Every now and then Exchange messes up the mailbox types after moving between databases.
Here's how to change the mailbox types:
Linked;
Set-User "User Name" -LinkedMasterAccount $null
Legacy;
set-Mailbox alias -ApplyMandatoryProperties
Shared;
Set-Mailbox "Alias" -Type Regular
From user type to Shared type
Set-Mailbox "Username" -Type Shared
About: Exchange 2013-2016-2019-Online - Powershell - Windows 2012-2016-2019 - Teams - Office365 - PKI - Microsoft365
24 June 2013
17 June 2013
“Upgrade” Distribution Groups after moving from Exchange 2003 To 2010 and find empty distribution lists
When migrating from Exchange 2003 to Exchange 2010, you have to upgrade the distribution groups to 2010 level.
Here's how;
While co-existing Exchange 2003 with 2010, the “membership approval tab” on the distribution groups property page is all grayed out. You can’t manage any settings in that tab at all. The behaviour is the same for universal and global groups.
If you make any change to the group (like editing the name), the console asks whether you want to upgrade the object and that you no longer will be able to manage it with legacy Exchange tools.
Another efficient way of upgrading the distribution group is to use PowerShell. Run the command below to upgrade.
Set-DistributionGroup –identity “groupname” –ForceUpgrade
Get-DistributionGroup –resultsize unlimited | Set-DistributionGroup –ForceUpgrade
After this some cleanup may be required. Deleting the empty DSG's
$dls= get-distributiongroup -resultsize unlimited
$dls |? {!(get-distributiongroupmember $_)}
When the powershell command returns, it shows the distributiongroups that have no members.
Name DisplayName GroupType PrimarySmtpAddress
---- ----------- --------- ------------------
DSGname DSGDisplayname Global,SecurityEnabled DSGSMTPaddress
---- ----------- --------- ------------------
DSGname DSGDisplayname Global,SecurityEnabled DSGSMTPaddress
Labels:
Exchange 2010,
Powershell
Location:Utrecht
Utrecht, Nederland
04 June 2013
Find and reset disconnected RDP Sessions
We have a lot of servers. When I get disconnected, I may leave hanging sessions on those servers which I forget to properly close. Then, after I change the password for my admin account, I sometimes get locked out as a result of what I had open in the now disconnected session.
Tracking this down is always annoying and time consuming.
When users (including administrators) are terminated, you want to find and reset those sessions too.
ServerSessions.vbs is a script for admins to run to track down sessions on servers and optionally reset them. You can list sessions on all servers in a domain, and reset either all or just disconnected sessions
The script in VBS:
'ServerSessions.vbs
'Lists and optionally resets a user's server sessions
'Alan dot Kaplan at VA dot Gov.
'10/24/2011. 10/26 version fixed logging when list only
Option Explicit
dim wshShell
Set wshShell = WScript.CreateObject("WScript.Shell")
Dim retval
Const ADS_CHASE_REFERRALS_ALWAYS = &H20
Dim oConn, oCmd, oRS
Dim strADSPath, strADOQuery
Dim strDomainCN
Dim fso,logfile, appendout
Dim strUser, strSessionID
'Get the default ADsPath for the domain to search.
Dim root: Set root = GetObject("LDAP://rootDSE")
strADSPath = root.Get("defaultNamingContext")
Const ForAppend = 8
Set fso = CreateObject("Scripting.FileSystemObject")
If (Not IsCScript()) Then 'If not CScript, re-run with cscript...
