10 December 2012

Script to Force Download of the Lync 2010 Address Book

I wrote a script (batch file, really) that users can run to force a download of the Lync address book. 

The Lync address book is generated automatically on the Lync server every 24 hours at 1:30AM, local server time. You can use the Update-CsAddressBook cmdlet on the Lync server to force the server to update the address book. You will need to wait 5 minutes for the server to run the update. Look for Lync Server event 21056 from LS Address Book Server to confirm that the address book update has completed, as shown below:

The address book is then downloaded locally by the Lync client in a randomized schedule from 1 to 60 minutes after the the user signs in. Lync Server MVP Jeff Schertz wrote about this process in great detail in his post, Updating the Lync 2010 Address Book.

My script sets a GALDownloadInitialDelay key in the registry to force the Lync client to download the address book immediately after signing in. It then enumerates all the SIP_* folders in the C:\Users\username\AppData\Local\Microsoft\Communicator folder and deletes the GalContacts.db and GalContacts.db.idx files which make up the Lync address book.
@echo off
echo Clearing Lync Address Books...
reg add HKCU\Software\Policies\Microsoft\Communicator /v GALDownloadInitialDelay /t REG_DWORD /d 0 /f
If %errorlevel%==1 goto Error
if "%LOCALAPPDATA%"=="" Set LOCALAPPDATA=%USERPROFILE%\Local Settings\Application Data
dir "%LOCALAPPDATA%\Microsoft\Communicator\sip_*" /b > list.txt
FOR /F "tokens=1" %%i in (list.txt) do del "%LOCALAPPDATA%\Microsoft\Communicator\%%i\gal*.*"
echo.
echo Sign out of Lync and sign back in to download the current address book.
goto End
:Error
echo You must run this command from an elevated Command Prompt.
echo.
:End
Save the script above as ClearLyncAddressBook.bat and run it from an elevated Command Prompt. Then sign out and back into Lync and the address book will download immediately.
 
 

20 November 2012

Test-ExchangeServerHealth – PowerShell Script to Generate a Health Check Report for Exchange Server 2010

I recently came across this great script, thats shows you in an email how your Exchange environment is performing.
While the script was useful it lacked a few important things. For one thing, it only checked the mailbox server role. Also, the results were only output to the shell session, not in object form, so there wasn’t much that could be done with the results.
Today I’ve released a totally overhauled and updated version of the script that addresses those problems. Before you run the script please read the guidance below, watch the demo video, and check the known bugs and FAQ at the end of this article for current issues.
 
Download the script file here: Test-ExchangeServerHealth.ps1
 
The Test-ExchangeServerHealth.ps1 script is run from the Exchange Management Shell. You can use a few builtin parameters to control what it does.
 
.PARAMETER server
Perform a health check of a single server

.PARAMETER reportmode
Set to $true to generate a HTML report. A default file name is used if none is 
specified.

.PARAMETER reportfile
Allows you to specify a different HTML report file name than the default. 
Implies -reportmode:$true

.PARAMETER sendemail
Sends the HTML report via email using the SMTP configuration within the script. 
Implies -reportmode:$true
 
If you use the report mode you’ll get a HTML file containing the health check results, and/or an email to your designated address if you also use the send email option.
For the email functionality to work please update these variables in the script to suit your environment.
 
#...................................
# Email Settings
#...................................

$smtpServer = "ho-ex2010-mb1.exchangeserverpro.net"
$smtpTo = "administrator@exchangeserverpro.net"
$smtpFrom = "healthcheck@exchangeserverpro.net"
$messagesubject = "Exchange Server Health Check - $date"
 
 
Here is a demo video explaining how the different options work.

 
Download the script file here: Test-ExchangeServerHealth.ps1
 
Please feel free to download and try the script.
 
If you’re looking for an example of how to schedule the script to run using Task Scheduler please see this article.
Change Log:
  • V1.0, 5/07/2012 – Initial version
    V1.1, 5/08/2012 – Minor bug fixes and removed Edge Tranport checks

Bugs list and FAQ

Q: Which version of PowerShell is required?
Version 2.0 or higher. If you are running the script on a server that has Exchange 2010 roles or management tools installed then it will have v2.0. If you are running on an Exchange 2007 server check first whether v2.0 is installed. I don’t test the script on v1.0 but you are welcome to modify it as necessary to get it running on a v1.0 environment.
Q: Why do I get an error when the script sends the email report?
Make sure you’ve configured the $smtpserver variable in the Email Settings section of the script to point to a Hub Transport that either accepts anonymous users (typically an internet-facing Hub Transport), or if you’re using a separate management server or admin workstation point the $smtpserver to a Hub Transport that has a receive connector set up that the server you’re running the script on is allowed to relay through.
Q: Why is there an error when the script checks the queue for Exchange 2007 Hub Transport servers?
This is a bug that I am working on. The script was not originally intended to be backwards compatible but I will do my best to fix this bug.
Q: Why do I get errors when the script checks my Edge Transport servers?
Between firewalls and permissions the Edge Transport checks are difficult to account for so in the next version the Edge Transport role will simply be skipped by the script.
Q: Why do I get an error on the server uptime check?
This is a bug that I am working to reproduce and eliminate.
Q: What should I do when the script report an error/fail on my servers?
The script doesn’t perform any diagnostics when it detects an error, it only reports them to you. When you see an error you should investigate further using the management tools and cmdlets that are provided by Exchange.
If you are encountering situations where the script reports errors that turn out to be false alarms please let me know and I will do my best eliminate those false alarms.
Q: Can you add feature X to the script?
Currently I am working on the following feature improvements:
  • DAG/database copy health
  • Ability to specify a file name containing a static list of servers to check
If you have other health check related features you’d like to see included please let me know in the comments below.
 

