25 October 2024

Add (or Remove) Users to (or from) a group from a CSV with UPN's (email addresses)

 Last week I needed a quick way to remove a large number of users from an on-premises AD group.

The only info I had was the email address. Now the PowerShell command that I used didn't like to parse the email address so I had to find another way of doin the same thing.

I came up with this, and it's only here because I use this a lot and I don't want to reinvent every script that I make because I can't remember where I put it.

Add Users To Group From CSV:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Path to your CSV file
$csvPath = "C:\Temp\Add-UserstoGroupFromCSV\Add-UserstoGroupFromCSV.csv"
 
# Import the CSV file
$users = Import-Csv -Path $csvPath

# Define the group to which you want to add the users
$groupName = "Your super secret group name"
# $groupName2 = "Your super secret group name2"
# Loop through each user in the CSV file foreach ($user in $users) { # Get the email address from the CSV $emailAddress = $user.Email # Find the user in Active Directory by email address $ADUser = Get-ADUser -Filter { EmailAddress -eq $emailAddress } # Check if the user exists if ($adUser) { # Add the user to the group Add-ADGroupMember $groupName -Members $ADUser -Confirm:$false #-whatif # Add-ADGroupMember $groupName2 -Members $aduser -Confirm:$false #-whatif Write-Output "$User has been removed from the $groupname / $groupname2." } else { # Output a message if the user is not found Write-Output "No user found with email address $emailAddress." } }

Remove Users From Group From CSV:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Path to your CSV file
$csvPath = "C:\Temp\Remove-UsersFromGroupFromCSV\Remove-UsersFromGroupFromCSV.csv"
 
# Import the CSV file
$users = Import-Csv -Path $csvPath

# Define the group from which you want to remove the users
$groupName = "Your super secret group name"
# $groupName2 = "Your super secret group name2"

# Loop through each user in the CSV file
foreach ($user in $users) {
    # Get the email address from the CSV
    $emailAddress = $user.Email
 
    # Find the user in Active Directory by email address
    $ADUser = Get-ADUser -Filter { EmailAddress -eq $emailAddress }
 
    # Check if the user exists
    if ($adUser) {
        # Remove the user from the group
    Remove-ADGroupMember $groupName -Members $ADUser -Confirm:$false #-whatif
    # Remove-ADGroupMember $groupName2 -Members $aduser -Confirm:$false #-whatif
    
    Write-Output "$User has been removed from the $groupname / $groupname2."

    } else {
        # Output a message if the user is not found
        Write-Output "No user found with email address $emailAddress."
    }
}

22 August 2024

Install the New Teams client on Windows Server 2019 and 2022

The classic Teams client is out of support as of july 2024.
So the new client needs to be installed for server operating systems.

Here's how to do this:

Download the VClibs from here:
Microsoft.VCLibs.x64.14.00.Desktop.appx 

Then download the new Teams MSIX installer:
MSTeams-x64.msix

Then enable sideloading apps like this:

Open Settings:Go to Update & Security.
Select For developers.

Enable Sideloading:Under “Use developer features,” select the Sideload apps option.
Confirm the prompt by clicking Yes.

Or using PowerShell (if needed):
Open PowerShell with administrator privileges.
Run the following command to enable sideloading:
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowAllTrustedApps" /d "1"

Then install the VClibs package:
Add-AppPackage -Path C:\path\to\Microsoft.VCLibs.x64.14.00.Desktop.appx

And then install the new Teams client package:

Add-AppPackage -Path C:\path\to\MSTeams-x64.msix

And there you have it, start the new Teams client on your server OS.

17 July 2024

Get all Enterprise Apps and add at least 2 owners with PowerShell

Following the script from Vasil Michev I came across:
https://www.michev.info/blog/post/5940/reporting-on-entra-id-application-registrations

When the script has run the output will probably show that there are a number of Enterprise Apps that haven't got an owner associated to them.
This can become a problem when trying to identify it's usage, and when a secret or certificate is almost expiring or has expired.

To make sure you have your owners set, I created this script.

It get's all Enterprise apps and filters the ones without an owner. It then add the owners you want to all the apps that haven't got an owner.

Remember to test this out first.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Install AzureAD module if not already installed
try {
    Import-Module AzureAD -ErrorAction Stop
} catch {
    Install-Module AzureAD -Force
    Import-Module AzureAD
}

# Connect to Azure AD
Connect-AzureAD

# Define the owners you want to add
$owner1 = "user1@domain.com"
$owner2 = "user2@domain.com"

# Retrieve all enterprise apps
$apps = Get-AzureADServicePrincipal -All $true

# Filter apps without an owner
$appsWithoutOwners = $apps | Where-Object {
    (Get-AzureADServicePrincipalOwner -ObjectId $_.ObjectId).Count -eq 0
}
$appsWithoutOwners.count

# Display the filtered apps
foreach ($app in $appsWithoutOwners) {
    Write-Host "App without owner: $($app.DisplayName)"
}

# Add the owners
foreach ($app in $appsWithoutOwners) {
    # Add the two specific owners
    $owner1ObjectId = (Get-AzureADUser -Filter "UserPrincipalName eq '$owner1'").ObjectId
    $owner2ObjectId = (Get-AzureADUser -Filter "UserPrincipalName eq '$owner2'").ObjectId

    Add-AzureADServicePrincipalOwner -ObjectId $app.ObjectId -RefObjectId $owner1ObjectId
    Add-AzureADServicePrincipalOwner -ObjectId $app.ObjectId -RefObjectId $owner2ObjectId

    Write-Host "Added owners to App: $($app.DisplayName)"
    $app = $null
   }

Write-Host "Process completed."

14 June 2024

PowerShell script to check TLS 1.2 settings on Entra ID connect server - Enable TLS 1.2 with PowerShell

You can use the following PowerShell script to check the current TLS 1.2 settings on your Entra ID connect server

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Function Get-ADSyncToolsTls12RegValue
{
    [CmdletBinding()]
    Param
    (
        # Registry Path
        [Parameter(Mandatory=$true,
                   Position=0)]
        [string]
        $RegPath,

# Registry Name
        [Parameter(Mandatory=$true,
                   Position=1)]
        [string]
        $RegName
    )
    $regItem = Get-ItemProperty -Path $RegPath -Name $RegName -ErrorAction Ignore
    $output = "" | select Path,Name,Value
    $output.Path = $RegPath
    $output.Name = $RegName

If ($regItem -eq $null)
    {
        $output.Value = "Not Found"
    }
    Else
    {
        $output.Value = $regItem.$RegName
    }
    $output
}

$regSettings = @()
$regKey = 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SystemDefaultTlsVersions'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SchUseStrongCrypto'

