de-DEen-GB
 
MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.
Updated 2017-04-02

Exchange Speech AssistantAs an Exchange administrator you normally perform tasks by executing PowerShell scripts. Some of these scripts are executed automatically, some are run manually as these scripts require more attention.

Think about a completely different approach. Have you ever thought about administrating Exchange Server or your Exchange Online instance using your voice?

Thanks to Alexa skills we can do something like

"Alexa, ask Exchange Assistant to create a new mailbox for John Doe"

"Alexa, is the CEO's mailbox in good shape?"

Or run something more complicated

"Alexa, start Exchange to setup 5 new Exchange servers, please"

Sounds like magic, right?

Alexa Speech Assistant SkillSolution

As a solution we use the following technologies:

  • Alexa custom skills extension for Exchange
  • Azure subscription supporting
    • Azure Web API
    • Azure Automation
  • Azure Hybrid Runbook Worker

The Azure Hybrid Runbook Worker enables you to execute PowerShell runbooks in your local infrastructure to manage local ressources.

How does it work

The solution consists of a Visual Studio Solution acting as an Alexa skill endpoint. The configured intents connect to your Azure Automation webhooks and trigger the execution of preconfigured PowerShell automation runbooks.

These runbooks can either run againt Azure resources or against your local infrastructure. Automation of your local infrastructure requires the setup of the Azure Hybrid Runbook Worker components.

The following diagram illustrates the functionality.

How does the Exchange Speech Assistant work?

Requirements

Preparation

The solution utilizes the Azure4Alexa and AlexaSkillsSet.NET projects available on Github. Currently the approach requires some manual steps and Visual Studio knowledge, as you want to deploy your own Alexa custom application. This is primarily driven due to security demands. The Hybrid Runbook Worker can access your local infrastructure. So you went to be in charge of the credentials used to access your infrastructure.

  1. Clone the Visual Studio solution from Github (https://github.com/Apoc70/ExchangeSpeechAssistant)
  2. Follow the description provided here to setup your personal Alexa developer account and to get your Azure trial subscription to host the application
  3. Publish the Visual Studio solution as an intital endpoint to setup your Alexa custom skill
    This results in a simple web page demonstrating the new Azure Web App
    Speech Assistant Azure Web App
  4. Modify the AlexaConstants.cs to use your Application Id
  5. Re-Publish the Visual Studio solution with your custom Application Id
  6. Prepare your local infrastructure for the use with Hybrid Runbook Worker
    1. Installing Hybrid Runbook Worker
    2. Create a Runbook Automation Account
      Runbook Automation Account
    3. Create a runbook for whatever action you want to execute
      Runbook Example NewVMs

Start enjoying how your administrator's can orchestrate your Exchange Server environment.

Links

Enjoy your wonderful life with Exchange :-)

Thanks for stopping by on April 1st.

 

Read More »
Last updated 2017-07-23

Exchange Server 2013Exchange Server 2016Description

This script has been developed for a custom project with the following requirements:

  • User photos are provided in rectangular format by the HR department and stored in a dedicated folder
  • User photos should be resized automatically to a square format to be suitable for
    • Active Directory thumbnailPhoto attribute (96x96 pixel)
    • Exchange user photo (648x648 pixel)
    • Intrant address book (150x150 pixel)
  • Processed photos should be moved to a processed folder
  • User logon names are used as user photo file names

The script utilizes a self developed C# command line tool, which has been published as open source at Github. The ResizeImage Wiki explains the usage of the command line tool. The application's configuration controls the target size and an optional pixel based offset.

Maybe the script will be useful in your project as well.

