RSAT for Windows 10

Hi,

If you are an early adopter like me, you probaly wait the RSAT for Windows 10. Without RSAT, it's hard to use PowerShell to manage Active Directory.

So good news ! Microsoft released it.

You can download it here : https://www.microsoft.com/en-us/download/details.aspx?id=45520
English only for the moment.

Have a good day !

PSWA : Port redirection

I really love PSWA. It's really cool to do management with PowerShell commands, scripts or function on a phone or a tablet simply by a Web site.

The problem

For security reasons, I specified a port on my firewall to NAT to my PSWA server. 

Why ? Because, this adds a security layer. To come knock on my PSWA door, you need to know the port I used for it.

By default, your address is like : https://mydomain/pswa but with the port redirection is like : https://mydomain:1234/pswa.

But after I configured my DNAT rules in my firewall, I received an error message from PSWA.

The solution

I just need to add the port I chose for redirection and put it in the binding of the PSWA site. You just need to have access to your IIS Manager and add your port in the binding. Don't forget, select the good SSL certificate.

IIS Manager - Site Bindings

After that, you can start to enjoy the PowerShell power on your smart phone or tablet.

Have a good day.

J.

Add-on

If you installed your server in core mode and you want to have access to the IIS Manager (GUI). I found this post you explain how doing it : https://kelvinchiggs.wordpress.com/2014/05/02/enable-remote-management-of-iis-on-windows-server-2012-r2/

Security measure in PowerShell Script

Security in my Day-to-Day script

I don't know about you, but, me as a Network Admin, my PowerShell is always open. By PowerShell, I mean ISE because I create a DayToDay.ps1 script.

All commands I used every day are there and I have some sensitives. 

But no one is perfect, so the risk to hit the F5 to run all the script is there. So I show you a little trick to prevent this type of error that can cost you your job.

Think before, not after.

The Trick

Put this little word at the beginning of your script :

 break  

This little work stops your script is your run it by accident. After that, to use your script, you just have to select what you want and hit F8.

This little trick can save you a lot of trouble.

Have a good day.

J.

Function to enable or disable email forward

The Need

A function to manage the fowarding address for an Exchange 2010. The function needs to be easily used in PowerShell Web Access (PSWA).

Need to do what's EMC can do here :

EMC - MailFlow Settings - Delivry Options

The Function

I build this function :

 .Synopsis  
   Connect a remote session to the Exchange 2010 server.  
   Enable or disable the Forwarding address to. Enable or not the option Deliver to both  
   forwarding address and mailbox.  
 .DESCRIPTION  
   This cmdlet need to have access to the cmdlet of Exchange.  
   Its script to be used with Exchange 2010.  
   Version 1.0  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-03  
 .EXAMPLE  
  Forward all email from Bruce Wayne to Clark Kent. No copies sent to Bruce Wayne.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo kentc -copyboth False  
 .EXAMPLE  
  Forward all email from Bruce Wayne to Clark Kent. Copies sent to both.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo kentc -copyboth True  
 .EXAMPLE  
  Disable the forward from Bruce Wayne to Clark Kent.  
  Set-XXXEmailTransfert -accountmodify wayneb -forwardTo $null -copyboth False  
 #>  
 function Set-XXXEmailTransfert  
 {  
   [CmdletBinding()]  
   [OutputType([int])]  
   Param  
   (  
     # Define the account to modify  
     [Parameter(Mandatory=$true,  
           ValueFromPipelineByPropertyName=$true,  
           Position=0,  
                       HelpMessage="Enter the account to modify.")]  
     $accountmodify,  
     # Define the account who will receive emails  
     [Parameter(Mandatory=$true,  
                       HelpMessage="Enter account will received emails.")]  
     [AllowNull()]  
     $forwardTo,  
     # Send copy to both  
     [Parameter(Mandatory=$true,  
           HelpMessage="Enable or not if emails delevry to both.")]  
     [ValidateSet("True", "False")]  
     $copyboth  
   )  
   Begin  
   {  
   $exchsession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://yourserver/powershell  
   Import-PSSession $exchsession -AllowClobber  
   }  
   Process  
   {if ($copyboth -eq "True")  
    {  
     Set-Mailbox $accountmodify -ForwardingAddress $forwardTo -DeliverToMailboxAndForward $true   
    }  
       else  
    {  
        Set-Mailbox $accountmodify -ForwardingAddress $forwardTo -DeliverToMailboxAndForward $false  
    }  
    Get-Mailbox $accountmodify | Format-Table Name, ForwardingAddress, DeliverToMailboxAndForward -Wrap  
   }  
   End  
   {  
   Remove-PSSession $exchsession  
   }  
 }  

Feel free to comment.
J.

