Blog

Granikos Technology Blog

Manage your certificate store with PowerShell

On Januar 9, 2015

Thomas Stensitzki | MVP

0 Kommentar

Certificates, PowerShell

English, Language, Security

4817 Views

You can use PowerShell to manage your local certificate store.

The default PowerShell Get-ChildItem cmdlet allows for accessing the local certificate store. But you should start your PowerShell shell windows as administrator, as access might be restricted by GPO settings.

List all certificate folder on the local machine

Get-ChildItem -Path Cert:\LocalMachine

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : SPC
Name : CA
Name : REQUEST
Name : AuthRoot
Name : WebHosting
Name : TrustedPeople
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed

List all available certificates for the computer

Get-ChildItem -Path Cert:\LocalMachine\My

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
EC225A0183DC64D864C8BEA1477822858FCEC767  CN=WMSvc-EXSRV02
E2BC29B1445FD267E5A2823591A5221D67D0D94F  CN=Microsoft Exchange Server Auth Certificate
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02
60246A87C12BEB365E7B4044C926587590A3D7B6  CN=mobile.mcmemail.de, O=mcmemail, C=DE
5F103D6C61BF57D86DB4AAA05597B0D1E8155884  CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro.

Retrieve certificate details

The example shows a self-signed certificate of a Trend Micro ScanMail for Exchange setup.

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\5F103D6C61BF57D86DB4AAA05597B0D1E8155884
$cert | fl

Subject      : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft
               Exchange
Issuer       : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft
               Exchange
Thumbprint   : 5F103D6C61BF57D86DB4AAA05597B0D1E8155884
FriendlyName :
NotBefore    : 17.11.2014 00:00:00
NotAfter     : 16.11.2017 00:00:00
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}

A certificate issued by an Enterprise CA looks like this

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\60246A87C12BEB365E7B4044C926587590A3D7B6
$cert | fl

Subject      : CN=mobile.mcmemail.de, O=mcmemail, C=DE
Issuer       : CN=mcmemail-DC01-CA, DC=mcmemail, DC=de
Thumbprint   : 60246A87C12BEB365E7B4044C926587590A3D7B6
FriendlyName : mcmemail Exchange Server 2013 Certificate
NotBefore    : 28.08.2014 15:14:04
NotAfter     : 28.08.2015 15:24:04
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
               System.Security.Cryptography.Oid...}

Export a single certificate

$cert | Export-Certificate -FilePath C:\tmp\cert1.p7b -Type p7b

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:56       1380 cert1.p7b

Export multiple certificates as serialized certificates

$certarray = @()
$certarray += $cert
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF
$certarray += $cert
$certarray

Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
60246A87C12BEB365E7B4044C926587590A3D7B6  CN=mobile.mcmemail.de, O=mcmemail, C=DE
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02

$certarray | Export-Certificate -FilePath c:\tmp\certs.sst -Type SST

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:58       3056 certs.sst

Enjoy working with certificates.

You plan to upgrade to Exchange Server 2013? You wonder what the benefits of Office 365 are? Contact us at info@granikos.eu

Verbundene Einträge

Agile Project Management - Agile on the next Level - Program Management (Part 4)
The Program:

Implementation/migration of round about 25 instances with a Specific Laboratory Software, supporting ~30 laboratories world-wide

Reduce support cost per instance by standardization (for existing and added instances)

Development of a template ("foundation") containing common functionality which can be influenced by configuration. Integration of the foundation into all instances. Provide all instances in operation with the current version of the foundation on a regular basis.

The challenges:

2-3 implementation projects parallel

Full scope not clear in the beginning

Increasing number of instances in operation

Regular update of foundation version necessary to keep them streamlined in order to reduce support cost

Requirements and bugfixes from systems in operation have to be included into foundation development process

Many and changing team members, part-time availability

Round about 12 team members (incl. development and support)

Changes due to boundary conditions triggered by external influences

80% of people only part-time available for the program

High interdependency between ongoing projects and Systems which are already in in operation due to foundation development and shared resources.

Organization of communication process between projects and operation

Balancing individual business needs on one hand versus streamlined standard software on the other hand

Why agile:

Manage individual projects (introduction of new Software)

Decision for projects taken during run-time of the program

Sequence of projects changing

Manage user stories across projects (details not available at start of the program)

Each new project delivers a slightly differentiating list of user stories

Each instance in operation delivers additional stories

Manage process

Change process quite complex, adaptions to the process must be quickly implementable

The agile setup - how did we handle the challenges:

In fact the program has been setup before we got in touch with the standard Scrum process (See our blog: What is Scrum?). So we used other role names, but some of them have exactly - amongst others - the tasks defined for the standard Scrum roles.

