LOB Employees, there is no business for the overhead departments to support.  In that case the way the operations should flow is all of the staff between departments to realize they are a team.  An example process that could illustrate how that could work, is the intake of a new employee.  In theory one of the LOB departments puts in the approval for a new hire to the HR Department.  It would then be up to HR to notify the other departments on the needs of the impending new hire.  Example being, IT for user setup and equipment, Finance Department for Payroll and Expenses, Marketing for Business cards.  If that process isn't instituted or followed through correctly by the "Team" it gives a poor impression on to the new hire on their first day about the company, as well as hurts overall productivity an efficiency.

To usher in teamwork there are a few things that can help:

  • Communication:  It is imperative that all these different departments are communicating regularly.   There are always things that could arise from discussion that someone from a neighboring department maybe able to help with.  When those situations arise you can assign a "team" to a project vs. an individual.
  • Rewards: In some cases you could provide a reward for teamwork.
  • Accountability:  Everyone should be held accountable for their role, and\or projects.  That also means that regardless of who, both the positive and negative reinforcements should be applied.
  • Availability:  Management should be available to communicate any "direction" or conflict resolutions that may arise.

Lastly, its crucial to know that it teamwork can't always be built over night and requires time.  Be patient and constantly look at the members of the team in order make sure their needs are being made.

 

Potential dream PBX - Skype for Business

SkypeLync.jpg

[one_half last="no" spacing="yes" center_content="no" hide_on_mobile="no" background_color="" background_image="" background_repeat="no-repeat" background_position="left top" border_size="0px" border_color="" border_style="solid" padding="" margin_top="" margin_bottom="" animation_type="" animation_direction="" animation_speed="0.1" class="" id=""][fusion_text]Skype Lync merger[/fusion_text][/one_half][one_fourth last="no" spacing="yes" center_content="no" hide_on_mobile="no" background_color="" background_image="" background_repeat="no-repeat" background_position="left top" border_size="0px" border_color="" border_style="" padding="" margin_top="" margin_bottom="" animation_type="" animation_direction="" animation_speed="0.1" class="" id=""][/one_fourth][one_fourth last="yes" spacing="yes" center_content="no" hide_on_mobile="no" background_color="" background_image="" background_repeat="no-repeat" background_position="left top" border_size="0px" border_color="" border_style="" padding="" margin_top="" margin_bottom="" animation_type="" animation_direction="" animation_speed="0.1" class="" id=""][/one_fourth][fusion_text]This week Office Mechanics gave a demo for the upcoming Skype for Business which has been in preview since the Office 2016 preview became available.  Initially I was just excited for the rebranding simply because I knew it would bring a tighter integration between Lync and Skype, mainly video chatting between streams.  Aside from that, I selfishly despised the fact that there were two accounts needed in the enterprise, one for your Office 365 account and Lync, then a second tied to an MS ID in order to use Skype.  Having Lync rebranded to Skype for business eliminates both of those. Secondly in my dealings with multiple PBX vendors over the year I always wanted to see an easier connection between Lync and the PBX.  All though there were PBX vendors that allowed integration, either natively or with third party hardware, the configuration always seemed to provide some complexity that was difficult to feel secure with.  Additionally there always seemed to be some sort of trade off with functionality on either side.  From what has been gathered or mentioned so far, this should resolve many of those issues.

The last thing I hope to hear more about is desktop phones.  Natively we can't just remove physical phones from the desktop, I'm interested to see if it's going to stick with the Lync PBX integration model, or if there is going to be easier configuration for any SIP compatible desktop phone.[/fusion_text][fusion_text]

Update!

So it appears the dream has come true.  It's been hard to find out more information regarding the where, when who or what, however it is called Office 365 Skype for Business with PTSN.

It's my understanding that those with an E-4 license will be able to use this service.  That being said, not sure who the providers are going to be for the SIP Trunking. My Instinct is it's going to be those that are part of the Azure Express route.

Skype for Business is here—and this is only the beginning[/fusion_text][separator style_type="none" top_margin="" bottom_margin="" sep_color="" border_size="" icon="" icon_circle="" icon_circle_color="" width="" alignment="" class="" id=""][fusion_text]

Update

Microsoft Releases Preview program: http://nooch.co/1Itbcg7[/fusion_text]

The Cloud and evolving for IT Professionals

ITCloud.jpg

In business, many feel uncertain with moving resources and data to the cloud. The primary questions always become the security, and data control. Albeit they are valuable concerns they should be redirected to the type of data and the partnered provider. The suggestion is based off the fact that not all providers are equal, for instance think of trusting an enterprise like Microsoft vs. a local small business IT firm. Both have pros and cons but there is something to be said not only reguarding the scale of the environment, knowledge of the engineers but the inverse, having the ability to hold someone accountable. Potentially switching to cloud based services can also change the dynamic of the IT staff within the business. Just because services have transitioned to the cloud doesn't eliminate the need for internal IT Staff. In my opinion what it does is drastically change that dynamic, for instance putting e-mail in Exchange Online can eliminate or reduce the need for an Exchange Server Administrator in a fully hosted solution. That doesn't mean that all your internal Exchange knowledge isn't needed but it's changed. It turns more from a systems or infrastructure management role to an Exchange management role. There are still tasks that need to be performed, such as user creation and support, but the focus becomes more management. Think of it more as a management role in the sense that now it's about setting corporate policy on retention, mailbox size, and other business driven requirements. Essentially, and even though its still technical,the theory and principal knowledge is still required from your staff.

Overall these are some of the things that the business and IT Management need to consider. Does it make sense for the business, how does the change affect staffing, is the internal knowledge there to support the change.

As an IT Professional it's something we need to consider as well, how do we continue to adapt? I like to think there are two types of IT professionals, those who are the jack of all trades, vs those that are product specific. Having said that both need to adapt and start to become a bit broader in breath.

