24 May 2018

Clean up Exchange 2013 files and folders - Reclaim disk space

After installing CU20 last night I started the day cleaning up the mess left by the installation and by running Exchange itself. As you all know Exchange likes disk space, the more you throw at it the more it takes, it likes disk space almost as much as it does memory :-).

After coming across the V15\ClientAccess\Owa folder I noticed that it had a lot of folders and files in it with older versions like
  • 15.0.1210.2
  • 15.0.1210.6
  • 15.0.1293.2
  • 15.0.1293.4
And so on...
Now after some reading up I couldn't find a definitive answer on if I could savely delete those folders.
So my advise, when in doubt, don't delete!
This comes from my experience from once I deleted the content in the Inetpub\Temp directory, after witch IIS didn't work anymore.

The list below is what I know and found to be safe to delete:

C:\Program Files\Microsoft\Exchange Server\V15\Logging\
C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\ETLTraces\ C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\Logs
C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data\ProgramLogArchive\
C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\Connectivity 

C:\Windows\Temp
C:\Users\%username%\AppData\Local\Temp
C:\Windows\System32\LogFiles
C:\inetpub\logs


Happy disk space reclaiming.

08 May 2018

aka.ms shortcut url's

Know a cool one not listed here? Let me know.

Shortcut url to bitlockerkeys
https://aka.ms/MCRA
Microsoft Cybersecurity Reference Architecture
Download Hybrid Exchange wizard
Download Hybrid Exchange wizard
Download Hybrid Exchange wizard
Office365/Azure MFA Setup page
Azure Portal
https://aka.ms/exchange2016
Microsoft Exchange Product Page
Microsoft Support
You Had Me At EHLO… blog
Exchange 2016 documentation
Exchange 2013 documentation
Exchange 2010 documentation
Exchange 2007 documentation
Exchange2003 documentation
Exchange Server Licensing
Exchange Deployment Assistant
Microsoft Remote Connectivity Analyzer
Sender ID Framework SPF Record Wizard
Exchange Server Tools
Exchange 2010 SP1
Latest Rollup Update for Exchange 2010 SP1
Exchange 2010 Visio Stencil
Exchange Wiki Portal
Exchange 2010 Wiki
Exchange 2007 Wiki
Exchange 2003 Wiki
Navigating Exchange Content Like A Pro Using Short URLs
Office 365 URLs and IP address ranges
Manage Office365 number of remaining Office installs
Hybrid Key
Hybrid Free Busy Troubleshooter
Exchange Server Role Requirements Calculator
Office 365 Hybrid Configuration Wizard
Azure AZ Copy
Microsoft Remote Connectivity Analyzer
Anti-spoofing protection in Office 365
Get Microsoft Teams on all your devices
Microsoft Office365 Setup guidance
Download Windows 10 updates / Media creation tool
Azure Availability Zones
Microsoft Authenticator download
Azure Cosmos DB pricing
Exchange PowerShell documentation
Microsoft SQL Application Development
Download Microsoft Teams for iOS
Office 365 Admin help center
Azure Active Directory for developers
Microsoft Trustcenter
Microsoft certification and exam offers
Microsoft Techsummit
Monitor availability and responsiveness of any web site with Azure
Office365 Trust Center
https://aka.ms/exo
Exchange Online Pricing
http://aka.ms/powershell
PowerShell documentation
http://aka.ms/posh
Manoj Nair PowerShell Blog
Hackers tell all

17 April 2018

Enable Office365 MFA per User or all users - Search for users with MFA disabled

Enabling all users for MFA is relatively easy with PowerShell, and how to's are found all over the web.
But enabling MFA for one user is a bit more difficult.
Here's how to do it:

Enforce MFA per user
$MFASetting = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement -Property @{
    RelyingParty = "*"            
    State        = "Enforced"            
    }            
Set-MsolUser -UserPrincipalName 'user@domain.com' -StrongAuthenticationRequirements $MFASetting