Orange = Business, Green = IT

Scrum Master ~ Development Coordinator / Program QA

Product Owner

Program Manager

Overall Product Owner

Project Manager and Application Managers

Product Owner for particular instances -> Prioritization and review / testing of stories

Write User Stories

"Imitate" the end user for sprint releases

Global Change Manager

Scope definition for the foundation

Release management of the foundation

Organization of SME-Board

Prioritization

Product Owner for foundation

Architect

Knowledge of implementation framework

Sets up development guidelines and general implementation approach

Gives first estimation of requirements with a technical view

Better management of the large product backlog, due to technical understanding, prioritization estimation

Program QA

Set up of change management process for the program

Regular overall review of change management process

Additional meetings

Subject Matter Experts Board (SME) (bi-weekly)

Participants: Whole team

Reviews the requirements from a technical and functional point of view

Gives implementation recommendations as decision memo for the CAB (Change Advisory Board)

Discusses additional technical issues

Process Review Meeting (quarterly in the beginning, currently twice a year)

Participants: Whole team

The experiences:

User stories: Definition of user stories dependent on target group, developing a template of user story definition fitting for all team member in different roles, with different views and different backgrounds is a time consuming task

Testing: Developing awareness for testing right after delivering of implemented user story took also lot of time and patience

Definition of project related sprint releases is useful to get quick feedback and reduces the effort for project managers (not every project manager has to test each increment)

A clear definition of product ownership incl. responsibility for successful product delivery is important for a successful project

This was the last part of our small Series about Agile Project Management

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.
PowerShell Scripts for the Community
Last updated: 2019-05-07

The following PowerShell scripts have been published by our Exchange and Office 365 experts to the technical community at TechNet Gallery. Please use the GitHub repositories to report issues or to file feature requests.

General

GlobalFunctions Module
A module to provide centralized logging capabilities. This script is a *must have* for other Exchange 2013/2016/2019 modules if mentioned in the notes section of the script.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/210/globalfunctions-shared-powershell-library

TechNet Gallery: https://gallery.technet.microsoft.com/Centralized-logging-64e20f97

PowerShell Gallery: https://www.powershellgallery.com/packages/GlobalFunctions

Office 365

Test Office 365 Domain Availability
Using this script you can test the domain availability in Office 365 and Azure AD.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/296/test-office-365-domain-availability

TechNet Gallery: https://gallery.technet.microsoft.com/Test-Office-365Azure-AD-5301c105

Github: https://github.com/Apoc70/Test-DomainAvailability

Exchange Server 2013 / 2016 / 2019

Export delegate and SMTP forwarding information for Exchange (Online) mailboxes
PowerShell script to export mailbox delegates, SMTP forwarding inbox rules, and mailbox SMTP forwarding information or compliance auditing.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1693/export-mailbox-delegates-and-smtp-forwarding-information

TechNet Gallery: https://gallery.technet.microsoft.com/Get-delegates-and-SMTP-9c42a270

Github: https://github.com/Apoc70/Get-DelegatesAndForwardingRules

Manage Master Category List for Shared Mailboxes and Teams
C# solution to export/import/copy the master category list to other users/shared mailboxes or even Microsoft Teams calendar.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1423/manage-master-category-list-for-shared-mailboxes-and-teams

TechNet Gallery: https://gallery.technet.microsoft.com/Manage-Category-List-for-3a9103f9

Github: https://github.com/Apoc70/MailboxCategoryListManager

Create a new Room Mailbox with Security Groups
A script to create a new room mailbox with associated full access and/or send-as security groups.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/337/create-a-new-room-mailbox-with-security-groups

TechNet Gallery: https://gallery.technet.microsoft.com/Create-a-new-Room-Mailbox-99a4e477

Github: https://github.com/Apoc70/New-RoomMailbox

Export all user mailbox permissions
This script exports all mailbox folder permissions for mailboxes of the type UserMailbox. This is useful for documentation purposes prior to migration.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/219/export-all-user-mailbox-folder-permissions

TechNet Gallery: https://gallery.technet.microsoft.com/Export-all-user-mailbox-155a33de

Github: https://github.com/Apoc70/Get-MailboxPermissionReport

Remove Out-Of-Office rules from user mailbox
This script searches for OOF rules created by users using the Outlook rule-tab in the OOF assistant and deletes existing OOF rules.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/328/remove-out-of-office-rules-from-user-mailbox

TechNet Gallery: https://gallery.technet.microsoft.com/Remove-Out-Of-Office-rules-3f740964

Github: https://github.com/Apoc70/Manage-OOF-Settings

Add resized user photos automatically
This script supports resizing of user photos and storing the resized images in Active Directory, Exchange On-Premises, or Exchange Online.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/307/add-resized-user-photos-automatically

TechNet Gallery: https://gallery.technet.microsoft.com/Bulk-resize-and-adding-of-1e74d85e

Github: https://github.com/Apoc70/Set-UserPictures

Parse email messages content for further processing
This script fetches emails from a given monitoring mailbox by searching email messages for a given subject string.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/322/parse-mailcontent

TechNet Gallery: https://gallery.technet.microsoft.com/Parse-email-message-bfdef982

Github: https://github.com/Apoc70/Parse-MailContent

Update OWA vDir config across multiple servers
This script checks multiple Exchange Server 2013 OWA web.config files for the existence of IMCertificateThumbprint and IMServerName XML nodes required for Skype for Business OWA integration.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/301/update-owa-vdir-webconfig-across-multiple-exchange-servers