For instance, the Exchange Administrator referenced above could easily transition into a "Communications Management" type roll.  Meaning instead of working on the nuts and bolts of Exchange they could understand how to manage Internet cloud based communications and options such as "Exchange Online, Skype for Business".  They could transition into managing those rolls for the company and leveraging the cloud to make those possible.

At the end of the day, as an IT Professional our industry is changing and depending on your industry you need to evolve as well.  If you aren't working for a cloud provider of services, it would be beneficial to broaden  your horizons and learning about the cloud.

Remove Messages from Queue

Exchange.jpg

Overview:

There are times where messages become stuck in an Exchange Messaging Queue on a Transport Server.   This article describes on how to get the Queue Name and then how to remove those messages in that queue.

Example:

The first example is removing messages from the Poison Queue which can happen from time to time. In this case the name of the queue never changes and thus makes it easy. If you were to run Get-Queue -Server <EXCH TRANSPORT SERVER> it would return the Identity for the Poison Queue as <EXCH TRANSPORT SERVER>\Poison.  That being the case this is how you remove the messages:

Remove-Message -Server <EXCH TRANSPORT SERVER> -Filter {Queue -eq "<EXCH TRANSPORT SERVER>/Poison"} -WithNDR $false

IN the above example we are using the Remove-Message cmdlet and specifying the HUB Transport Server. If you have multiple stuck messages in a Highly Available configuration you would need to alter the <EXCH TRANSPORT SERVER> for each server in the array.

Something else to consider is your -Filter options  You are not limited to Queue, for instance you could choose Subject, and change the operator to -like)

Remove-Message -Server <EXCH TRANSPORT SERVER> -Filter {Subject -like "*Hello*"} -WithNDR $false

By doing this and adding the * you are grabbing any messages with "Hello" in the subject line

If you want to suppress the confirmation message just add -Confirm:$false to the end of the statement

The other command to know is:

Get-Queue -Server <EXCH TRANSPORT SERVER>

This cmdlet returns all the queues on a specific HUB TRANSPORT server.  This is important incase you have a bad queue in which you may want to manually delete e-mail messages.  You can run the same command above with the IDENTITY parameter from Get-Queue command.

Office 365 - Hybrid Wizard Fails Due To " 407 Proxy Authentication"

O365.png

Overview:

Recently ran into a problem when running the Hybrid Configuration wizard for Exchange that gave me the following error:

ERROR : System.Management.Automation.RemoteException: Federation information could not be received from the external organization.
ERROR : Subtask NeedsConfiguration execution failed: Configure Organization Relationship
Exchange was unable to communicate with the autodiscover endpoint for your Office 365 tenant. This is typically an outbound http access configuration issue. If you are using a proxy server for outbound communication, verify that Exchange is configured to use it via the "Get-ExchangeServer –InternetWebProxy" cmdlet. Use the "Set-ExchangeServer –InternetWebProxy" cmdlet to configure if needed.

Resolution:

I immediately knew that it had something to do with our WPAD Configuration, and proxy settings.  However I checked as the administrator and the proxy wasn't being used.  My initial reaction was to just bypass the proxy via rule for Exchange Server.   However a quick google search and some trial and error and found the following two options:

  1. Using your own profile, disable your "Automatically detect settings" and then export the registry key from HKCU.
    1. import to the “Local System” (HKEY_USERS\.DEFAULT) hive.  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  1. Use a utility like “PsExec” to launch Internet Explorer as “Local System”, disable the setting and save the changes.
    1. psexec.exe -i -s -d "C:\Program Files\Internet Explorer\iexplore.exe"

Limiting Active Mail Count with Message Records Management

Overview:

Currently in the process of migrating between Exchange 2010 archiving solutions. As part of this process we have decided to journal all messages as well.

However we have other factors to consider;

  • Mailbox Sizes, and their causes
  • No retention times on length of time mail stored
  • We already have in place mailbox size restrictions that allow us to have a “per user exchange cost” on the disk side, however we have ran into a problem where the stubs created by our old archiving solution (Enterprise Vault) use up a certain amount of space, so those users who have been around for many years end up loosing a huge portion of their allotted space just to those stubs.
  • The new archiving solution has limited disk space.
Side Note, we could have purchased a larger box that had more disk space, but the cost was ludicrous for something we truly didn’t need, at least at this point.

Decisions:

The question then began how do we free up the space created by those stubs? Do we need those stubs? How does it affect the client? Turns out we decided that our new product has a built in Outlook Search tool, as well as a web based search tool and more importantly the add in puts an “Archive Folder” in their folder list to show where items are located. Combine that with the journaling there appears to be no need to have all those stubs in the mailbox. We just had to decide at what point do we remove the stubs, and how much potential e-mail do we allow them to gather in their e-mail box.

It was at this point we decided how the setup was going to be;

  • 250MB Mailboxes for GenPop, 500MB for Executives
  • 10MB attachment size limit
  • No more then 90 days in Deleted Items Folder
  • No more then 365 days with in rest of e-mail box.

Resolution:

Question is how do we get there.

  • Set the Mailbox Issue Warning at 250MB:
    Set-MailboxDatabase -Identity "Server1\MailboxDatabase1″ -IssueWarningQuota 262144000-QuotaNotificationSchedule "Sun.2:00-Sun.3:00″,"Wed.2:00-Wed.3:00″
  • Set 10MB Attachment
    Set-TransportConfig -MaxReceiveSize 10MB -MaxSendSize 10MB
  • Create the Retention Policy, and Policy Tags. (More on that later)
  • Apply the Retention Policies.


Given we had to apply the retention policies on a migration type schedule we had to create a script in order to do that in stages by using a filter to return the results we wanted, parse that data, then send that to the EMS Commands. The below powershell commands can be created to a PS1 and altered for your enviorment.

