Author Archives: Krishna - MVP

PowerShell script will not start due to execution policy settings

PowershellLeave a comment

PROBLEM

When you try to execute a PowerShell script the following error occurs:

File C:\scripts\myscript.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see ” get-help about_signing” for more details.

At line:1 char:23

+ c:\scripts\myscript.ps1 <<<<

CAUSE

By default the PowerShell execution policy is set to restricted, which does not allow the PowerShell Scripts to be run. There are 4 possible execution policies in PowerShell:

  • Restricted – the default setting, doesn’t allow any scripts to run.
  • AllSigned – only runs scripts which are signed by a trusted digital certificate
  • RemoteSigned – runs local scripts without requiring them to be trusted. Scripts downloaded from the Internet  must be trusted before they can run.
  • Unrestricted  – allows all scripts to run, even untrusted ones.

SOLUTION:

Use the Set-ExecutionPolicy command to “unlock” you work environment. For example if you are using a lab or learning environment you can issue the following command :

Set-ExecutionPolicy Unrestricted

IMPORTANT: This setting should not be used in a production environment because it could potentially allow scripts downloaded from internet or planted by viruses to be executed.  For a production use AllSigned or eventually Remote Signed policies

http://www.exchangemaster.net/index.php?option=com_content&task=view&id=65&Itemid=57

Enabeling and Disabiling Active Sync for the user

Exchange 2007, Powershell3 Comments

Windows Mobiles can be configured for Active Sync. Active Sync is enabled for all users by Default in Exchange 2007. For Security reasons its recommended to disabled all users and enable only for the required users

Below power shell enabled and disabled Active for all the users in the exchange Organization

get-Mailbox -resultsize unlimited | set-CASMailbox -ActiveSyncEnabled:$False

get-Mailbox -resultsize unlimited | set-CASMailbox -ActiveSyncEnabled:$True

Below powershell command to enable and disable active sync for given set of users in the text file

Get-content C:\users.txt | set-CASMailbox -ActiveSyncEnabled:$True

Get-content C:\users.txt| set-CASMailbox -ActiveSyncEnabled:$True

Below powershell command to get the list of users who ActiveSync is Enabled and Disabled

Get-CASMailbox -ActiveSyncEnabled:$True

Get-CASMailbox -ActiveSyncEnabled:$False

VBscript to Pull out the Members of the local Adminstrators Group

VB Scripts1 Comment

Below VBscript helps to pull out Members of the Local Administrators Group from the given list of computer names. You need you have admin permission on the remote computer to pull out the membership details

 

Option Explicit

Dim objNetwork, objLocalGroup
Dim objTrans, strComputer, strNetBIOSDomain
Dim Result,k,v, Lusr,Dusr, Grp
Dim filesys
Dim filetxt,Servername

‘ Determine NetBIOS name of domain and local computer.
Set objNetwork = CreateObject(“Wscript.Network”)
strNetBIOSDomain = objNetwork.UserDomain
‘strComputer = objNetwork.ComputerName
Set filesys = CreateObject(“Scripting.FileSystemObject”)
set filetxt = filesys.OpenTextFile(“D:\scripts\LocalAdministrator\Servers.txt”,1)

do Until filetxt.AtEndOfStream
Servername = filetxt.Readline
Servername = trim(Servername)

strComputer = Servername
Set objNetwork = Nothing

‘ Bind to local Administrators group.
Set objLocalGroup = GetObject(“WinNT://” & strComputer  & “/Administrators,group”)

‘ Enumerate members of the local group.
result = strComputer
Lusr = “Local User :”
grp = “Domain Group :”
Dusr = “Domain USer : “

Call EnumLocalGroup(objLocalGroup,strComputer)

Loop

Sub EnumLocalGroup(ByVal objGroup,strComputer)
    ‘ Subroutine to enumerate members of local group.
    ‘ The variable strComputer has global scope.