$regKey = 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SystemDefaultTlsVersions'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'SchUseStrongCrypto'

$regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'Enabled'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'DisabledByDefault'

$regKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'Enabled'
$regSettings += Get-ADSyncToolsTls12RegValue $regKey 'DisabledByDefault'

$regSettings

And then you can enable TLS 1.2 with the script below if it is not enabled.
Remember to reboot the server after making changes to the registry.
This script can be used on all Windows 20XX servers.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
If (-Not (Test-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'))
{
    New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

If (-Not (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'))
{
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
}
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force | Out-Null

Write-Host 'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.' -ForegroundColor Cyan

Exchange Server TLS configuration best practices - Enable TLS 1.2 with PowerShell

This documentation describes the required steps to properly configure (enable or disable) specific TLS versions on Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. The article also explains how to optimize the cipher suites and hashing algorithms used by TLS. If TLS isn't configured correctly, you can face various issues when interacting with Microsoft 365 or other systems, which are configured in such a way that they require a certain minimum TLS standard.

Important

Read carefully as some of the steps described here can only be performed on specific operating systems or specific Exchange Server versions.
At the beginning of each section there is a matrix that shows whether a setting is supported or not and if it has already been pre-configured from a certain Exchange Server version.


Things to consider before disabling a TLS version

Tip

You can use the Exchange HealthChecker script to check the current TLS configuration of your Exchange server.

Please make sure that every application supports the TLS versions, which remain enabled. Considerations such as (but not limited to):
Do your Domain Controllers and Global Catalog servers support, for example, a TLS 1.2 only configuration?
Do partner applications (such as, but not limited to, SharePoint, Lync, Skype for Business, etc.) support, for example, a TLS 1.2 only configuration?
Have you updated older Windows 7 desktops using Outlook to support TLS 1.2 over WinHTTP?
Do your load balancers support TLS 1.2 being used?
Do your desktop, mobile, and browser applications support TLS 1.2?
Do devices such as multi-function printers support TLS 1.2?
Do your third-party or custom in-house applications that integrate with Exchange Server or Microsoft 356 support a strong TLS implementation?

As such we strongly recommend any steps you take to transition to TLS 1.2 and away from older security protocols are first performed in labs which simulate your production environments before you slowly start rolling them out in production.

  • The steps used to disable a specific TLS version as outlined below, will apply to the following: Exchange Server functionalities:Simple Mail Transport Protocol (SMTP)
  • Outlook Client Connectivity (Outlook Anywhere / MAPI/HTTP)
  • Exchange Active Sync (EAS)
  • Outlook on the Web (OWA)
  • Exchange Admin Center (EAC) and Exchange Control Panel (ECP)
  • AutoDiscover
  • Exchange Web Services (EWS)
  • REST (Exchange Server 2016/2019)
  • Use of PowerShell by Exchange over HTTPS
  • POP and IMAP

Prerequisites

TLS 1.2 support was added with Exchange Server 2013 CU19 and Exchange Server 2016 CU8. Exchange Server 2019 supports TLS 1.2 by default.

Exchange Server cannot run without Windows Server and therefore it is important to have the latest operating system updates installed to run a stable and secure TLS implementation.

It's also required to have the latest version of .NET Framework and associated patches supported by your CU in place.

Based on your operating system, make sure that the following updates are also in place (they should be installed if your server is current on Windows Updates):

If your operating system is Windows Server 2012 or Windows Server 2012 R2, KB3161949 and KB2973337 must be installed before TLS 1.2 can be enabled.

Make sure to reboot the Exchange Server after the TLS configuration has been applied. It becomes active after the server was restarted.

Preparing .NET Framework to inherit defaults from Schannel

The following table shows the Exchange Server/Windows Server combinations with the default .NET Framework Schannel inheritance configuration:
Expand table

Exchange ServerWindows ServerSupportedConfigured by default
Exchange Server 2019 CU14 or laterAnyYesYes (new installations only)
Exchange Server 2019AnyYesPartially (SchUseStrongCrypto must be configured manually)
Exchange Server 2016AnyYesNo (OS defaults will be used)
Exchange Server 2013AnyYesNo (OS defaults will be used)

The SystemDefaultTlsVersions registry value defines which security protocol version defaults will be used by .NET Framework 4.x. If the value is set to 1, then .NET Framework 4.x inherits its defaults from the Windows Secure Channel (Schannel) DisabledByDefault registry values. If the value is undefined, it behaves as if the value is set to 0.

The strong cryptography (configured by the SchUseStrongCrypto registry value) uses more secure network protocols (TLS 1.2 and TLS 1.1) and blocks protocols that are not secure. SchUseStrongCrypto affects only client (outgoing) connections in your application. By configuring .NET Framework 4.x to inherit its values from Schannel we gain the ability to use the latest versions of TLS supported by the OS, including TLS 1.2.

Enable .NET Framework 4.x Schannel inheritance

Run the following commands from an elevated PowerShell window to configure the .NET Framework 4.x Schannel inheritance:
1
2
3
4
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord

Enable .NET Framework 3.5 Schannel inheritance

Note

Exchange Server 2013 and later do not need this setting. However, we recommend configuring it identically to the .NET 4.x settings to ensure a consistent configuration.

Run the following commands from an elevated PowerShell window to configure the .NET Framework 3.5 Schannel inheritance:
1
2
3
4
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value 1 -Type DWord

Steps to configure TLS 1.2

The following table shows the Exchange Server/Windows Server combinations on which TLS 1.2 is supported. The table also shows the default configuration:
Exchange ServerWindows ServerSupportedConfigured by default
Exchange Server 2019AnyYesYes (enabled)
Exchange Server 2016AnyYesNo
Exchange Server 2013AnyYesNo


Enable TLS 1.2

Run the following command from an elevated PowerShell window to enable TLS 1.2 for client and server connections:
1
2
3
4
5
6
7
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.2" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2" -Name "Client" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2" -Name "Server" -ErrorAction SilentlyContinue
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Name "Enabled" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Name "Enabled" -Value 1 -Type DWord

Disable TLS 1.2

Run the following command from an elevated PowerShell window to disable TLS 1.2 for client and server connections:
1
2
3
4
5
6
7
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.2" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2" -Name "Client" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2" -Name "Server" -ErrorAction SilentlyContinue
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Name "DisabledByDefault" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -Name "Enabled" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Name "DisabledByDefault" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -Name "Enabled" -Value 0 -Type DWord

Steps to configure TLS 1.1

The following table shows the Exchange Server/Windows Server combinations on which TLS 1.1 is supported. The table also shows the default configuration:
Exchange ServerWindows ServerSupportedConfigured by default
Exchange Server 2019AnyYesYes (disabled)
Exchange Server 2016AnyYesNo
Exchange Server 2013AnyYesNo


Enable TLS 1.1

Note

The Microsoft TLS 1.1 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, it is recommended to carefully plan and disable TLS 1.1. Failure to plan carefully may cause clients to lose connectivity.