Requirements

  • ResizeImage.exe command line tool
  • GlobalFunctions PowerShell module as desribed here
  • Exchange Server 2013+ Management Shell (EMS) for storing user photos in on-premises mailboxes
  • Exchange Online Management Shell for storing user photos in cloud mailboxes
  • Write access to thumbnailPhoto attribute in Active Directory

Examples

The code samples utilize the following folder structure:

  • D:\UserPhotos
    • SOURCE
      Contains all .JPG user photos with file names matching the user logon names
    • AD
      Target folder for tumbnailPicture photos (96 x 96 px)
      • ResizeImage.exe
      • ResizeImage.exe.config (local configuration for Active Directory photos)
    • EXCHANGE
      Target folder for Exchange mailbox user photos (646 x 648 px)
      • ResizeImage.exe
      • ResizeImage.exe.config (local configuration for Exchange mailbox photos)
    • INTRANET
      Target folder for Intranet address book user photos (150 x 150 px)
      • ResizeImage.exe
      • ResizeImage.exe.config (local configuration for Intranet photos)

 

Code Samples

# EXAMPLE
# Resize photos stored in the default PictureSource folder for Exchange On-Premises (648x648) and write images to user mailboxes
.\Set-UserPictures.ps1 -ExchangeOnPrem   

# EXAMPLE
# Resize photos stored on a SRV01 share for Exchange Online and save resized photos on a SRV02 share
.\Set-UserPictures.ps1 -ExchangeOnline -PictureSource '\\SRV01\HRShare\Photos' -TargetPathExchange '\\SRV02\ExScripts\Photos'

 # EXAMPLE
 # Resize photos stored in the default PictureSource folder for Active Directory (96x96) and write images to user thumbnailPhoto attribute
 .\Set-UserPictures.ps1 -ActiveDirectory

# EXAMPLE
# Resize photos stored in the default PictureSource folder for Intranet (150x150)
.\Set-UserPictures.ps1 -Intranet

Version History

  • 1.0, Initial community release
  • 1.1, Exchange Online support added

Links

Follow

 

 

Read More »

Exchange Server 2013 Exchange Server 2016Problem

When you integrate Skype for Business Server instant messaging with Exchange Server 2013 or Exchange Server 2016 you might encounter the following error in the OWA InstantMessaging log files.

ERROR:UCWEB Failure: Code=TlsFailure, SubCode=TlsRemoteDisconnected, Reason=\r\n
Microsoft.Rtc.Internal.UCWeb.Utilities.UCWException: Unknown error (0x80131500) 
---> Microsoft.Rtc.Signaling.TlsFailureException: Unknown error (0x80131500) 
---> Microsoft.Rtc.Internal.Sip.RemoteDisconnectedException: Peer disconnected while outbound capabilities negotiation was in progress 
---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host\r\n   
at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)\r\n   
at Microsoft.Rtc.Internal.Sip.TcpTransport.OnReceived(Object arg)\r\n   
--- End of inner exception stack trace ---\r\n   
--- End of inner exception stack trace ---\r\n   
at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()\r\n   
at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)\r\n   
at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.OotyUserEndpointEstablish_callback(IAsyncResult asyncResult)\r\n   
--- End of inner exception stack trace ---\r\n   
at Microsoft.Rtc.Internal.UCWeb.Utilities.AsyncHelper.EndAsyncCall[T](IAsyncResult asyncResult, String methodName, T ucwScopeInstance)\r\n   
at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.EndSignIn(IAsyncResult asyncResult)\r\n   
at Microsoft.Exchange.Clients.Owa2.Server.Core.InstantMessageOCSProvider.<>c__DisplayClass33.<SignInCallback>b__32(RequestDetailsLogger logger)

The log files are located at

\Program Files\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging

Solution

The Exchange Server OWA host name must be the common name (CN) of the SSL certificate used securing OWA communication.

Example for a non working IM configuration

  • OWA host name: owa.varunagroup.de
  • SSL certificate CN: mobile.varunagroup.de

Example for a working IM configuration

  • OWA host name: owa.varunagroup.de
  • SSL certificate CN: owa.varunagroup.de

Links

 

 

Read More »

Exchange Server 2007Exchange Server 2010Exchange Server 2013Exchange Server 2016Description

This script gathers all public folders created during the last X days and exports the gathered data to a CSV file.