TechNet Gallery: https://gallery.technet.microsoft.com/Update-OWA-vDir-config-086bbc17

Github: https://github.com/Apoc70/Set-OwaIMSettings

Remove Orphaned HealthMailbox and SystemMailbox Accounts from MESO Container
This script removes Active Directory objects for HealthMailboxes or SystemMailboxes in the Microsoft Exchange System Objects (MESO) container that do not have a homeMDB attribute set.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/297/remove-orphaned-healthmailbox-and-systemmailbox-accounts-from-meso-container

TechNet Gallery: https://gallery.technet.microsoft.com/Remove-orphaned-HealthMailb-9f33ccbe

Github: https://github.com/Apoc70/Remove-OrphanedMailboxAccounts

Connect to Exchange Server 2013+ using remote PowerShell
This script connects to a dedicated or a randomly selected Exchange Server using remote Powershell.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/293/connect-to-exchange-server

TechNet Gallery: https://gallery.technet.microsoft.com/Connect-to-Exchange-Server-0fefe0e4

Github: https://github.com/Apoc70/Connect-ToExchange

Create Exchange internal/external Url based certificate requests
This script helps to create ceritifcate requests (CSR) based on hostnames used for internal and external Urls of Exchange Server virtual directories.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/290/create-exchange-internalexternal-url-based-certificate-requests

TechNet Gallery: https://gallery.technet.microsoft.com/Create-Exchange-internalext-8784bfb1

Github: https://github.com/Apoc70/Create-CertificateRequest

Export Messages from Transport Queue
Script to suspend and export messages from a transport queue.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/282/export-messages-from-message-queue

TechNet Gallery: https://gallery.technet.microsoft.com/Export-Messages-from-edd2c939

Github: https://github.com/Apoc70/Export-MessageQueue

Simple import of multiple PST files for a single user
A script to simplify the import of multiple PST file for a single user.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/234/simple-import-of-multiple-pst-files-for-a-single-user

TechNet Gallery: https://gallery.technet.microsoft.com/Simple-import-of-multiple-6cc49361

Github: https://github.com/Apoc70/Start-MailboxImport

Create a new Team Mailbox with Security Groups
A script to create a new shared mailbox with associated full access or send-as security groups.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/239/create-a-new-team-mailbox-with-security-groups

TechNet Gallery: https://gallery.technet.microsoft.com/Create-a-new-Mailbox-with-1b02f6e7

Github: https://github.com/Apoc70/New-TeamMailbox

Find and remove corrupt HealthMailboxes
Script to find and remove or disable Exchange Server 2013 HealthMailboxes

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/212/find-and-remove-corrupt-healthmailboxes

TechNet Gallery: https://gallery.technet.microsoft.com/Find-and-remove-corrupt-42c8bfc2

Github: https://github.com/Apoc70/Fix-HealthMailboxes

Change IIS Log File Settings
Script to configure IIS log file location and other log file settings, especially for Exchange Server 2013/2016

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/220/change-iis-log-file-settings

TechNet Gallery: https://gallery.technet.microsoft.com/Change-IIS-Log-File-e4bd3f4b

Github: https://github.com/Apoc70/Set-Webserver

Purge Exchange Server 2013/2016/2019 and IIS Log Files
Script to purge Exchange Server 2013/2016/2019 and IIS log file remotely from a managing or job server

Blog: https://www.granikos.eu/de/justcantgetenough/PostId/208/purge-exchange-server-and-iis-log-files

TechNet Gallery: https://gallery.technet.microsoft.com/Purge-Exchange-Server-2013-c2e03e72

Github: https://github.com/Apoc70/Purge-LogFiles

Send emails for Transport Agent and Transport Rule testing
A script for sending a defined number of emails of a certain type having a specific attachment for the testing of Transport Agents and Transport Rules

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/215/send-test-emails-to-validate-transport-rules-or-transport-agents

TechNet Gallery: https://gallery.technet.microsoft.com/Send-test-emails-to-a98c1ca4

Github: https://github.com/Apoc70/Send-TestMail

Copy a receive connector from one Exchange 2013 Server to multiple Exchange Servers
Script to copy a configured Exchange Server 2013/2016/2019 receive connector from a source server to additional Exchange 2013/2016/2019 servers.