Run the following command from an elevated PowerShell window to enable TLS 1.1 for client and server connections:
1
2
3
4
5
6
7
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.1" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Client" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Server" -ErrorAction SilentlyContinue
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "Enabled" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "Enabled" -Value 1 -Type DWord

Disable TLS 1.1

Run the following command from an elevated PowerShell window to disable TLS 1.1 for client and server connections:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid orange;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><table><tr><td><pre style="margin: 0; line-height: 125%">1
2
3
4
5
6
7</pre></td><td><pre style="margin: 0; line-height: 125%"><span style="color: #007020">New-Item</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols&quot;</span> -Name <span style="background-color: #fff0f0">&quot;TLS 1.1&quot;</span> -ErrorAction SilentlyContinue
<span style="color: #007020">New-Item</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1&quot;</span> -Name <span style="background-color: #fff0f0">&quot;Client&quot;</span> -ErrorAction SilentlyContinue
<span style="color: #007020">New-Item</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1&quot;</span> -Name <span style="background-color: #fff0f0">&quot;Server&quot;</span> -ErrorAction SilentlyContinue
<span style="color: #007020">Set-ItemProperty</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client&quot;</span> -Name <span style="background-color: #fff0f0">&quot;DisabledByDefault&quot;</span> -Value 0 -Type DWord
<span style="color: #007020">Set-ItemProperty</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client&quot;</span> -Name <span style="background-color: #fff0f0">&quot;Enabled&quot;</span> -Value 1 -Type DWord
<span style="color: #007020">Set-ItemProperty</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server&quot;</span> -Name <span style="background-color: #fff0f0">&quot;DisabledByDefault&quot;</span> -Value 0 -Type DWord
<span style="color: #007020">Set-ItemProperty</span> -Path <span style="background-color: #fff0f0">&quot;HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server&quot;</span> -Name <span style="background-color: #fff0f0">&quot;Enabled&quot;</span> -Value 1 -Type DWord
</pre></td></tr></table></div>

Steps to configure TLS 1.0

The following table shows the Exchange Server/Windows Server combinations on which TLS 1.0 is supported. The table also shows the default configuration:
Exchange ServerWindows ServerSupportedConfigured by default
Exchange Server 2019AnyYesYes (disabled)
Exchange Server 2016AnyYesNo
Exchange Server 2013AnyYesNo


Enable TLS 1.0


Note

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, it is recommended to carefully plan and disable TLS 1.0. Failure to plan carefully may cause clients to lose connectivity.

Run the following command from an elevated PowerShell window to enable TLS 1.0 for client and server connections:
1
2
3
4
5
6
7
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.0" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Client" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Server" -ErrorAction SilentlyContinue
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Name "Enabled" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name "DisabledByDefault" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name "Enabled" -Value 1 -Type DWord

Disable TLS 1.0

Run the following command from an elevated PowerShell window to disable TLS 1.0 for client and server connections:
1
2
3
4
5
6
7
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.1" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Client" -ErrorAction SilentlyContinue
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Server" -ErrorAction SilentlyContinue
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "DisabledByDefault" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "Enabled" -Value 0 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "DisabledByDefault" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "Enabled" -Value 0 -Type DWord


21 May 2024

Windows 11 with local account during setup

To set up a Windows 11 device without a Microsoft account disabling the internet requirements, use these steps:

Use the "Shift + F10" keyboard shortcut to open Command Prompt on the Windows 11 setup.

Type the following command to disable the internet connection requirement to set up Windows 11 and press Enter:

oobe\bypassnro


07 May 2024

Backup your Entra ID configuration, zip the output and move to a Team or network share with PowerShell

I came across a blogpost over at https://o365reports.com on how to backup your Entra ID configuration.

The EntraExporter tool is a nifty PowerShell module designed to export details of an Entra ID tenant's configuration. It generates JSON files containing information on various objects within the tenant, such as groups, policies, and users.

This tool is useful for capturing point-in-time snapshots of an Entra ID (Azure AD) configuration, which can be invaluable for restoration or analysis purposes. Although it does not support replaying data to recreate objects, having detailed information on hand provides a solid foundation for any necessary recovery operations.

The EntraExporter tool represents a significant step forward in managing and backing up Entra ID configurations, streamlining the process for administrators and IT professionals.


The tool itself creates a lot of files and folders depending on the size of the tenant.
To makes this easier to manage and backup I created a script to write to a temp folder, compress all the output files and move the file to a Teams or file share location.

And here it is:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Install-Module EntraExporter -Scope AllUsers -Force
# https://o365reports.com/2023/08/24/entra-exporter-tool-effortlessly-backup-microsoft-entra-id-configurations/

$Module=Get-InstalledModule -Name EntraExporter
if($Module.count -eq 0)
{
 Write-Host EntraExporter module module is not available  -ForegroundColor yellow 
 $Confirm= Read-Host Are you sure you want to install the EntraExporter module? [Y] Yes [N] No
 if($Confirm -match "[yY]")
 {
  Install-Module -Name EntraExporter -AllowClobber -Scope AllUsers -Force
 }
 else
 {
  Write-Host EntraExporter module is required.Please install module using Install-Module EntraExporter cmdlet.
 }
}

Import-Module -Name EntraExporter

Connect-EntraExporter -TenantId yourtenantid
Get-MgOrganization

# Get the current date
$currentDate = Get-Date -Format "yyyy-MM"

# Change to working dir
CD "C:\Temp"
$DestinationPath = "C:\Temp"
$MoveToPath = "C:\Users\Username\Company\Microsoft Entra\Backup\Entra-Export"

# Create a folder with the current date
$folderPath = Join-Path -Path $DestinationPath -ChildPath $currentDate

# Check if the folder already exists
if (-not (Test-Path $folderPath)) {
    New-Item -ItemType Directory -Path $folderPath
    Write-Host "Folder '$currentDate' created successfully."
} else {
    Write-Host "Folder '$currentDate' already exists."
}

Export-Entra -Path "$folderpath" -All

$compress = @{
  Path = "$folderPath"
  CompressionLevel = "Optimal"
  DestinationPath = "$folderPath.zip"
}
Compress-Archive @compress

Move-Item -Path "$folderPath.zip" -Destination $MoveToPath

Remove-item $folderPath -recurse -Confirm:$false

16 February 2024

Adding a SharePoint Site Administrator Group to all Sites

In this blog post, we're talking about a PowerShell script designed to add a group as site collection administrators across all SharePoint Online sites.

