Exchange Server – Interface Technical Training https://www.interfacett.com Wed, 21 Jun 2017 19:26:18 +0000 en-US hourly 1 Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server https://www.interfacett.com/blogs/using-powershell-to-manage-dynamic-distribution-groups-and-recipient-filters-in-exchange-server/ https://www.interfacett.com/blogs/using-powershell-to-manage-dynamic-distribution-groups-and-recipient-filters-in-exchange-server/#comments Wed, 19 Mar 2014 17:05:12 +0000 http://www.interfacett.com/blogs/?p=?p=17051 PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server. Dynamic Distribution Groups in Exchange Server are a little bit different than your typical Distribution Group. For example, if I go into this Marketing Distribution Group … Continue reading Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server

The post Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server appeared first on Interface Technical Training.

]]>
PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript: Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server.

Dynamic Distribution Groups in Exchange Server are a little bit different than your typical Distribution Group.

001-Dynamic-Distribution-Groups-using-PowerShell

For example, if I go into this Marketing Distribution Group and take a look at the members, you can see that this is a static list of members straight out of active directory that have mailboxes.

002-members-Dynamic-Distribution-Groups-using-PowerShell

The group of users in this list is determined long before anybody ever sends an email message to it. The idea with Dynamic Distribution Groups is that we can basically determine that membership list based off of a query. This would be a query of maybe the users have a certain attribute for their job title or their department or a number of other things.

In the actions screen you can see that we have the ability to create a dynamic Distribution Group in addition to just a regular Distribution Group.

003-members-Dynamic-Distribution-Groups-using-PowerShell

Let’s go ahead and run through that real quick.

I’m going to click on new dynamic Distribution Group and I’m going to call this one Human Resources. The alias will be the same just no spaces involved here, HumanResources.

004-new-Dynamic-Distribution-Groups-using-PowerShell

I’m going to hit next and here are the filter settings that we’re using as a way to define membership list.

005-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

I’m going to scope this group.

It’s basically anything in Active Directory.

006-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

I’ve got one domain in a single forest so I want to look for any recipients in that entire domain and forest and I’m going to let all recipient types to be affected by this.

007-all-recipient-types-Dynamic-Distribution-Groups-using-PowerShell

Here are really my conditions. I have a few options here in the graphical.

008-new-conditions-Dynamic-Distribution-Groups-using-PowerShell

I can say well maybe the recipient is in that HR department.

009-new-conditions-Dynamic-Distribution-Groups-using-PowerShell

I’ve got the ability to key that out to company or the state or some of these custom attributes but that’s about it.

In a scenario where I have more criteria using the GUI is a little limiting. We can use PowerShell to add multiple attributes to this that aren’t on this list. For example, I might want the job title to be part of that query as well. Instead of creating this with the GUI, I’m actually going to go in the Shell and do this.

Let’s bring this up and the cmdlet for this is New-DynamicDistributionGroup.

010-cmndlet-NewDynamicDistributionGroup-PowerShell

I’m going to call this ‘Human Resources’ again. This will be the display name that my recipient container will be uss.local.

011-cmndlet-NewDynamicDistributionGroup-PowerShell

I’m going to use the recipient filter parameter. It’s hard to see this here because its line wrapping but it’s the recipient filter parameter.

012-cmndlet-NewDynamicDistributionGroup-PowerShell

I want to specify my filter syntax using something called OPATH. Good thing is it looks just like a filter you would write in typical PowerShell. Starting with Exchange 2007, we no longer use LDAT filters and we use OPATH‑filtering syntax.

I’m going to open a curly brace { and I’m going to say title, that’s the property that I’m interested here equals HR manager and I’m going to close that off there.

013-cmndlet-NewDynamicDistributionGroup-PowerShell

I’m using single quotes here because there’s a space in that string. I’m also going to do a dash or (-or). I’m going to look for two separate things either have a department attribute set to HR or the department title or the user title, I should say, set to HR manager.

014-cmndlet-NewDynamicDistributionGroup-PowerShell

This is using a filter that I couldn’t actually do in the graphical console. Let me hit enter to create this group. It looks like I’ve misspelled one of my attributes here so it should be department. Again, make sure you read the errors.

015-cmndlet-NewDynamicDistributionGroup-PowerShell

It tells me exactly what the problem is, the filter, the property that I’ve been trying to use is not valid. Basically, I had to re‑read that notice that I have misspelled it. Let’s try that again. Hit enter and OK, now that’s created.

016-cmndlet-NewDynamicDistributionGroup-PowerShell

If we go back in the console and refresh this, we’ve now created this human resources group.

017-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

018--filter-settings-Dynamic-Distribution-Groups-using-PowerShell

If we preview the members on the filter tab.

019-preview-members-Dynamic-Distribution-Groups-using-PowerShell

You can now see that it has gone out to active directory. Check both of those attributes and put that collection of users here in that group.

020-preview-members-Dynamic-Distribution-Groups-using-PowerShell

When the messages are sent to this recipient, the members will be determined at the time that message hits the transport pipeline and that query is run against active directory.

Something else that’s interesting with this is if you look here, this filter that was added.

021-preview-members-Dynamic-Distribution-Groups-using-PowerShell

This is what we use at first. Title equals HR manager, department equals HR. But, then, Exchange Server added all this other stuff for us here. It is filtering out all of these system mailboxes and CAS accounts and all the things mailbox plans, discovery mailboxes. The things that the system uses.

You don’t have to know to filter this stuff out but remember that when you’re creating this with these filters, Exchange is going to do that for you. We can’t actually modify this filter in this screen from here. If we wanted to change this at this point, obviously, you need to go into PowerShell to do this. Let me clear this screen. We’ll take a look at a couple other things.

What I’m going to do is I’m going to do a $var for a variable. I’m going to do a Get-DynamicDistributionGroup ‘Human resources’ and that will save an instance to that group in the variable.

022-var-Dynamic-Distribution-Groups-using-PowerShell

I’m going to do a $var .RecipientFilter.

023-var-Dynamic-Distribution-Groups-using-PowerShell

Here in the Shell, you can see the recipient filter just like we were looking at in the console.

024-var-Dynamic-Distribution-Groups-using-PowerShell

Really the use case for getting to this data would be if you wanted to preview the membership in the shell.

You could actually use this variable to do that. For example, I could say Get-Recipient and say my RecipientPreviewFilter is $var.RecipientFilter.

025-var-Dynamic-Distribution-Groups-using-PowerShell

You can see that it executes that query and gives me back the recipients that match the filter.

026-var-Dynamic-Distribution-Groups-using-PowerShell

Now, one of the things that you might be thinking right now is how do I know which properties I can filter on?

If we’re looking at our filter again or the title, the department. How would I actually know which ones those are? Which ones are available to me? When it comes to that, you have to go to the documentation. The cmdlet help isn’t going to give you that information specifically. There’s also this parameter, the recipient filter parameter on multiple cmdlets.

What I would recommend it that you go out to Technet that talks about this. Filterable Properties for the -RecipientFilter Parameter. This article has a list of different recipient filters that you can use and the appropriate values for those. There has been some instances where I’ll run into things where there’s a property that’s filterable that is not on this list. You got to keep track for this and hopefully, that would be completely updated at some point.

