TechShizz | All posts tagged 'Exchange 2010'

Get permissions for all mailboxes


$OutFile = "C:\Temp\PermissionExport.txt"

"DisplayName" + "^" + "Alias" + "^" + "Full Access" + "^" + "Send As" | Out-File $OutFile -Force

$Mailboxes = Get-Mailbox -RecipientTypeDetails usermailbox -ResultSize:Unlimited | Select Identity, Alias, DisplayName, DistinguishedName

ForEach ($Mailbox in $Mailboxes) {

$SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and !$_.IsInherited} | % {$_.User}

$FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq "FullAccess" -and !$_.IsInherited} | % {$_.User}

$Mailbox.DisplayName + "^" + $Mailbox.Alias + "^" + $FullAccess + "^" + $SendAs | Out-File $OutFile -Append

};

Configure Logging in Exchange 2010

The main place to configure logging is when right clicking on the  server object under server configuration for a giver server.

Click on "Manage Diagnostic Logging Properties" and configure which logs are needed.

Manage Diagnostic Logging Properties

 

Logging can also be enabled for a given connector as shown below.

Send connector properties

 

On the Hub Transport role, we can configure if logging happens and where to save those log files.

Log settings tab

 

It's also worth noting that Group Policy may have some audit policies enabled that will pick up some Exchange events.

Local Audit Policy


Divert a copy of NDR to a specific user/contact

NDR

 

Technet: https://technet.microsoft.com/en-us/library/bb400930(EXCHG.80).aspx


Running this command sets a Divert (copy) to a specified user so that we can look at the NDR email reports. If your administering an exchange externally, just create a contact for your own email address and use that.


To send a copy of internal NDRs run:

 

Set-OrganizationConfig -MicrosoftExchangeRecipientReplyRecipient JonJones


To send a copy of external NDRs run:

Set-TransportConfig -ExternalPostmasterAddress Postmaster@mydomain.com

PowerShell Remote Administration - Implicit Remoting

To administer Office 365 you will need the following:

 

Azure AD PowerShell

 

Prerequisites

 

  • Windows 7+ / Server 2008R2 +
  • .NET 3.51 Framework
  • All cloud services subscription updates
  • Online Services Sign-in Assistant - OS Specific - From MS Download Centre.
  • Azure Administrative Console - From MS Download Centre.

See this link : http://technet.microsoft.com/library/jj151815.aspx

Download from HERE

Connect to Office 365 to administer Users, Licenses etc. (Not Exchange)

 

$msolcred = get-credential
connect-msolservice -credential $msolcred

 

(Log in with your  user@domain.onmicrosoft.com account)

 

To Administer Exchange in Office 365

 

 

Launch Azure Module for PowerShell or import the module - Import-Module MSOnline

 

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

 

Import-PSSession $Session

 

To administer another exchange server via PowerShell remotely

 

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.mydomain.com/powershell -Credential $UserCredential -Authentication Basic -AllowRedirection

 

Import-PSSession $Session

 

You may need to change the -Authentication switch to "Kerberos" depending on security settings.

 

To administer share point online

 

You need to download and install the SharePoint PowerShell module before this will work:

https://www.microsoft.com/en-gb/download/details.aspx?id=35588

 

$UserCredential = Get-Credential

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

$SP = Read-Host -Prompt 'Enter SharePoint Domain'

Connect-SPOService -Url https://$SP-admin.sharepoint.com -credential $UserCredential

 

To administer Skype for Business Online (Lync)

 

You need to download and install the Skype for Business PowerShell module before this will work:

https://www.microsoft.com/en-gb/download/details.aspx?id=39366

 

$UserCredential = Get-Credential

Import-Module SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $UserCredential

Import-PSSession $sfboSession

 

One big script

 

if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoExit -NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; Exit }

Import-Module MSOnline

$UserCredential = Get-Credential

Connect-MsolService -Credential $UserCredential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

$SP = Read-Host -Prompt 'Enter SharePoint Domain'

Connect-SPOService -Url https://$SP-admin.sharepoint.com -credential $UserCredential

Import-Module SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $UserCredential

Import-PSSession $sfboSession