### Add's Exchange 2010 Powershell Functionality to Powershell Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

### THIS SEARCHES AND LISTS THE ACCOUNT NAME BY SEARCHING TWO DIFFERENT LETTERS # THIS IS MEANT TO CATCH UP SINCE MRM POLICES HAVEN'T BEEN APPLIED TO EXCHANGE YET # In the future you can remove the -Filter and just do them all. # Outputs to c:\temp

$FilterContent = {$_.RecipientType -eq "UserMailbox"}
Get-Mailbox | Where-Object $FilterContent | Select-Object Alias | Out-File C:\temp\UsersToProcess.txt

#Trimming the Out-File Content for use by Exchange

(Get-Content "C:\temp\UsersToProcess.txt") -notmatch "Alias" | Out-File "C:\temp\UsersToProcess.txt" (Get-Content "C:\temp\UsersToProcess.txt") -notmatch "—-" | Out-File "C:\temp\UsersToProcess.txt" $TrimUsersToProcess = Get-Content "C:\temp\UsersToProcess.txt" $TrimUsersToProcess.Trim() | Out-File C:\temp\UsersToProcess.txt

### Setting the Retention Policy

$RetentionPolicyName = $RetentionPolicyName =
$SetRetentionUsers = Get-Content "C:\temp\UsersToProcess.txt" ForEach($RetentionUser In $SetRetentionUsers) {$SetRetentionComment = Set-Mailbox -Identity $RetentionUser -RetentionComment '$RetentionPolicyComment'}
ForEach($RetentionUser In $SetRetentionUsers) {$SetRetentionComment = Set-Mailbox -Identity $RetentionUser -RetentionPolicy 		'$RetentionPolicyName'}

### Confirmation of Results Get-Mailbox | Where-Object $FilterContent | Select-Object SamAccountName, RetentionPolicy, RetentionComment | FT

Write-Host -foregroundcolor "Cyan" 'You should see a table where everyone has a Retenion Policy that matches $RetentionPolicyName'

Exchange 2013 - DAG - Failed And Suspended

Overview:

Happen to be in the Exchange Control Panel and noticed that on our DAG it was listed as "Failed and Suspended" for the status of one of the members. I was perplexed that we didn't catch this from our monitoring or any where else, but that's a whole other issue.  My concern here was it was obviously failed.  Attempting an Update or Resume resulted in no feedback in the ECP and no change in Status.

Troubleshooting.

In this case, this is the message I saw when running Get-MailboxDatabaseCopyStatus in the EMS:

It was here, that as I mentioned above, that the status wasn't changed upon attempting to update or resume the database copy.  I attempted an Update-MailboxDatabaseCopy as one would assume would reseed the database, I even added the -DeleteExistingFiles switch specifically to start from scratch, yet recieved "The seeding operation failed... ...which may be due to a disk failure"

At this point, one would have expected I assumed there was a disk problem.  Having said that I checked to make sure the disk was mounted, even browsed it and assumed this was a typical non-descript error message.  At this point, I decided that the beauty of a DAG and having multiple copies is that I could just "whack" the DB copy and reseed from scratch.  I went through the process of Removing the mailbox DB copy by doing the Remove-MailboxDatabaseCopy:

That proceeded as expected. However as the message states I went to clear the items (specifically the logs) manually and strangely received an error message "Remove-Item: The file or directory is corrupted and unreadable"

At this point, I was surprised and decided that there actually had to be a disk issue. I browsed manually back to the location and attempted to delete a log file manually and received the same popup within Windows.  I was amazed, I actually had a disk problem. This was only strange to me because our underlying disk is actually an NetApp LUN. That LUN actually holds all three DB Copies from each of the three servers in this instance.  So for one disk to be corrupted and not all three (First off Thank God!) I was miffed.  At this point I went ahead and formatted both the Drive that contained the EDB, and the LOG files.

After confirming that the DB Copy Status didn't show the original copy still I went ahead and ran the Add-MailboxDatabaseCopy command to reseed form scratch a copy of the DB.  Wella, it worked and began copying over.

The WHY:

I suspect from looking at the log dates on the server and the time that it was last inspected that it relates to a power outage we sustained.  About 3 weeks back we had a situation where we were getting bad power from both GRIDs that fed our building, and datacenter UPS.  After dealing with bad power, our Emerson UPS decided it had enough and was toggling between battery and no battery power.  Because it was toggling so frequently it actually depleted the batteries.  Despite knowing that we left our systems up while they charged since power seemed to be okay, no flickers, nothing.  Newton struck and before the batteries had enough juice to hit sustain a brown out moment,

Exchange 2013 - Custom DLP Sensitive Information Rules

Overview:

Recently found the need to filter, or at least be aware of e-mails being sent that contained specific information.  An example would be legal matters, where certain information shouldn't be e-mailed outside of the company.  Creating a Sensitive Information Rule and combing that with a Data Loss Prevention Policy, you can have that information blocked, or at least the appropriate person or persons notified.

Overall this scenario came about with regards to building a better internal auditing system.  Creating the DLP alone isn't the only thing needed to build a more complete picture of what "users" may be doing, but only a piece of the puzzle.  In most cases you need to combine it with at least File Server auditing, and local workstation auditing to build the larger picture.

The How:

Creating and importing custom Classifications

  1. First you need to create your custom policy XML
  2. Save as XML Unicode UTF-8 file with an extension of XML.
  3. Open the XML in internet explorer if its formatted correctly you will see the XML.
  4. Then import with Powershell New-ClassificationRuleCollection –FileData ([Byte[]]$(Get-Content -path INSERT YOUR PATH -Encoding byte -ReadCount 0))
  5. Once its imported you should be able to create a new DLP policy using the EAC

Creating a custom DLP Rule

  1. Login to EAC (i.e https://mail.domain.com/ecp)
  2. Click Compliance Management, data loss prevention
  3. imageimage
  4. Click the Plus , then New custom policy
  5. image
  6. Name your policy and Choose your mode (I like to test with Policy tags), and click Save
  7. image
  8. Select the policy and click the edit your new policy
  9. Select Rules from the left
  10. image
  11. Click the to Create a new rule
  12. On the Apply this rule if field choose The message contains Sensitive information..
  13. Click *Select sensitive information types….. (if applicable)
  14. image
  15. Click the to choose from the list,
  16. You should now see your new classification

Useful Tools

The one thing I noticed that caused some issues from other examples such as: http://technet.microsoft.com/en-us/library/jj674703%28v=exchg.150%29.aspx and http://exchangemaster.wordpress.com/2013/05/15/creating-custom-dlp-classification-rules-and-policy/ is that they mention UTF-16 in the header, as well as TechNet uses a command block. I found that using either example caused an error upon import via powershell.  Notice the difference in my example below that I had to switch it to UTF-8 to get powershell to even read the XML.