dim quote
quote=chr(34)
WshShell.Run "CScript.exe " & quote & WScript.ScriptFullName & quote, 1, true
WScript.Quit '...and stop running as WScript
End If
If InStr(1,MyOS,"Server",1) = 0 Then
MsgBox "You must run this from server OS",vbExclamation + vbOKOnly,"Error"
'WScript.Quit
End If
retval = MsgBox("This script will identify and optionally logoff disconnected sessions for a user on all of the servers " & _
"in AD within a domain. Do you want to continue?",vbYesNo + vbQuestion,"Get List of all Servers")
If retval = vbNo Then WScript.Quit
strADSPath = InputBox("Get server list from what domain","Domain",strADSPath)
If strADSPath = "" Then WScript.Quit
strUser = InputBox("Search for what username?","User Name",wshShell.ExpandEnvironmentStrings("%USERNAME%"))
If strUser = "" Then WScript.Quit
dim message
message = "Do you want to:" & VbCrLf & _
"1) Get list only" & VbCrLf & _
"2) Reset disconnected sessions" & VbCrLf & _
"3) Reset all sessions for user" & VbCrLf & _
"0) Quit"
Dim iActionType
iActionType = InputBox(message,"Choose Action",1)
iActionType = CDbl(iActionType)
If iActionType = 0 Then WScript.Quit
GetServerList
wshShell.Run "notepad.exe " & quote & logfile & quote
' =========== Functions and Subs ==========
Sub GetServerList()
'--- Set up the connection ---
Set oConn = CreateObject("ADODB.Connection")
Set oCmd = CReateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "ADs Provider"
Set oCmd.ActiveConnection = oConn
oCmd.Properties("Page Size") = 50
ocmd.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS
logfile = Replace(strADSPath,",","_")
logfile = Replace(logfile,"DC=","")
logfile = wshShell.ExpandEnvironmentStrings("%userprofile%") & "\desktop\" & strUser & " In " & logfile & ".txt"
If fso.FileExists(logfile) Then fso.DeleteFile logfile,True
set AppendOut = fso.OpenTextFile(logfile, ForAppend, True)
strDomainCN = DomainCN(strADSPath)
'--- Build the query string ---
strADOQuery = "<LDAP://" & strDomainCN & "/" & strADSPath & ">;" & "(&(OperatingSystem=*Server*)(objectClass=computer))" & ";" & _
"Name;subtree"
oCmd.CommandText = strADOQuery
'--- Execute the query for the object in the directory ---
Set oRS = oCmd.Execute
If oRS.EOF and oRS.Bof Then
MsgBox "No Servers AD entries found!",vbCritical + vbOKOnly,"Failed"
appendout.WriteLine "Query Failed"
Else
While Not oRS.Eof
SessionQuery oRS.Fields("Name")
oRS.MoveNext
Wend
End If
oRS.Close
oConn.Close
End Sub
Sub SessionQuery (strServer)
WScript.Echo "Checking " & strServer
dim objEx, data
Set objEx = WshShell.Exec("QWinsta /server:" & strServer)
'one line at a time
While Not (objEx.StdOut.AtEndOfStream)
data = objEx.StdOut.ReadLine
If InStr(1,data,strUser,1) Then
strSessionID = GetSession(data)
if iactionType = 1 then
EchoAndLog strServer & ",found session for " & strServer
Else
Wscript.echo strServer & ",found session for " & strServer
End if
'always logoff
If iActionType = 3 Then ResetSession strServer, strSessionID
'Logoff disconnected
If iActionType =2 And InStr(1,data,"disc",1) Then
ResetSession strServer,strSessionID
End If
End If
Wend
End Sub
Sub ResetSession(strServer, ID)
Dim strCommand, oExec
strCommand = "reset session " & id & " /server:" & strServer
Set oExec = WshShell.Exec(strCommand)
wscript.sleep 500
'this is typically empty
While Not (oExec.StdOut.AtEndOfStream)
EchoAndLog oExec.StdOut.ReadLine
Wend
If oExec.ExitCode <> 0 Then
EchoAndLog strServer & ",Problem resetting session " & ID & " on server " & strServer & ", Non-zero exit code, " & oExec.exitcode
Else
EchoAndLog strServer & ",Reset session " & ID & " on server " & strServer
End If
End Sub
Function DomainCN(strPath)
DomainCN = Replace(strPath,",",".")
DomainCN= Replace(DomainCN,"DC=","")
End Function
Function MyOS()
Dim oWMI,ColOS,ObjOS, OSver
Set oWMI = GetObject("winmgmts:\\.\root\cimv2")
Set ColOS = oWMI.ExecQuery("SELECT Caption, version FROM Win32_OperatingSystem")
For Each ObjOS In ColOS
MyOS = objOS.caption & Space(1) & objos.version
Next
End Function
Function GetSession(text)
text = strip(lcase(Text))
Dim tArray, i
tArray = Split(text,Space(1))
i = 0
While tArray(i) <> lCase(strUser)
i = i +1
Wend
GetSession = tArray(i+1)
End Function
Function Strip(text)
text = Replace(text,vbtab,Space(1))
While InStr(text,Space(2)) > 0
text = replace(text,Space(2),Space(1))
Wend
Strip = text
End Function
Sub EchoAndLog (message)
'Echo output and write to log
Wscript.Echo message
AppendOut.WriteLine message
End Sub
Function IsCScript()
If (InStr(UCase(WScript.FullName), "CSCRIPT") <> 0) Then
IsCScript = True
Else
IsCScript = False
End If
End Function
Source
Tracking this down is always annoying and time consuming.
When users (including administrators) are terminated, you want to find and reset those sessions too.
ServerSessions.vbs is a script for admins to run to track down sessions on servers and optionally reset them. You can list sessions on all servers in a domain, and reset either all or just disconnected sessions
The script in VBS:
'ServerSessions.vbs
'Lists and optionally resets a user's server sessions
'Alan dot Kaplan at VA dot Gov.