Enforce MFA for all users

$auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement            
$auth.RelyingParty = "*"            
$auth.State = "Enforced"            
$auth.RememberDevicesNotIssuedBefore = (Get-Date)            
Get-MsolUser –All | Foreach { Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $auth }
Check the settings
$User = Get-msoluser -UserPrincipalName 'user@domain.com' | Select-Object -ExpandProperty StrongAuthenticationRequirements
$User.State

Find users with MFA enabled
Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName

Find users not MFA enabled (This is more accurate I believe)
Get-MsolUser -All | where {$_.StrongAuthenticationMethods -eq $null} | Select-Object -Property UserPrincipalName

Identify users who have registered for MFA and count the number of users.
$Registered = Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName            
$registered            
$registered.count

Identify users who have not registered for MFA and count the number of users.
$NotRegistered = Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName            
$NotRegistered            
$NotRegistered.count

Bulk enable for multiple users in csv file
Enable for multiple users
function Set-MFAUsers {            
    param (            
        [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]            
        [ValidateScript( {Test-Path $_})]              
        [Alias('FullName')]            
        [String] $Path,            
                    
        [ValidateSet('Enabled','Enforced')]            
        [String] $State = 'Enabled'            
    )            
            
    # Set MFA object            
    $MFASetting = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement -Property @{            
        RelyingParty = "*"            
        State        = $State            
    }            
                
    # Get user list            
    $Users = Get-Content -Path $Path -ReadCount -1            
            
    foreach ($user in $users)             
    {            
         $SetUser = @{            
            UserPrincipalName                = $user            
            StrongAuthenticationRequirements = $MFASetting             
            ErrorAction                      = 'Stop'              
        }            
            
        Try {            
            # Set MFA            
            Set-MsolUser @SetUser            
                        
            # Post Check            
            $ThisUser = Get-msoluser -UserPrincipalName $User |             
                Select-Object -ExpandProperty StrongAuthenticationRequirements            
            
            if ($ThisUser.State -eq $SetUser.StrongAuthenticationRequirements.State) {            
                Write-Host "[SUCCESS] UPN: $user" -ForegroundColor Green            
            }            
            else {            
                Write-Host "[FAILED ] UPN: $user" -ForegroundColor Red            
            }            
        }            
        Catch {            
             Write-Warning -Message $_.Exception.Message            
        }               
    }             
}            
            
Get-ChildItem C:\temp\MFA_Users.txt | Set-MFAUsers -State Enforced

10 April 2018

Install Exchange 2013 CU's from an elevated command prompt or elevated PowerShell

Most commonly used:

Prepare Schema:
.\Setup.exe /PrepareSschema /IAcceptExchangeServerLicenseTerms

Prepare All Domains:
.\Setup.exe /PrepareAllDdomains /IAcceptExchangeServerLicenseTerms

Prepare Domain:
.\Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

run setup /?

.\Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

The last Exchange setup files are always available in the following location:
C:\Program Files\Microsoft\Exchange Server\V15\Bin

From that location run: Setup.exe /?

Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


For detailed help, type one of the following options:

  Setup /help:Install         - Install Exchange server roles.
  Setup /help:Upgrade         - Upgrade an existing Exchange server.
  Setup /help:Uninstall       - Uninstall Exchange server roles.
  Setup /help:RecoverServer   - Recover an existing Exchange server.
  Setup /help:PrepareTopology - Prepare your topology for Exchange.
  Setup /help:Delegation      - Delegate server installations.
  Setup /help:UmLanguagePacks - Add or remove Unified Messaging
                                language packs.

To read the Exchange Server license terms,
see http://go.microsoft.com/fwlink/p/?LinkId=150127.

setup /help:install


C:\Program Files\Microsoft\Exchange Server\V15\Bin>Setup /help:Install

Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Exchange Server Installation Usage:

    Setup /Mode:Install /Roles:<roles to install> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Uninstall
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

--Exchange Server Installation Required Parameters--

/Mode:<installation mode>, /m:<installation mode>
    Specifies the operation to perform:
        . Install:    (Default)--Installs one or more server roles.
        . Uninstall:  Removes all installed server roles.
        . Upgrade:    Installs a service pack.