Need to make sure you replace the below GUID's with self created ones form above.

<?xml version="1.0" encoding="utf-8"?> <RulePackage xmlns="http://schemas.microsoft.com/office/2011/mce"> <RulePack id="797f6b49-682c-42e4-8577-aac6eadd1428"> <Version major="2" minor="0" build="0" revision="0"/> <Publisher id="1a2d8dc3-075b-4ad5-8116-20e90314ade2"/> <Details defaultLangCode="en-us"> <LocalizedDetails langcode="en-us"> <PublisherName>Aaron Bianucci while at FHP</PublisherName> <Name>Test Keyword</Name> <Description>This is a test rule package</Description> </LocalizedDetails> </Details> </RulePack> <Rules> <Entity id="365fa6fb-9a59-4750-b82f-14647b382319" patternsProximity="300" recommendedConfidence="85" workload="Exchange"> <Pattern confidenceLevel="85"> <IdMatch idRef="Regex_Exchange" /> <Any minMatches="1"> <Match idRef="Regex_DLP" /> <Match idRef="Regex_2013" /> </Any> </Pattern> </Entity> <Regex id="Regex_Exchange">(?i)(\bExchange\b)</Regex> <Regex id="Regex_DLP">(?i)(\bDLP\b)</Regex> <Regex id="Regex_2013">(?i)(\b2013\b)</Regex> <LocalizedStrings> <Resource idRef="365fa6fb-9a59-4750-b82f-14647b382319"> <Name default="true" langcode="en-us"> Test Rule Pack AMB </Name> <Description default="true" langcode="en-us"> Test rule pack - Detects Aaron Drone </Description> </Resource> </LocalizedStrings> </Rules> </RulePackage>

Enable SSL Offloading in CAS Array

Conceptual diagrams: The following diagram illustrates client connectivity with SSL Offloading (SSL acceleration) enabled:

Configuring SSL Offloading for Outlook Web App (OWA)

To configure SSL offloading for Outlook Web App (OWA), you must perform two steps on each CAS server in the respective CAS array. First, you must add a SSL offload REG_DWORD key. To do so, open the registry editor and navigate down to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Under this registry key, create a new REG_DWORD key named “SSLOffloaded” and set the value for this key to “1

Next disable the requirement for SSL on the OWA virtual directory. To do so,  open the IIS Manager and expand theDefault Web Site. Under the Default Web Site, select the “owa” virtual directory. Under features view, double-click on “SSL Settings”.

Finally, open a command prompt window and run “

iisreset /noforce

in order for the changes to be applied.

Configuring SSL Offloading for Exchange Control Panel (ECP) 

Unlike OWA, configuring SSL offloading for the Exchange Control Panel (ECP) doesn’t require a registry key to be set. Well, to be more specific ECP will use the same registry key as the one we set for OWA.

So in order to enable SSL offloading for ECP, the only thing we need to do is to disable the SSL requirement on the ECP virtual directory. To do so, let’s open the IIS Manager and expand the Default Web Site. Under the Default Web Site, select the “ecp” virtual directory. Under features view, double-click on “SSL Settings”.

So in order to enable SSL offloading for ECP, the only thing we need to do is to disable the SSL requirement on the ECP virtual directory. To do so, let’s open the IIS Manager and expand the Default Web Site. Under the Default Web Site, select the “ecp” virtual directory. Under features view, double-click on “”.

Now uncheck ”

Require SSL

” and click “

Apply

” in the Actions pane.

Finally, open a command prompt windows and run “

iisreset /noforce

” so that the changes are applied.

Configuring SSL Offloading for Outlook Anywhere (OA)

To enable SSL offloading for Outlook Anywhere only requires one step which depending on whether Outlook Anywhere already is enabled or not can be done via the Exchange Management Console (EMC) or the Exchange Management Shell (EMS).

If you haven’t yet enabled Outlook Anywhere yet, you can select to use SSL offloading when running the “

Enable Outlook Anywhere

” wizard. You can access this wizard by right-clicking on the respective CAS server in EMC and select “

Enable Outlook Anywhere

” in the context menu.

This brings up the wizard where you enter the external host name to be used and check “

Allow secure channel (SSL) offloading

”.

If you already enabled Outlook Anywhere in your environment, you need to use the Set-OutlookAnywhere cmdlet to enable SSL offloading. If this is the case, open the Exchange Management Shell and type the following command:

Set-OutlookAnywhere –Identity CAS_server\RPC* -SSLOffloading $true

Running the above command will disable the requirement for SSL for the RPC virtual directory in IIS, which means we don’t need to do so manually like it’s the case with the other services/protocols.

Configuring SSL Offloading for the Offline Address Book (OAB)

To enable SSL offloading for the Offline Address Book (OAB) you just need to remove the SSL requirement on the OAB virtual directory. To do so, let’s open the IIS Manager and expand the Default Web Site. Under the Default Web Site select the “OAB” virtual directory. Under features view, double-click on “SSL Settings”.

Now uncheck ”

Require SSL” and click “Apply” in the Actions pane.

Finally, open a command prompt windows and run “iisreset /noforce” so that the changes are applied.

Configuring SSL Offloading for Exchange ActiveSync (EAS)

Some of you may probably recall you have read on Microsoft TechNet and various other places, that it isn't supported . This used to be true but is now fully supported (although the Exchange documentation on Microsoft TechNet hasn’t been updated to reflect this yet).