Let's break down the PowerShell script:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# Tenant name
$TenantUrl = "https://yourtenant-admin.sharepoint.com/"

# Get the group ID for the Entra ID group you want to add
$Group = "C:0t.c|tenant|99033653-dxch-4912-83sw-e90117886144"

# Connect to Sharepoint Online Admin site
Connect-SPOService -Url $TenantUrl

# Get all Sharepoint sites
$SPOSites = Get-SPOSite

# Add the group to all sites
foreach ($SPOSite in $SPOSites)

{
Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true -WarningAction Stop
Write-Host "Added group $Group as Site Collection Administrator to $($SPOSite.Url)"
}

After this all users added to the group you specified are added as a site collection admin

Of course this can also be done with individual users:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# Tenant name
$TenantUrl = "https://yourtenant-admin.sharepoint.com/"

# Add a single user as siteadmin to all SPO sites
$User = "username@domain.com"

# Connect to Sharepoint online
Connect-SPOService -Url $TenantUrl

# Get all Sharepoint Online sites
$SPOSites = Get-SPOSite

# Add the user to all sites
foreach ($SPOSite in $SPOSites)
{
Set-SPOUser -Site $SPOSite.Url -LoginName $User -IsSiteCollectionAdmin $true
}


Adjust the following values in the Script:

1. $TenantUrl: Specifies the URL of the SharePoint Online admin site.

2. $Group: Represents the unique identifier of the group (in this case, "Entra ID group") to be added as a site collection administrator.

And there you go, now you can easily switch admins and site admins within all your SharePoint Online sites within one group.
Or add a single user in a fast and consistent way.

22 December 2023

Add a SAN to certificate request into additional attributes - SAN does not show in certificate

Hi, fellow certificate enthusiasts! Today I'm going to show you how to add a Subject Alternative Name (SAN) to a certificate request with certsrv and what you must do in certutil to make the CA accept the SAN. Let's get started.

First, you need to create a certificate request with certsrv. You can do this by opening a web browser and navigating to http://<your CA server>/certsrv. Then, click on "Request a certificate" and choose "advanced certificate request". On the next page, select "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file". This option allows you to upload a certificate request file (.csr) that you have created with another tool, such as OpenSSL.

Now, here comes the fun part. To add a SAN to your request, you need to use the additional attributes field at the bottom of the page. This field allows you to specify any extra information that you want to include in your certificate request. To add a SAN, you need to use the following syntax:

san:dns=<your domain name>

For example, if you want to add a SAN for www.example.com, you would type:

san:dns=www.example.com

You can add multiple SANs by separating them with an ampersand ( & ) like this:

san:dns=www.example.com&dns=example.com

You can even add an ip address

san:dns=www.example.com&dns=example.com&ipaddress=10.0.0.15

Once you have entered your SANs, click on "Submit" and wait for your request to be processed.

But wait, there's more! You're not done yet. You see, by default, the CA will ignore any SANs that you have specified in your request. That's because the CA needs to be configured to accept SANs from certificate requests. To do that, you need to use certutil.

Certutil is a command-line tool that allows you to manage certificates and CAs. You can use it to enable SAN support on your CA by running the following command on your CA server:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

This command will modify the registry value of EditFlags under the policy key of your CA configuration. It will add the flag EDITF_ATTRIBUTESUBJECTALTNAME2, which tells the CA to copy any SANs from the additional attributes field of the request to the certificate.

After running this command, you need to restart the CA service for the changes to take effect. You can do this by running:

net stop certsvc

net start certsvc

And that's it! You have successfully added a SAN to your certificate request with certsrv and enabled SAN support on your CA with certutil.



I hope you enjoyed this post and learned something new. If you have any questions or comments, feel free to leave them below.


17 October 2023

Download Exchange CU or SU and copy to all Exchange servers - Get-ExchangeCUandSUcopytoServers

Last update 13-10-2023 - V3.2


This is some sort of fork from the project started by Rune Moskvil LyngĂ¥s over at https://github.com/runely/PowerShell/tree/master/Get-ExchangeCU 
All credit goes to Rune Moskvil LyngĂ¥s.

My version of this module can be found here:
I will update the module when new CU's or SU's are published.

I adjusted the module he made and added the SU's (security update's) and the latest CU's including Exchange 2019.

Download the required Exchange CU or SU (security update) and copy to all your Exchange servers at once.

Run the module as follows: 
Import-Module yourpath\Get-ExchangeCUandSUcopytoServers.psm1 

Get-ExchangeCU -Version 2019_CU11_SU_JAN_2022 -Directory C$\Temp -Name server1,server2 -RemoveTemp


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
<#
.Synopsis
   Download Cumulative Update or Security Update for Exchange 2013/2016/2019
.DESCRIPTION
   Download Cumulative Update or Security Update for Exchange 2013/2016/2019 to all or specified servers
   IMPORTANT: FIRST RUN THE FOLLOWING

   === Import-Module .\Get-ExchangeCUandSUcopytoServers.psm1 ===

.EXAMPLE
   Get-ExchangeCU -Version "2013_CUn" -Name Server1,Server2 -Directory "C$\Source" -RemoveTemp
   Download latest Cumulative Update for installed Exchange version (Exchange Management Shell required)
.EXAMPLE
   Get-MailboxServer | Get-ExchangeCU -Version "2013_CUnr"
   Download Cumulative Update to given Exchange servers at default location(\\Server\C$\Source).
.EXAMPLE
   Get-ExchangeCU -Version "2013_CUnr" -Name Server1,Server2
   Download Cumulative Update to given Exchange servers at default location(\\Server\C$\Source).
.EXAMPLE
   Get-MailboxServer | Get-ExchangeCU -Version "2013_CUnr" -Directory "C$\Source" -RemoveTemp
   Download Cumulative Update to given Exchange servers at specified location and remove temporary downloaded file
.EXAMPLE
    Get-ExchangeCU -Version 2019_CU11_SU_MAR_2022 -Directory C$\Temp -Name SERVERNAME1,SERVERNAME2 -RemoveTemp
    Download Cumulative Update to given Exchange servers at specified location and remove temporary downloaded file
   