TechNet Gallery: https://gallery.technet.microsoft.com/Copy-a-receive-connector-b20b9bef

Github: https://github.com/Apoc70/Copy-ReceiveConnector

Add remote IP-address ranges to an existing receive connector
Add remote IP address ranges to an Exchange Server 2013/2016/2019 receive connector.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/222/add-remote-ip-address-ranges-to-a-receive-connector

TechNet Gallery: https://gallery.technet.microsoft.com/Add-remote-IP-address-59b84634

Github: https://github.com/Apoc70/Add-ReceiveConnectorIpAddress

Copy anti-virus pattern to Exchange 2010/Exchange 2013 servers
Script to copy anti-virus pattern files from a given source location to multiple Exchange 2010/Exchange 2013 servers

TechNet Gallery: https://gallery.technet.microsoft.com/Copy-anti-virus-pattern-to-f05a9af2

Github: https://github.com/Apoc70/Copy-AntiVirusPattern

Gather Exchange Configuration Data
Script to gather Exchange Org configuration data and export the configuration as text/CSV files

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/287/gather-exchange-configuration-data

TechNet Gallery: https://gallery.technet.microsoft.com/Gather-Exchange-configurati-24dbf8d0

Github: https://github.com/Apoc70/Get-ExchangeOrganizationDetails

Create a scheduled task for Exchange Server 2013+
This script adds a new scheduled task for an Exchange Server 2013+ environment in a new task scheduler group "Exchange".

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/218/create-a-scheduled-task-for-exchange-server-2013

TechNet Gallery: https://gallery.technet.microsoft.com/New-ScheduledExchangeTask-449cb182

Github: https://github.com/Apoc70/New-ScheduledExchangeTask

Clear Private Flag on Mailbox Messages
C# Executable to clear an item's private flag after migrating public folder content to a shared mailbox.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/303/clear-private-flag-on-mailbox-messages

TechNet Gallery: https://gallery.technet.microsoft.com/Clear-Private-Flag-on-3cac4d50

Github: https://github.com/Apoc70/RemovePrivateFlag

Set Mailbox Item Private Flag
C# Executable to set an item's private flag after migrating public folder content to a shared mailbox from a legacy mailbox system.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/379/set-mailbox-item-private-flag

TechNet Gallery: https://gallery.technet.microsoft.com/Set-private-flag-on-1cbbfd72

Github: https://github.com/Apoc70/SetPrivateFlag

Exchange Server 2007/2010

Fetch recently created public folders
This script gathers all public folders created during the last X days and exports the gathered data to a CSV file

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/304/fetch-recently-created-public-folders

TechNet Gallery: https://gallery.technet.microsoft.com/Fetch-recently-created-635a7d98

Github: https://github.com/Apoc70/Get-NewPublicFolders

Remove orphaned users and groups from legacy public folder ACLs
Cleanup legacy public folder ACLs by removing orphaned other unproperly configured accounts

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/263/clean-legacy-public-folder-acl

TechNet Gallery: https://gallery.technet.microsoft.com/Remove-orphaned-users-and-bba62a39

Github: https://github.com/Apoc70/Clean-PublicFolderACL

Exchange 2010 Public Folder Replication Report (UTF8 support)
An updated version of the script originally posted by Mike Walker to support public folder with non-ASCII characters

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/211/exchange-public-folder-replication-report

TechNet Gallery: https://gallery.technet.microsoft.com/Exchange-2010-Public-315ea9aa

Github: https://github.com/Apoc70/Get-PublicFolderReplicationReport

Original Post at TechNet Gallery: https://gallery.technet.microsoft.com/office/Exchange-2010-Public-944df6ee

Add multiple legacy public folder replicas recursively
Script to get more control of adding legacy public folder replicas recursively

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/217/add-multiple-legacy-public-folder-replicas-recursively

TechNet Gallery: https://gallery.technet.microsoft.com/Add-multiple-legacy-public-255848b3

Github: https://github.com/Apoc70/Add-PFReplica

Other Stuff

Convert Word documents using PowerShell
This script converts Word compatible documents to a selected format utilizing the Word SaveAs function. Each file is converted by a single dedicated Word COM instance.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/353/convert-word-documents-using-powershell

TechNet Gallery: https://gallery.technet.microsoft.com/scriptcenter/Convert-Word-documents-5ccc1067

Github: https://github.com/Apoc70/Convert-WordDocument

Please send comments, wishes, and ideas to support@granikos.eu.

Enjoy!

Need assistance with your Exchange Server Organization? You plan to upgrade your Exchange Server Organization? You plan to migrate to Office 365? Contact us: info@granikos.eu

Updates

Update 2019-05-07: Export mailbox delegates and SMTP forwarding information added
Update 2018-09-04: Add remote IP-address ranges to a receive connector added
Update 2018-06-16: Manage Master Category List for Shared Mailboxes and Teams added
Update 2018-04-29: Convert Word documents using PowerShell and Set Mailbox Item Private Flag added
Update 2018-01-24: Create a new Room Mailbox with Security Groups added
Update 2017-11-11: Export all user mailbox permissions added
Update 2017-09-22: Remove Out-Of-Office rules from user mailbox added
Update 2017-05-20: Parse email messages content for further processing and Update OWA vDir config across multiple servers added
Update 2017-03-18: Fetch recently created public folders and Clear Private Flag on Mailbox Messages added
Update 2017-02-22: Remove Orphaned HealthMailbox and SystemMailbox Accounts from MESO Container added
Update 2017-02-17: Test Office 365 Domain Availability added
Update 2017-02-13: Connect to Exchange Server 2013+ using remote PowerShell added
Update 2017-02-07: Create Exchange internal/external Url based certificate requests, Create a scheduled task for Exchange Server 2013 added
Update 2017-01-24: Gather Exchange Configuration Data added
Update 2017-01-05: Export Messages from Transport Queue added
Update 2016-11-29: Clean legacy public folder ACL added, Scripts categorized
Update 2016-11-28: Add multiple legacy public folder replicas added
Update 2016-08-18: Simple import of multiple PST files for a single user added
Update 2016-07-28: Change IIS Log File settings Github Url added, Create a new Team Mailbox with Security Groups added
Update 2016-06-04: GlobalFunctions added
Update 2015-06-18: Copy-ReceiveConnector updated
Update 2015-06-01: Exchange 2010 Public Folder Replication Report (UTF8 support)
Update 2015-05-21: Copy anti-virus pattern to Exchange 2010/Exchange 2013 servers added
Update 2014-12-10: Copy a receive connector from one Exchange Server to multiple Exchange Servers added
Agile Project Management - Agile Project Management in real Life (Part 3)
Agile Project Management in real Life