027-var-Dynamic-Distribution-Groups-using-PowerShell

But notice the recipient filter parameters available not only new Dynamic Distribution Group but all this other ones as well and if you scroll down here, you can see there’s a table that will tell you here’s the property names that you can filter on and there’s a real long list here.

028-technet-table-Dynamic-Distribution-Groups-using-PowerShell

If you were not sure which ones you can use, I would recommend you go to this article and check that out.

That’s the process of using the Shell to manage Distribution Groups, Dynamic Distribution Groups. Work with the filters and actually query those filters from the command line.

The post Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/using-powershell-to-manage-dynamic-distribution-groups-and-recipient-filters-in-exchange-server/feed/ 7
Managing Memberships in Bulk in PowerShell https://www.interfacett.com/blogs/managing-memberships-in-bulk-in-powershell/ https://www.interfacett.com/blogs/managing-memberships-in-bulk-in-powershell/#respond Fri, 14 Mar 2014 17:43:58 +0000 http://www.interfacett.com/blogs/?p=?p=16984 PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: How to Manage Membership in Bulk using PowerShell You might find that managing the membership of Distribution Groups in PowerShell is something you do more frequently than actually create the groups from scratch. But we’ll look at both scenarios … Continue reading Managing Memberships in Bulk in PowerShell

The post Managing Memberships in Bulk in PowerShell appeared first on Interface Technical Training.

]]>
PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript: How to Manage Membership in Bulk using PowerShell

You might find that managing the membership of Distribution Groups in PowerShell is something you do more frequently than actually create the groups from scratch.

But we’ll look at both scenarios here. Let’s say that we need to create a group for finance users. So I’m going to do a new Distribution Group called “Finance.” I’m going to tab through these parameters here, and under type, what I’m going to say is “distribution.”

001-Bulk-Membership-in-PowerShell-distribution-groups

This is going to be a Distribution Group and Active Directory that’s mail‑enabled. That gets created. It gets created as universal.

002-Bulk-Membership-in-PowerShell-universal

What I want to do from there is add some users to that group. We have a bunch of different Cmdlets to manage Distribution Groups. What I’m going to do is run Get‑Mailbox and query the organizational unit, “Finance.”

003-Bulk-Membership-in-PowerShell-finance

I want to pull all these users that are all in this OU and dump them in that group.

004-Bulk-Membership-in-PowerShell-finance

This is how we can do some bulk administration of groups. So we’ve created our Finance group. From here, I want to take all of these users in the OU and put them in that group.

Luckily, we don’t have to do any loops for this. We don’t have to iterate over anything. We can simply make use of the pipeline because the Add Distribution Group Cmdlet gladly accepts input from anything sent over from Get‑Mailbox.

005-Bulk-Membership-in-PowerShell-pipeline

We can simply say add Distribution Group Member “Finance.”

006-Bulk-Membership-in-PowerShell-pipeline

Now, we don’t get anything back. That means that the command completed successfully.

007-Bulk-Membership-in-PowerShell-pipeline

To check that we could just do a Get‑DistributionGroup Member on Finance.

008-Bulk-Membership-in-PowerShell-pipeline

Now all of the users that we saw previously are actually there now.

There are other ways that you can filter on this information. We’re using one of the server-side parameters here to pull from an Organizational Unit (OU).

009-Bulk-Membership-in-PowerShell-get-mailbox-filter

You could also do something like this where you’re piping to where object and maybe say well give me all the ones that the Office is equal to sales.

010-Bulk-Membership-in-PowerShell-get-mailbox-sales

You might find that sometimes you got parameters on the actual get Cmdlet where you don’t have to do this late filtering. But that might be another way where you could continue piping down. Notice that Office isn’t a parameter here, so that’s something that you have to filter on. Just a couple of ideas to have the pipeline feed that add Get‑DistributionGroup Member Cmdlet.

Let’s look at one more example.

I’m going to do a new Distribution Group “Accounting,” and this time I’ll do it as a security group in Active Directory, that’s going to be mail‑enabled.

011-Bulk-Membership-in-PowerShell-new-distribution

You can see that by looking at the group type information that comes back. So it’s a universal security group at this point. I can assign permissions on a NTFS share if I needed to on these group members. I’ll also send mail to this group.

Now that that group’s created I’m going to do something different this time. I’m going to run Get‑User and I’m going to say, “Recipient type details, user mailbox,” so it will only give me active directory users that have a mailbox.

012-Bulk-Membership-in-PowerShell-new-distribution

I’m going to filter on a different property this time. I’m going to look for a title of accountant so $_.title ‑eq “Accountant.”

013-Bulk-Membership-in-PowerShell-new-distribution

Let’s make sure that actually works first. Looks like that works just fine.

014-Bulk-Membership-in-PowerShell-new-distribution

So these might be spread out multiple OU’s, running Get‑Mailbox and specifying the OU wouldn’t work in this case. I’m going to take that one liner and I’m going to continue piping over to add Distribution Group Member “Accounting.”

015-Bulk-Membership-in-PowerShell-new-distribution

Take all those users and put them in that group.

No errors come back so we could just verify that by running GetDistributionGroupMember on “Accounting.”

016-Bulk-Membership-in-PowerShell-new-distribution

And as you can see everything is there at that point.

One of the things to mention is that you can obviously modify these groups by running the Set‑DistributionGroup Cmdlet.

017-Bulk-Membership-in-PowerShell-new-distribution

You can come in here and change sales and there are a number of parameters. You can enable moderation, do a number of things to modify these groups.

That’s how you provision and modify groups and also add multiple members into a group at one time.

The post Managing Memberships in Bulk in PowerShell appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/managing-memberships-in-bulk-in-powershell/feed/ 0
Outlook Web Access Password Change Issues in Windows 7 and Windows 8 https://www.interfacett.com/blogs/outlook-web-access-password-change-issues-in-windows-7-and-windows-8/ https://www.interfacett.com/blogs/outlook-web-access-password-change-issues-in-windows-7-and-windows-8/#comments Fri, 20 Dec 2013 15:02:03 +0000 http://www.interfacett.com/blogs/?p=?p=16334 “Password changes using the Outlook Web Access app causes domain accounts to be locked out. What can we do?” This question arose during a discussion in a Windows 7 Enterprise Deployment Class. Although not directly related to Windows 7 Client issues, I decided to take a crack at tracking down an answer for our student. … Continue reading Outlook Web Access Password Change Issues in Windows 7 and Windows 8

The post Outlook Web Access Password Change Issues in Windows 7 and Windows 8 appeared first on Interface Technical Training.

]]>
“Password changes using the Outlook Web Access app causes domain accounts to be locked out. What can we do?”

This question arose during a discussion in a Windows 7 Enterprise Deployment Class. Although not directly related to Windows 7 Client issues, I decided to take a crack at tracking down an answer for our student. The problem appears to be common, although the symptoms and the root cause reportedly vary widely.

There may be related Windows 7 (or Windows 8) client deployment issues though the more likely issue is the configuration and integration allowing the Outlook Web Access (OWA) Change Password feature itself.