.NOTES
   Author: Rune Moskvil LyngĂƒ¥s
   Additions: Edwin van Brenk
   Version history:
   3.2
		- Added url's for Exchange 2016 and 2019 Security updates october 2023 and the august security update's
   3.1
		- Added url's for Exchange 2016 and 2019 Security updates june 2023
   3.0
		- Added url for Exchange 2019 CU13
   2.9
		- Added url's for Exchange 2013,2016 and 2019 Security updates march 2023
   2.8
		- Added url's for Exchange 2013,2016 and 2019 Security updates february 2023
   2.7
		- Added url's for Exchange 2013,2016 and 2019 Security updates january 2023
   2.6
		- Added url's for Exchange 2013,2016 and 2019 Security updates november 2022
   2.5
		- Added url's for Exchange 2013,2016 and 2019 Security updates august 2022
   2.4
		- Minor adjustments
   2.3
		- Added url's for Exchange 2013,2016 and 2019 Security updates May 2022
   2.2
        - Added url's for Exchange 2016 CU23 and Exchange 2019 CU12
   2.1
		- Added url's for Exchange 2013,2016 and 2019 Security updates March 2022
   2.0
        - Added url's for Exchange 2013 CU23, Exchange 2016 CU13, CU14,CU15, CU16, CU17, CU18, CU19, CU20, CU21 and CU22, 
          Exchange 2019 CU9, CU10 and CU11, Exchange 2013,2016 and 2019 Security updates January 2022
   1.0.7
        - Added url for Exchange 2013 CU22, Exchange 2016 CU11 and CU12
   1.0.6
        - Added url for Exchange 2013 CU21 and Exchange 2016 CU10
   1.0.5
        - Added url for Exchange 2013 CU20 and Exchange 2016 CU9
   1.0.4
        - Added url for Exchange 2013 CU19 and Exchange 2016 CU8
        - Version parameter is no longer mandatory. If omitted, the latest CU for the installed Exchange version will be downloaded (requires Exchange Management Shell installed)
        - Name parameter is no longer mandatory. If omitted, CU will be downloaded to all Exchange servers (requires Exchange Management Shell installed)
   1.0.3
        - Added download urls into the module. No need to find them yourself anymore! Woho! :)
   1.0.2
        - Converted to a function. This makes it easier to import it through a powershell profile
   1.0.1
        - Fixed a bug where file would not be copied to all given servers when parameter $Name were given explicitly. This would not happen if names were pipelined in
        - Cleaned up the script a bit
        - More info are written to console
   1.0.0
        - Initial release
   
   Last updated: 24-05-2022
#>
Function Get-ExchangeCU
{
    [CmdletBinding(SupportsShouldProcess = $True)]
    Param(
        [Parameter(HelpMessage = "Exchange CU version to download")]
        [ValidateSet(
		# Exchange 2013
		"2013_CU22", `
		"2013_CU23", `
		"2013_CU23_SU_JAN_2022", `
		"2013_CU23_SU_MAR_2022", `
		"2013_CU23_SU_MAY_2022", `
		"2013_CU23_SU_AUG_2022", `
		"2013_CU23_SU_NOV_2022", `
		"2013_CU23_SU-19_JAN_2023", `
		"2013_CU23_SU-20_FEB_2023", `
		"2013_CU23_SU-21_MAR_2023", `
		# Exchange 2016
		"2016_CU11", `
		"2016_CU12", `
		"2016_CU13", `
		"2016_CU14", `
		"2016_CU15", `
		"2016_CU16", `
		"2016_CU17", `
		"2016_CU18", `
		"2016_CU19", `
		"2016_CU20", `
		"2016_CU21", `
		"2016_CU22", `
		"2016_CU23", `
		"2016_CU21_SU_JAN_2022", `
		"2016_CU22_SU_JAN_2022", `
		"2016_CU21_SU_MAR_2022", `
		"2016_CU22_SU_MAR_2022", `
		"2016_CU21_SU_MAY_2022", `
		"2016_CU22_SU_MAY_2022", `
		"2013_CU23_SU_MAY_2022", `
		"2016_CU22_SU_AUG_2022", `
		"2016_CU23_SU_AUG_2022", `
		"2016_CU22_SU_NOV_2022", `
		"2016_CU23_SU_NOV_2022", `
		"2016_CU23_SU-5_JAN_2023", `
		"2016_CU23_SU-6_FEB_2023",
		"2016_CU23_SU-7_MAR_2023", `
		"2016_CU23_SU-8_JUN_2023", `
		"2016_CU23_SU-9V2_AUG_2023", `
		"2016_CU23_SU-10_OCT_2023", `
		# Exchange 2019
		"2019_CU9", `
		"2019_CU10", `
		"2019_CU11", `
		"2019_CU12", `
		"2019_CU13", `
		"2019_CU10_SU_JAN_2022", `
		"2019_CU11_SU_JAN_2022", `
		"2019_CU10_SU_MAR_2022", `
		"2019_CU11_SU_MAR_2022", `
		"2019_CU10_SU_MAY_2022", `
		"2019_CU11_SU_MAY_2022", `
		"2019_CU11_SU_AUG_2022", `
		"2019_CU12_SU_AUG_2022", `
		"2019_CU11_SU_NOV_2022", `
		"2019_CU11_SU-9_JAN_2023", `
		"2019_CU11_SU-10_FEB_2023", `
		"2019_CU11_SU-11_MAR_2023", `
		"2019_CU12_SU_NOV_2022", `
		"2019_CU12_SU-5_JAN_2023", `
		"2019_CU12_SU-6_FEB_2023", `
		"2019_CU12_SU-7_MAR_2023", `
		"2019_CU12_SU-8_JUN_2023", `
		"2019_CU12_SU-9V2_AUG_2023", `
		"2019_CU12_SU-10_OCT_2023", `
		"2019_CU12_SU-10_OCT_2023", `
		"2019_CU13_SU-1_JUN_2023", `
		"2019_CU13_SU-2V2_AUG_2023", `
		"2019_CU13_SU-3_OCT_2023",
		)]
		
        [string]$Version,

        [Parameter(ValueFromPipelineByPropertyName = $True, HelpMessage = "Exchange servers. Given as an array: Server1,Server2")]
        [string[]]$Name,

        [Parameter(HelpMessage = "Download location on Exchange server. Given as an UNC path without the server name. Example: 'C$\Source' or 'Source'")]
        [ValidateNotNullOrEmpty()]
        [string]$Directory = "C$\Source",

        [Parameter(HelpMessage = "Give this switch to remove Cumulative Update from temp folder when script is done")]
        [switch]$RemoveTemp
    )

    begin
    {
        # if version is not set, choose the latest CU for the installed Exchange version
        if (!$Version)
        {
            # import Exchange Management Shell module and connect
            if (!(Get-Command "Get-ExchangeServer" -ErrorAction SilentlyContinue))
            {
                Write-Host "Exchange Management Shell is required to find installed Exchange version. Please start script in Exchange Management Shell or fill out Version parameter." -ForegroundColor Red
                break;
            }