The script is not limited to legacy or modern public folders. It can be used with Exchange Server 2007/2010 and Exchange Server 2013/2016.

Use this script to identify users or departments creating to many folders in the public folder hierarchy. The CSV can be used to provide better guidance on public folder usage or can be used for planning public folder content migrations to other team based solutions (aka Shared Mailboxes, etc.)

 

Examples

# EXAMPLE
# Query legacy public folder server MYPFSERVER01 for all public folders created during the last 31 days
.\Get-NewPublicFolders.ps1 -Days 31 -ServerName MYPFSERVER01 -Legacy

# EXAMPLE
# Query modern public folders for all public folders created during the last 31 days
.\Get-NewPublicFolders.ps1 -Days 31

Version History

  • 1.0, Initial community release

Links

Follow

 

 

Read More »
Last updated: 2017-03-18

Exchange Server 2013Exchange Server 2016Problem

You implement shared mailboxes as part of a legacy public folder migration. Access to the shared mailbox provided by dedicated security groups which, in this case, provide access to dedicated sub folders within the mailbox.

The migrated legacy public folder content contained items marked as private.

When you access a shared mailbox as a group member you are not able to see or access private items.

The following two screenshots are used to demontraste the issue:

The Inbox node shows three unread items:

Screenshot Inbox showing 3 unread items

The Inbox detail pane just shows a single read message:

Screenshot showing an Inbox with a single read message

So how to access items marked as private?

 

Solution

The privacy level (Sensitivity) of a mailbox item is controlled by MAPI extended property 0x36.

  • 0x36 = 0, sensitivity = normal
  • 0x36 = 2, sensitivity = private

When an item does have an extended property 0x36, the value is set to 0.

A mailbox is accessed using Exchange Web Services. The EWS endpoint is discovered using AutoDiscover for the selected mailbox.

The item modificatiuon is handled by the following code segment:

var extendedPropertyDefinition = new ExtendedPropertyDefinition(0x36, MapiPropertyType.Integer);
int extendedPropertyindex = 0;

foreach (var extendedProperty in Message.ExtendedProperties)
{
	if (extendedProperty.PropertyDefinition == extendedPropertyDefinition)
	{
		if (log.IsInfoEnabled)
		{
			log.Info(string.Format("Try to remove private flag from message: {0}", Message.Subject));
		}
		else
		{
			Console.WriteLine("Try to remove private flag from message: {0}", Message.Subject);
		}

		// Set the value of the extended property to 0 (which is Sensitivity normal, 2 would be private)
		Message.ExtendedProperties[extendedPropertyindex].Value = 0;

		// Update the item on the server with the new client-side value of the target extended property.
		Message.Update(ConflictResolutionMode.AlwaysOverwrite);
	}
	extendedPropertyindex++;
}

 

Usage

RemovePrivateFlags.exe -mailbox user@domain.com [-logonly] [-foldername "Inbox"] 

Search through the mailbox and ask for changing a item if -logonly is not set to true.
If -foldername is given the folder path are compared to the folder name.
If -logonly is set to true only a log will be created.

 

RemovePrivateFlags.exe -mailbox user@domain.com [-foldername "Inbox"] [-noconfirmation]

Search through the mailbox, if -noconfirmation is set to true all items will be altered without confirmation.

 

Note

It should be noted that this solution is intended for use in migration scenarios.

When providing access to mailbnox delegates you can enable access to your private elements as well. But access to shared mailboxes is not configured using the delegation workflow.

The code has been tested using Exchange Server 2013 CU15.

The program utilizes log4net to log detailed information to the file system. The configuration is controlled by the application's config file.

Updates

  • 2017-03-17: Release 1.1.0.0, Parameter changes
  • 2017-03-09: Release 1.0.0.0

Links

Any issues or feature requests? Use Github.

Like the code? Leave a note.

 

Read More »