Disable user with a description

My Problem

I need to disable an Active Directory user, but in the same time I seed to add a Description. I found it practical to add in the description the cause of the deactivation.
The cmdlet Disable-ADAccount is there, but you cannot pass a description with it.

The Solution

Use Set-ADUser and you can pass what you want.

Exemple

 Set-ADUser -Identity username -Description "Your description" -Enabled $false  

Extra

You can find all of your disable users in one line. It's possible to use the Search-ADAccount like that : Search-ADAccount -AccountDisabled -UsersOnly. But you don't have the Description.

So I prefer to use this :

 Get-ADUser -Filter * -Properties * | where {$_.Enabled -ne "True"}|Select Name, Description  

Please feel free to comment.

Have a nice day!
J.

PowerShell script | Keep version | TFS 2013

Hi,

I made some scripts in the past 2 weeks and I realised this week, I have a problem of keeping version of it. So I do some search and I found this article : Protect Your PowerShell Scripts with Version Control

This saves my life... :)

Now I can keep version of my script. But here some tricks and infos I found when I configure it :

1. Yes, that's worked with the free version of Visual Studio. I used VS Community 2013.
2. If you used VS 2013, you need to install Team Explorer for Visual Studio 2013.
3. Don't forget to create your Visual Studio Online Account
4. For VS 2013, you need to install : Microsoft Visual Studio Team Foundation Server 2013 Power Tools
5. In the article, they use PowerShell commands to manage the version and the files. If you're beginner with that, like me, I preferred the visual interface to manage my files and do my check in.

   

   Visual Studio 2013 - Team Explorer

6. Don't forget to add comments for each check in. That's helped a lot when you want to retrace a version.
7. Have fun to explore all options you can do with the TFS and Visual Studio.
8. You can install PowerShell Tools for Visual Studio. That's allow you to script PowerShell directly in Visual Studio. (I tried it, but I still emotionally attached to my ISE.)

I hope this can help you to start keeping versions of your scripts.

Please, feel free to leave comments.

J.

PowerShell function | New Distribution Group - no CSV needed | Exchange

Hi,
Today, I share with you my code to build a function to create a New Distribution Group with PowerShell.

When I create the function, one of my concerns is to facilitate the usage with PSWA. So I don't want to create a CSV with the name of the member before I create my distribution group and call the CSV in my script. I want to do it at one stage. So that's my function does. For me, all my distribution groups are in the same OU so my function is built for that.

Feel free to use and modify my code. If you made some improvements, please share it.