            # get installed Exchange version
            $Servers = (Get-ExchangeServer | Select -ExpandProperty AdminDisplayVersion)

            # choose latest CU for installed Exchange version
            try
            {
                if ($Servers)
                {
                    if ($Servers.Count -gt 1)
                    {
                        if ($Servers[0].GetType().FullName -ne "Microsoft.Exchange.Data.ServerVersion")
                        {
                            Write-Host "Exchange Management Shell is required to find installed Exchange version. Please start script in Exchange Management Shell or fill out Version parameter." -ForegroundColor Red
                            break;
                        }

                        if ($Servers[0].Major -eq 15 -and $Servers[0].Minor -eq 0)
                        {
                            $Version = Get-ExchangeCUUri -Latest "2013"
                        }
                        elseif ($Servers[0].Major -eq 15 -and $Servers[0].Minor -eq 1)
                        {
                            $Version = Get-ExchangeCUUri -Latest "2016"
                        }
                    }
                    else
                    {
                        if ($Servers.GetType().FullName -ne "Microsoft.Exchange.Data.ServerVersion")
                        {
                            Write-Host "Exchange Management Shell is required to find installed Exchange version. Please start script in Exchange Management Shell or fill out Version parameter." -ForegroundColor Red
                            break;
                        }

                        if ($Servers.Major -eq 15 -and $Servers[0].Minor -eq 0)
                        {
                            $Version = Get-ExchangeCUUri -Latest "2013"
                        }
                        elseif ($Servers.Major -eq 15 -and $Servers[0].Minor -eq 1)
                        {
                            $Version = Get-ExchangeCUUri -Latest "2016"
                        }
                    }
                }
                else
                {
                    Write-Host "Command '(Get-ExchangeServer | Select -ExpandProperty AdminDisplayVersion)' did not return any results." -ForegroundColor Red
                    break;
                }
            }
            catch
            {
                Write-Host "Command '(Get-ExchangeServer | Select -ExpandProperty AdminDisplayVersion)' failed: ($_)" -ForegroundColor Red
                break;
            }
        }

        # get download link
        Write-Host "'$Version' - Getting download link : " -ForegroundColor Cyan -NoNewline
        [string]$Url = Get-ExchangeCUUri -Version $Version

        if ($Url -eq $null -or $Url -eq "" -or $Url.ToUpper() -eq "N/A")
        {
            Write-Host "Download link not available anymore. Please try a different version" -ForegroundColor Red
            break;
        }
        else
        {
            Write-Host "'$Url'" -ForegroundColor Green
        }

        # get filename of CU
        $FileName = Split-Path $Url -Leaf

        # create TempFile variable for CU
        $TempFile = $env:TEMP + "\$FileName"

        # download CU to $TempFile
        try
        {
            Write-Host "Downloading '$FileName' to '$TempFile' : " -ForegroundColor Cyan -NoNewline

            if (!(Test-Path $TempFile -ErrorAction Stop))
            {
                Start-BitsTransfer -Destination $TempFile -Source $Url -Description "Downloading $FileName to $TempFile" -ErrorAction Stop
                Write-Host "OK" -ForegroundColor Green
            }
            else
            {
                Write-Host "Already downloaded!" -ForegroundColor Green
            }
        }
        catch
        {
            Write-Host "Failed ($_)" -ForegroundColor Red
            break;
        }
    }

    process
    {
        # if not name is given, get all Exchange Servers
        if (!$Name)
        {
            # import Exchange Management Shell module and connect
            if (!(Get-Command "Get-ExchangeServer" -ErrorAction SilentlyContinue))
            {
                Write-Host "Exchange Management Shell is required to find installed Exchange servers. Please start script in Exchange Management Shell or fill out Version parameter." -ForegroundColor Red
                break;
            }

            # get installed Exchange servers
            $Name = (((Get-ExchangeServer | Select -ExpandProperty Name) -join ",") -split ",")
        }

        foreach ($Server in $Name)
        {
            $ServerPath = "\\$Server\$Directory"

            # make sure path exists on $Server
            try
            {
                Write-Host "Creating folder '$ServerPath' : " -ForegroundColor Cyan -NoNewline

                if (!(Test-Path $ServerPath -ErrorAction Stop))
                {
                    New-Item -Path $ServerPath -ItemType Directory | Out-Null
                    Write-Host "OK" -ForegroundColor Green
                }
                else
                {
                    Write-Host "Already exists." -ForegroundColor Green
                }
            }
            catch
            {
                Write-Host "Failed ($_)" -ForegroundColor Red
                continue;
            }
        
            # copy CU to server
            $ServerPath = "\\$Server\$Directory\$FileName"
            try
            {
                Write-Host "Copying '$FileName' to '$ServerPath' : " -ForegroundColor Cyan -NoNewline

                if (!(Test-Path $ServerPath -ErrorAction Stop))
                {
                    Copy-Item -Path $TempFile -Destination $ServerPath -Force
                    Write-Host "OK" -ForegroundColor Green
                }
                else
                {
                    Write-Host "Already exists." -ForegroundColor Green
                }
            }
            catch
            {
                Write-Host "Failed ($_)" -ForegroundColor Red

                if ($RemoveTemp)
                {
                    $PSBoundParameters.Remove('RemoveTemp') | Out-Null
                    Write-Host "RemoveTemp switch was removed due to an error with copying '$FileName' to '$ServerPath'" -ForegroundColor Yellow
                }
            }
        }
    }

    end
    {
        if ($RemoveTemp)
        {
            Write-Host "Removing temporary file '$TempFile' : " -ForegroundColor Cyan -NoNewline

            try
            {
                Remove-Item -Path $TempFile -Force -Confirm:$False
                Write-Host "OK" -ForegroundColor Green
            }
            catch
            {
                Write-Host "Failed ($_)" -ForegroundColor Red
            }
        }
    }
}

Function Get-ExchangeCUUri
{
    param(
        [Parameter(Mandatory = $True, ParameterSetName = "Version")]
        [string]$Version,

        [Parameter(Mandatory = $True, ParameterSetName = "Latest")]
        [ValidateSet("2013", "2016")]
        [string]$Latest
    )

