MVP - Most Valuable Professional

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Exchange Server 2016Exchange Server 2013Description

This script connects either to Exchange Online or to a dedicated on-premises Exchange Server to export configured mailbox delegates and SMTP forwarding configurations.

The SMTP forwarding configurations are gathered from inbox rules and from mailbox forwarding settings.



  • Exchange Server 2016 or newer
  • Cretenials to logon to Exchange Online and Office 365 when querying EXO mailboxes
  • Utilizes GlobalFunctions PowerShell Module -->



# Example 1
# Connect to the on-premises Exchange Server and export delegation and SMTP forwarding information
.\Get-DelegatesAndForwardingRules.ps1 -ExchangeHost

# Example 2
# Connect to the on-premises Exchange Server, export delegation and SMTP forwarding information and get verbose information on the objects worked on

 .\Get-DelegatesAndForwardingRules.ps1 -ExchangeHost -Verbose 

# Example 3
# Connect to Exchange Online and export delegation and SMTP forwarding information

 .\Get-DelegatesAndForwardingRules.ps1 -ExchangeOnline


Version History

  • 1.0, Initial community release



Use GitHub Issues to leave comments, requests, end even bugs or issues.


Additional Credits

The script is based on the O365-InvestigationTooling script DumpDelegatesandForwardingRules.ps1 by Brandon Koeller
Find more Office 365 investigation tooling scripts at




Read More »

Sometimes you might be interested in gathering a list of all computer from an Active Directory domain in preparation for migration.

You can gather a list of all computer objects using the following command.

# Fetch a sorted list of all computer objects
Get-ADComputer -Filter * -Property * | Sort-Object Name 


The wildcard used with the Property parameter fetches all available attributes for a computer object. Check the available attributes in the result set to identify the attributes you are interested in.

# Example output for the first computer object gathered from Active Directory
(Get-ADComputer -Filter * -Property * | Sort-Object Name)[0]

AccountExpirationDate                : 
accountExpires                       : 9223372036854775807
AccountLockoutTime                   : 
AccountNotDelegated                  : False
AllowReversiblePasswordEncryption    : False
BadLogonCount                        : 0
badPasswordTime                      : 0
badPwdCount                          : 0
CannotChangePassword                 : False
CanonicalName                        : DOMAIN.local/Computers/COMPUTER01
Certificates                         : {}
CN                                   : COMPUTER01
codePage                             : 0
CompoundIdentitySupported            : {False}
countryCode                          : 0
Created                              : 9/2/2013 3:01:13 PM
createTimeStamp                      : 9/2/2013 3:01:13 PM
Deleted                              : 
Description                          : 
DisplayName                          : 
DistinguishedName                    : CN=COMPUTER01,CN=Computers,DC=DOMAIN,DC=local
DNSHostName                          : COMPUTER01.DOMAIN.local
DoesNotRequirePreAuth                : False
dSCorePropagationData                : {12/31/1600 7:00:00 PM}
Enabled                              : True
HomedirRequired                      : False
HomePage                             : 
instanceType                         : 4
IPv4Address                          : 
IPv6Address                          : 
isCriticalSystemObject               : False
isDeleted                            : 
KerberosEncryptionType               : {RC4, AES128, AES256}
LastBadPasswordAttempt               : 
LastKnownParent                      : 
lastLogoff                           : 0
lastLogon                            : 130942520427754509
LastLogonDate                        : 12/10/2015 3:02:53 PM
lastLogonTimestamp                   : 130942513734007331
localPolicyFlags                     : 0
Location                             : 
LockedOut                            : False
logonCount                           : 194
ManagedBy                            : 
MemberOf                             : {}
MNSLogonAccount                      : False
Modified                             : 12/10/2015 3:02:53 PM
modifyTimeStamp                      : 12/10/2015 3:02:53 PM
msDS-SupportedEncryptionTypes        : 28
msDS-User-Account-Control-Computed   : 0
Name                                 : COMPUTER01
nTSecurityDescriptor                 : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory                       : CN=Computer,CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
ObjectClass                          : computer
ObjectGUID                           : da59afcc-e00a-430b-9cbc-01adeed568f3
objectSid                            : S-1-5-21-3143343262-845931634-422089675-1179
OperatingSystem                      : Windows 7 Professional
OperatingSystemHotfix                : 
OperatingSystemServicePack           : Service Pack 1
OperatingSystemVersion               : 6.1 (7601)
PasswordExpired                      : False
PasswordLastSet                      : 12/2/2014 7:21:09 AM
PasswordNeverExpires                 : False
PasswordNotRequired                  : False
PrimaryGroup                         : CN=Domain Computers,CN=Users,DC=DOMAIN,DC=local
primaryGroupID                       : 515
PrincipalsAllowedToDelegateToAccount : {}
ProtectedFromAccidentalDeletion      : False
pwdLastSet                           : 130619964697110685
SamAccountName                       : COMPUTER01$
sAMAccountType                       : 805306369
sDRightsEffective                    : 15
ServiceAccount                       : {}
servicePrincipalName                 : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, 
                                       RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local}
ServicePrincipalNames                : {RestrictedKrbHost/COMPUTER01, HOST/COMPUTER01, 
                                       RestrictedKrbHost/COMPUTER01.DOMAIN.local, HOST/COMPUTER01.DOMAIN.local}
SID                                  : S-1-5-21-3143343262-845931634-422089675-1179
SIDHistory                           : {}
TrustedForDelegation                 : False
TrustedToAuthForDelegation           : False
UseDESKeyOnly                        : False
userAccountControl                   : 4096
userCertificate                      : {}
UserPrincipalName                    : 
uSNChanged                           : 1721509
uSNCreated                           : 45981
whenChanged                          : 12/10/2015 3:02:53 PM
whenCreated                          : 9/2/2013 3:01:13 PM