Enabling and disabling Outlook Anywhere Per User

RPC/HTTPS was the first name when outlook anywhere access was introduced with Exchange Server 2003. Exchange 2003 did not provide a very granular control on it though. With increase in productivity it also brought a concern with it. It could allow configuring user’s mailbox on any outlook client even if the user was not supposed to do it.
Result, people could make unauthorized copies of their mailboxes on their home PCs and laptops.
Exchange 2007 SP1 and later has a great feature of disabling outlook anywhere access per user basis.

It is a very simple process of running few commands in powershell and the administrator is done with the configuration. Lets take a look:

To enable outlook anywhere for a single user:
Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False

To disable outlook anywhere for a single user:
Get-Mailbox –Identity "username" | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True

To enable it for all users:
Get-Mailbox –ResultSize Unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False

To disable it for all users:
Get-Mailbox –ResultSize Unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True

To enable it for multiple users only:
  • Identify the user who need to be blocked access to Outlook Anywhere.
  • Make a list of all such user’s user accounts.
  • Put it in a simple text file as below:
User1
User2
User3
  • Now save this text file to any location you want with name Mailboxes.txt. For example D:Mailboxes.txt
  • Simply run the script below.
$Mailboxes = Get-Content D:Mailboxes.txt
Foreach ($Mailbox in $Mailboxes)
{
Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$false -Verbose
}


To disable it for multiple users only:
  • Identify the user who need to be blocked access to Outlook Anywhere.
  • Make a list of all such user’s user accounts.
  • Put it in a simple text file as below:
User1
User2
User3
  • Now save this text file to any location you want with name Mailboxes.txt. In my case it is D:Mailboxes.txt
  • Simply run the script below.
$Mailboxes = Get-Content D:Mailboxes.txt
Foreach ($Mailbox in $Mailboxes)
{
Set-CASMailbox -Identity $Mailbox -MAPIBlockOutlookRpcHttp:$true -Verbose
}


Source

18 November 2012

How to increase the maximum simultaneous move-requests in Exchange Server 2010

As of Exchange Server 2010 we no longer have the ability to use the cmd-let Move-Mailbox and specify the -Maxthread ability to change how many mailboxes to move simultaneous.

In Exchange Server 2010 we now use New-MoveRequest and default it moves 5 mailboxes at the same time. For 1500 mailboxes it could take days.

To change the maximum number of simultaneous moves we must on every CAS server edit the file:

MSExchangeMailboxReplication.exe.config

Under the MRSConfiguration section change these fields into a desired value:

MaxActiveMovesPerSourceMDB = "25"
MaxActiveMovesPerTargetMDB = "25"
MaxActiveMovesPerSourceServer = "50"
MaxActiveMovesPerTargetServer = "25"
MaxTotalMovesPerMRS = "100"

Now we must restart the Microsoft Exchange Mailbox Replication Service.
From Powershell:

restart-service MSExchangeMailboxReplication

Source

How to add a "Sign In Again" button to the Exchange 2010 OWA Sign Out page

By default when you click "Sign Out" in OWA 2010, Exchange 2010 directs you to a page that explains that you have successfully logged off from Outlook Web Access. The only button available, "Close Window", closes the existing browser window or tab. This article explains how to add a "Sign In Again" button to the logoff.aspx page, as shown below:


To add the Sign In Again button, follow these steps on each Exchange 2010 Client Access Server (CAS):
  • Logon to the CAS using a local Administrator account.
  • Using Windows Explorer, navigate to the %ProgramFiles%\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth folder and make a copy of the logoff.aspx file for backup.
  • Edit the logoff.aspx file using Notepad.
  • Use Find to search for the word logoffclose. In Exchange 2010 SP1 beta this will be line 123.
  • Insert the following code before this line, as a single line:
<input id="btnCls" type="submit" class="btn" title="Click here to sign in again." value="Sign In Again" onclick="window.navigate('/owa')" onmouseover="this.className='btnOnMseOvr'" onmouseout="this.className='btn'" onmousedown="this.className='btnOnMseDwn'">
  • Save the logoff.aspx file.
  • Copy the new logoff.aspx file to the same file path on all your 2010 CAS servers.
Remember that applying any Exchange 2010 Service Pack or Update Rollup to your CAS servers will overwrite the login changes you made, so create a copy of the edited logoff.aspx file to reapply the Logon Again button after the update. Also know that Service Packs and Update Rollups could possibly include changes to the logoff.aspx page, so you may need to follow these steps again to edit the new page included in the update.

Edit:

You can also add the following line to get the redirection automatically.

<--- start of the snippet-->
window.navigate('https://<servername>/owa')         
Owa.ExecCommand.execute(document, "ClearAuthenticationCache", false);
<--- end of the snippet-->

And for Firefox users:

<--- start of the snippet-->
window.location('https://<servername>/owa')         
Owa.ExecCommand.execute(document, "ClearAuthenticationCache", false);
<--- end of the snippet-->
 
Source