/Roles:<role 1, role 2>, /Role:<role>, /r:<role>
    The following are the valid server roles:
        . ClientAccess, ca
        . Mailbox, mb
        . EdgeTransport, et
        . ManagementTools, mt, t

    * This parameter can't be used when the /Mode parameter
    is set to Uninstall or Upgrade.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Exchange Server Installation Optional Parameters--

[/DisableAMFiltering]
    Disables Exchange Server anti-malware functionality.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS> or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/InstallWindowsComponents]
    Installs required Windows Server roles and features.

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%ProgramFiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Updates from the specified directory will be installed during
    setup.

[/?]
    Displays help for setup.

--Exchange Server Installation Advanced Optional Parameters--

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

[/AnswerFile:<path>, /af:<path>]
    Specifies the location of an answer file that contains advanced
    parameters for setup.
    For details, see http://go.microsoft.com/fwlink/p/?LinkId=254454.

[/CustomerFeedbackEnabled:<True | False>]
    Specify whether to participate in Customer Experience Improvement
    Program.
    The value can be True or False.

[/DbFilePath:<path>]
    Specify the full path to the mailbox database file when
    the Mailbox server role is installed.
    Role: Mailbox

[/DoNotStartTransport]
    Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

    Remarks: This parameter can only be specified during the first
    Exchange 2013 Mailbox server installation in an organization.

[/EnableErrorReporting]
    Enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose
    problems and provide solutions.

[/LogFolderPath:<path>]
    Specify the folder path to the directory where the mailbox database
    database logs should be placed when the Mailbox server role is
    installed.
    Role: Mailbox

[/MdbName:<MDB name>]
    Specify the default database name that is created when the
    Mailbox server role is installed.
    Role: Mailbox

[/TenantOrganizationConfig:<path>]
    Specifies the path to the file that contains the organization
    configuration of your Office 365 tenant. This file is created by
    running the Get-OrganizationConfig cmdlet in your Office 365
    tenant. For more information, see
    http://go.microsoft.com/fwlink/?LinkId=262888.

Setup /help:Upgrade


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server Setup Parameter Help

Upgrade Exchange Server Usage:

    Setup /Mode:Upgrade [OptionalParameters]
      /IAcceptExchangeServerLicenseTerms

--Upgrade Exchange Server Required Parameters--

/Mode:Upgrade, /m:Upgrade
    Upgrades an existing Exchange server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Upgrade Exchange Server Optional Parameters--

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that setup will use to read
    and to write to Active Directory.

[/EnableErrorReporting]
    This enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose problems
    and provide solutions.

Setup /help:Uninstall


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Exchange Server Installation Usage:

    Setup /Mode:Install /Roles:<roles to install> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Uninstall
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

--Exchange Server Installation Required Parameters--

/Mode:<installation mode>, /m:<installation mode>
    Specifies the operation to perform:
        . Install:    (Default)--Installs one or more server roles.
        . Uninstall:  Removes all installed server roles.
        . Upgrade:    Installs a service pack.

/Roles:<role 1, role 2>, /Role:<role>, /r:<role>
    The following are the valid server roles:
        . ClientAccess, ca
        . Mailbox, mb
        . EdgeTransport, et
        . ManagementTools, mt, t

    * This parameter can't be used when the /Mode parameter
    is set to Uninstall or Upgrade.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Exchange Server Installation Optional Parameters--

[/DisableAMFiltering]
    Disables Exchange Server anti-malware functionality.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS> or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/InstallWindowsComponents]
    Installs required Windows Server roles and features.

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%ProgramFiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Updates from the specified directory will be installed during
    setup.

[/?]
    Displays help for setup.

--Exchange Server Installation Advanced Optional Parameters--

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

[/AnswerFile:<path>, /af:<path>]
    Specifies the location of an answer file that contains advanced
    parameters for setup.
    For details, see http://go.microsoft.com/fwlink/p/?LinkId=254454.

[/CustomerFeedbackEnabled:<True | False>]
    Specify whether to participate in Customer Experience Improvement
    Program.
    The value can be True or False.

[/DbFilePath:<path>]
    Specify the full path to the mailbox database file when
    the Mailbox server role is installed.
    Role: Mailbox

[/DoNotStartTransport]
    Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

    Remarks: This parameter can only be specified during the first
    Exchange 2013 Mailbox server installation in an organization.