The Project:

Development of a new web shop

Bring this web shop to a new platform to enable further enhancements (old platform was outdated)

The challenges:

Very high amount of complex requirements

Dependencies to other projects and an overarching IT Strategy Program

Special regional processes and requirements

New, unknown platform and framework

Why agile:

Manage high amount of requirements (incomplete list at start of the project)

Start by collecting all requirements on a very high level

Refine requirements during the project in order to save time by not writing every detail at the beginning of the project

Able to react to decisions from the IT Strategy program and/or other projects

The Project had to start earlier than the program, so some program decisions were not made at the beginning of the project

No clear "customer" as it was an internal project, but end-users are external customers of the company

The agile setup - how did we handle the challenges:

Besides the standard Scrum roles (See our last blog entry: What is Scrum?), additional roles were part of the project

Orange = Business, Green = IT

Cross Regional Working Team = Group of colleagues from different Departments act as "customers"

Write User Stories

Review product and give feedback

"Imitate" the end user

IT Process Designer as an IT counterpart to the Business Product Owner

More technical knowledge

Understands and communicates technical problems

Also has a very good knowledge about the business processes

Better management of the big product backlog, due to technical understanding, prioritization estimation

Additional Role "Solution Architect"

Knowledge of new implementation framework

Sets up development guidelines and general implementation approach

Gives first estimation of requirements

Better management of the large product backlog, due to technical understanding, prioritization estimation

Additional meetings to manage backlog

Sprint Planning Preparation

Participants: Solution Architect, IT Process Designer and Product Owner

Prepare Sprint Planning, define Sprint goal and set a rough scope for the next Sprint

Backlog Refinement

Participants: Development Team, Solution Architect and IT Process Designer

Review high prioritized stories and refine them to a state where they can be implemented

Add details to stories and split them up into multiple stories if needed

The experiences:

First version of user stories were very unspecific and way too complex to be implemented straight away

It was clear from the beginning that stories have to be refined (see "Challenges of the project" - Point 1) - but the effort to get the stories to a point where they can actually be implemented was underestimated

Project progress became unclear because the team did not work on actual business user stories, because they were too unspecific and complex, but transferred them into technical stories

Stories had to be split up multiple times, overall structure of story clustering and complexity changed multiple times

Tools such as JIRA were great to track and manage the backlog and to document and share knowledge within the project team

Not everyone has had agile experience

Roles were not fully clarified at the beginning, therefore more communication between the roles was needed, to make sure everyone understood his responsibility

During the project each role developed and grew based on the experience

The roles later on took over responsibility and made decisions where needed

Despite the difficulties especially at the beginning of the project, it is still very well in time. This is caused by the fact that the team always kept working and the project was never unable to go on. Due to the agile nature of the project in time communication and transparency were possible!

This was the third part of our small Series about Agile Project Management. Look out for the next part which we are going to publish soon called "Agile Project Management – Agile on the next Level - Program Management"

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.
Blog Cumulative Update Dezember 2015
Das Exchange Blog Cumulative Update für Dezember 2015 (CU1215) fasst interessante Themen rund um Exchange Server und Office 365 (Exchange Online), Azure und Skype for Business (aka Lync) des Monats Dezember 2015 zusammen.

Exchange Server

Common mailbox recovery scenarios for hybrid environments
http://blogs.technet.com/b/exchange/archive/2015/12/04/common-mailbox-recovery-scenarios-for-hybrid-environments.aspx

Data immutability and Office 365 tenant lifecycle
http://blogs.technet.com/b/exchange/archive/2015/12/18/data-immutability-and-office-365-tenant-lifecycle.aspx

Unable to Delete Exchange 2016 Database
https://exchangemaster.wordpress.com/2015/12/16/unable-to-delete-exchange-2016-database/

Exchange Management Shell and Mailbox Anchoring
http://blogs.technet.com/b/exchange/archive/2015/12/15/exchange-management-shell-and-mailbox-anchoring.aspx

Released: December 2015 Quarterly Exchange Updates
http://blogs.technet.com/b/exchange/archive/2015/12/15/released-december-2015-quarterly-exchange-updates.aspx