'10/24/2011. 10/26 version fixed logging when list only
Option Explicit
dim wshShell
Set wshShell = WScript.CreateObject("WScript.Shell")
Dim retval
Const ADS_CHASE_REFERRALS_ALWAYS = &H20
Dim oConn, oCmd, oRS
Dim strADSPath, strADOQuery
Dim strDomainCN
Dim fso,logfile, appendout
Dim strUser, strSessionID
'Get the default ADsPath for the domain to search.
Dim root: Set root = GetObject("LDAP://rootDSE")
strADSPath = root.Get("defaultNamingContext")
Const ForAppend = 8
Set fso = CreateObject("Scripting.FileSystemObject")
If (Not IsCScript()) Then 'If not CScript, re-run with cscript...
dim quote
quote=chr(34)
WshShell.Run "CScript.exe " & quote & WScript.ScriptFullName & quote, 1, true
WScript.Quit '...and stop running as WScript
End If
If InStr(1,MyOS,"Server",1) = 0 Then
MsgBox "You must run this from server OS",vbExclamation + vbOKOnly,"Error"
'WScript.Quit
End If
retval = MsgBox("This script will identify and optionally logoff disconnected sessions for a user on all of the servers " & _
"in AD within a domain. Do you want to continue?",vbYesNo + vbQuestion,"Get List of all Servers")
If retval = vbNo Then WScript.Quit
strADSPath = InputBox("Get server list from what domain","Domain",strADSPath)
If strADSPath = "" Then WScript.Quit
strUser = InputBox("Search for what username?","User Name",wshShell.ExpandEnvironmentStrings("%USERNAME%"))
If strUser = "" Then WScript.Quit
dim message
message = "Do you want to:" & VbCrLf & _
"1) Get list only" & VbCrLf & _
"2) Reset disconnected sessions" & VbCrLf & _
"3) Reset all sessions for user" & VbCrLf & _
"0) Quit"
Dim iActionType
iActionType = InputBox(message,"Choose Action",1)
iActionType = CDbl(iActionType)
If iActionType = 0 Then WScript.Quit
GetServerList
wshShell.Run "notepad.exe " & quote & logfile & quote
' =========== Functions and Subs ==========
Sub GetServerList()
'--- Set up the connection ---
Set oConn = CreateObject("ADODB.Connection")
Set oCmd = CReateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "ADs Provider"
Set oCmd.ActiveConnection = oConn
oCmd.Properties("Page Size") = 50
ocmd.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS
logfile = Replace(strADSPath,",","_")
logfile = Replace(logfile,"DC=","")
logfile = wshShell.ExpandEnvironmentStrings("%userprofile%") & "\desktop\" & strUser & " In " & logfile & ".txt"
If fso.FileExists(logfile) Then fso.DeleteFile logfile,True
set AppendOut = fso.OpenTextFile(logfile, ForAppend, True)
strDomainCN = DomainCN(strADSPath)
'--- Build the query string ---
strADOQuery = "<LDAP://" & strDomainCN & "/" & strADSPath & ">;" & "(&(OperatingSystem=*Server*)(objectClass=computer))" & ";" & _
"Name;subtree"
oCmd.CommandText = strADOQuery
'--- Execute the query for the object in the directory ---
Set oRS = oCmd.Execute
If oRS.EOF and oRS.Bof Then
MsgBox "No Servers AD entries found!",vbCritical + vbOKOnly,"Failed"
appendout.WriteLine "Query Failed"
Else
While Not oRS.Eof
SessionQuery oRS.Fields("Name")
oRS.MoveNext
Wend
End If
oRS.Close
oConn.Close
End Sub
Sub SessionQuery (strServer)
WScript.Echo "Checking " & strServer
dim objEx, data
Set objEx = WshShell.Exec("QWinsta /server:" & strServer)
'one line at a time
While Not (objEx.StdOut.AtEndOfStream)
data = objEx.StdOut.ReadLine
If InStr(1,data,strUser,1) Then
strSessionID = GetSession(data)
if iactionType = 1 then
EchoAndLog strServer & ",found session for " & strServer
Else
Wscript.echo strServer & ",found session for " & strServer
End if
'always logoff
If iActionType = 3 Then ResetSession strServer, strSessionID
'Logoff disconnected
If iActionType =2 And InStr(1,data,"disc",1) Then
ResetSession strServer,strSessionID
End If
End If
Wend
End Sub
Sub ResetSession(strServer, ID)
Dim strCommand, oExec
strCommand = "reset session " & id & " /server:" & strServer
Set oExec = WshShell.Exec(strCommand)
wscript.sleep 500
'this is typically empty
While Not (oExec.StdOut.AtEndOfStream)
EchoAndLog oExec.StdOut.ReadLine
Wend
If oExec.ExitCode <> 0 Then
EchoAndLog strServer & ",Problem resetting session " & ID & " on server " & strServer & ", Non-zero exit code, " & oExec.exitcode
Else
EchoAndLog strServer & ",Reset session " & ID & " on server " & strServer
End If
End Sub
Function DomainCN(strPath)
DomainCN = Replace(strPath,",",".")