    Dim objMember

    ‘ Enumerate direct members of group.
    For Each objMember In objGroup.Members

 If (LCase(objMember.Class) = “group”) Then
 K = objMember.AdsPath
 V = split(K,”/”)
 grp = grp & V(2) & “/” & v(3) & ” : ”
 Else
        K = objMember.AdsPath
 V = split(K,”/”)
 if Ubound(v) = 3 Then
 Dusr = Dusr  & V(2) & “/” & v(3) & ” : ”
 ElseIF Ubound(v) = 4 Then
 Lusr = Lusr & V(3) & “/” & v(4)  & ” : ”
 ‘wscript.echo objMember.AdsPath
 End If
 End If
    Next
 wscript.echo Ucase(strComputer) & “,” & Ucase(Lusr) &”,” & Ucase(Dusr) &”,” & Ucase(grp)
End Sub

 

Copy of the script can be found in the below mentioned Link

http://powershell.com/cs/members/smtpport25.wordpress/files/AdminMembers.txt.aspx

Add-ADPermission with Exchange 2007 databases

Exchange 2007, PowershellLeave a comment

 

Add-ADPermission cmdlet is used to provide permission to Active directory object.  This article explains you how to provide Access Exchange 2007 Database .  Below command sets permission on the Exchange Mailbox Stores and enables the AdminAccount to access uses mailboxes to  view, move, and delete messages, etc 

Get-MailboxDatabase | Add-ADPermission -User domain\Adminaccount –ExtendedRights ms-Exch-Store-Admin

Above command should workd prefectly fine, If you get any errors in executing above command then you may have to do some work around solution to set this

Add-Adpermission -identity “CN=InformationStore,CN=Exchange2007name,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin

Above command helps you the fix the problem. you may have to provide AD Distinguished Name for the Informatio store of the specific server to provide Extended Rights on access to all the Database of the specific the Exchange server. To Provide access to Individual Storage gropue then you may have to try something link this

Add-Adpermission -identity “SG=StorageGroupname,CN=InformationStore,CN=Exchange2007,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Our Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myDomain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin

 

Add-Adpermission -identity “CN=Databasename,CN=StorageGroupname,CN=InformationStore,CN=Exchange2007,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Our Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myDomain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin

Powershell to get list of users who’s Dial in option is enabled in Active Directory

Active Directory, PowershellLeave a comment

Powershell to get the list of users who has Dial in option is enabled in Active directory.  This has to be executed in Quest Active Roles management console. This will query all the active directory users and get the details if the user object has Dialin option is enabled

Get-QADUser -IncludeAllProperties | ?{$_.msNPAllowDialin -eq $true} |Select Displayname,mailnickname

Below powershell helps you to enable export dial in enabled users to CSV format file

Get-QADUser -IncludeAllProperties | ?{$_.msNPAllowDialin -eq $true} |Select Displayname,mailnickname | Export-Csv C:\Dialinusers.csv

Powershell to pull Application Event logs with Event Id 1221

Exchange 2007, PowershellLeave a comment

Application Event ID 1221 gives the details of the white space on the Exchange Database.  With the amount of white space we can determine if we wanted to do a defrag on the store or not. Below powershell helps you to pull all the application events with id 1221 from last 2 days

$2DaysAgo = [DateTime]::Now.AddDays(-2)
$Events = Get-Eventlog Application | Where {($2DaysAgo -le $_.TimeWritten)} | ?{$_.eventid -eq “1221”}
$Events

Powershell to get the Home Directory Path

Exchange 2007, PowershellLeave a comment

If we wanted to find Home Directory Path of the users in the Orginization then below commands helps you to pull the data

Get-QADUser | select DisplayName,Email,HomeDirectory | Export-Csv c:\HomeDirectory.csv

Command to get the Home Directory for the given list of users and export the result to CSV

get-content C:\users.txt | select DisplayName,Email,HomeDirectory | Export-Csv c:\HomeDirectory.csv

 

 

Powershell to Manager ManagedFolderpolicy on user accounts

PowershellLeave a comment

Powershell to manage Managedfolderpolicy on user accounts

Below powershell to apply -Managedfolderpolicy new user mailbox at the time of new mailbox creation

New-Mailbox -Name $DName -Database $Database -UserPrincipalName $PrincipalName -FirstName $FName -LastName $LName -Alias $Aliasname -Password $passwd -ResetPasswordOnNextLogon $true -SamAccountName $Aliasname -ManagedFolderMailboxPolicy $MPolicy

Below  powershell to apply folderpolicy to set to all the mailbox in the orginization

$Folderpolicy = “Policyname”
get-mailbox -ResultSize unlimited |Set-Mailbox -Identity -ManagedFolderMailboxPolicy $Folderpolicy

Powershell to remove folderpolicy to specific users in the DL

Get-DistributionGroupMember $group | Set-Mailbox -Identity -ManagedFolderMailboxPolicy $null