MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Exchange Server 2013Exchange Server 2016Description

This script helps to create ceritifcate requests (CSR) based on hostnames used for internal and external Urls of Exchange Server virtual directories.

The script queries Exchange Server 2013+ virtual directory hostnames to create a certificate request.

The request is created using an inf file template. You can prepare multiple template files to choose from. Template files are supposed to be stored in the same folder as the PowerShell script.

The resulting inf file used to create the certificate request is stored on the same directory as the PowerShell script. The script queries for the certificate's common name (CN).

If created, the certificate request is stored in the same directory as the PowerShell script. The content of the certificate request file is the CSR to be submitted to a Certificate Authority.

INF Template file

Copy the following content to a text file, name it Default-Template.inf and save it to the same directory as the Create-CertificateRequest.ps1 file. Aternatively, download the template as a zipped archive file.

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=##COMMONNAME##" 

Exportable = TRUE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 ; or CMC.
HashAlgorithm = sha256
SMIME = FALSE 

[Strings]
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17"
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"

[Extensions]
%szOID_SUBJECT_ALT_NAME2% = "{text}##DNSSAN##"
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"

Examples

# EXAMPLE 1
# Create a new certificate request inf file used dedicated organizational information. The common name will be determined seperately.
    
.\Create-CertificateRequest.ps1 -ModernExchangeOnly -Country DE -State NW -City Hueckelhoven -Organisation Varuna -Department IT

# EXAMPLE 2
# Create a new certificate request for Exchange 2013+ using the common name only. The common name will be determined seperately.
    
.\Create-CertificateRequest.ps1 -ModernExchangeOnly -CreateRequest

Version History

  • 1.0, Initial community release

Links

Follow

 

Read More »

Exchange Server 2007Exchange Server 2010Exchange Server 2013Exchange Server 2016Description

The script gathers a lot of Exchange organizational configuration data for documentation purposes.

The data is stored in separate log files. The log files are stored in a separate subfolder located under the script directory.

An exisiting subfolder will be deleted automatically.

Optionally, the log files can automatically be zipped. The zipped archive can be sent by email as an attachment.

 

When the script runs, a progress bar informs about the current step being executed.

Script progress bar

All files are stored in a dedicated subfolder (default name: ExchangeOrgInfo)

Example of exported files

The hash table $infoSources defines the following

  • Types of Exchange configuration data to be gathered
  • Output type for each configuration data entity
  • Optional paramaters for each configuration data entity
  • Attribute name for object sorting within an entity
  • The order of the data to be gathered (long running tasks are at the end)

 

Examples

# EXAMPLE 1
# Gather all data using MYCOMPANY as a prefix
    
.\Get-ExchangeOrganizationDetails.ps1 -Prefix MYCOMPANY

# EXAMPLE 2
# Gather all data using MYCOMPANY as a prefix and save all files as a compressed archive
    
.\Get-ExchangeOrganizationDetails.ps1 -Prefix MYCOMPANY -Zip

Version History

  • 1.0, Initial community release
  • 1.1, Updated and some PowerShell hygiene

Links

 

Follow

 

 

Read More »
On December 16, 2016
0 Comment
1088 Views

When migrating Html content from a CMS database or other sources you might find the Html as an Html encoded string.

Example:

<p><strong>Some Text</strong></p>

But you want to have the string look like this:

<p><strong>Some Text</strong></p>

Script

The following script is a simple PowerShell script to convert an exisiting file containing the Html encoded text and save the decoded string to a new output file.

param(
 [string]$InputFile,
 [string]$OutputFile
)
Add-Type -AssemblyName System.Web

Write-Output "Fetching $($InputFile)"

$fileContent = Get-Content $InputFile

Write-Output "Converting"

[System.Web.HttpUtility]::HtmlDecode($fileContent) | Out-File -FilePath $OutputFile -Encoding utf8 -Force

 

Usage

.\Convert-ToHtml.ps1 -InputFile '.\InputFile.txt' -OutputFile '.\Output.html'

 

Enjoy!

 

Read More »

Exchange Server 2007Exchange Server 2010Description

This scripts removes or updates users in legacy public folder ACLs. This reduces the likelihood of legacy public folder migration errors due to corrupted ACLs.

When you perform a migration from legacy public folders to modern public folders, you might see the following error as part of the migration reports.

A corrupted item was encountered: Folder ACL

Corrupted items count towards the bad item limit and will not be migrated.

When you take a closer look at the public folder ACLs, you'll see that there will be orphaned users and even users that have not been properly converted during past legacy replications.

In preparation for a modern public folder migration you should cleanup the public folder ACLs from so called zombie users.

Tasks performed by the script:

  • Remove orphaned users listed with SIDs, e.g. NT User:S-1-*
  • Identify ACL user/group with notation NT User:DOMAIN\samAccountName
    • Remove user/group, if object cannot be found in Active Directory
    • Replace user/group, if object can be found in Active Directory

Examples

# EXAMPLE 1
# Validate ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX200701
.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX200701 -ValidateOnly

# EXAMPLE 2
# Clean ACLs on public folder \MYPF and all of it's child public folders on Exchange server EX200701
.\Clean-PublicFolderACL.ps1 -RootPublicFolder "\MYPF" -PublicFolderServer EX200701

Version History

  • 1.0, Initial community release
  • 1.1, Fixed group replacement logic
  • 1.2, Script optimzation

Links

Last updated: 2016-12-01

Follow

 

Read More »

When you've enabled the Exchange scripting agent extension agents, it is required to copy the configuration file to each Exchange server. Paul Cunningham's script helps you to achive this goal pretty easily.

But if you have installed the Exchange 2013 Management Tools on additonal servers, these servers are not fetched using the Get-ExchangeServer cmdlet. But when you install a Cumulative Update the existence of the extension agent config file is checked. And this even on a server having only the Exchange Management Tools installed.

Therefore the following PowerShell code provides an easy and simple way to add additonal server having the Exchange 2013+ Management Tools installed (aka Admin Servers, Monitoring Servers, Job Servers, etc.). The script uses a filter to select Exchange 2013 servers only, as the script has been extended in an environment having still active Exchange 2007 servers.

The following PowerShell snippet displays only the changes, which need to be added to Paul's original script starting row 68.

# Original PowerShell code
# $exchangeservers = Get-ExchangeServer

# Select all Exchange 2013 servers only, restrict properties to Name and AdminDisplayName
$exchangeservers = Get-ExchangeServer | ?{$_.AdminDisplayVersion -like "Version 15.0*"} | Select Name, AdminDisplayVersion

# Add additional servers as needed

$manualServers = @()
# Copy and modify as needed
$manualServers += (New-Object PSObject -Property @{Name="EXSRV2010";AdminDisplayVersion="Version 14"})
$manualServers += (New-Object PSObject -Property @{Name="EXSRV2013-01";AdminDisplayVersion="Version 15"})
$manualServers += (New-Object PSObject -Property @{Name="EXSRV2013-02";AdminDisplayVersion="Version 15"})

# Combine arrays
$exchangeservers = $exchangeservers + $manualServers

# End Modification

$report = @()

[string]$date = Get-Date -F yyyyMMdd-HHmmss

Enjoy extending the Exchange PowerShell cmdlets.

Links

Questions? Just leave a comment.

Read More »