All posts by administrator

Exchange Console Commands

I have been managing a Exchange server since Exchange 2003. Current on 2010 and planning on upgrading to 2013 in the next month or so. Over the years I’ve been collecting snippets of useful commands which have served me well so here is my go to list. In almost all examples anything being exported/imported is using a directory called c:\ExFiles and in my examples the server is EXServer. Replace (alias) in all examples with the actual mailbox alias:

Export out Mailboxes as PST

Export list of all mailboxes by alias
Get-Mailbox| Select Alias | Export-CSV C:\ExFiles\Alias.csv

Export mailboxes based on a csv list:
foreach ($i in (Import-Csv C:\ExFiles\Alias.csv)) { New-MailboxExportRequest -Mailbox $i.Alias -FilePath "\\EXServer\c$\ExFiles\$($i.Alias).pst" }

Export individual mailboxes:
New-MailboxExportRequest -Mailbox (alias) -FilePath "\\EXServer\c$\ExFiles\(alias).pst"

Export out only Calendar items from a mailbox then import them into another mailbox

Export calendar items from a mailbox:
New-MailboxExportRequest -Mailbox (alias) -FilePath \\EXServer\c$\ExFiles\TempPSTFile.pst -IncludeFolders "#Calendar#"

Import calendar items to a mailbox:
New-MailboxImportRequest -Mailbox (alias) -FilePath \\EXServer\c$\ExFiles\TempPSTFile.pst -IncludeFolders "#Calendar#"

Check Import/Export commands and clear then

Check import status:
Get-MailboxImportRequest

Check export status:
Get-MailboxExportRequest

Clear completed import requests:
Get-MailboxImportRequest -Status Completed | Remove-MailboxImportRequest

Clear completed export requests:
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest

Retention Policy Commands

Get all user mailboxes without a retention policy
Get-Mailbox -ResultSize unlimited -RecipientTypeDetails "UserMailbox" | Where-Object {$_.RetentionPolicy -eq $null}

Assign the default retention policy to all mailboxes without one
Get-Mailbox -ResultSize unlimited -RecipientTypeDetails "UserMailbox" | Where-Object {$_.RetentionPolicy -eq $null} | Set-Mailbox -RetentionPolicy "Default Archive and Retention Policy"

User Permissions

Export out a list of users who have access to other mailboxes other then their own
Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation c:\ExFiles\mailboxpermissions.csv

Remove a users permission from all mailboxes
Get-Mailbox | Remove-MailboxPermission -User (UserID) -AccessRights FullAccess -InheritanceType All

Remove a users permission to a single mailbox
Remove-MailboxPermission -Identity (alias) -User (UserID) -AccessRights ReadPermissions -InheritanceType All

Mailbox and Database Information

Get the overall status of each database:
Get-MailboxDatabase -Status | ft name,databasesize,availablenewmailboxspace -auto

Export out the size of each mailbox in a database:
Get-MailboxStatistics -Database "Mailbox Database 1" | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending | Export-CSV C:\ExFiles\MBSizes1.csv

Get size of a single mailbox
Get-MailboxStatistics -identity alias | Select DisplayName, ItemCount, TotalItemSize

Deleting Items

Delete all disabled mailboxes:
Get-MailboxStatistics -Database "Mailbox Database 1" | where {$_.DisconnectReason -eq "Disabled"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState Disabled}

Delete a individual disabled mailbox:
Remove-StoreMailbox -Database "Mailbox Database 1" -Identity (alias) -MailboxState SoftDeleted

Delete recoverable deleted items based on a alias list
foreach ($i in (Import-Csv C:\ExFiles\alias.csv)) { Search-Mailbox -Identity $i.alias -SearchDumpsterOnly -DeleteContent }

Delete all recoverable deleted items
Search-Mailbox –identity (alias) –SearchDumpsterOnly –DeleteContent

Hopefully these help someone out as much as they have me.

Generation 2 HyperV Hosts and ISO Files

A problem I have run into recently with installing Server 2012 R2 as a virtual machine on Server 2012 R2 HyperV server was I could not get the iso file to boot. Well, at least that is what I though the problem was. The virtual DVD drive with the Server 2012 iso was at the top of the boot order but it seemed to keep skipping it. After searching, and not particularly well because I barely understood what I was searching for, I found a TechNet blog that was describing my problem here: http://blogs.technet.com/b/jhoward/archive/2013/11/11/hyper-v-generation-2-virtual-machines-part-9.aspx. Long story short the gen 2 hosts are popping up the “Press any key to boot off of CD/DVD” message but not waiting for someone to press a key. Therefor it skips the CD/DVD and goes to other options, namely a blank hard drive then usually a network card. So it turns out there is a solution to this, changing the boot files to no longer prompt for a key press but to start your setup automatically.

To do this you need to get the Windows Automated Install Kit (AIK). Download that here: http://www.microsoft.com/en-us/download/details.aspx?id=39982 and of the many options you only really need to install the Deployment Tools and the Windows Preinstallation Environment (Windows PE) parts. Once these are installed here is how to modify your Server 2012 ISO.