Showing the Calendar Configuration of a Mailbox or Meeting Room using EWS
http://gsexdev.blogspot.de/2015/12/showing-calendar-configuration-of.html

How to Remove Mailbox Auto-Mapping in Outlook
http://www.expta.com/2015/12/how-to-remove-mailbox-auto-mapping-in.html

Office 365 & Exchange Online

[STICKY] Office 365-Trust Center
http://bit.ly/Office365TrustCenter

[STICKY] Office 365 URLs and IP address ranges
http://bit.ly/Office365URLsIPaddresses

Closing the loop: Improving Office 365 PowerShell content for administrators
http://blogs.technet.com/b/solutions_advisory_board/archive/2015/12/21/closing-the-loop-improving-office-365-powershell-content-for-administrators.aspx

Skype for Business, Lync Server & Communication

Skype for Business ? Cloud Connector Edition ? Is it right for you?
http://skype4b.uk/2015/11/30/skype-for-business-cloud-connector-edition-is-it-right-for-you/

Skype for Business 2015, Planning Tool
https://www.microsoft.com/en-us/download/details.aspx?id=50357

New eBook Annoucement: Skype for Business Hybrid Handbook
http://blog.get-csjosh.com/2015/12/new-ebook-annoucement-skype-for-business-hybrid-handbook.html

Skype for Business Inplace Upgrade ? Undocumented Disk Space Requirements
http://www.lyncexch.co.uk/skype-for-business-inplace-upgrade-undocumented-disk-space-requirements/

Microsoft Azure

[STICKY] Microsoft Azure Trust Center
http://azure.microsoft.com/en-us/support/trust-center

Step-By-Step: Setting up Azure SMB File Share
http://blogs.technet.com/b/canitpro/archive/2015/12/01/step-by-step-setting-up-azure-smb-file-share.aspx

Intelligent Management: What it is & Why You Need it
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/02/intelligent-management-what-it-is-amp-why-you-need-it.aspx

Announcing Azure Portal general availabilit
https://azure.microsoft.com/en-us/blog/announcing-azure-portal-general-availability/

New Series: The Azure AD Mailbag
http://blogs.technet.com/b/ad/archive/2015/12/04/new-series-the-azure-ad-mailbag.aspx

Azure Resource Manager Explorer with David Ebbo
https://channel9.msdn.com/Shows/Azure-Friday/Azure-Resource-Manager-Explorer-with-David-Ebbo

Hybrid Infrastructure Automation with Azure Resource Manager Templates
https://www.youtube.com/watch?v=DevCgPFbiS8

#AzureAD Mailbag: Self-Service Password Reset
http://blogs.technet.com/b/ad/archive/2015/12/11/azuread-mailbag-self-service-password-reset.aspx

Custom Roles in Azure RBAC is now GA
http://blogs.technet.com/b/ad/archive/2015/12/10/custom-roles-in-azure-rbac-is-now-ga.aspx

Intelligent Management: What?s Changing & How You Capitalize
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/11/intelligent-management-what-s-changing-amp-how-you-capitalize.aspx

Azure AD Mailbag: Syncing with Azure AD Connect
http://blogs.technet.com/b/ad/archive/2015/12/18/azure-ad-mailbag-syncing-with-azure-ad-connect.aspx

Intelligent Management: How You Take Action with What You Already Have
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/17/intelligent-management-how-you-take-action-with-what-you-already-have.aspx

Azure Automation jobs fail with ?The quota for the monthly total job run time have been reached?
http://blogs.technet.com/b/momteam/archive/2015/12/15/azure-automation-jobs-fail-with-the-quota-for-the-monthly-total-job-run-time-have-been-reached.aspx

Azure AD Delegated app access management is now GA
http://blogs.technet.com/b/ad/archive/2015/12/17/azure-ad-delegated-app-access-management-is-now-ga.aspx

Managing Azure Virtual Machines with Server Manager
http://blogs.technet.com/b/canitpro/archive/2015/12/15/managing-azure-virtual-machines-with-server-manager.aspx

Microsoft Azure Stack: Hardware requirements
http://blogs.technet.com/b/server-cloud/archive/2015/12/21/microsoft-azure-stack-hardware-requirements.aspx

Step-By-Step: Using AzCopy to Transfer Files to Azure
http://blogs.technet.com/b/canitpro/archive/2015/12/29/step-by-step-azcopy.aspx

Allgemeine Themen & Sicherheit

[STICKY] Microsoft Security TechCenter
http://technet.microsoft.com/de-DE/security/dd252948

Microsoft Joins RE100 Initiative In Support of Renewable Energy
http://blogs.msdn.com/b/microsoft-green/archive/2015/11/30/microsoft-joins-re100-initiative-in-support-of-renewable-energy.aspx

Step-By-Step: Managing Your Nano Servers
http://blogs.technet.com/b/canitpro/archive/2015/12/03/step-by-step-managing-your-nano-servers.aspx

Network Forensics with Windows DNS Analytical Logging
https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/

