Install and configure Active Directory Certificate Authority Web Enrollment:
Import-Module ServerManager Add-WindowsFeature Adcs-Web-Enrollment Install-AdcsWebEnrollmentGet the top30 largest mailboxes per mailboxdatabase:
Get-Mailbox -Database databasename | Get-MailboxStatistics | Sort-Object totalitemsize -Descending| Select-Object DisplayName,TotalItemSize -First 30Get all members in a dynamic distribution group:
$dyn = Get-DynamicDistributionGroup "distributiongroupname" Get-Recipient -RecipientPreviewFilter $dyn.recipientfilter -OrganizationalUnit $dyn.recipientcontainerGet emailaddresspolicy setting for all users and set to True:
Get-Mailbox -ResultSize Unlimited | Where {$_.EmailAddressPolicyEnabled -eq $False} | Set-Mailbox -EmailAddressPolicyEnabled $true
Install HTMLOutView module:Install-Module PSWriteHTML -ForceInstall the latest PowerShellCore version:
Invoke-Expression "& { $(Invoke-RestMethod https://aka.ms/install-powershell.ps1) } -UseMSI"
Install the latest PowerShellGet version:Install-Module PowerShellGet -ForceFind the number of users that connect through OWA:
"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT cs-username, Count(*) AS OWAHits from \\sr-xxxxx\d$\IISLogs\W3SVC1\u_ex*.log WHERE cs-uri-stem LIKE '/OWA/' AND cs-username IS NOT NULL GROUP BY cs-username ORDER BY OWAHits Desc" -rtp:-1Find all soft deleted mailboxes
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason -eq "SoftDeleted" } | Format-Table DisplayName,Database,DisconnectDate
Permanently delete soft deleted mailboxesRemove-StoreMailbox -Database MBX02 -Identity "John Doe" -MailboxState SoftDeletedDelete all soft deleted mailboxes per database
Get-MailboxStatistics -Database MBX02 | where {$_.DisconnectReason -eq "SoftDeleted"} | ForEach
{Remove-StoreMailbox -Database $_.Database -Identity $_.MailboxGuid -MailboxState SoftDeleted}
Update the Offline Addressbook and the Global AddressbookGet-OfflineAddressBook | Update-OfflineAddressBook Get-GlobalAddressList | Update-GlobalAddressListUpdate Windows Defender manually:
"%programfiles%\windows defender\mpcmdrun.exe" -signatureupdate -httpSearch for IMAP enabled mailboxes:
Get-CASMailbox -ResultSize unlimited | where {$_.ImapEnabled -eq $true} | FL name | out-file C:\temp\imapenabled.txt
Enable Remote Desktop locally:Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 1Or including the firewall rule:
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null Get-NetFirewallRule -DisplayName "Remote Desktop*" | Set-NetFirewallRule -enabled trueAdd a user to blocked senders
Set-MailboxJunkEmailConfiguration -Identity "UserName" –BlockedSendersandDomains @{Add="somebody@domain.com"}
Check if set correctlyGet-MailboxJunkEmailConfiguration -Identity "UserName" | FL BlockedSendersandDomains
To Remove a user from blocked sendersSet-MailboxJunkEmailConfiguration -Identity "UserName" –BlockedSendersandDomains @{Remove="somebody@domain.com"}
Delete the file "desktop.ini" from 2 directories deep:get-childitem -path \\domain.lan\sharename\users\home\*\* -force -filter "desktop.ini" | foreach ($_) {remove-item $_.fullname -force
-verbose 4>> c:\temp\desktopiniresults.txt}
Set UPN to match Mail Address for Office365 use:
Get-User -OrganizationalUnit "domain.com/OUName" -ResultSize unlimited | Where { -Not [string]::IsNullOrEmpty($_.WindowsEmailAddress) } |
ForEach { Set-User -Identity $_.Guid.ToString() -UserPrincipalName $_.WindowsEmailAddress.ToString() }
Allow Windows 10 PC in workgroup to manage Hyper-v server:winrm quickconfig -force
winrm set winrm/config/client ‘@{TrustedHosts=”Name of the Server”}’
Enable protocol logging for IMAPSet-ImapSettings -Server "CAS01" -ProtocolLogEnabled $trueDisable protocol logging for IMAP
Set-ImapSettings -Server "CAS01" -ProtocolLogEnabled $falseRecreate the Sharedwebconfig.config files for Exchange 2013:
cd %ExchangeInstallPath%\bin DependentAssemblyGenerator.exe -exchangePath "%ExchangeInstallPath%bin" -exchangePath "%ExchangeInstallPath%ClientAccess" -configFile "%ExchangeInstallPath%ClientAccess\SharedWebConfig.config" DependentAssemblyGenerator.exe -exchangePath "%ExchangeInstallPath%bin" -exchangePath "%ExchangeInstallPath%FrontEnd\HttpProxy" -configFile "%ExchangeInstallPath%FrontEnd\HttpProxy\SharedWebConfig.config"Get the list of network profiles on the system.
