de-DEen-GB
 
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

This is a quick post on how to obtain the license key for your on-premises Exchange Hybrid Server.

Even though that there is no such role like a Hybrid Server, you cann get a dedicated license key to license your Exchange server used for Office 365 hybrid connectivity.

While using your Office 365 Global Administrator login, you can access your hybrid product key using the follow link:

The web site will check if your Office 365 tenant is eligible for an hybrid key first. Then you have to select the approriate Exchange Server version.

Exchange Hybrid Product Key Distribution

 

Links

Enjoy your Exchange hybrid setup wth Office 365.

 

 

 

 

 

Read More »
On July 26, 2017
0 Comment
278 Views

This blog post is about creating an Twitter Bot to tweet messages using Azure Automation. The steps and the script itself are based on Trevor Sullivan's TechNet Gallery post. His post assumes that you are familiar with some Azure Automation steps. So I am going to describe the required steps in more detail.

Requirements

You'll need the following components to setup your personal Twitter Bot.

  • Local install of the PoshTwit PowerShell module
  • A Twitter account
  • An Azure subscription
  • Trevor Sullivan's PowerShell Twitter Bot script or an updated version which is available here.

Step 1: Create a Twitter Application

First you'll need to create a Twitter application to reference your Azure Automation bot. The authentication information of your Twitter application will be needed in step 2.

The information required are

  • ConsumerKey
  • ConsumerSecret
  • AccessToken
  • AccessSecret (AccessTokenSecret)

You need to create a new Twitter application by accesssing the following link: https://apps.twitter.com/ 

Ensure that you've added your mobile phone number to your Twitter account before creating a new Twitter application. This is a requirement for creating Twitter applications.

Log on to Twitter using the Twitter account you want your Twitter Bot to post as.You'll see something similar as this:

Screenshot Create a new Twitter App

Just click Create New App.

Screenshot Twitter application details

Enter the information as needed. The application name must be a globally unique name. So it might be tricky to find a suitable application name.  Click Create your Twitter application to finally create the application.

Screenshot Keys and Access Tokens

Select Keys and Access Tokens and copy the Consumer Key (API Key) and the Consumer Secret (API Secret) value into a text editor of your choice.

Further down on the same web page you'll find the Your Access Token section.

Screenshot Your Access Token

Click Create my access token.

Screenshot created Access Token

After you've created the access token, copy the Access Token and the Access Token Secret to your text editor document. You'll need all four values in just a moment.

 

Step 2: Install PoshTwit locally

The Azure automation component will require application credentials for posting Tweets on your behalf. These required credentials are stored in a JSON file. Yo do not need top worry about the JSON data format.

The PoshTwit PowerShell module helps you to create the required JSON file. 

The simpliest way to get the PoshTwit module is by installing the module directly from the PowerShell Gallery using an Administrative PowerShell session.

Install-Module PoshTwit

If you cannot use the Install-Module cmdlet, use the link provided in the Links section. 

Remember that this step is only needed to create the JSON file containing the required credential information for Azure Automation.

After you've successfully installed the PoshTwit module, call the Set-PoshTwitToken cmdlet using all four Twitter app credential information to create the authentication JSON file.

Set-PoshTwitToken -ConsumerKey [YourConsumerKey] -ConsumerSecret [YourConsumerSecret] -AccessToken [YourAccessToken] -AccessSecret [AccessSecret]

The JSON file wil be created in the PowerShell module installtion folder. Which is by default:

C:\Program Files\WindowsPowerShell\Modules\PoshTwit\0.1.6

The version number might differ depending on the version you've installed.

Open the token.json file and copy the content to your text editor. The content of the token.json file will be the password for the Azure Automation credential object. The content will look like this:

{"ConsumerKey":"9FX***********","ConsumerSecret":"4kIxa***********","AccessToken":"24540854***********","AccessSecret":"OSYP***********"}

You should see your Twitter application authentication information. You will nedd to copy & paste this string including the curly brackets as account credentials at a later step.

 

Step 3: Setup Azure Automation

Log on to the Azure Portal and create a new Azure Automation account. The Azure Automation will host your automation runbooks, variables and other settings. You can have multiple Azure Automation accounts. This is especially usefull when you want to delegate access and control of Automation accounts to different members of staff.

Create a new Azure Automation Account

Click '+', enter Auto as search text and select Automation.

Azure Automation Account Summary

Click Create on the next blade.

Add Azure Automation Account

Configure your new Azure Automation account by using a unique name, select the appropriate Azure subscription, create a new Resource Group or use an existing, select the Azure location, leave Yes as the default option for creating an Azure Run As account, select the checkbox to pin the Azure Automation account to your Azure dashboard, and click Create.

After you've been redirected to the Azure Dashboard wait for the Azure Automation Account to be created. If you are not redirected to the Azure Automation blade automatically, select the Automation Account tile on the Azure dashboard.

Azure Automation Runbooks

Select Process Automation - Runbooks. You'll notice two tutorials and two tutorial scripts which are automatically provisioned for you. 

