Posts Tagged ‘powershell’

Hi Folks,

today’s challenge was to bulk set calendar rights in a multilingual environment (with powershell).
On the net you can find some articles that address similar problems, but no real solution.

Download the follwing scripts as txt here.

Here my quick an dirty script:

# Set default as LimitedDetails for all calendars.
# Will get the language forch each users calendar Folder
# TEST WITH ONE ORE MORE USERS
# foreach($mbx in Get-Mailbox -identity USER | where-object {$_.displayname -like "*test user*"})


foreach($mbx in Get-Mailbox -ResultSize Unlimited | where-object {$_.displayname -notmatch "discovery"})

{
$Calfolder = $Mbx.Name
$Calfolder += ':\'
$CalFolder += [string](Get-mailboxfolderstatistics $Mbx -folderscope calendar).Name
$mbx = $CalFolder
$test = Get-MailboxFolderPermission -Identity $mbx -erroraction silentlycontinue
if($test -ne $null)
{
Set-MailboxFolderPermission -Identity $mbx -User Default -AccessRights LimitedDetails | out-null
}
}

If you want to create all new mailboxes with special permissions you nee to configure the Cmdlet Extension Agent
To enable the agent this you have to the following steps:

  • Create an XML file named ScriptingAgentConfig.xml  and save it in your Exchange’s Default Directory on EVERY Exchange Server in your organization
    e.g. C:\Program Files\Microsoft\Exchange Server\V15\Bin\CmdletExtensionAgents

    <?xml version=”1.0″ encoding=”utf-8″ ?>
    <Configuration version=”1.0″>

    <Feature Name=”MailboxProvisioning” Cmdlets=”New-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 10
    $mbx =  (Get-User $provisioningHandler.UserSpecifiedParameters[“Name”]).distinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    <Feature Name=”MailboxProvisioning” Cmdlets=”Enable-Mailbox”>
    <ApiCall Name=”OnComplete”>
    if($succeeded)
    {
    start-sleep -s 5
    $user = Get-User -Identity $provisioningHandler.UserSpecifiedParameters[“Identity”]
    $mbx = Get-Mailbox -Identity $user.DistinguishedName
    Set-MailboxFolderPermission -Identity $mbx”:\Calendar” -User “Default” -AccessRights LimitedDetails
    }
    </ApiCall>
    </Feature>

    </Configuration>

 

  • Use the Exchange Management Shell and run the following command on EVERY Exchange server in your organization:
    Enable-CmdletExtensionAgent “Scripting Agent”
  • Create new user

Cheers,

Chris

Hey Folks,
here is an example to easy set ACLs on a Windows fileserver by importing path an permissions from a CSV file:

$Permissions = Import-Csv e:\permissions.csv -delimiter '|'
ForEach ($line in $Permissions)
{
 $acl = Get-Acl $line.Path
 $acl.SetAccessRuleProtection($True, $False)
 $rule = New-Object System.Security.AccessControl.
FileSystemAccessRule($line.Group,"Modify","ContainerInherit, ObjectInherit",
 "None", "Allow")
#-------------------------------------------------------------
# The above line can be edited like the reference at the end.
#-------------------------------------------------------------
 $acl.AddAccessRule($rule)
 Set-Acl $line.Path $acl
 }

The CSV has to look like this:

Path|Group
e:\folder1\subfolder1|domain\group1
e:\folder1|subfolder2|domain\group2
e:\folder2|subfolder1|domain\group3
e:\folder2|subfolder2|domain\group4

Reference Table:

Subfolders and Files only InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly
This Folder, Subfolders and Files    InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.None
This Folder, Subfolders and Files InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.NoPropagateInherit
This folder and subfolders InheritanceFlags.ContainerInherit, PropagationFlags.None
Subfolders only InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly
This folder and files InheritanceFlags.ObjectInherit, PropagationFlags.None
This folder and files InheritanceFlags.ObjectInherit, PropagationFlags.NoPropagateInherit

Source: http://powershell.nicoh.me/powershell-1/files-and-folders/set-folders-acl-owner-and-ntfs-rights

Cheers, Chris

I am often approached by clients on Exchange’s singel item recovery feature. Without tools you can only configure the single item recovery feature PowerShell. This article will provide an overview of the necessary steps.