DomainCN= Replace(DomainCN,"DC=","")
End Function
Function MyOS()
Dim oWMI,ColOS,ObjOS, OSver
Set oWMI = GetObject("winmgmts:\\.\root\cimv2")
Set ColOS = oWMI.ExecQuery("SELECT Caption, version FROM Win32_OperatingSystem")
For Each ObjOS In ColOS
MyOS = objOS.caption & Space(1) & objos.version
Next
End Function
Function GetSession(text)
text = strip(lcase(Text))
Dim tArray, i
tArray = Split(text,Space(1))
i = 0
While tArray(i) <> lCase(strUser)
i = i +1
Wend
GetSession = tArray(i+1)
End Function
Function Strip(text)
text = Replace(text,vbtab,Space(1))
While InStr(text,Space(2)) > 0
text = replace(text,Space(2),Space(1))
Wend
Strip = text
End Function
Sub EchoAndLog (message)
'Echo output and write to log
Wscript.Echo message
AppendOut.WriteLine message
End Sub
Function IsCScript()
If (InStr(UCase(WScript.FullName), "CSCRIPT") <> 0) Then
IsCScript = True
Else
IsCScript = False
End If
End Function
Source
Labels:
Windows 2008,
WIndows 2008 R2,
Windows 2012,
windows 7,
Windows 8
Location:Utrecht
Utrecht, Nederland
How to and why block Linkedin access to your organization
This comes from Adam Fowler from www.adamfowlerit.com
Some more indepth view and testing was done by Paul Cunningham from www.exchangeserverpro.com
Recently Linkedin added a new feature to their site.
It gives you the abillity to search for contacts on your company address book.
How handy that may seem, the other side of this is that Linkedin is given your login credentials to the corporate Exchange environment.
I case of a security breach or hack over at our friends at Linkedin, your username, password, email address and webmail url are in the wrong hands posing a serious security issue.
So, here's how to stop Linkedin from accessing your Exchange servers:
First, under the Set-OrganizationConfig area, you'll need to check that EwsApplicationAccessPolicy is set to 'EnforceBlockList'
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy :
EwsAllowList :
EwsBlockList :
If it shows up empty like above, you have to enable the blocklist.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsApplicationAccessPolicy enforceblocklist
[PS] C:\Windows\system32>
Next, you need to add LinkedIn into the BlockList.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsBlockList LinkedInEWS
Lets see how that looks.
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy : EnforceBlockList
EwsAllowList :
EwsBlockList : {LinkedInEWS}
Adam Fowler's source
Paul Cunninham's source
Some more indepth view and testing was done by Paul Cunningham from www.exchangeserverpro.com
Recently Linkedin added a new feature to their site.
It gives you the abillity to search for contacts on your company address book.
How handy that may seem, the other side of this is that Linkedin is given your login credentials to the corporate Exchange environment.
I case of a security breach or hack over at our friends at Linkedin, your username, password, email address and webmail url are in the wrong hands posing a serious security issue.
So, here's how to stop Linkedin from accessing your Exchange servers:
First, under the Set-OrganizationConfig area, you'll need to check that EwsApplicationAccessPolicy is set to 'EnforceBlockList'
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy :
EwsAllowList :
EwsBlockList :
If it shows up empty like above, you have to enable the blocklist.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsApplicationAccessPolicy enforceblocklist
[PS] C:\Windows\system32>
Next, you need to add LinkedIn into the BlockList.
[PS] C:\Windows\system32>Set-OrganizationConfig -EwsBlockList LinkedInEWS
Lets see how that looks.
[PS] C:\Windows\system32>Get-OrganizationConfig | fl ews*
EwsEnabled :
EwsAllowOutlook :
EwsAllowMacOutlook :
EwsAllowEntourage :
EwsApplicationAccessPolicy : EnforceBlockList
EwsAllowList :
EwsBlockList : {LinkedInEWS}
Adam Fowler's source
Paul Cunninham's source
Labels:
Exchange 2010,
Linkedin,
Powershell
Location:Utrecht
Utrecht, Nederland
Subscribe to:
Posts (Atom)