 <#  
 .Synopsis  
   Connect a remote session to the Exchange 2010 server.  
   Create a new distribution group with this options :  
   You can choose if you want the RequireSenderAuthenticationEnabled True (Internal DG) or False (External DG)  
   You can hide the group from the Exchange Global Address List.  
   You can ADD at the same time all members needed for the group.  
 .DESCRIPTION  
   This cmdlet need to have access to the cmdlet of Exchange.  
   Its script to be used with Exchange 2010.  
   Version 1.3  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-05  
 .EXAMPLE  
   Create a new distribution group (Not hidden, no member, need to be authentificated)  
   New-XXXDistributionGroup -DGname _StarLab -DGalias StarLab -senderneedauthen True -HideDG NotHide   
   New-XXXDistributionGroup -DGname "_Star Lab" -DGalias StarLab  
 .EXAMPLE  
   Create a new distribution group for external use (NO authentification needed)  
   New-XXXDistributionGroup -DGname _StarLab -DGalias StarLab -senderneedauthen False -HideDG Hide   
 .EXAMPLE  
   Create a new distribution group for internal use (Authentification needed)  
   New-XXXDistributionGroup -DGname _StarLab -DGalias StarLab -senderneedauthen True -HideDG Hide   
 .EXAMPLE  
   Create a new distribution group hidden of the Exchange Global Address List  
   New-XXXDistributionGroup -DGname _StarLab -DGalias StarLab -senderneedauthen True -HideDG Hide   
 .EXAMPLE  
   Create a new distribution group with member(s) without CSV needed.  
   The syntax is really important. You need to use the username of the member.  
   New-XXXDistributionGroup -DGname _StarLab -DGalias StarLab -senderneedauthen True -HideDG NotHide -member "wellsh","allenb","ramonc"  
 #>  
 function New-XXXDistributionGroup  
 {  
   [CmdletBinding()]  
   [OutputType([int])]  
   Param  
   (  
     # Define the name and SamAccountName for the distribution group  
     [Parameter(Mandatory=$true,  
           ValueFromPipelineByPropertyName=$true,  
           Position=0)]  
     $DGname,  
     # Define the email alias (Alias is the first part of the email address)  
     # For me, in my prod environement, the alias is not the same of the group name.  
     [Parameter(Mandatory=$true)]  
     $DGalias,  
     # Define if RequireSenderAuthenticationEnabled it's True or False  
     # True = Internal only / False = External Authorized  
     [Parameter(Mandatory=$true)]  
     [ValidateSet("True","False")]  
     $senderneedauthen,  
     # Hide from Exchange Address List  
     # It's mandatory just to force to take the right decision  
     [Parameter(Mandatory=$true)]  
     [ValidateSet("Hide","NotHide")]  
     $HideDG,  
     #Define member(s) of the group  
     $member  
   )  
   Begin  
   {  
   $exchsession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://yourserveraddress/powershell  
   Import-PSSession $exchsession -AllowClobber  
   $convertmem = @($member)  
   }  
   Process  
   {  
    New-DistributionGroup -Name $DGname -OrganizationalUnit 'yourOU' -SamAccountName $DGname -Alias $DGalias  
    if ($senderneedauthen -eq "False")  
    {  
    Set-DistributionGroup $DGname -RequireSenderAuthenticationEnabled $false    
    }  
    if ($HideDG -eq "Hide")  
    {  
    Set-DistributionGroup $DGname -HiddenFromAddressListsEnabled $true  
    }   
    if ($convertmem -ne $null)  
    {  
    $convertmem | foreach {Add-DistributionGroupMember $DGname -Member $_ -BypassSecurityGroupManagerCheck}    
    }  
    Get-DistributionGroup $DGname | Format-Table -Wrap  
    Get-DistributionGroupMember $DGname  
   }  
   End  
   {  
   Remove-PSSession $exchsession  
   }  
 }  

PowerShell function | Add or Remove Full Mailbox Access | Exchange

Hi,

Today, I share with you my code to build a function to add or remove Full Mailbox Access with PowerShell. Feel free to use and modify my code. If you made some improvements, please share it.

1:  <#  
2:  .Synopsis  
3:    Connect a remote session to the Exchange 2010 server.  
4:    Add or remove Full Access permission for an account (user)  
5:  .DESCRIPTION  
6:    This cmdlet need to have access to the cmdlet of Exchange.  
7:    Its script to be used with Exchange 2010.  
8:    Version 1.0  
9:    Script by Jeremie Lauzier - Network Administrator, 2015-06-03  
10:  .EXAMPLE  
11:    Add Full Access permission for Felicity Jones on the account Ray Plamer.  
12:    Set-XXXFullMailboxAccess -accountmodify palmerr -accountFMA jonesf -choice Add  
13:  .EXAMPLE  
14:   Remove Full Access permission for Felicity Jones on the account Ray Plamer.  
15:   Set-XXXFullMailboxAccess -accountmodify palmerr -accountFMA jonesf -choice Remove  
16:  .EXAMPLE  
17:    All parameters are mandatory. So just type Set-XXXFullMailboxAccess and field choice one at a time.  
18:  #>  
19:  function Set-XXXFullMailboxAccess  
20:  {  
21:    [CmdletBinding()]  
22:    [OutputType([int])]  
23:    Param  
24:    (  
25:      # Define the account to modify  
26:      [Parameter(Mandatory=$true,  
27:            ValueFromPipelineByPropertyName=$true,  
28:            Position=0)]  
29:      $accountmodify,  
30:      # Define the account who will have Full Access or Remove it.  
31:      [Parameter(Mandatory=$true)]  
32:      $accountFMA,  
33:      # Add or remove Full Access  
34:      [Parameter(Mandatory=$true)]  
35:      [ValidateSet("Add", "Remove")]  
36:      $choice  
37:    )  
38:    Begin  
39:    {  
40:    $exchsession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://yourservername/powershell  
41:    Import-PSSession $exchsession -AllowClobber  
42:    }  
43:    Process  
44:    {if ($choice -eq "Add")  
45:     {  
46:     Add-MailboxPermission -Identity $accountmodify -User $accountFMA -AccessRights 'FullAccess'   
47:     }  
48:     if ($choice -eq "Remove")  
49:     {  
50:     Remove-MailboxPermission -Identity $accountmodify -User $accountFMA -InheritanceType 'All' -AccessRights 'FullAccess' -Confirm:$false    
51:     }  
52:     Get-MailboxPermission -Identity $accountmodify | where {$_.AccessRights -eq "FullAccess"} | Format-Table User, AccessRights -AutoSize  
53:    }  
54:    End  
55:    {  
56:    Remove-PSSession $exchsession  
57:    }  
58:  }  