[/EnableErrorReporting]
    Enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose
    problems and provide solutions.

[/LogFolderPath:<path>]
    Specify the folder path to the directory where the mailbox database
    database logs should be placed when the Mailbox server role is
    installed.
    Role: Mailbox

[/MdbName:<MDB name>]
    Specify the default database name that is created when the
    Mailbox server role is installed.
    Role: Mailbox

[/TenantOrganizationConfig:<path>]
    Specifies the path to the file that contains the organization
    configuration of your Office 365 tenant. This file is created by
    running the Get-OrganizationConfig cmdlet in your Office 365
    tenant. For more information, see
    http://go.microsoft.com/fwlink/?LinkId=262888.

Setup /help:RecoverServer


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Recover Exchange Server Usage:

    Setup /Mode:RecoverServer [OptionalParameters]
      /IAcceptExchangeServerLicenseTerms

--Recover Exchange Server Required Parameters--

/Mode:RecoverServer, /m:RecoverServer
    Recovers an existing Exchange server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Recover Exchange Server Optional Parameters--

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%programfiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Specifies the location from which updates will be installed
    during setup.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that setup will use to read
    and to write to Active Directory.

[/EnableErrorReporting]
    This enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose problems
    and provide solutions.

[/DoNotStartTransport]
    The Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

Setup /help:PrepareTopology


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Prepare Topology Usage:

    Setup /PrepareAD [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareSchema [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareDomain [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareDomain:<domainA, domainB> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareAllDomains [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms

--Prepare Topology Required Parameters--

/PrepareAD, /p
    Prepares the Active Directory forest for the Exchange
    installation.

/PrepareSchema, /ps
    Prepares the Active Directory schema for the Exchange installation.

/PrepareDomain, /pd
    Prepares the local domain for the Exchange installation.

/PrepareDomain:<domain FQDN>, /pd:<domain FQDN>
    Prepares the specified domain(s) for the Exchange installation.

/PrepareAllDomains, /pad
    Prepares all domains in the forest for the Exchange
    installation.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Prepare Topology Optional Parameters--

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

Setup /help:Delegation


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Server Setup Delegation Usage:

    Setup /NewProvisionedServer:<server name>
      /IAcceptExchangeServerLicenseTerms
    Setup /RemoveProvisionedServer:<server name>
      /IAcceptExchangeServerLicenseTerms

--Server Setup Delegation Required Parameters--

/NewProvisionedServer:<server name>, /nprs:<server name>
    Creates a placeholder server object so that a
    delegated server administrator can run Exchange installation.

/RemoveProvisionedServer:<server name>, /rprs:<server name>
    Removes the provisioned server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

Setup /help:UmLanguagePacks


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Unified Messaging Language Pack Usage:

    Setup /AddUmLanguagePack:<cultures> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /RemoveUmLanguagePack:<cultures>
      /IAcceptExchangeServerLicenseTerms

--Unified Messaging Language Pack Required Parameters--

/AddUmLanguagePack:<cultures>
    Adds the language packs for the specified cultures.

/RemoveUmLanguagePack:<cultures>
    Removes the installed language packs.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Unified Messaging Language Pack Optional Parameters--

[/SourceDir:<path>, /s:<path>]
    Location for the Unified Messaging language pack
    for the cultures specified. Valid with /AddUmLanguagePack
    parameter only.

[/UpdatesDir:<path>, /u:<path>]
    Updates from the directory specified will be installed
    during setup.

Usage Examples:
    Setup /AddUmLanguagePack:de-DE /s:d:\Downloads\UmLanguagePacks
    Setup /AddUmLanguagePack:de-DE,fr-FR,ja-JP /s:\\myshare\langpacks
    Setup /RemoveUmLanguagePack:de-DE,fr-FR
    Setup /AddUmLanguagePack:de-DE /s:d:\Downloads /u:d:\Patches

Remarks:
    The en-US Unified Messaging language pack can't be added or removed.
    It will be installed and uninstalled with the Mailbox role.
    These operations are only valid when the Mailbox role is already
    installed on the server.