Get-NetConnectionProfile
Change the network interface to private, use the network interface index number from the previous command.Set-NetConnectionProfile -InterfaceIndex 10 -NetworkCategory Private
Get Exchange build number:Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersion
Get Exchange Schema version:"Exchange Schema Version = " + ([ADSI]("LDAP://CN=ms-Exch-Schema-Version-Pt," + ([ADSI]"LDAP://RootDSE").schemaNamingContext)).rangeUpper
Set Default Addressbook Policy and Retention Policy for all mailboxes at once:Get-Mailbox -ResultSize unlimited | Set-mailbox -AddressBookPolicy "Your AddressBookPolicy" -RetentionPolicy "Your - Default Policy"Quickly add the Exchange PowerShell module to a regular PowerShell console:
Add-PSSnapin *exchange*Add multiple aliasses at once:
Set-Mailbox "UserName" -EmailAddresses @{add="UserName01@domain.com","UserName02@domain.com","UserName03@domain.com","UserName04@domain.com",
"UserName05@domain.com","UserName06@domain.com","UserName07@domain.com","UserName08@domain.com","UserName09@domain.com","UserName10@domain.com",
"UserName11@domain.com","UserName12@domain.com","UserName13@domain.com","UserName14@domain.com","UserName15@domain.com","UserName16@domain.com",
"UserName17@domain.com","UserName18@domain.com","UserName19@domain.com","UserName20@domain.com"}
List all mailboxes that have a forwarding addressGet-mailbox -Resultsize Unlimited | select DisplayName,ForwardingAddress | where {$_.ForwardingAddress -ne $Null}
Send Output to Clipboard with PowerShellGet-EventLog application -Newest 1 | clip
Find specific Help articles with PowershellGet-Help about_
press tab to cycle through the matchesFind white space (Available new mailbox space) in all databases
Get-MailboxDatabase -Status | sort name | select name,@{Name='DB Size (Gb)'; Expression={$_.DatabaseSize.ToGb()}},@{Name='Available New Mbx Space Gb)'; Expression={$_.AvailableNewMailboxSpace.ToGb()}}Create Powershell profile
New-Item -path $profile -type file –forceEdit the newly created profile in the following location
C:\Users\Username\Documents\WindowsPowerShell
Load all Powershell available modules at once:
Get-Module -ListAvailable | Import-Module
Turn off shutdown tracker for Windows serverNew-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability"Combine multiple files into one;Set-ItemProperty-Path"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Reliability"-NameShutdownReasonOn-Value0
Get-ChildItem -filter "c:\temp\*.html" | % { Get-Content $_ -ReadCount 0 | Add-Content "c:\temp\combined_files.html" } Or: Get-Content -path c:\temp\eventlogs\*.html | Add-Content -Path C:\temp\Eventlogs\combined.htmlGet users with imap enabled:
Get-CASMailbox -ResultSize unlimited | Where-Object {$_.imapenabled -eq "true"} | fl name,imapenabled
Get empty AD groups and email the output;$body=Get-ADGroup -Filter * -Properties Members | where {-not $_.members} | select Name Send-MailMessage -smtpserver smtp.domain.lan -subject "Empty groups" -to "user1@domain.com,user2@domain.com" -from "user@domain.com" -Body ( $Body | out-string )Set send on behalf of rights;
Set-Mailbox UserMailbox -GrantSendOnBehalfTo UserWhoSends
View who has which permissions on a user mailbox;Get-MailboxFolderPermission -Identity "alias:\postvak in" | fl
(for Dutch)Get-MailboxFolderPermission -Identity "alias:\inbox" | fl
(for English)View who has which permissions on a user calendar;
Get-MailboxFolderPermission -Identity alias:\agenda | fl
(for Dutch)Get-MailboxFolderPermission -Identity alias:\calendar | fl
(for English)Remove user rights on a mailbox/folder for an other user:
Remove-MailboxFolderPermission -Identity username1:\agenda -User username2
Add user rights on a mailbox/folder for an other user:Add-MailboxFolderPermission -Identity username1:\agenda -AccessRights Publishingeditor -User username2
MAPI encryption enabled or disabled; (for Outlook 2003 clients)Get-RpcClientAccess | fl encryp*,server
View blocked ActiveSync devices, in "Blocked" state for longer than a month;Get-ActiveSync Device | Where {$_.DeviceAccessState -eq "blocked"} | Select DeviceModel | ft -auto
Delete "Blocked" activesync devices, in "Blocked" state for longer than a month;Get-ActiveSync Device | Where {$_.DeviceAccessState -eq "Quarantined" -and $_.FirstSyncTime
-lt (Get-Date).AddMonths(-1)} | Remove-ActiveSyncDevice
Delete all ActiveSync devices with DeviceAccessState "Blocked";
Get-ActiveSyncDevice | Where {$_.DeviceAccessState -eq "Blocked"} |
Remove-ActiveSyncDevice
To retrieve all Exchange-related events:
Get-EventLog Application | Where { $_.Source -Ilike “*Exchange*” }