PowerShell function | Add or Remove email address | Exchange

Hi,

Today, I share with you my code to build a function to add or remove an email address with PowerShell. Feel free to use and modify my code. If you made some improvements, please share it.

Thanks!

 <#  
 .Synopsis  
   Connect a remote session to the Exchange 2010 server.  
   Add or remove an email address for an account (user).  
 .DESCRIPTION  
   This cmdlet need to have access to the cmdlet of Exchange.  
   Its script to be used with Exchange 2010.  
   Version 1.1  
   Script by Jeremie Lauzier - Network Administrator, 2015-06-02  
 .EXAMPLE  
   Add an email address to the account Oliver Queen  
   Set-XXXEmailAddress -accountmodify queeno -emailaddress arrow@greenarrow.com -choice Add  
 .EXAMPLE  
   Remove an email address to the account Oliver Queen  
   Set-XXXEmailAddress -accountmodify queeno -emailaddress arrow@greenarrow.com -choice Remove  
 .EXAMPLE  
   All parameters are mandatory. So just type Set-XXXEmailAddress and field choice one at a time.  
 #>  
 function Set-XXXEmailAddress  
 {  
   [CmdletBinding()]  
   [OutputType([int])]  
   Param  
   (  
     # Define the account to modify  
     [Parameter(Mandatory=$true,  
           ValueFromPipelineByPropertyName=$true,  
           Position=0)]  
     $accountmodify,  
     # Define the email adress to add or remove  
     [Parameter(Mandatory=$true)]  
     $emailaddress,  
     # Add or remove address  
     [Parameter(Mandatory=$true)]  
     [ValidateSet("Add", "Remove")]  
     $choice  
   )  
   Begin  
   {  
   $exchsession=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://servername.domain.abc/powershell  
   Import-PSSession $exchsession -AllowClobber  
   }  
   Process  
   {if ($choice -eq "Add")  
    {  
      Set-Mailbox $accountmodify -EmailAddresses @{add=$emailaddress}  
    }  
    if ($choice -eq "Remove")  
    {  
      Set-Mailbox $accountmodify -EmailAddresses @{remove=$emailaddress}  
    }  
    Get-Mailbox -Identity $accountmodify | Select -expand emailaddresses alias  
   }  
   End  
   {  
   Remove-PSSession $exchsession  
   }  
 }  

MVA : Start scripting | ISE | PowerShell

Hi guys,

Today I will talk about the second course I took on Microsoft Vitual Academy. If you want to start scripting with PowerShell and you want to know the best practices and some tricks, I highly recommended to follow the course : Advanced Tools & Scripting with PowerShell 3.0 Jump Start by Jeffrey Snover and Jason Helmick.

I started to build script before I watched this course and I will throw away my script because when you learn the good things PowerShell scripting is really awesome.

Have a good day.

Get all AD-User | PowerShell

Hi,

Today, I need to have a list for all my enabled Active Directory users.
So if you need to do this, this is the command I used :

 Get-ADUser -Filter * | where {$_.Enabled -eq "True"} | select Name | Sort-Object Name > listaduser.txt  

I hope this can help you.

Bye !

Start with PowerShell

Hi everyone,

It's my first post on my new blog.

I want to share with a good course to start with PowerShell. It's on the Microsoft Virtual Academy.
I really learn how to begin in PowerShell and know the best practices. The course is Getting Started with PowerShell 3.0 Jump Start.
If you want to start doing PowerShell watch this.

Bye !
J.