As a next step, you gather the selected information and 

# Fetch data for an operating system overview, sorted by property Name only
Get-ADComputer -Filter * -Property * | Sort-Object Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion 

# Fetch data for an operating system overview, sorted by property OperatingSystem first, then Name 
Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion 


You can export the gathered information to a comma separated file easily using the Export-Csv cmdlet.

# Export the gathered and sorted information to a CSV file using a semicolon as the delimiter
# Adjust the file path for the CSV file to fit your environment
Get-ADComputer -Filter * -Property * | Sort-Object OperatingSystem,Name | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Path C:\SCRIPTS\ComputerOverview.csv -NoClobber -NoTypeInformation -Delimiter ';' 





Read More »

Exchange Server 2013Exchange Server 2016The PowerShell script New-RoomMailbox has been updated and release v1.2 has been published to GitHub and TechNet Gallery.

The script now creates a third mail-enabled security group to limit the set of users which are allowed to book the resource. The group itself is created (prepared) only, but not assigned to the room resource.

Additionally, the default language (locale) is configured. This prohibits the "Set locale" - dialogue when accessing the room mailbox using Outlook on the Web. 

Read more here:

Enjoy Exchange.

Read More »

Exchange Server 2010Exchange Server 2013Exchange Server 2016PowerShellDescription

This script reads the Exchange schema version from the Active Directory schema partition.

The Exchange organization name is fetched from Active Directory automatically.
The script fetches at forest level:

  • objectVersion of MESO Container
  • rangeUpper of ms-Exch-Schema-Version-Pt 
  • msExchProductId of Exchange Organization container
  • objectVersion of Exchange Organization container

The script fetches at domain level:

  • objectVersion of MESO Container



Code Samples

# Fetch all version information in the Active Directory forest

Sample Output:

PS D:\Scripts> .\Get-ExchangeServerVersionInfo.ps1

Exchange Server Schema and Object Information for forest [VARUNA.ROOT]
Exchange Organization Name        : VARUNA-GROUP
Active Directory Schema rangeUpper: 15332

Working on VARUNA.ROOT
MESO Container objectVersion           : 13236
Exchange Configuration msExchProductId : 15.01.1466.003
Exchange Configuration objectVersion   : 16213

MESO Container objectVersion           : 13236

Version History

  • 1.0, Initial community release




Enjoy Exchange Server!

Read More »

Exchange Server 2010Exchange Server 2013Exchange Server 2016PowerShellDescription

When migrating to new version of Exchange Servers you must move your internal SMTP relay endpoints. This can be a challeging tasks as application owners mostly ignore your requests for such changes. 

You can use the information provided in the receive connector log files to identify remote clients (MTAs / MTUs) connecting to the legacy infrastructure. The assumption is that protocol logging is enabled. You can easily active protocol logging across all receive connector fo a single server using the following EMS PowerShell one-liner:

Get-ReceiveConnector -Server EX01 | Set-ReceiveConnector -ProtocolLoggingLevel Verbose

The scripts searches the log files for the connection's EHLO response which containes the remote name or remote IP-address of the system connecting to the receive connector.

You can either search

  • Legacy Exchange Servers (aka Exchange Server 2010)
  • Modern Exchane Servers 
    • Frontend Transport
    • Backend Transport (aka Hub Transport)

For more information read the file at Github.


You need to adjust the log file path to suit your IT infrastructure. A next releas will contain a more automatic solution.


# Search legacy Exchange servers SMTP receive log files for the last 4 days and save search results in a single CSV file

.\Get-RemoteSmtpServers.ps1 -Servers SRV01,SRV02 -LegacyExchange -AddDays -4 -ToCsv

Version History

  • 1.0, Initial community release 
  • 1.1, Fixed Issue #2




Read More »