SSL offloading for Exchange ActiveSync is only supported at the Internet ingress point. It’s still not supported in CAS-CAS proxy scenarios between Active Directory sites.

Configuring Exchange ActiveSync to support SSL offload is very simple. You only need to remove the requirement for SSL in IIS. To do so, let’s open the IIS Manager and expand the Default Web Site. Under the Default Web Site select the “Microsoft-Server-ActiveSync” virtual directory. Under features view, double-click on “SSL Settings”.

Now uncheck ”Require SSL” and click “Apply” in the Actions pane.

Finally, open a command prompt windows and run “

iisreset /noforce

” so that the changes are applied.

 Configuring SSL Offloading for Exchange Web Services (EWS)

With Exchange 2010 SP1 and SP2, you will no longer need to modify the web.config file. Performing the process below with the new SP1 or SP2 files will cause EWS to fail activation. To offload SSL for EWS, you only need to remove the SSL requirement from the IIS virtual directory as described in the steps above.

To configure SSL offloading for Exchange Web services in Exchange 2010 RTM, you must perform two modifications. The first one is to remove the SSL requirement for the EWS virtual directory in IIS. To do so, let’s open the IIS Manager and expand the Default Web Site. Under the Default Web Site select the “EWS” virtual directory. Under features view, double-click on “SSL Settings”.

Now uncheck ”Require SSL” and click “Apply” in the Actions pane.

Next step is to make a change to the configuration file (web.config) for the EWS virtual directory. This file can be found under C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\ews and be modified using a text editor such as Notepad.

It's recommended you take a backup of the web.config file before you perform the next step.

In the web.config file, replace all occurrences of “

httpsTransport

” with “

httpTransport

” and then save the file.

The new SP1 web.config file contains binding entries for both 

httpTransport

 and 

httpsTransport 

that match the Binding name.  For example, there is an 

EWSHttpBinding

 and an 

EWSHttpsBinding

 now.

Finally, open a command prompt windows and run “

iisreset /noforce

” so that the changes are applied.

With Exchange 2010 SP1, you will no longer need to modify the web.config file. To offload SSL for EWS, you only need to remove the SSL requirement from the IIS virtual directory.

Configuring SSL Offloading for Autodiscover Service (AS)

To enable SSL offloading for the Autodiscover service, you must perform the same steps as those applied to the Exchange Web service virtual directory.

With Exchange 2010 SP1 and SP2, you will no longer need to modify the web.config file. Performing the process below with the new SP1 or SP2 files will cause Autodiscover to fail activation. To offload SSL for Autodiscover, you only need to remove the SSL requirement from the IIS virtual directory as described in the steps above.

To configure SSL Offloading for Autodiscover on Exchange 2010 RTM, open the IIS Manager and expand the Default Web Site. Under the Default Web Site select the “Autodiscover” virtual directory. Under features view, double-click on “

SSL Setting

s”.

Now uncheck ”

Require SSL

” and click “

Apply

” in the Actions pane.

Next you need to change the configuration file (web.config) for the Autodiscover service virtual directory. This file can be found under 

C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Autodiscover

 and be modified using a text editor such as Notepad.

It's recommended you take a backup of the web.config file before you perform the next step.

In the web.config file, replace all occurrences of “

httpsTransport

” with “

httpTransport

” and then save the file.

The new SP1 web.config file contains binding entries for both 

httpTransport

 and 

httpsTransport 

that match the Binding name.  For example, there is an 

AutodiscoverBasicHttpBinding

 and an 

AutodiscoverBasicHttpsBinding

 now.

Finally open a command prompt windows and run “iisreset /noforce” so that the changes are applied.

Customize Outlook Web App for Exchange 2013

Customize the color of the sign-in page

  1. Log on to the Exchange server and use Windows Explorer to go to the Exchange server installation directory and find \V15\FrontEnd\HttpProxy\owa\auth\<version>\themes\resources.
  2. Use a text editor, such as Notepad, to open logon.css.
  3. Search for the default color value #0072c6 and replace it with the HTML RGB value for the color you want to use. You can find HTML RGB values here: Color Table.
  4. Save and close the file.

 Customize the color of the error page

  1. Log on to the Exchange server and use Windows Explorer to go to the Exchange server installation directory and find \V15\FrontEnd\HttpProxy\owa\auth\<version>\themes\resources.
  2. Use a text editor, such as Notepad, to open errorFE.css.
  3. Search for the default color value #0072c6 and replace it with the HTML RGB value for the color you want to use. You can find HTML RGB values here: Color Table.
  4. Save and close the file.

 Customize the color of the language selection page

  1. Log on to the Exchange server and use Windows Explorer to go to the Exchange server installation directory and find \V15\Client Access\OWA\version\Owa2\resources\styles.
  2. Use a text editor, such as Notepad, to open languageselection.css.
  3. Search for the default color value #0072c6 and replace it with the HTML RGB value for the color you want to use. You can find HTML RGB values here: Color Table.
  4. Save and close the file.

 Customize the images on the sign-in and error pages

Use an image editing tool to open and edit the images used to build the sign-in and error pages.

  1. Log on to the Exchange server and use Windows Explorer to go to the Exchange server installation directory and find \V15\FrontEnd\HttpProxy\owa\auth\<version>\themes\resources.
  2. Use a graphics editor to open and modify the following files:
    • owa_text_blue.png, to change the “Outlook Web App” text logo.
    • olk_logo_white.png, to change the app logo in the left bar.
    • olk_logo_white_cropped.png, to change the image in the left side panel of the error page.
    • sign_in_arrow.png, to change the icon left of the “sign in” button.
    • olk_exchange_text_blue.png, to change the “Outlook Mobile” logo on tnarrow layout.
    • olk_logo_white_small.png is used in tnarrow.
    • olk_exchange_text_stacked_white_small.png is used in tnarrow.
  3. Search for the default color value #0072c6 and replace it with the HTML RGB value for the color you want to use. You can find HTML RGB values here: Color Table.
  4. Save and close the file.