    # Exchange version table
    $ExchangeTable = @()
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU1"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU2"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU3"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU4/SP1"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU5"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU6"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU7"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU8"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU9"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU10"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU11"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU12"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU13"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU14"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU15"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU16"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU17"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU18"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU19"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU20"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU21"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU22"; Value = "https://download.microsoft.com/download/7/9/8/7982ED00-C0F5-44BB-8B40-768951AE4CC7/Exchange2013-x64-cu22.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23"; Value = "https://download.microsoft.com/download/7/F/D/7FDCC96C-26C0-4D49-B5DB-5A8B36935903/Exchange2013-x64-cu23.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU_JAN_2022"; Value = "https://download.microsoft.com/download/b/a/f/baf576c9-f5d6-44e0-84c1-c97add5f627b/Exchange2013-KB5008631-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU_MAR_2022"; Value = "https://download.microsoft.com/download/8/2/9/829126b2-b532-4950-a125-49d50e2fda40/Exchange2013-KB5010324-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU_MAY_2022"; Value = "https://download.microsoft.com/download/e/2/4/e248e85e-12e8-4f22-9301-967afa639734/Exchange2013-KB5014260-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU_AUG_2022"; Value = "https://download.microsoft.com/download/b/d/4/bd4d3875-055b-4450-9ae7-ed34a0b051a8/Exchange2013-KB5015321-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU_NOV_2022"; Value = "https://download.microsoft.com/download/b/3/3/b33cf488-9f00-411f-8f08-beef7d219e81/Exchange2013-KB5019758-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU-19_JAN_2023"; Value = "https://download.microsoft.com/download/f/6/6/f667a13e-0894-4d3e-aa9a-b8f359075b9f/Exchange2013-KB5022188-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU-20_FEB_2023"; Value = "https://download.microsoft.com/download/8/0/8/80826d97-0515-406d-aa02-e78e714e2dda/Exchange2013-KB5023038-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2013_CU23_SU-21_MAR_2023"; Value = "https://download.microsoft.com/download/a/6/7/a6725875-28a0-4791-abd8-4608184f4451/Exchange2013-KB5024296-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU1"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU2"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU3"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU4"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU5"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU6"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU7"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU8"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU9"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU10"; Value = "N/A" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU11"; Value = "https://download.microsoft.com/download/6/6/F/66F70200-E2E8-4E73-88F9-A1F6E3E04650/ExchangeServer2016-x64-cu11.iso" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU12"; Value = "https://download.microsoft.com/download/2/5/8/258D30CF-CA4C-433A-A618-FB7E6BCC4EEE/ExchangeServer2016-x64-cu12.iso" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU13"; Value = "https://download.microsoft.com/download/5/9/6/59681DAE-AB62-4854-8DEC-CA25FFEFE3B3/ExchangeServer2016-x64-cu13.iso" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU14"; Value = "https://download.microsoft.com/download/f/4/e/f4e4b3a0-925b-4eff-8cc7-8b5932d75b49/ExchangeServer2016-x64-cu14.iso" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU15"; Value = "https://download.microsoft.com/download/5/6/6/566de1bf-336a-4662-841c-98ef4e2c30bf/ExchangeServer2016-x64-CU15.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU16"; Value = "https://download.microsoft.com/download/b/e/d/bed20ad6-a4cb-4a6c-b744-354b3fed6a98/ExchangeServer2016-x64-CU16.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU17"; Value = "https://download.microsoft.com/download/0/5/f/05fbbfff-8316-4d12-a59d-80b3c56e4d81/ExchangeServer2016-x64-cu17.iso" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU18"; Value = "https://download.microsoft.com/download/d/2/3/d23b113b-9634-4456-acba-1f7b0ce22b0e/ExchangeServer2016-x64-cu18.iso" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU19"; Value = "https://download.microsoft.com/download/a/8/4/a84c8458-c924-4e6d-a19b-be65848c0fe3/ExchangeServer2016-x64-CU19.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU20"; Value = "https://download.microsoft.com/download/0/b/7/0b702b8b-03ab-4553-9e2c-c73bb0c8535f/ExchangeServer2016-x64-CU20.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU21"; Value = "https://download.microsoft.com/download/7/d/5/7d5c319b-510b-4a2c-a77a-099c6f30ab54/ExchangeServer2016-x64-CU21.ISO" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22"; Value = "https://download.microsoft.com/download/f/0/e/f0e65686-3761-4c9d-b8b2-9fb71a207b8d/ExchangeServer2016-x64-CU22.ISO" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23"; Value = "https://download.microsoft.com/download/8/d/2/8d2d01b4-5bbb-4726-87da-0e331bc2b76f/ExchangeServer2016-x64-CU23.ISO" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU21_SU_JAN_2022"; Value = "https://download.microsoft.com/download/a/a/a/aaa3b6bf-543e-49f9-9403-faf3a8afe5a9/Exchange2016-KB5008631-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU21_SU_MAR_2022"; Value = "https://download.microsoft.com/download/8/c/5/8c535577-35f0-4235-9680-86d4c4b99c9a/Exchange2016-KB5012698-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU21_SU_MAY_2022"; Value = "https://download.microsoft.com/download/5/f/e/5fefd2c9-3430-46dc-9db6-1ebc3474b630/Exchange2016-KB5014261-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22_SU_JAN_2022"; Value = "https://download.microsoft.com/download/8/0/9/80947b03-7fd2-44fe-877f-7870f9bedfb8/Exchange2016-KB5008631-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22_SU_MAR_2022"; Value = "https://download.microsoft.com/download/e/e/b/eeb1d582-c61a-4d21-8dba-e28b2a309636/Exchange2016-KB5012698-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22_SU_MAY_2022"; Value = "https://download.microsoft.com/download/d/5/5/d555a327-bfdd-45f0-ba44-a40cc982aa18/Exchange2016-KB5014261-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22_SU_AUG_2022"; Value = "https://download.microsoft.com/download/d/6/8/d68be4c9-cb1b-45b2-a9a3-4a03c52b05c0/Exchange2016-KB5015322-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU_AUG_2022"; Value = "https://download.microsoft.com/download/6/4/f/64f1b3a5-6e36-4123-b9da-3bd071940b0e/Exchange2016-KB5015322-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU22_SU_NOV_2022"; Value = "https://download.microsoft.com/download/d/4/9/d4993639-8642-4461-a109-79d9ab46bc68/Exchange2016-KB5019758-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU_NOV_2022"; Value = "https://download.microsoft.com/download/e/9/a/e9a07b3b-b440-44bb-8484-7ece339ffaf1/Exchange2016-KB5019758-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-5_JAN_2023"; Value = "https://download.microsoft.com/download/5/3/9/539b126b-c5d6-47fc-a8d6-51a72637df5f/Exchange2016-KB5022143-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-6_FEB_2023"; Value = "https://download.microsoft.com/download/8/e/4/8e46efe9-2958-4996-b81b-a3a7ff0a8010/Exchange2016-KB5023038-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-7_MAR_2023"; Value = "https://download.microsoft.com/download/5/2/d/52db0525-54e8-41db-9b4d-146e23f4e3c0/Exchange2016-KB5024296-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-8_JUN_2023"; Value = "https://download.microsoft.com/download/2/a/0/2a0da4e3-6bd0-4dc2-b15c-160e052d437e/Exchange2016-KB5025903-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-9V2_AUG_2023"; Value = "https://download.microsoft.com/download/3/8/c/38c31212-75aa-47ca-a5c2-59430c81d92e/Exchange2016-KB5030524-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2016_CU23_SU-10_OCT_2023"; Value = "https://download.microsoft.com/download/1/e/c/1ec981fd-0c47-4571-b8a5-6c1f847559ce/Exchange2016-KB5030877-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU9"; Value = "https://download.microsoft.com/download/d/7/b/d7bcf78a-00d2-4a46-a3d2-7d506116bcd2/ExchangeServer2019-x64-CU9.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU10"; Value = "https://download.microsoft.com/download/7/3/f/73f75f9e-e7fd-4cb0-a2fc-405cbb800f2d/ExchangeServer2019-x64-CU10.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11"; Value = "https://download.microsoft.com/download/5/3/e/53e75dbd-ca33-496a-bd23-1d861feaa02a/ExchangeServer2019-x64-CU11.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12"; Value = "https://download.microsoft.com/download/b/c/7/bc766694-8398-4258-8e1e-ce4ddb9b3f7d/ExchangeServer2019-x64-CU12.ISO" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU13"; Value = "https://download.microsoft.com/download/7/5/f/75f4d77e-002c-419c-a03a-948e8eb019f2/ExchangeServer2019-x64-CU13.ISO" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU10_SU_JAN_2022"; Value = "https://download.microsoft.com/download/4/d/9/4d9bc4d8-d64b-4237-a39a-792e4907bfff/Exchange2019-KB5008631-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU10_SU_MAR_2022"; Value = "https://download.microsoft.com/download/1/2/0/120adb28-ceaf-49cc-8c39-1b1cd59feb4e/Exchange2019-KB5012698-x64-en.msp" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU_JAN_2022"; Value = "https://download.microsoft.com/download/e/6/4/e643edcb-923f-4a47-8948-5e088196fcd6/Exchange2019-KB5008631-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU_MAR_2022"; Value = "https://download.microsoft.com/download/2/3/c/23c3be04-96a9-4d0c-9198-62603559467f/Exchange2019-KB5012698-x64-en.msp" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU10_SU_MAY_2022"; Value = "https://download.microsoft.com/download/0/f/d/0fd79f2c-f7a5-4a60-bebe-0db804aeb816/Exchange2019-KB5014261-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU_MAY_2022"; Value = "https://download.microsoft.com/download/d/7/8/d78f35af-4d36-43ac-b66d-40e895e39fdb/Exchange2019-KB5014261-x64-en.exe" })
    $ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU_AUG_2022"; Value = "https://download.microsoft.com/download/c/f/3/cf38c014-e63e-4e6a-9e06-d28d4093f763/Exchange2019-KB5015322-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU_AUG_2022"; Value = "https://download.microsoft.com/download/8/0/4/80473b09-a81a-4816-9a79-56d5c5cc4b39/Exchange2019-KB5015322-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU_NOV_2022"; Value = "https://download.microsoft.com/download/3/5/a/35a6ba9d-d36b-482c-8ca1-81ef2a6f05a3/Exchange2019-KB5019758-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU-9_JAN_2023"; Value = "https://download.microsoft.com/download/4/4/4/4447cb74-ce40-45bd-ac3c-9cedc97077f7/Exchange2019-KB5022193-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU-10_FEB_2023"; Value = "https://download.microsoft.com/download/5/6/f/56fb2a33-439a-4dcc-b23c-440b8418fcac/Exchange2019-KB5023038-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU11_SU-11_MAR_2023"; Value = "https://download.microsoft.com/download/2/6/8/26890e39-b9fe-4644-8d62-fd4c9489aaf2/Exchange2019-KB5024296-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU_NOV_2022"; Value = "https://download.microsoft.com/download/d/b/9/db9ee80e-9c18-40d8-91f9-f2353dcf4f86/Exchange2019-KB5019758-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU-5_JAN_2023"; Value = "https://download.microsoft.com/download/d/f/a/dfa11017-6b59-46a8-8ce6-0ecb6e1036f9/Exchange2019-KB5022193-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU-6_FEB_2023"; Value = "https://download.microsoft.com/download/d/7/5/d7593b57-e832-4ee5-b18c-10a1453b0bd7/Exchange2019-KB5023038-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU-7_MAR_2023"; Value = "https://download.microsoft.com/download/4/7/d/47d4e3e5-b8b7-452f-b51e-65d94f5295cb/Exchange2019-KB5024296-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU13_SU-8_JUN_2023"; Value = "https://download.microsoft.com/download/6/5/6/656a9a86-2358-4583-a33f-60515caf861b/Exchange2019-KB5026261-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU-9V2_AUG_2023"; Value = "https://download.microsoft.com/download/c/1/a/c1a9a39f-8abd-4fa4-bd55-d872d958b3d0/Exchange2019-KB5030524-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU12_SU-10_OCT_2023"; Value = "https://download.microsoft.com/download/a/1/b/a1bc1cbf-8bd6-4192-af5c-20eddf58d5df/Exchange2019-KB5030877-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU13_SU-1_JUN_2023"; Value = "https://download.microsoft.com/download/f/f/3/ff345e39-12d0-474b-ad70-ca29f7693bee/Exchange2019-KB5026261-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU13_SU-2V2_AUG_2023"; Value = "https://download.microsoft.com/download/3/b/d/3bd41cd2-44b8-46b6-a235-89e15d55ed3c/Exchange2019-KB5030524-x64-en.exe" })
	$ExchangeTable += (New-Object PSObject -Property @{ Name = "2019_CU13_SU-3_OCT_2023"; Value = "https://download.microsoft.com/download/d/f/5/df52cdbb-256e-46c4-93ce-1aa3bb67f630/Exchange2019-KB5030877-x64-en.exe" })
	
    if ($Version)
    {
        $Uri = ($ExchangeTable | Where { $_.Name -eq $Version } | Select -ExpandProperty Value)
    }
    elseif ($Latest)
    {
        $Uri = ($ExchangeTable | Where { $_.Name -like "$Latest*" } | Select -Last 1 | Select -ExpandProperty Name)
    }

    if ($Uri)
    {
        return $Uri
    }
    else
    {
        return "N/A"
    }
}