From a Windows 7 or Windows 8 client perspective, all the related documentation suggests that OWA change password requires the use of Kerberos Authentication for user accounts. If you enable certificate based authentication, or one of the more powerful multi-factor authentication mechanisms supported by Windows 7 and Windows 8 Enterprise platforms, you probably want to disable the OWA Change Password feature as it only affects a synchronized reset of the Kerberos password.

The OWA Change Password feature is different across Microsoft Domain servers and Exchange platforms. The key solution will be based upon a common and consistent domain environment with little mixing of Active Directory domain servers, Exchange Server, or IIS delivery platform versions. You will also want to consider a business policy restricting access to OWA from specific platforms, although enforcement will be problematic.

To be honest, the varied requirements suggest a rather complicated solution even with a common, and comprehensive Microsoft Enterprise Domain environment.

For Exchange server 2003 Implementing the Change Password feature with Outlook Web Access, the OWA password reset feature is supported for IIS 4.0, IIS 5.0. and IIS 6.0 via the IISADMPWD virtual directory, though this directory is created and configured differently for each platform. You must also obtain and configure an SSL certificate for the IIS server, and make a number of precise registry configuration changes. Related operating platforms also require a specific set of hotfixes.

Exchange server 2007 RMT/SP1/SP2/SP3 Configuring the Change Password Feature in Outlook Web Accessdoes not require the IISADMPWD virtual directory, instead using Active Server Pages (ASP), along with Windows Server 2008 and IIS 7.0. By default the Change Password feature is enabled in the Exchange Client. An additional feature (Microsoft Internet Security and Acceleration Server 2006) is required if you want to enable password reset both before and after a Domain password has expired. Exchange server 2007 passwords support a broader range of Domain policy settings, but you should still limit your Domain policy to the set enabled by OWA if you want to use the Change Password feature and assure password synchronization.

Configuring the Change Password Feature in Outlook Web App for Exchange Server 2010 SP2/SP3 Configuring the Change Password Feature in Outlook Web App has been simplified, though still has integration limitations and specific requirements. The OWA Change Password can more easily be configured on a per user basis, for multiple users via the OWA virtual directory, or using segmentation Configure Segmentation in Outlook Web App. This might allow experimentation or isolation of password synchronization problems based on policy sets and password characteristics. Rather than referencing a dozen great articles here, search for “owa change password exchange 2010” at Bing.com or your favorite search engine. Although the Change Password feature is more powerful, or perhaps because of the added power, support for expired passwords and enhanced features requires additional setup that is not enabled by default.

Per all the above referenced articles, three types of Account policies are found in Windows server 2003 or 2008 domains: password policies, account lockout policies, and Kerberos authentication protocol policies. The policies apply to all users in the domain, including Outlook Web App users. Although there may be exceptions, the indicators fairly strongly suggest that Domain policies should be created and maintained with your specific OWA platform and all related policy limitations in mind if there is a desire to use the OWA Change Password feature.

There are several caveats and other interpretations as you read through TechNet articles and other related posts:

  • Using Basic or forms-based authentication with OWA, extended ASCII or Unicode characters List of Unicode characters should NOT be used in passwords, since they may not be transmitted correctly between IIS and some web-browsers. Some of the special characters used in ‘strong’ passwords may therefore be invalid, or transmitted incorrectly thus causing password mismatches when subsequently entered via an alternate medium (for instance direct login to a work station). Based on lockout policy, the client may discover that they have inadvertently locked themselves out of the system.
  • Password synchronization problems can be compounded through the use of mobile devices that access OWA. Multiple scenarios arise.
  • Using Basic or forms-based authentication with OWA, extended ASCII or Unicode characters FAQs: Sign-in and Password Issues Among them multiple access attempts from a mobile app that is using a prior or expired password, and multiple apps attempting to simultaneously use the same account and password. While Microsoft suggests the use of Domain Account Lockout Policy, the recommended settings are different if your Enterprise uses OWA synchronization
  • Using Basic or forms-based authentication with OWA, extended ASCII or Unicode characters Enabling Account Lock Out after Failed OWA Login . For instance, you want to allow five or more failed attempts before lockout. There is a more detailed discussion at Spiceworks [http://community.spiceworks.com/topic/226990-domain-account-locking-out-after-password-reset].
  • The use of cached or local credentials can result in a password mismatch, particularly on mobile (laptops, notepads, etc.) or intermittently connected devices. There is one related discussion on Neowin
  • Using Basic or forms-based authentication with OWA, extended ASCII or Unicode characters Neowin Forum. Recall that user credentials are stored (typically locally unless roaming profiles are used) when the user properly logs out of the OS, and that machine credentials are stored when the system is properly shut down. The use of the credential manager as a single sign-on solution is another possibility. I have experienced this scenario myself when I change my domain password on a domain desktop at a regular cycle and then fail to login to my laptop until I am on the road. I have had to force updates or resort to a local account until I could get my domain account reset while connected to the domain. Although OWA Change Password synchronizes with the AD Domain, the initial password change is made locally rather than directly to the Domain.

While doing the research for this blog, I did find one tool that may bear some exploration. ADSelfService Plus Active Directory Change Password Tool by Manage Engine is promoted as a tool that enables Domain password reset by the end user. This might be an alternative to password reset via the OWA Change Password feature without all the complication of custom settings and local registry changes.

Good luck!

Oh yes, and Merry Christmas, Happy Holidays, and a Great New Year as well.

Steven Fullmer
Interface Technical Training Staff Instructor

The post Outlook Web Access Password Change Issues in Windows 7 and Windows 8 appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/outlook-web-access-password-change-issues-in-windows-7-and-windows-8/feed/ 1
This Week at Interface | December 17, 2013 https://www.interfacett.com/blogs/this-week-at-interface-december-17-2013/ https://www.interfacett.com/blogs/this-week-at-interface-december-17-2013/#respond Tue, 17 Dec 2013 17:07:23 +0000 http://www.interfacett.com/blogs/?p=?p=16318 Here’s what’s happening this week at Interface. For the last week of classes in 2013 Ralph and Lynn take a look at the Remote Live classes running at Interface Technical Training. SCCM500: Administering and Deploying System Center Configuration Manager 2012 with Mike Danseglio 50255: Managing Windows Environments with Group Policy with Rick Trader 20341: Core … Continue reading This Week at Interface | December 17, 2013

The post This Week at Interface | December 17, 2013 appeared first on Interface Technical Training.

]]>
Here’s what’s happening this week at Interface.

For the last week of classes in 2013 Ralph and Lynn take a look at the Remote Live classes running at Interface Technical Training.

SCCM500: Administering and Deploying System Center Configuration Manager 2012 with Mike Danseglio
50255: Managing Windows Environments with Group Policy with Rick Trader
20341: Core Solutions of Microsoft Exchange Server 2013 with Jason Helmick

For our full course schedule, head to http://www.interfacett.com/schedule
And our video library can be found at http://videotraining.interfacett.com/

The post This Week at Interface | December 17, 2013 appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/this-week-at-interface-december-17-2013/feed/ 0
This Week at Interface | November 11, 2013 https://www.interfacett.com/blogs/this-week-at-interface-november-11-2013/ https://www.interfacett.com/blogs/this-week-at-interface-november-11-2013/#respond Tue, 12 Nov 2013 15:13:16 +0000 http://www.interfacett.com/blogs/?p=?p=15962 Here’s what’s happening this week at Interface.   Ralph is back for this episode of This Week at Interface and celebrates with a couple of fellow veterans for the holiday before running down the Remote Live classes and other highlights. Courses featured: ITIL-SO: ITIL-SO ITIL Intermediate Lifecycle: Service Operation with Certification Exam with Mark Thomas … Continue reading This Week at Interface | November 11, 2013

The post This Week at Interface | November 11, 2013 appeared first on Interface Technical Training.