Reference: http://technet.microsoft.com/en-us/library/ee633483(v=exchg.150).aspx

Creating and managing rooms and resources

Description

Scheduling for conference rooms and resources like projectors is handled automatically by Microsoft Exchange

Create a conference room

Using the Exchange Management console, navigate to Recipient Configuration and select Mailbox so that you see the list of mailboxes

  1. Right click on Mailbox and choose New Mailbox
  2. If you are creating a conference room, choose "Room Mailbox".  If you are creating a resource such as a projector, choose "Equipment Mailbox" and click Next
  3. Leave the selection on "New User" and click Next
  4. Select the organizational unit checkbox and put the new mailbox user into the Company\Resources organizational unit
  5. First name should be descriptive like "Conference Room" or "Toshiba".  Last name should be the room number like "2N11" or the resource type of "Projector".  The display name should be modified for conference rooms to match the format of "Conference Room - 2N11".  The user login name for conference rooms should be "conference2N11" and resources should be like "toshibaprojector".  Click Next
  6. The alias should match the user login name and be left alone.  Click Next
  7. After the user and mailbox are created, find it in the Mailbox list and right click and choose Properties
  8. Click on the Resource General and make sure the "Enable the Resource Booking Attendant" is checked

The next step requires the Exchange Management shell.  Start one from a workstation or Exchange server and enter the following command

1
Set-CalendarProcessing -Identity "room1" -RemoveOldMeetingMessages $false

This will make sure the resource never deletes old appointments.  This is important for resources so that the person who checked out the resource last can be identified

Shoretel - Workgroup stuck in "Off-Hours"

shoretel.png

Overview:

In Shoretel you can set a schedule for a work group to set your "On-Hours" and "Off-Hours" to have different call handling modes.  In this case we have the "Off-Hours" set to ring a night bell that can be picked up from any phone.

The situation today is that all calls during the "On-Hours" were ringing that Night Bell instead of the workgroup.

Observations:

What we were able to see;  On any company extension, when you dial the number for the workgroup you immediately saw it forward to the "Night Bell".  Our immediate thought was that the Operators were not logged in, thus forcing it into Off-Hours. That wasn't the case.  At this point, we confirmed the Time\Date on the server to make sure it matched the schedule for the workgroup, it did.   At this point we were pretty much at a loss, everything looked to be operating normally.

Finally we found it...  The "Current Call Handling Mode" was stuck in "Off-Hours".   Why we overlooked this box to begin with, not sure but we missed it.

Solution:

At this point we tried to change the schedule to another one of our schedules.  That did not do the trick.  We tried taking off the schedule completely, no joy.  Attempted to also alter the time on the server to put it into "Off Hours" then back to "On-Hours". That didn't work either.

What did work was editing the hours for the date. For instance, if it was Tuesday we edited the original schedule to remove any configuration.  Upon saving we referred it back to how it was prior and we were good to go.   The Call Handling mode returned to On-Hours.

Force Update Shoretel Client

shoretel.png

Learned a new trick today regarding Shoretel.  We are prepping to deploy Lync Online out to the company, however Lync and the Shoretel Communicator don't play nice depending on the version.  Combine that with Shoretel only prompting once for a client side update when you go between backend versions we could almost guarantee there would be major issues if just pushed out Lync. However found a little trick in the Shoreware director.  If you go to "System Parameters" "Other", there is a section that allows you to have a Minimum Allowed Client and a Minimum Required client. If you updated those to be the current or version needed it will immediately prompt and require a client side upgrade on the clients.

Bulk Folder Permissions Changes

powershell.jpg

How to  use:

  1. Copy attached BulkSet-NTFSPermissions.ps1 script to C:\Temp
  2. Open Powershell
  3. Run this command:List Folders to File
    Get-ChildItem REPLACEWITHPATH | Where-Object {$_.psIsContainer} | Select fullname | Out-File c:\temp\FolderPermissions.txt
  4. Open the c:\temp\FolderPermissions.txt File
  5. Remove the First 3 lines.  The first line is whitespace, the second says Full Name, the third is ----.
  6. Open Powershell and navigate to c:\temp
  7. Run the following command with the persons user id.
    .\BulkSet-NTFSPermissions.ps1 -FolderListFile c:\temp\FolderPermissions.txt -SecIdentity "Domain\Group or User" -AccessRights "FullControl" -AccessControlType "Allow"

Below is original Syntax of Command

.\BulkSet-NTFSPermissions.ps1 -FolderListFile x:\xxxx\xxxx.txt -SecIdentity "Domain\Group or User" -AccessRights "FullControl" -AccessControlType "Allow"

Here is the options.

  • FolderListFile: a flat text file containing the list of path that need to apply the NTFS permission. It needs to list one folder per line. the path can be a absolute local path such as C:\temp or a UNC path such as \\computer\C$\temp.
  • SecIdentity: The security identity (such as a user account or a security group) the permission is applied for.
  • AccessRights: type of access rights, such as FullControl, Read, ReadAndExecute, Modify, etc..
  • AccessControlType: Allow or Deny

Exchange 2013 Migration via Powershell script based upon search.

ems.jpg

ExchangeMigrationWeb.ps1Overview:

During a migration from 2010 to 2013 we were working on changing some of our e-mail retention policies.  We had implemented journaling through a Barracuda Message Archiver to retain our messages per company policy. Second to that, we also wanted to migrate our e-mail storage from our existing mentality of just letting people manage an unlimited "pot" of e-mail. This isn't very cost effective for one, second to that it doesn't make for an Exchange Environment that is easy to manage and project future costs.

Because of this we were going to finally put into place e-mail box quotas to force people to clean up their mailbox.  We already had retention policies in place, however our average mailbox size was still well over 2GB.  That being the case we decided to set a max size of 2GB in order to allow for the future projection of growth, and keep a relatively static cost regarding our high end storage that is hosting our DAG.