Activation in Exchange 2010
Activate single-item-recovery for all users

get-mailbox -RecipientType ‘UserMailbox’ | Set-Mailbox -SingleItemRecoveryEnabled $true

Set the deleted-item retention for all databases to 30 days

Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30

Fetch deleted-item retention, database and server

Get-MailboxDatabase | ft name, server, deleteditemretention

Get an overview about mailbox, logon, size, deleted items filtered by city Hamburg

get-recipient  -RecipientType ‘UserMailbox’ -Filter ‘((City -like ”Hamburg”))’ | Get-MailboxStatistics | ft DisplayName,LastLogonTime,LastLogoffTime,TotalItemSize,DeletedItemCount

Recovery
Recover deleted items from user mailboxes

Mailbox export request

New-MailboxExportRequest -Mailbox “Discovery Search Mailbox” -SourceRootFolder “Folder of deleted Mail” -ContentFilter {Subject -eq “Subject of deleted Mail”} -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

If you got an error message that the command Search-Mailbox does not exist, simply close and reopen the Exchange Management shell

Import the messages to the user’s mailbox, use the following command:

New-MailboxImportRequest -Mailbox “Username” -TargetRootFolder “Recovered by Admin” -FilePath \\FileServerName\C$\ExchangeRecovery\RecoveredMails.pst

In the Exchange Management Shell, enter the following command:

Search-Mailbox “Discovery Search Mailbox” -SearchQuery “from:’Username’ AND Subject of deleted Mail” -TargetMailbox “Username” -TargetFolder “Recovered by Admin” -LogLevel Full -DeleteContent

Switch back to the client workstation and check if the message has disappeared from the Discovery Search Mailbox.

Open Outlook and review the new folders from the recovery processes.

Cheers,

Chris

Hi folks,
for several times I wanted to dismount and re-mount one or more mailbox databases from an Exchange 2010 server. It’s a hard way to do this with the EMC so i  figured out the PowerShell commands to do this quick and easy.
Dismount one database:
Dismount-Database -Identity DBNAME -Confirm:$False
Dismount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Dismount-Database -Confirm:$False
Mount a single database
Dismount-Database -Identity DBNAME -Confirm:$False
Mount all databases of a server
Get-MailboxDatabase -Server SERVERNAME | Mount-Database -Confirm:$False

Cheers,

Chris

You can remove the internal address and hostname using the “header firewall” which removes certain rights for the builtin user “Anonymous Logon”. So we remove the ExtendedRight for “ms-Exch-Send-Headers-Routing” for external SMTP-Connector.

First check the access rights of your external connector:

Get-SendConnector “EXTERNAL-CONNECTOR-NAME” | Get-ADPermission | Where-Object { $_.extendedrights –like “*routing*” | fl user, *rights

Be aware to use the right spelling for your Exchange servers’ language:

English OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

German OS:

Remove-ADPermission –id “EXTERNAL-CONNECTOR-NAME” -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT-AUTORITÄT\Anonymous-Anmeldung”

Change FQDN:

Set-SendConnector -id “EXTERNAL-CONNECOR-NAME” -FQDN:mail.company.com

Regards,

Chris

If not configured Exchange sets the standard notification schedule to monday, 4 a.m. once a week. To bulk change this, you have to edit all databases properties with the EMC or simply run the following PowerShell command with equals the GUI setting “Daily 2 a.m.” :

Get-MailboxDatabase | Set-MailboxDatabase -QuotaNotificationSchedule ‘So.02:00-So.02:15, Mo.02:00-Mo.02:15, Di.02:00-Di.02:15, Mi.02:00-Mi.02:15, Do.02:00-Do.02:15, Fr.02:00-Fr.02:15, Sa.02:00-Sa.02:15’

To check this settings for all DBs run the following command:

Get-MailboxDatabase | fl Name, QuotaNotificationSchedule

Regards,

Chris

Yesterday I ran into a problem which was often discussed before by my colleagues and me.

I wanted to prepare the AD schema update before installing Exchange 2010. The “setup /pad” and “setup /ps” commands ran without any errors so I started to install Exchange 2010 (SP2).

The Installation itself ran without any errors, too. After rebooting the freshly installed Exchange 2010 server I wanted to opend the EMC and the EMS – and got one of these annoying WinRM management startup failures.

So I did it as recommended by MS and used the articles provided by TechNet and EHLO Team Blog and finally used the Exchange Management Troubleshooter (EMTShooter) without any hint or solution – the EMTShooter only detected an unknown error.

I called my colleague Stephan H.  (A big thank you, Stephan, for the memory of this topic) and he put me on the right track. A virus scanner was installed and activated on the schema master. Several times he had this issue: The schema update seemed to run properly but after installing Exchange 2010 strange errors occured.

The solution was very easy. I deactivated the virus scanner on the schema master and rerun Exchange 2010’s “setup /ps”. After finishing the PrepareSchema I rebooted the Exchange 2010 server and everything worked fine. In this case the AntiVirus software blocked the “evil” remote PowerShell.

Cheers,

Chris