]]>
Here’s what’s happening this week at Interface.

 

Ralph is back for this episode of This Week at Interface and celebrates with a couple of fellow veterans for the holiday before running down the Remote Live classes and other highlights. Courses featured:

ITIL-SO: ITIL-SO ITIL Intermediate Lifecycle: Service Operation with Certification Exam with Mark Thomas
50331: Windows 7 Enterprise Desktop Support Technician with Steve Fullmer
10135: Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 with Jason Helmick
BI778: Implementing Microsoft SQL Server 2012 Analysis Services (SSAS) with Michael Moen
20417: Upgrading Your Skills to MCSA Windows Server 2012 with Rick Trader
CCNAX: Interconnecting Cisco Networking Devices Accelerated v2.0 with Mark Jacob
JS500: JavaScript and SPA Programming with jQuery, Knockout, AngularJS, Node.js and Grunt with Dan Wahlin
SP360: SharePoint 2010 Foundation & Server Training with Spike Xavier

For our full course schedule, head to http://www.interfacett.com/schedule
And our video library can be found at http://videotraining.interfacett.com/

The post This Week at Interface | November 11, 2013 appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/this-week-at-interface-november-11-2013/feed/ 0
Using PowerShell to manage mailbox folder permissions in Exchange Server 2010 https://www.interfacett.com/blogs/using-powershell-to-manage-mailbox-folder-permissions-in-exchange-server-2010/ https://www.interfacett.com/blogs/using-powershell-to-manage-mailbox-folder-permissions-in-exchange-server-2010/#comments Fri, 27 Sep 2013 15:22:35 +0000 http://www.interfacett.com/blogs/?p=?p=15334 PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: Using PowerShell to manage mailbox folder permissions in Exchange Server 2010 Now one of the things that can be really useful in the Exchange Management Shell (EMS) is pushing out mailbox‑folder permissions. This could be on any folder in … Continue reading Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

The post Using PowerShell to manage mailbox folder permissions in Exchange Server 2010 appeared first on Interface Technical Training.

]]>
PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript:

Using PowerShell to manage mailbox folder permissions in Exchange Server 2010

Now one of the things that can be really useful in the Exchange Management Shell (EMS) is pushing out mailbox‑folder permissions. This could be on any folder in the mailbox but I’m going to focus mainly on the calendar because that’s usually one of the common ones. Normally you want to share out or give people review or access to your mailbox calendar or you want to have a certain users calendar be able to be seen by everyone in the organization and doing that by hand obviously could take forever.

Let’s just start off by doing this manually for one calendar. I’m in my administrator mailbox.

001-Mailbox-Folder-Permissions-using-PowerShell

I go into the properties of my calendar. I can come over to permissions

002-Mailbox-Folder-Permissions-using-PowerShell

I’ll pull out Allan Miller.

003-new-vpn-properties-Windows-Server-2012-R2-Group-Policy-IPv6-Enhancements

We’ll let him be a reviewer so he can see my appointments and the content all that good stuff and hit apply.

004-add-user-Mailbox-Folder-Permissions-using-PowerShell

Now I might want to be able to just take the entire organization and basically give everyone in the organization the same exact permissions and there’s a cmdlet that can help us. It’s called Add-MailboxFolder permission. We also have an equivalent which is Get-MailboxFolderPermission and we can run that against the administrator by using administrator :\calendar.

005-add-user-Mailbox-Folder-Permissions-using-PowerShell

Which will give me the mailbox folder permissions folder and you see what I get back is the one that I just added and of course the others.

006-get-folder-permissions-using-PowerShell

So we’ve got Allan Miller as reviewer and a couple of others. So we can do a Get or other things. Let’s take a look at this use case of doing this for every user in the organization.

I’m going to save a collection.

$mailboxes = Get-Mailbox –ResultSize unlimited

What I want to do is basically result size unlimited and by default Get-Mailbox will only retreive the first thousand mailboxes but I want to ignore that because I want all the mailboxes and put them into this variable.

I will take this variable and pipe it over to the ForEach object alias which is the % sign and I’m going to create my script block with the starting curly brace {. From there I’m just going to add mailbox permission, the permission is going to be assigned to each user that comes across the pipelines.

007-get-folder-permissions-using-PowerShell

So in here I need to reference their name.

008-get-folder-permissions-using-PowerShell

When we did the administrator it looked like this, administrator:\calendar

008-get-folder-permissions-using-PowerShell

But we don’t want the administrator, we want each user as they come across the pipelines. We got to use that south expression syntax here so we do a $ sign and then an open parenthesis [ and then a $ sign underscore _ and we’ll use the alias property because that’s an easy one and that’s unique.

009-get-folder-permissions-using-PowerShell

So that will get it expanded in that “ “ string and we’ll sign the administrator to that given the access rights of the reviewer.

010-get-folder-permissions-using-PowerShell

So basically what we’re doing here is for everybody in the organization, we’re giving the administrator reviewer rights to the mailbox.

Let’s go ahead and hit enter. I got it red error on one of them that already had permission set but it looks like I’m getting all these objects back. As you can see.

011-get-folder-permissions-using-PowerShell

Looking at these objects for this particular one here’s the run space ID which really does not mean a lot but the reviewer access was set for each of those objects that came across the pipeline.

012-get-folder-permissions-using-PowerShell

So it is valid and really the only time that you got to worry about it is if you get red and actually coming back and telling you something. If you read the errors usually that’s pretty helpful. So I don’t have the one up here earlier but it was actually saying that you know you’ve already done this.

This is a easy way for you to give a particular user read access or reviewer access to every calendar in the organization. Now you can spot‑check that by opening up the mailbox for another user and looking at the permissions. So we can do this in the Shell instead of Outlook so if I do get mailbox, folder permission for Clayton English as an example and we’ll look at his calendar folder.

013-get-folder-permissions-using-PowerShell

We can see that we were able to give the administrator reviewer access to his calendar.

014-get-folder-permissions-using-PowerShell

Keep in mind that are numerous access rights properties. If you look at the properties of the calendar for example, there’s different properties, added on, full details if you’re busy, etc…

015-get-folder-permissions-using-PowerShell

That’s all controllable through the access rights parameter. So I encourage you to use the help system Get-Help against the set folders permissions cmdlet and also the get-mailbox folder permission cmdlet.