Add Azure Runbook

Click Add a runbook to create the Twitter Bot runbook.

The next step requires that you've download the Tweet-PowerShellTips.ps1 script. If you haven't, download it now.

Import Azure Automation Runbook

Select Import an exisiting runbook and browse for the downloaded PowerShell script on the next blade. After selecting the PowerShell file the fiel will be uploaded and validated automatically. The Runbook type and Runbook name properties will be set automatically for you. Just enter a short description for your runbook. Click Create.

The uploaded PowerShell script utilizes the PoshTwit PowerShell module. This PowerShell module needs to be available within the Azure Automation account as well. Additonal PowerShell modules are configured within the Shared Resources section of your Azure Automation account. The PoshTwit module is added from the PowerShell Gallery.

Add PowerShell module from PowerShell Gallery

Select Modules Gallery, enter PoshTwit as search text and press Enterclick the PoshTwit search result tile.

Import PosgTwit PowerShell module

Click Import to import the PowerShell module to thre shared ressources of your Azure Automation account. Click OK on the following blade. Close the PoshTwit module blade.

Now you'll add the required Twitter application credentials to the Shared Resources of the Azure Automation account.

Add credentials to Shared Resources

Select Shared Resources - Credentials and click Add a credential.

Add new credential to Azure Automation account

Use TwitterCredential as Name and User name. The variable is accessed by the PowerShell script using the cmdlet 

Get-AutomationPSCredential -Name TwitterCredential

Now copy and paste the full JSON file content as Password and Password confirmation. Click Create to save the new credential information.

Select the created runbook

Select the new runbook from the list of runbooks to edit the runbook properties.

Edit your Azure Automation Runbook

Click Edit to edit the PowerShell code to adjust the tweets to match your needs (at least). YOu are able to edit the PowerShell code directly from the browser window.

Edit PowerShell Runbook

Ensure to click Save, after you've edited the PowerShell code.

Publish PowerShell Runbook

Each time you've edited an Azure Runbook, you need to publish the new version of the runbook. Click Publish and confirm the publishing with Yes.

Test the Azure Runbook

You can test your runbook using the Test pane. The script itself will not write any output to the output windows, as the script does not use any Write-Output cmdlets. 

You can add the following PowerShell code to the script to output the Tweet Id and Tweet text.

Write-Output "Publish Tweet $($TweetId) | $($TweetList[$TweetId])"

As a last step you need to create a schedule to post random tweets automatically. Automation schedules are created as shared resources again.

Create a new automation schedule

Select Shared Resources - Schedules and click Add a schedule.

Configure a new Azure Automation Schedule

Configure a schedule name, the start date, the schedule time zone, and the recurring interval. Click Create.

Select your runbook to link the just created schedule.

Link Azure Automation Schedule to Azure Automation Runbook

Select Schedules and click Add a schedule.

Link existing schedule to runbook

Click Link a schedule to your runbook, select the schedule and click OK.

The runbook schedules overview will show an information when the next run will be initiated. 

That's it. Your Azure Automation Twitter Bot is up and running.

Now you can simply edit the runbook, add new tweets to the string array, save the changes and publish the changed runbook for production use. As long as the changes are not published, Azure Automation will use the last published version of the runbook. 

Links

Enjoy Azure.

 

Updated PowerShell Script

This is the source code of the updated PowerShell script.

# Array of tweets
# Ensure that the length of each tweet does not exceed 140 characters
# Ensure to have at least 2 entries
$TweetList = @(
	'Find more #PowerShell #scripts at http://scripts.granikos.eu ',
	'More #Office365 and #MSFTExchange tips at http://JustCantGetEnough.granikos.eu '
)

# Get a tweet text by random 
$TweetId = Get-Random -Minimum 0 -Maximum ($TweetList.Count - 1);

# Fetch automation credentials
$TwitterCredential = Get-AutomationPSCredential -Name TwitterCredential;
$TwitterCredential = ConvertFrom-Json -InputObject $TwitterCredential.GetNetworkCredential().Password;

# Provision the tweet
$Tweet = @{
    ConsumerKey = $TwitterCredential.ConsumerKey;
    ConsumerSecret = $TwitterCredential.ConsumerSecret;
    AccessToken = $TwitterCredential.AccessToken;
    AccessSecret = $TwitterCredential.AccessSecret;
    Tweet = $TweetList[$TweetId];
    };

# Publish the tweet
Publish-Tweet @Tweet;

 

 

 

 

Read More »

Exchange Server 2013Exchange Server 2016Description

This scripts creates a new room mailbox and security two groups for full mailbox access and and for send-as delegation. The security groups are created using a configurable naming convention. If required by your Active Directory team, you can add group prefixes or department abbreviations as well.

The script uses a Xml configuration file to simplify changes for variables unique for your environment.