The first issue we ran into (Other then how to deal with lowering those over 2GB) was how to migrate forward while at the same point dealing with those boxes that were larger.   Even though we could look into exchange and get a list of all the mailboxes that are currently below the 2GB quota, to have to parse through the Migration Job Wizard and manually select all those users would be tedious.  So... a script is in order to handle this for us.

The "how":

Well even as great as Exchange is, it doesn't make it easy to accomplish this.  The "TotalItemSize" property that contains the full mailbox size is stored within the Get-MailboxStatistics CMDlet.  However the New-Migration, or New-MigrationBatch CMDlets require an e-mail address in order to process a migration, and that is NOT stored in the Get-MailboxStatistics CMDlet.  There are several "commonalities" between the various CMDlets, such as GUID, Display Name and so forth, however we decided to use DisplayName from Get-Mailbox.

Essentially what we did was run Get-MailboxStatistics with a filter based upon the TotalItemSize being less then 1.5GB and not already existing in the new databases.  We then ran the Get-Mailbox Command to return all mailbox DisplayNames, and compared the two files in order to build a text file that could then be ran to return all of the "PrimarySMTPAddress" from the Get-Mailbox command to have the correct information needed to do the migration batch file.

Below is a snippet of that code.  You will also notice that there was some triming and parsing of the file in order to translate from the output of the Get-MailboxStatistics to the format needed to run the loop to pull the e-mail addresses.

###     SET YOUR VARIABLES FOR THE SEARCH CRITERIA      ####
$ServerSearchVariable="*ex2013*"
$TotalItemSizeVariable="100MB"

###     SET YOUR VARIABLES FOR THE COMPARE and IMPORT      ####
$CompareFile="c:\temp\compare.txt"
$PrimarySMTP="C:\temp\PrimarySMTP.txt"
$MigrationEmails="C:\temp\MigrationEmails.txt"
###     Do the compare of MBStats based upon Total Item size set above and the server name variable
Write-Host -foregroundcolor Yellow "Running the compare to gather the list of users who will be part of this migration"
$MBStats=Get-Mailbox | Get-MailboxStatistics | Where-Object {$_.TotalItemSize -lt $TotalItemSizeVariable -and $_.ServerName -notlike "$ServerSearchVariable"} |Select-Object DisplayName
$MBName=Get-Mailbox | Select-Object DisplayName
$FileCompare=Compare-Object $MBStats $MBName -IncludeEqual
$FileCompare | Where-Object {$_.SideIndicator -like "=="} | Out-File $CompareFile
###  Here I am Trimming the file to get it ready for the comparison
Write-Host -foregroundcolor Yellow "Trimming and parsing file"
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "@{DisplayName=", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "}", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "InputObject", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "SideIndicator", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "-----------   ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " --  ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " ==  ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ? {$_.trim() -ne "" } | Set-Content $CompareFile
###     Comparing the Get-MailboxStatistics search to the full list of e-mail addresses and returning PrimarySMTP to setup the text file for the migration
Write-Host -foregroundcolor Yellow Comparing the files and translating to e-mail addresses
$FinalCompare=Get-Content $CompareFile
Foreach ($line in $FinalCompare)
{
    $smtp=Get-Mailbox | Where-Object {$_.Name -eq "$line"} | Select-Object PrimarySmtpAddress
    Add-Content $PrimarySMTP $smtp
}
### Pruning File prior to import
Write-Host -foregroundcolor Yellow "Final Pruning"
(Get-Content $PrimarySMTP) | ForEach-Object {$_ -replace "@{PrimarySmtpAddress=", ""} | Set-Content $PrimarySMTP
(Get-Content $PrimarySMTP) | ForEach-Object {$_ -replace "}", ""} | Set-Content $PrimarySMTP

The above code basically gives you a list of E-Mail addresses based upon the search criteria you set and put it's into the proper format for the New-Migration CMDLet.  The file that is created will look like:

EMailAddress
user1@domain.com
user2@domain.com
user3@domain.com
user4@domain.com
...

Below is the rest of the script (Also Attached).   The first portion of it makes sure that the location of the temp files is clean on the off chance it wasn't prior.  The last portion not only starts the exchange migration, but also cleans up after itself.

#### Cleanup of Previous files if they existed 

    if (Test-Path C:\temp\compare.txt | Where-Object {$_ -eq "True"})
    {
        Remove-Item C:\temp\compare.txt
    }
    else
    {
        Write-Host -foregroundcolor Gray "Compare.txt didn't exist"
    }

    if (Test-Path C:\temp\PrimarySMTP.txt | Where-Object {$_ -eq "True"})
    {
        Remove-Item C:\temp\PrimarySMTP.txt
    }
    else
    {
        Write-Host -foregroundcolor Gray "PrimarySMTP.txt didn't exist"
    }

    if (Test-Path C:\temp\MigrationEmails.txt | Where-Object {$_ -eq "True"})
    {
        Remove-Item C:\temp\MigrationEmails.txt
    }
    else
    {
        Write-Host -foregroundcolor Gray "MigrationEmails.txt didn't exist"
    }

###     SET YOUR VARIABLES FOR THE SEARCH CRITERIA      ####

$ServerSearchVariable="*ex2013*"
$TotalItemSizeVariable="400MB"

###     SET YOUR VARIABLES FOR EXCHANGE ENVIRONMENT     ####
$ExchDB="EX2013-DAG1"
$MigrationName="Under 400 MBv2"

###     SET YOUR VARIABLES FOR THE COMPARE and IMPORT      ####

$CompareFile="c:\temp\compare.txt"
$PrimarySMTP="C:\temp\PrimarySMTP.txt"
$MigrationEmails="C:\temp\MigrationEmails.txt"

###     Do the compare of MBStats based upon Total Item size set above and the server name variable

Write-Host -foregroundcolor Yellow "Running the compare to gather the list of users who will be part of this migration"