How to Deploy Windows DNS Server on Nano Server
https://blogs.technet.microsoft.com/teamdhcp/2015/12/04/how-to-deploy-windows-dns-server-on-nano-server/

Break a CSExport XML file into multiple smaller files
http://www.wapshere.com/missmiis/break-a-csexport-xml-file-into-multiple-smaller-files

Microsoft?s carbon fee highlighted by UNFCCC at Paris climate talks
http://blogs.msdn.com/b/microsoft-green/archive/2015/12/09/microsoft-s-carbon-fee-highlighted-by-unfccc-at-paris-climate-talks.aspx

Chrome Browser Now Warns About Weak SHA-1 Certificates
http://www.expta.com/2015/12/chrome-browser-now-warns-about-weak-sha.html

Step-By-Step: Removing Corrupt Windows 10 Universal Apps via PowerShell
http://blogs.technet.com/b/canitpro/archive/2015/12/22/step-by-step-removing-corrupt-windows-10-universal-apps-via-powershell.aspx

Additional steps to help keep your personal information secure
http://blogs.microsoft.com/on-the-issues/2015/12/30/additional-steps-to-help-keep-your-personal-information-secure/

Knowledge Base

Free/busy lookups between Exchange Online and on-premises users stop working after you set up OAuth authentication
https://support.microsoft.com/en-us/kb/3001281

Replay

April 2013: Troubleshooting Rapid Growth in Databases and Transaction Log Files in Exchange Server 2007 and 2010
http://blogs.technet.com/b/exchange/archive/2013/04/18/troubleshooting-rapid-growth-in-databases-and-transaction-log-files-in-exchange-server-2007-and-2010.aspx

Juli 2014: PowerShell : Exporting multi-valued attributes with Export-Csv ? how to tame the beast (SysAdmins, rejoice!)
http://blog.millersystems.com/powershell-exporting-multi-valued-attributes-via-export-csv-cmdlet/

Februar 2012: Recovering Public Folders After Accidental Deletion (Part 1: Recovery Process)
http://blogs.technet.com/b/exchange/archive/2012/02/06/recovering-public-folders-after-accidental-deletion-part-1-recovery-process.aspx

Mai 2015: Check for MaxTokenSize Problems (Updated)
https://gallery.technet.microsoft.com/scriptcenter/Check-for-MaxTokenSize-520e51e5

September 2014: Exchange 2013 CU6 hybrid Users with O365 unable to query free/busy for on-premises users
http://consulting.risualblogs.com/blog/2014/09/10/exchange-2013-cu6-hybrid-users-with-o365-unable-to-query-freebusy-for-on-premises-users/

Januar 2015: Exchange HCW Error ? Exchange OAuth authentication couldn?t find any accepted domains
https://mymicrosoftexchange.wordpress.com/2015/01/08/exchange-hcw-error-exchange-oauth-authentication-couldnt-find-any-accepted-domains/

Podcast Empfehlungen

Exchange Exposed
http://bit.ly/ExchangeExposedPodcast

Tools

Cloud Security Audit

Mailscape 365 - Exchange Online Monitoring und Reporting

Mailscape - Exchange Monitoring und Reporting

Uniscope - Lync Monitoring und Reporting

Compass - Active Directory Monitoring und Reporting

ForeSite - SharePoint Monitoring und Reporting

Gerne unterstützen wir Sie bei der Planung und Durchführung Ihrer Exchange Server Implementierung oder Migration.

Sie denken über einen vollständigen Wechsel zu Office 365 oder eine Hybrid-Konfiguration mit Office 365 nach? Wir beraten Sie umfassend und ausführlich über die Möglichkeiten der Office 365 Plattform.

Sie möchten mehr über Exchange Server 2016 erfahren? Gerne erläutern wir Ihnen die technischen Änderungen und Möglichkeiten für Ihr Unternehmen in einem persönlichen Workshop.

Weitere Informationen zu unseren Dienstleistungen finden Sie auf unserer Website (https://www.granikos.eu) oder nehmen Sie direkt mit uns Kontakt auf: info@granikos.eu
Agile Project Management – Basics (Part 1)
What is agile?

Today we start with our short series about agile Project Management with this first article.

Agile Project Management - The "evil dark method" which opposes the good old Waterfall Model!

Nowadays almost everyone (at least in IT environments) talks about agile project management methods.
Some already checked them out, but often enough there are some counter positions to these methods which are related to some unclear things within the methodology.

This small series will try to describe in detail what agile project management is and what are the success factors.

First of all: agile project management is a methodology and a mindset! It is NOT a strictly designed process, which will solve problems magically.
Key points of "agile" are:

Individuals and interactions over processes and tools

Working software over comprehensive documentation

End User collaboration over contract negotiation

Responding to change over following a plan

Agile Project management works iterative, the product AND the process will be reviewed and optimized after each iteration

The highly collaborative structure focuses on teamwork and end user transparency as in showing actual project progress or problems which slowed down the progress

At the end of each iteration there will be a product increment which can be used by the customer, this creates actual value and ROI even before the end of the project

Individuals and interactions over processes and tools

Changing requirements & environment

Misunderstanding of requirements

Scope creep

Change of resources

Lack of communication between End User and IT


Agile Project management can be used in nearly all custom development projects.