 

The post Using PowerShell to manage mailbox folder permissions in Exchange Server 2010 appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/using-powershell-to-manage-mailbox-folder-permissions-in-exchange-server-2010/feed/ 1
How to add, modify and remove Inbox Rules in Exchange Server using PowerShell https://www.interfacett.com/blogs/how-to-add-modify-and-remove-inbox-rules-in-exchange-server-using-powershell/ https://www.interfacett.com/blogs/how-to-add-modify-and-remove-inbox-rules-in-exchange-server-using-powershell/#comments Mon, 23 Sep 2013 15:23:51 +0000 http://www.interfacett.com/blogs/?p=?p=15272 PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: How to add, modify and remove Inbox Rules in Exchange Server using PowerShell One of the common recipient management tasks is dealing with server-side inbox rules. You can see right now I’m logged into ECP and under the organized … Continue reading How to add, modify and remove Inbox Rules in Exchange Server using PowerShell

The post How to add, modify and remove Inbox Rules in Exchange Server using PowerShell appeared first on Interface Technical Training.

]]>

PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript:

How to add, modify and remove Inbox Rules in Exchange Server using PowerShell
One of the common recipient management tasks is dealing with server-side inbox rules. You can see right now I’m logged into ECP and under the organized email option here, I’m over on the inbox rule slab and I’ve got all of my inbox rules listed.

001-ECP-Add-Modify-and-Remove-Inbox-Rules

Actually I only have one. In this case, this is a rule that basically says if the message was received from Allan Miller, delete the message.

002-ECP-rule-Add-Modify-and-Remove-Inbox-Rules

So this is kind of useful. I could also go to More Options and do some Add Exception action and of course in any rule I’ve got a list of different conditions and actions that I can take.

003-ECP-rule-Add-Modify-and-Remove-Inbox-Rules

Now since this is all done through the GUI we also have access to this in PowerShell because when you create these, this is all happening through the shell.

If I come over to the Exchange Management Shell and do a Get-InboxRule

004-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Since I’m logged in as the administrator in the shell I can see the same inbox rule listed that I see in the ECP. If I wanted to look at the settings I could just simply pipe that out to | fl list.

005-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Now there’s a whole set of inbox rule cmdlets so if we do a Get-Command *inboxrule* you’ll see that we have the ability to do several things.

006-PowerShell-Add-Modify-and-Remove-Inbox-Rules

We can disable a rule or enable it ‑‑ obviously we’ve seen that at Get to retrieve them ‑‑ and then to add, remove or change we have these others listed. So if I run these without identifying the user that will actually create or remove or set or retrieve the messages in my personal inbox.

Now I’m not going to lie to you, creating the rules with the new inbox cmdlet can be a little tricky because there are all sorts of parameters to define the actions and conditions. So really the best way to make these work to figure out how to do things is to use the help system. So you could type help new inbox rule.

I usually use the dash examples to kind of figure out the syntax.

Help new-inboxrule –Examples

As you can see in example 1.

007-new-inboxrule-help-example-1-PowerShell-Add-Modify-and-Remove-Inbox-Rules

We are just creating an inbox rule in the current mailbox calling it check action required. Specifying my name in the toolbox so that’s my condition, dollar sign true and then marking the importance as high and flagging for action any item. So that’s kind of one thing and you can go through these examples.

You can go through the full help by using the -Full option with get help and see every single parameter that’s out there. As you can see there’s quite a bit.

008-new-inboxrule-help-example-1-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Now one of the most common use cases for this is when you have to add a rule to multiple mailboxes. I mean that’s the only kind of realistic concept that you would need in order to do this from the command line. Maybe you have to add an inbox rule to every single mailbox so that’s more of a realistic approach.

Let’s say that we have ‑‑ and this is more of a common thing ‑‑ sometimes you’ll have an appliance out on your DMZ and then it sends you an email message that it suspects is a SPAM message and the administrator of those appliances will put something like this in the subject line.

009-new-inboxrule-help-example-1-PowerShell-Add-Modify-and-Remove-Inbox-Rules

They’ll append this to whatever the subject was like, you might have something like “Buy Stuff from Us” and in the body there’s a URL but your compliance in the DMC puts this basically, prepends this to the message. Then you can have an inbox rule that says if any subject of the message has these characters [SPAM] in the beginning, let’s go ahead and move that to the junk items or junk email folder.

You might want to set up an inbox rule for everybody like in a certain OU that would do that. That way they don’t have to do it themselves.

Let’s take a look at how you would approach that. First of all if you were going to do this, you’d need full access permissions to the people where you want to add these settings.

As an administrator, if I want to do this in every mailbox in the –OrganizationalUnit Sales for example:

010-new-inboxrule-help-example-1-PowerShell-Add-Modify-and-Remove-Inbox-Rules

I want to pull all these mailboxes and add an inbox rule to these, I’d have to have full mailbox permissions to each one of those. To do that basically what you would do is the add mailbox permission.

We’ll just use the last one on the list Winston Ortiz.

Add-MailboxPermission wortiz – AccessRights FullAccess –User administrator

The user will be the administrator.

011-PowerShell-Add-Modify-and-Remove-Inbox-Rules

As you can see I’ve already done this. The appropriate access control entry is already present on the object so I don’t have to go through to all of these again but you could do these for a one line for everyone if you wanted to.

Next I’ll bring up the previous command and instead of identifying the user, you could simply do a Get-mailbox, organizational units, sales and then just pipe it out.

012-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Now let’s take a look at creating the inbox rule for all these users. I’m going to go back and get my last command to retrieve all mailboxes.

I’m going to save that in a variable called $mailboxes.

013-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Now I’m going to pipe that over to the new inbox rule cmdlet but I’m going to have to loop through each of these mailboxes. So I’m going to start a loop, and what you’ll see sometimes is that people instead of using the ForEach-Object cmdlet, they’ll use this % sign, which is the alias for the ForEach-Object which is common.

014-PowerShell-Add-Modify-and-Remove-Inbox-Rules

Inside the % sign, we’re going to have our script block and here’s where will run our code. So I’m going to do a new inbox rule and specify a name. We’ll just call it junk and the mailbox that we want to assign this to is going to be $_.alias.

015-PowerShell-Add-Modify-and-Remove-Inbox-Rules

We can just use the alias to uniquely identify those mailboxes that come across the pipeline here. For my condition I’m going to say subject contains words and it contains SPAM.

016-PowerShell-Add-Modify-and-Remove-Inbox-Rules

This will prepended the value into the subject line so it contains that. Next, ff that’s the case, I want to move it to a folder. This can get tricky.

What I want to do is reference the actual mailbox name with a colon, backslash and then the name of the folder. So what that would look like if I was just doing one user would look something like this. If I was the administrator only I would say “administrator:\Junk E-Mail”.

017-PowerShell-Add-Modify-and-Remove-Inbox-Rules

But the thing is, is that, that actually isn’t going to work because what I want to do is I want to be able to do this for every mailbox in this collection so I have to put a variable in here which in this case we could do $_.alias. But since this is in double quotes, we have to use what’s called a sub‑expression.

We need to tell PowerShell that since this thing has a period in it, we’ll go ahead and wrap this in a sub‑expression which essentially is what you see here. The $, then open parenthesis, $_.alias object then closing off that parentheses.

018-PowerShell-Add-Modify-and-Remove-Inbox-Rules

That’s how basically you would expand a variable in a double quoted string like this. We’ve got to use double quotes here to expand this value and also because we have spaces in the string.