  • Unzip the contents of your Server 2012 or 2012 R2 ISO to a directory such as c:\Win2012
  • Navigate to C:\Win2012\efi\microsoft\boot
  • Rename cdboot.efi to cdboot_prompt.efi then rename cdboot_noprompt.efi to cdboot.efi
  • Rename efisys.bin to efisys_prompt.bin then rename efisys_noprompt.bin to efisys.bin
  • Open up the “Deployment and Imaging Tools Environment” as a administrator (under Start -> Windows Kits -> Windows ADK)
  • Type the following command to create a new iso file called Win2012-NoPrompt.iso in the root of your C drive that will no longer prompt for a key: oscdimg -bC:\Win2012R2\boot\etfsboot.com -m -o -u2 -lServer2012R2 -udfver102 -bootdata:2#p0,e,b"C:\Win2012R2\boot\etfsboot.com"#pEF,e,b"C:\Win2012R2\efi\microsoft\boot\efisys.bin" C:\Win2012R2 c:\Win2012R2-NoPrompt.iso
  • Exit the command prompt

You can also use the Windows AIK to preload updates into your image or drivers but that’s a topic for another post.

Kixtarter – KiXtart Script Editor

KiXtart is a free-format scripting language written by Ruud van Velsen of Microsoft Netherlands.  Many companies have used KiXtart as there login script processor although as time goes by people are switching to purely GPO’s or VB script.  I personally still use it for my login scripts, it’s easy to understand and simply to deply.  Just copy a exe to each machine through GPO and edit your users profiles to run the exe and script at login.  In fact I was using it so much that wrote a KiXtart script editor with color highlighting of the keywords, a insert menu with all the commands, and some wizards for commonly used things.

The last update brought the software to v4.12 and will most likely be the last version released.  Download it here:

Kixtarter v4.12 – KiXtart Script Editor Installer

Adding a SSL Certificate to a Vykon AX Web Supervisor

https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQziKwbi7GguEuqEdyf-zXwY7wcYsKgKJZhO6SxUhQGsfAxK8RR_Q

A couple years ago I helps setup a SSL certificate for a AX Supervisor, a product that is used as a web interface front end to a automation product called a JACE, usually.  The software was installed on a Microsoft Server 2008 R2 system and was serving up the information through a B2B VPN and the other company, even though the traffic was “internal”, requested a SSL.  No biggie I thought, I’ve installed SSLs many times.  So I installed the certificate on the server but the AX software didn’t see it.  I went into the software’s platform and into the Certificate Management section to import a certificate.  It only accepted pem files so I converted my Windows certificate over but it didn’t like that either.  So I started reading the only guide I could find on the subject titled “NiagaraAX SSL Connectivity Guide”.  Ironically it has page after page of how a SSL works and how to generate a self signed certificate then export it out and import it onto all of the computers accessing the system but nothing on importing a existing certificate as a pem file.  Long story short the way a AX Supervisor wants the pem is to have it include the key, the certificate, the intermediate certificate, and the root certificate in that order all in one file.  So for the 9 people in the universe that will actually need to do this sometime in their life and can’t figure it out here is what I had to do.

First I downloaded the Windows 32 bit binaries of OpenSSL ( from https://slproweb.com/products/Win32OpenSSL.html ) and installed them.  I copied my pfx file that I exported out of my server (with key/password) and put it in the same directory as openssl.exe (the bin folder usually).  I opened up a command prompt, navigated to the bin directory, and ran the first command to get my private key:

openssl pkcs12 -in CertExport.pfx -nocerts -nodes -out key.pem

Then another command to export out my certificate:

openssl pkcs12 -in CertExport.pfx -nokeys -out cert.pem

I now needed my intermediate and root certificates which since I was using GoDaddy were downloadable from their site ( https://certs.godaddy.com/repository ).  I imagine its the same for any other certificate authority.  I created a new text file and first took the contents of the key.pem file (minus the headers keeping the begin and end tags) then followed it with the contents of my cert.pem file (again no headers) then, and this is important, followed those with the intermediate then the root.  I saved this as MYFullCert.pem and that imported right in without a issue. I was then able to use that for both the Platform SSL certificate and for the Stations WebService certificate.  Rebooted the server and everything looked good.

Note: This applies to a AX 3.7. I have found the certificate will not import into 3.8 using the same instructions. What does work however is importing it into 3.7 then exporting it out. The exported file appears to have a extra line added which does work on 3.8.

Was searching for a cloud provider

http://lh3.googleusercontent.com/-y4kLjv8XjBc/VTUMaVBMi8I/AAAAAAAAAcY/ai5irULWftQ/No%252520Cloud_thumb%25255B1%25255D.jpg?imgmax=800

So something I was recently tasked with was finding a “could” service for our technicians to easily share files with each other. We also have multiple people using things like DropBox, Google Drive, Microsoft’s OneDrive, etc with our companies data and no way to really secure it which is a problem. So I started looking into business version of these services and what I found was they were ridiculously expensive.

And that’s kinda where it stopped.  It just didn’t make sense for a company that already has it’s own server infrastructure. To that end I decided to do it in house and started researching alternatives of which I found two main ones, ownCloud and Pydio.  I did some beta tests with both and in the end found that Pydios overall interface was the winner: Fast, “pretty”, and pretty intuitive. The problem was getting it to run on Server 2012 R2 / IIS 8.5 was not easy and none of the guides online had everything needed to get it to function. So long story short after a couple days of playing I wrote my own which is now posted on the Pydio website:

https://pyd.io/example-installing-pydio-on-windows-server-2012-r2-iis-8-5/

Hopefully if someone else is looking for a DIY cloud storage system it will help them out.

Update: I have been asked by multiple people to upload my web.config files for the root and public directories as the copy and paste from the tutorial aren’t working real good. Here they are: WebConfigRoot WebConfigPublic

Also the guide as a PDF: Installing Pydio on Windows Server 2012 R2