$MBStats=Get-Mailbox | Get-MailboxStatistics | Where-Object {$_.TotalItemSize -lt $TotalItemSizeVariable -and $_.ServerName -notlike "$ServerSearchVariable"} |Select-Object DisplayName
$MBName=Get-Mailbox | Select-Object DisplayName
$FileCompare=Compare-Object $MBStats $MBName -IncludeEqual
$FileCompare | Where-Object {$_.SideIndicator -like "=="} | Out-File $CompareFile

###  Here I am Trimming the file to get it ready for the comparison

Write-Host -foregroundcolor Yellow "Trimming and parsing file"
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "@{DisplayName=", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "}", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "InputObject", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "SideIndicator", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace "-----------   ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " --  ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " ==  ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ForEach-Object {$_ -replace " ", ""} | Set-Content $CompareFile
(Get-Content $CompareFile) | ? {$_.trim() -ne "" } | Set-Content $CompareFile

###     Comparing the Get-MailboxStatistics search to the full list of e-mail addresses and returning PrimarySMTP to setup the text file for the migration

Write-Host -foregroundcolor Yellow Comparing the files and translating to e-mail addresses
$FinalCompare=Get-Content $CompareFile
Foreach ($line in $FinalCompare)
{
    $smtp=Get-Mailbox | Where-Object {$_.Name -eq "$line"} | Select-Object PrimarySmtpAddress
    Add-Content $PrimarySMTP $smtp

}

### Pruning File prior to import
Write-Host -foregroundcolor Yellow "Final Pruning"
(Get-Content $PrimarySMTP) | ForEach-Object {$_ -replace "@{PrimarySmtpAddress=", ""} | Set-Content $PrimarySMTP
(Get-Content $PrimarySMTP) | ForEach-Object {$_ -replace "}", ""} | Set-Content $PrimarySMTP

###   SENDING NOTIFICATION MESSAGE
###   Setting Variables for the message   ###

$Smtp = "SMTP SERVER" 
$From = "noreply@DOMAIN.com" 
$CC=""
$BCC=""
$Subject = "Your E-Mail Box is Migrating"  
$Body = get-content C:\TEMP\content.html

#### Now send the email using \> Send-MailMessage  

### IF YOU NEED TO CC or BCC you can comment out the current Send-MailMessage Line and uncomment the one containing the CC and BCC arguments
# Send-MailMessage -SmtpServer $Smtp -To $To -From $From -CC $CC -BCC $BCC -Subject $Subject -Body "$Body" -BodyAsHtml -Priority high 

$NotificationPerson=Get-Content $PrimarySMTP
Foreach ($person in $NotificationPerson)
{
Send-MailMessage -SmtpServer $Smtp -To $person -From $From -Subject $Subject -Body "$Body" -BodyAsHtml -Priority high 

}

###  File pruned, need to added EMailAddress to format import file
Write-Host -foregroundcolor Yellow "Reformating Migration file"
 Add-Content -Path $MigrationEmails -Value EmailAddress
 Add-Content -Path $MigrationEmails -Value (Get-Content $PrimarySMTP)

###     BEGIN MIGRATION   ####
Write-Host -foregroundcolor Yellow "Adding Migration to Exchange 2013"
New-MigrationBatch -Name "$MigrationName" -CSVData ([System.IO.File]::ReadAllBytes("$MigrationEmails")) -Local -TargetDatabase $ExchDB -AutoStart -AutoComplete

Write-Host -foregroundcolor Yellow "##################################"

    if (Get-MigrationBatch -Identity "$MigrationName" | Where-Object {$_.Identity -like "$MigrationName"})
    {
        Write-Host -foregroundcolor Yellow "Migration Batch of $MigrationName has started"
    }
    else
    {
        Write-Host -foregroundcolor Yellow "$MigrationName did NOT START"
    }

Write-Host -foregroundcolor Yellow "##################################"
Write-Host -foregroundcolor Yellow "Cleaning Up Files"
Write-Host "Starting sleep to allow upload."
Start-Sleep 30

###   CLEANUP FILES

#Remove-Item $CompareFile
#Remove-Item $PrimarySMTP
#Remove-Item $MigrationEmails

#Write-Host -foregroundcolor Yellow "$CompareFile , $PrimarySMTP , and $MigrationEmails were removed"
Write-Host -foregroundcolor Yellow "COMPLETE"

ExchangeMigrationWeb.ps1

List All Users in an OU

powershell1.jpg

Overview:

There may be a time when you need to list all the users of a specific OU, not just the entire domain.  An example, is if your Organizational Units were broken down in departments and you wanted to compare that department to an active employee roster for instance.  Other times, you may seperate your OU's into one that contains your company accounts vs. service accounts.

Knowledge:

For this case, you can use the Get-ADuser commandlet in order to do so.  Below is a screenshot of the default properties shown, and a second showing the extended properties.

Extended Properties:

Example Command:

This command will search the OU Company in the Domain Example.com, It will also select just the Surname, and Given Name sorting by the Surname.

Get-ADUser -Filter * -SearchBase "ou=company,dc=example,dc=com" | Select-Object Surname, GivenName | Sort-Object Surname

If you wanted to PIPE it out to a CSV file so you can open in Excel you can do that by using the Export-Csv command:

Get-ADUser -Filter * -SearchBase "ou=company,dc=example,dc=com" | Select-Object Surname, GivenName | Sort-Object Surname | Export-Csv c:\temp\AllUsers.csv
References:

TechNet Wiki Get-ADUser

Script - Display File list with sizes

powershell.jpg

In Powershell we can display a list of files, such as doing a dir in a command prompt or doing a file view.  We do however have some special abilities that we can only do through powershell.  Below are a few examples.

Sort by Name with Length

Get-ChildItem FolderName | Select-Object Name, Length

Get Top 10 by size (to change the "top number" change the 10 to whatever)

Get-ChildItem FolderName | Select-Object Name, Length | sort-object length -descending | select-object -first 10