High level steps executes by the script:

  1. Create a new room mailbox
  2. Create a new mail enabled security group for full access delegation
  3. Assign full access security group for full access to the room mailbox
  4. Create a new mail enabled security group for send-as delegation
  5. Assign send-as permissions to send-as security group
  6. Set calendar processing to AutoAccept, if required
  7. Set resource capacity, if rewuired

 

Examples

Xml settings file

<?xml version="1.0"?>
<Settings>
	<GroupSettings>
		<Prefix>pre_</Prefix>
		<SendAsSuffix>_SA</SendAsSuffix>
		<FullAccessSuffix>_FA</FullAccessSuffix>
		<CalendarBookingSuffix>_CB</CalendarBookingSuffix>
		<TargetOU>mcsmemail.de/IT/Groups/Mail/Rooms</TargetOU>
		<Domain>mcsmemail.de</Domain>
		<Seperator>-</Seperator>
	</GroupSettings>
	<AccountSettings>
		<TargetOU>mcsmemail.de/IT/Mail/RoomMailboxes</TargetOU>
	</AccountSettings>
	<GeneralSettings>
		<Sleep>10</Sleep>
	</GeneralSettings>
</Settings>

Note

The calendar booking security group feature is currently not available. But will be available in an upcoming release.

The following example creates a room mailbox for an Conference Room with empty security groups.

.\New-RoomMailbox.ps1 
  -RoomMailboxName "MB - Conference Room" 
  -RoomMailboxDisplayName "Board Conference Room" 
  -RoomMailboxAlias "MB-ConferenceRoom" 
  -RoomMailboxSmtpAddress "ConferenceRoom@mcsmemail.de" 
  -DepartmentPrefix "C"

You can simplify the use of the script by using a paramterized helper script named Create-RoomMailbox.ps1.

The following Create-RoomMailbox.ps1 script simplifies the process of creating a team mailbox even more.

$roomMailboxName = 'MB-Conference Room'
$roomMailboxDisplayName = 'Board Conference Room'
$roomMailboxAlias = 'MB-ConferenceRoom'
$roomMailboxSmtpAddress = 'ConferenceRoom@mcsmemail.de'
$departmentPrefix = 'C'
$groupFullAccessMembers = @('JohnDoe','JaneDoe')  # Empty = @()
$groupSendAsMember = @()
$groupCalendarBooking = @()
$RoomCapacity = 0
$RoomList = 'AllRoomsHQ'


.\New-RoomMailbox.ps1 
  -RoomMailboxName $roomMailboxName 
  -RoomMailboxDisplayName $roomMailboxDisplayName 
  -RoomMailboxAlias $roomMailboxAlias 
  -RoomMailboxSmtpAddress $roomMailboxSmtpAddress 
  -DepartmentPrefix $departmentPrefix 
  -GroupFullAccessMembers $groupFullAccessMembers 
  -GroupSendAsMember $groupSendAsMember 
  -RoomCapacity $RoomCapacity 
  -AutoAccept 
  -RoomList $RoomList

Version History

  • 1.0, Initial community release

Links

Follow

 

 

Read More »

There are quite a lot of good step-by-step manuals available describing how to enable Kerberos authentication for Exchange Server 2013/2016.

The following issue has been seen in an Exchange 2013 infrastructure (8 server DAG) where Outlook clients use OutlookAnyhwere to connect to Exchange Server. MAPI over Http is disabled on an organizational level due to a compatibility issue with another client software.

Problem

Even if you follow the detailed descriptions you might end up in a situation where your Outlook clients still won't connect to Exchange Server using Kerberos. The Outlook connection status overview (Ctrl + Right Click on the Outlook icon in System Tray) still shows Ntlm as the used authentication provider:

Outlook using Ntlm as authentication provider

Reason

You are supposed to use the following PowerShell cmdlets to configure OutlookAnywhere to use Kerberos:

Get-OutlookAnywhere -Server CASSERVER | Set-OutlookAnywhere -InternalClientAuthenticationMethod  Negotiate

All eight Exchange 2013 servers where still not offering Nego as an authentication provider even after some period of time. Verifying the OutlookAnywhere configurations using PowerShell showed the correct configuration values. So what to do?

A quick check at the IIS authentication settings of the \Rpc virtual directory of the Front End web site (Default Web Site) showed that this virtual directory was still configured to use Ntlm only.

OutlookAnywhere using Ntlm only

Solution

Use the IIS management consolte to add the Negotiate authentication provider to the list of available providers and reorder the list to use Nego first.

Add Negotiate to provider list

Change to provider order to use Negotiate first

Now Outlook clients will pick up the configuration change an will connect to OutlookAnywhere using Kerberos.

Outlook connection status showing Negotiate as authentication provider

Note

You should not use the IIS management console to change any settings of the Exchange Server virtual directories during normal operations. Using the IIS management console should only be used for troubleshooting fancy situations that you encounter in your Exchange Server infrastructure. 

The preferred method to change Exchange Server vDir settings is PowerShell.

Links

Enjoy Exchange Server

 

 

Read More »