019-PowerShell-Add-Modify-and-Remove-Inbox-Rules

That ought to get us to the point where we can loop through every mailbox and create an inbox rule for each of those users.

So let’s go ahead and hit enter. As you can see it’s creating any old inbox rules, junk rules in every single mailbox.

020-PowerShell-Add-Modify-and-Remove-Inbox-Rules

We got a successful run for each of these. And now every user in that OU has that rule defined. So from here I can go on and test this out by sending a message to one of these users that has a [SPAM] string in the subject and kind of verify that by opening their mailbox since I have full access.

But there are a million combinations of things you can do. Like I said, use the help system to look at the parameters. But that’s kind of a high level on how you would implement inbox rules from the Exchange Management Shell.

The post How to add, modify and remove Inbox Rules in Exchange Server using PowerShell appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/how-to-add-modify-and-remove-inbox-rules-in-exchange-server-using-powershell/feed/ 5
How to provision Recipients in Bulk in Exchange Server with PowerShell https://www.interfacett.com/blogs/how-to-provision-recipients-in-bulk-in-exchange-server-with-powershell/ https://www.interfacett.com/blogs/how-to-provision-recipients-in-bulk-in-exchange-server-with-powershell/#respond Wed, 18 Sep 2013 21:31:53 +0000 http://www.interfacett.com/blogs/?p=?p=15247 PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: How to Provision Recipients in Bulk in Exchange Server with PowerShell When it comes to provisioning users in bulk there’s a couple of common things typically people are reading data out of text file, reading it out of a … Continue reading How to provision Recipients in Bulk in Exchange Server with PowerShell

The post How to provision Recipients in Bulk in Exchange Server with PowerShell appeared first on Interface Technical Training.

]]>

PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript:

How to Provision Recipients in Bulk in Exchange Server with PowerShell

When it comes to provisioning users in bulk there’s a couple of common things typically people are reading data out of text file, reading it out of a CSV file or basically just pulling out of Active Directory. Let’s take a look out of the AD scenario.

If I use:

Get-User –RecipientTypeDetails user

These are just the plain old users, those are all people out there in AD that do not have mailboxes.

001-AD-Provision-Recipients-in-Bulk

So if I want to do this in bulk I could just pipe this over to another command and create these mailboxes.

In that case you would have a script that would run, maybe the AD guys are responsible for provisioning Active Directory user accounts and your job is only to create the mailboxes. Maybe once a week you could go out and scan on a certain OU and create mailboxes from there.

You could use:

Get-User –RecipientTypeDetails user –OrganizationalUnit sales

002-OU-AD-Provision-Recipients-in-Bulk

I’ve got four sales user out there that don’t have mailboxes and I could continue piping that over to enable mailbox

Get-User –RecipientTypeDetails user –OrganizationalUnit sales | Enabel-Mailbox

What will happen is, it will create all of those four mailboxes for me in one shot.

003-OU-AD-Provision-Recipients-in-Bulk

That’s kind of one method you could use to bulk provision users.

Another method would be from a CSV file. We have the ability to do this from any kind of external file, but the most common use for this is a CSV. The reason is because it allows you to define multiple settings.

For example, in this file I’ve only got three properties‑‑name, alias and user principle name.

004-csv-file-Provision-Recipients-in-Bulk

But you could populate this with multiple columns for all kinds of different settings.

Basically you just read this in. Loop through each row in the CSV and pass these details into the cmdlet parameters as needed.

Reading this data into the shell, CSV file is as simple as doing an import CSV.

005-csv-file-Provision-Recipients-in-Bulk

You could see there that the whole CSV gets pulled into the shell. As I loop through each one of these records I can access each individual property name.

For example, if I pipe these before each object, the dollar sign underscore would represent each row as it kind of passes over the pipeline and you can access the column headers using the dot notation.alias for example.

Here are all the aliases.

006-csv-file-Provision-Recipients-in-Bulk

Here’s all the names.

007-name-csv-file-Provision-Recipients-in-Bulk

While you’re inside this script lock {   } you can access all of those properties and kind of pass them into the command.

Let me clear this and start from scratch. What I want to do first is actually create a password and really what I want to do here is show you this in ISE so it’s a little easier to read.

I’m going to do an import CSV, grab the users .csv and pipe that over before each object.

008-name-csv-file-Provision-Recipients-in-Bulk

So first of all I need to create that secure string password object so I’m going to do a new mailbox because these users don’t exist in AD so I’m going to do a $password as follows:

009-name-csv-file-Provision-Recipients-in-Bulk

So it’s going to be a common password assigned to all of these new users.

I’m going to do a new -mailbox. I will assign the name property to the name parameter, the alias to the alias and user principle name. Finally they’re all going to have the same common password.

010-name-csv-file-Provision-Recipients-in-Bulk

Since they all have the same common password, I want to do a reset password on next logon, $true.

011-csv-file-Provision-Recipients-in-Bulk

You see that I’m kind of running off to the right of the screen here, getting hard to read. New mailbox actually has I think somewhere between 50 and a hundred parameters, so in theory you could run through this and continue scrolling right for a really long time. If you want to break this up a little bit, you can use PowerShell’s line continuation character which is the back tick [ ` ].

012-csv-file-Provision-Recipients-in-Bulk

So just like this you could break this command up.

013-break-up-command-csv-file-Provision-Recipients-in-Bulk

That’s a little bit easier to read.

Let me go ahead and run this. Bring the output pane up so we could see. Go ahead and test this code. Hit start and there it goes creating all the mailboxes for me that I’m passing those values in straight from the CSV file.

014-runbreak-up-command-csv-file-Provision-Recipients-in-Bulk

That’s just a couple of quick ways you can bulk provision recipients and of course you can use the get content cmdlet as well to read data in from a text file.

 

The post How to provision Recipients in Bulk in Exchange Server with PowerShell appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/how-to-provision-recipients-in-bulk-in-exchange-server-with-powershell/feed/ 0
How to Add, Remove and Modify Recipients in Exchange Server using PowerShell https://www.interfacett.com/blogs/how-to-add-remove-and-modify-recipients-in-exchange-server-using-powershell/ https://www.interfacett.com/blogs/how-to-add-remove-and-modify-recipients-in-exchange-server-using-powershell/#respond Fri, 13 Sep 2013 15:19:54 +0000 http://www.interfacett.com/blogs/?p=?p=15137 This post if from our PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: How to Add, Remove and Modify Recipients in Exchange Server using PowerShell You’ll probably spend a lot of time in your Exchange Management Shell (EMS) on the recipients, creating mailboxes, modifying users and things … Continue reading How to Add, Remove and Modify Recipients in Exchange Server using PowerShell

The post How to Add, Remove and Modify Recipients in Exchange Server using PowerShell appeared first on Interface Technical Training.

]]>

This post if from our PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript:

How to Add, Remove and Modify Recipients in Exchange Server using PowerShell

You’ll probably spend a lot of time in your Exchange Management Shell (EMS) on the recipients, creating mailboxes, modifying users and things like that. If you’re going to look at how you’re going to do this one at a time but also more powerful options for doing this in bulk. Taking things out of the CSV or text file and creating multiple users at one time. A lot of power here. We’ll also look at other interesting things here like creating inbox rules, programmatically through PowerShell, managing mailbox folder permissions and also managing out of office settings for users.