However there are certain scenarios where agile might not be the to-go option:


If your project has 100% fixed requirements, which will surely not change during the project (by the way...just because they are written down, it does not mean they are fixed!)…

If you roll out "commercial off-the-shelf" software, which is already packaged and automatically distributed (think about MS Office for example)...
If your project deals with upgrading or patching a system…

… then agile might not be the right approach.

If you are thinking about doing your own agile project it is highly recommended to involve an already agile-experienced colleague as an "Agile-Coach".
He can help you to set up the process and working mode and help to get a clear understanding what agile is about.

Here are some doubts which are quite common regarding agile methods:

A project manager or End User might say:

"Agile is chaos! The outcome and the goal of the project is not clear!"

The working mode is actually very structured and strict. There is a vision for each iteration and the project itself. This vision is the basis for the outcome of the iteration or project.

"I am unsure about what do i get when?"

After each iteration there will be a product increment which can potentially be used by the customer. It contains the most important functions, as they are implemented according to the prioritization.

"I am already doing agile projects all the time!"

Today's requirements to IT basically can't be served by following the waterfall model. This might be the reason you are already agile in a way. It still might be useful to include more agile working methods, to actually work agile and not "pseudo-agile".



The QM-People might say:

"Where is the documentation?"

Each project creates their own "Definition of Done", which has to be completed for each requirement. This also includes necessary documentation of what was actually done. Furthermore the current project management process is in rework. After the rework it will also include agile projects and therefore also give requirements for documentation.



The developer might say:

"There are too many meetings!"

If you don't think that the meetings benefit to your project - just don't do them. Agile is based on customizing and optimizing the process. If you realize later on that the meetings were actually useful - just do them again. It is YOUR agile way of working, not a "set-in-stone" process.

"I can't commit my workload for the next two weeks!"

If you can't commit your workload for just two weeks, then how can you commit on a project which has a duration of multiple months?

If you are not able to commit on your work, this might also show the organization in which areas there are resources missing.

The team lead might say:

"This won't fit to my area"

Discuss the approach with your customers or try it out if possible. If the customer and developer satisfaction is lower than usually, or the efficiency of the project was lower - stick to what works best for you.

By trying out we mean that you try the approach in a smaller project, to see if it makes sense for you. It is highly recommended to include an "Agile-Coach" who helps you to set up the project and to integrate agile methods into your work.

This was the first part of our small Series about Agile Project Management. Look out for the next part which we are going to publish soon called "Agile Project Management – What is SCRUM"

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.
Digitale Signierung von PowerShell-Skripten
Viele Administratoren verzichten auf die digitale Signierung von eigene PowerShell-Skripten. Um solche PowerShell-Skripte in der lokalen IT-Infrastruktur ausführen zu können wird daher die PowerShell-Ausführungsrichtlinie auf Unrestricted konfiguriert. Diese Konfiguration ist ein großes Sicherheitsrisiko für das gesamte Unternehmen.

Wenn das digitale Zertifikat zur Code-Signierung in Ihrem persönlichen Zertifikatsspeicher hinterlegt ist, ist die Signierung besonders einfach.

Wechseln Sie in einer PowerShell_Session in das Verzeichnis, das die zu signierende PowerShell-Datei enthält und signieren Sie die Datei mit den folgenden Befehlen. In diesem Beispiel wird die Datei MyPowerShellScript.ps1 signiert.

# Lesen des Signatur-Zertifikates aus dem persönlichen Zertifikatspeicher # des Anwenders, der die Signierung durchführt $cert=Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert # Lesen eines exportierten Signatur-Zertifikates aus einer PFX-Datei # Wenn der Export mit einem Kennwort geschützt ist, werden Sie nach # dem Kennwort gefragt $cert = Get-PfxCertificate -FilePath C:\SCRIPTS\CERTS\CodeSigningVarunagroup.pfx # Digitale Signierung der Datei MyPowerShellScript.ps1 Set-AuthenticodeSignature -FilePath MyPowerShellScript.ps1 -Certificate $cert

Wissenswert ist, dass das Cmdlet Get-PfxCertificate, im Gegensatz zur Dokumentation bei Microsoft Docs, keinen Parameter -Password verfügt, um das Kennwort als SecureString zu übergeben.

Signieren Sie eigene PowerShell-Skripte immer, um die IT-Betriebssicherheit in Ihrem Unternehmen sicherzustellen.

Verwenden Sie immer ein Code Signing-Zertifikat eines vertrauenswürdigen Drittanbieters.

Konfigurieren Sie nach der Signierung Ihrer PowerShell-Skripte die Ausführungsrichtlinie für Ihre Systeme mit Hilfe einer Gruppenrichtlinie.

Links

Set-AuthenticodeSignature

Execution Policy and Group Policy

Code Signing Zertifikate (Auswahl)

DigiCert

GlobalSign

Comodo

Viel Spaß mit PowerShell!