Here are a couple scenarios in where you’ll add, modify and remove recipients so let’s take a look at a few of those. First one is going to be creating mailboxes for users that are already out there in your active directory environment. So we look at get user and we’ll do recipient type details of user.

001-get-user-add-modify-exchange-server-powershell

That’s basically going to show you all the Active Directory users that don’t have mailboxes.

002-get-user-add-modify-exchange-server-powershell

I could do here is kind of figure out all right we’ve got this guy, Simon Lamb, we’ll use him. If we want to give his existing AD account or mailbox enable his existing AD account. We could just simply do an enable mailbox, SLamb.

003-enable-mailbox-add-modify-exchange-server-powershell

That would give him a mailbox. Now if we want to create a new AD user and a mailbox‑enabled user, we would use the new mailbox cmdlet.

That requires that you define a password for the user. I’ve shown this example previously but that value needs to be encrypted. So usually what I do for this is I use the ConvertTo-SecureString  cmdlet and then I pass this whatever the value is that I want to use for the password.

004-convertto-securestring-add-modify-exchange-server-powershell

So in this case, I’m converting this plain text password(-ASPlainText –Force) into a secure string.

005-convertto-securestring-add-modify-exchange-server-powershell

So you got to do an as point text. Then you got to do a force and if you echo that variable back, you can see that that’s the .NET framework type for the secure string class. Really what we’re saying here is we just don’t want to send this across the network when we’re creating the user. We want to do it encrypted. From there I can do a new mailbox and we can something like Kevin Jones, alias first initial, last name, user principle name and finally the password.

006-new-mailbox-convertto-securestring-add-modify-exchange-server-powershell

These are the required parameters with new mailbox. So these are the bare minimum to get user created. However this command has all kinds of different parameters so you can do all kinds of different things when you create the mailbox. For this I’m just going to go ahead and run that. You can see that it goes on and creates the user. So this is very static.

007-new-mailbox-convertto-securestring-add-modify-exchange-server-powershell

This is sitting in the shell one line at a time. You’re not probably going to add users this way. You might do this in bulk through some kind of provisioning script or you might have an interactive script where someone else is actually running that like maybe a help desk or junior admin. You might want to capture some of that information and prompt them along the way.

What I’m going to do is show an example of that. We’ll call this new mailbox.ps1

008--add-modify-exchange-server-powershell

The idea would be that an admin might run this. And admin might run this and be kind of prompted for information along the way. Initially we might want to prompt them for a password so we do a read hosts, enter the password and you would do this as a secure string.

009-secure-string-add-modify-exchange-server-powershell

So instead of manually creating that password object, you could prompt the user in the ISE if you run this.

010-ISE-secure-string-add-modify-exchange-server-powershell

You can see that it would actually give you a dialog box but if you run it in the Shell,

011-user-profile-string-add-modify-exchange-server-powershell

From here I’ll run new mailbox.ps1. There you can see that it’s prompting me.

012-user-profile-string-add-modify-exchange-server-powershell

It’s actually masking the password with stars. So that’s kind of nice. It’s also good for an interactive script.

If I go back to my script, that’s going to be the password then I might want the name. So we do another Read-Host “Enter the name”. This will not be a secure string we want that to be in plain text, $UPN= Read-Host “Enter the userprinciplename” Name. $alis = Read-Host “Enter an alias” . This should be good enough.

013-user-profile-string-add-modify-exchange-server-powershell

From there you can go out and run New-Mailbox and you can just pass these variables to the parameter values $Name.

The $ name is going to be captured from my user and user principle name same thing, same thing for the password. That’s $ alias. Now if I say that this is a script an operator could run that. You put out the script there somewhere on their machine where they can get to it. They don’t have to necessarily know all the details about PowerShell. They could run that. It would prompt them along the way to create the mailbox.

014-user-profile-string-add-modify-exchange-server-powershell

Let’s just run through that.

015-run-user-profile-string-add-modify-exchange-server-powershell

So I’m going to enter password and that’s going to get saved. We’ll do Jeff Jones this time. His UPN will be jjones.uss.local and his alias will be jjones and that creates the mailbox.

016-run-user-profile-string-add-modify-exchange-server-powershell

So that is one way you can do this and that’s probably just creating the mailbox, probably isn’t the only thing you need to do. You might need to set some attributes.

For example the new mailbox cmdlet doesn’t give you the ability to set the title. So it might be something that you have to do during the provisioning process. So you might want to prompt for that too. The $title, enter the title.

017-set-title-add-modify-exchange-server-powershell

That’s actually another command that you have to run. So you first have to create the mailbox then you would need to do a set user on that name and set the title to $title.

018-set-title-add-modify-exchange-server-powershell

Let’s go ahead and save that. We’ll run it again. Create a password. The name Jason Helmick for this user, jason.uss.local his alias can simply be jasonh and his title would be janitor.

019-set-title-add-modify-exchange-server-powershell

We run that and it creates the mailbox. Now if we run Get-User, it will set the title.

020-set-title-add-modify-exchange-server-powershell

So kind of a two‑step thing here. You can go to add the user after they’ve been created and you’ve set all their attributes. You could add them.

Do a distribution list ‑‑ all kinds of different things, fire off an email. So this is kind of the use case for an interactive script.

Now let’s take a look at removing the user. We’ve looked at creating a mailbox and modifying a user account. Let’s go back and delete the one we just created. So if we do a Remove-Mailbox, this will actually prompt you because you’re doing a destructive operation here.

021-remove-mailbox-add-modify-exchange-server-powershell

New-Mailbox creates an AD user and also mailbox enables that user.

The flipside of that is remove mailbox will actually remove the AD user and disconnect the mailbox. If you just want to delete the mailbox, you would do a Disable-Mailbox. So there’s this warning that hey do you really want to that? Because we’re going to delete the active directory user. I’m going ahead and type n for no.

If I really just want to get rid of the mailbox, disable mailbox, leave the AD user intact or if I just want to delete it and I don’t care about being prompted then you could use -Confirm:$false go ahead and completely remove that object and don’t even ask me about it.

022-remove-mailbox-add-modify-exchange-server-powershell

You can see that it comes back with no errors and if I run get-mailbox jasonh

023-remove-mailbox-add-modify-exchange-server-powershell

See I get an error because we actually deleted it and it no longer exists. Now the only other thing that we’ve looked at in the script is changing the settings on mailbox but of course you would do just a Set-Mailbox for that.

So you could do a Set-Mailbox $name (There are a bunch of different parameters out here. This command has about a hundred.)

There’s all kind of different things that you can change so one of the things I normally do is when I’m dealing with modifying recipients. If you’re not sure which commands are responsible for setting which parameters, go on to the properties object in the console.

024-properties-remove-mailbox-add-modify-exchange-server-powershell

For example Allan Miller and maybe I need to change a few things about this user such as we’ll add his middle initial.

025-properties-remove-mailbox-add-modify-exchange-server-powershell

We’ll change his job title to Sales Rep.

026-properties-remove-mailbox-add-modify-exchange-server-powershell

Next we’ll come over to Mailbox Features and we’ll disable MAPI connections for this user.

027-properties-remove-mailbox-add-modify-exchange-server-powershell

It’s kind of hard to see this but there’s a Exchange Management Shell Command button here down at the bottom.

028-properties-remove-mailbox-add-modify-exchange-server-powershell

If you look at that and this example we’re running set user, set CAS mailbox and maybe if we do one more thing like do a Send on Behalf for another user,

029-properties-remove-mailbox-add-modify-exchange-server-powershell

You can see that those three changes require a call to three separate cmdlets. One for Set-Mailbox.

030-properties-remove-mailbox-add-modify-exchange-server-powershell

One for Set-User and one for Set-CASMailbox. So you can use the gooey to cheat and figure out which commands you would need to kind of run in sequence here in your script. So that’s the process of going through adding, removing and modifying your recipients.

The post How to Add, Remove and Modify Recipients in Exchange Server using PowerShell appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/how-to-add-remove-and-modify-recipients-in-exchange-server-using-powershell/feed/ 0
How to schedule Exchange Server Scripts using PowerShell https://www.interfacett.com/blogs/how-to-schedule-exchange-server-scripts-using-powershell/ https://www.interfacett.com/blogs/how-to-schedule-exchange-server-scripts-using-powershell/#comments Tue, 10 Sep 2013 17:19:01 +0000 http://www.interfacett.com/blogs/?p=?p=15106 This post if from our PowerShell for Exchange Server online video training library. Start training today! Interface Video Training Video transcript: How to schedule Exchange Server Scripts using PowerShell Instructor: Mike Pfeiffer, Microsoft Exchange MVP Already have an account? Watch the entire video course I have this script that I wrote that generates a report … Continue reading How to schedule Exchange Server Scripts using PowerShell

The post How to schedule Exchange Server Scripts using PowerShell appeared first on Interface Technical Training.

]]>

This post if from our PowerShell for Exchange Server online video training library.

Start training today! Interface Video Training


Video transcript:

How to schedule Exchange Server Scripts using PowerShell

Instructor: Mike Pfeiffer, Microsoft Exchange MVP Already have an account? Watch the entire video course
I have this script that I wrote that generates a report for all the Sales people in the environment.

001-sheduling-exchange-server-scripts-in-powershell

I’m going to reuse this script because I don’t want to manually run this to generate this report. What this does is actually take these sales users and dump the csv file out on the C drive. But I don’t want to have to manually do this. I want this to run once a week, once a month something like that.

What I want to do is to schedule this script to run with the Task Scheduler in the Exchange Management Console (EMC). On this machine, I’ve got my profile set‑up so I’ll open my Windows PowerShell profile.

002-profile-sheduling-exchange-server-scripts-in-powershell

Anytime PowerShell runs on this machine, it’s going to .source this RemoteExchange.ps1 script and connect to an Exchange server automatically.

If I were to execute PowerShell.exe from a scheduled task, this environment would get loaded for me and all I would have to do is call my ps1 script and it would just work. But, I do have to make sure that that environment is loaded either using this method or using PowerShell remoting.

From here I can schedule this ps1 script to run automatically, and that’s what we’re going to do here.

003-sheduling-exchange-server-scripts-in-powershell

To start this off I’m going to go on the Control Panel, Administrative Tools and I’m going to go under the Task Scheduler.

004-task-scheduler-exchange-server-scripts-in-powershell

When this comes up what I’m going to do is go into action and I’m just going to do a Basic Task.

005-basic-task-scheduler-exchange-server-scripts-in-powershell

I’ll call it “Sales Report” and hit next.

006-basic-task-scheduler-exchange-server-scripts-in-powershell

I guess I’ll do this weekly for now and we’ll run this Monday through Friday, and we’ll do it 12am.

007-basic-task-scheduler-exchange-server-scripts-in-powershell

What I want to do for the action is start a program.

008-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

And that program is going to be PowerShell.exe. If you look at the Exchange Management Shell shortcut, they’re already doing this to begin with. You look at the target of the shortcut, you can see that they’re calling powereshell.exe and passing the other ps1 script.

009-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

I’m going to steal this from here.

That’s going to be my program.

My arguments would be dash command and the path to my script.

010-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

In this case my script file here is located in my documents but to make this easier to type I’m going to dump this in the C drive as well.

011-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

So C:\\SalesMBReport.ps1 and hit next.

012-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

Now that’s pretty much it for defining the schedule task. But what I want to do is open this thing when it’s done and go into the properties and change a couple of things. I’ll go ahead and check this option and click finish.

013-start-a-program-task-scheduler-exchange-server-scripts-in-powershell

In the Properties, I’m going to do a couple of things. First of all, I want this to run whether the user is logged on or not.

014-properties-scheduler-exchange-server-scripts-in-powershell

So that’s important. If somebody kicks me off this machine at night, my report might not run if this isn’t selected.

Make sure that’s set. I’m also going to select the option to run with highest privileges. If I have UAC enabled or something like that, that would mean it would run PowerShell.exe elevated. Or if it is trying to access anything or dump a report in a directory where you normally would need administrator permissions, this will take care of that. I’m going to go ahead and say OK to this, type in my credentials.

015-run-as-administrator-properties-scheduler-exchange-server-scripts-in-powershell

In this case, really, what we’re saying here is we’re scheduling the script to run under the administrator account. We’re going to load the administrator profile when this kicks off. That will load off the Exchange environment and everything should work out just fine.

Now I’m here under my task schedule library. I’ve got this sales report that I’ll run every day at 12am during the week, and right now just to test it I’m going to right click and do a run.

016-run-script-scheduler-exchange-server-scripts-in-powershell

If we look at the script one more time, its job is to go out and pull this information, dump it on a file in C drive.

017-run-script-scheduler-exchange-server-scripts-in-powershell

A file doesn’t currently exist so let’s go ahead and run this task manually and see if it works. Right click and go to run, and if I do a view or if I come up here to the actions pane and do a refresh. Status is now running, so it’s actually doing its thing.

018-run-script-scheduler-exchange-server-scripts-in-powershell

Hit refresh again. Still running so it’s going to take a second to load those commands. Get everything working.

But let me go into the C drive and take a look. As soon as the task is done we should have the csv file here.

019-run-script-csv-scheduler-exchange-server-scripts-in-powershell

OK so the csv file has automatically shown up on the root of the C drive. Come back over here and do a refresh. We can see that we’re now ready so I went to the process of running the task.

020-run-script-csv-scheduler-exchange-server-scripts-in-powershell

It’s succeeded. Put the file out there and there’s my data.

021-data-run-script-csv-scheduler-exchange-server-scripts-in-powershell

As you can see it’s pretty straightforward, and basically just create your ps script and run through the Wizard, do a basic task and schedule that to run on a weekly basis or daily basis or whatever works for you.

Just make sure that either through a profile or at the beginning of your script, you’re automatically loading the Exchange environment either using Exchange tools or through remoting, to make sure that your commands will successfully run.

The post How to schedule Exchange Server Scripts using PowerShell appeared first on Interface Technical Training.

]]>
https://www.interfacett.com/blogs/how-to-schedule-exchange-server-scripts-using-powershell/feed/ 5