Connect-MsolService
Disable AADSync-
Set-MsolDirSyncEnabled -EnableDirSync $false
-----
Download- https://www.microsoft.com/en-us/download/details.aspx?id=41950
Run powershell as admin, Install-Module MSOnline
If you can't, install- http://aka.ms/wmf5download
Unable to install Nugent Provider?
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Restart Powershell, then-
Install-Module PowershellGet -F
Connect-MsolService -Credential $credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Force Azure AD Sync (Skip 30-minute wait)-
import-module adsync
Start-ADSyncSyncCycle -PolicyType Delta
Set-User callie@providentconstruction.com -PermanentlyClearPreviousMailboxInfo
Run powershell as admin, Install-Module MSOnline
If you can't, install- http://aka.ms/wmf5download
Unable to install Nugent Provider?
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Restart Powershell, then-
Install-Module PowershellGet -F
Connect-MsolService -Credential $credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Force Azure AD Sync (Skip 30-minute wait)-
import-module adsync
Start-ADSyncSyncCycle -PolicyType Delta
Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -Verbose
Purge Exchange Attributes in Office 365. Set-User nwitte@fourpointenergy.com -PermanentlyClearPreviousMailboxInfo
Purge Exchange Attributes in Office 365. Set-User nwitte@fourpointenergy.com -PermanentlyClearPreviousMailboxInfo
Some on-site IT admin deletes the Office 365 object in Exchange Admin Center, you need to re-add it on-prem-
Enable-RemoteMailbox "Alison.Bell@exoip.com"
Put DAG in Maintenance Mode-
Set-ServerComponentState -Identity “EXCH002” -Component HubTransport -State Draining -Requester Maintenance
Redirect-Message -Server “EXCH002” -Target “EXCH001.mgmt.local”
Suspend-ClusterNode “EXCH002”
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $true
Get-MailboxServer “EXCH002” | Select DatabaseCopyAutoActivationPolicy (Make sure it's unrestricted)
Set-MailboxServer “EXCH002” -DatabaseCopyAutoActivationPolicy Blocked
Move-ActiveMailboxDatabase -Server "EXCH002" -ActivateOnServer "EXCH001"
Get-MailboxDatabaseCopyStatus -Server “EXCH002” | Where {$_.Status -eq “Mounted”}
Put DAG in Maintenance Mode-
Set-ServerComponentState -Identity “EXCH002” -Component HubTransport -State Draining -Requester Maintenance
Redirect-Message -Server “EXCH002” -Target “EXCH001.mgmt.local”
Suspend-ClusterNode “EXCH002”
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $true
Get-MailboxServer “EXCH002” | Select DatabaseCopyAutoActivationPolicy (Make sure it's unrestricted)
Set-MailboxServer “EXCH002” -DatabaseCopyAutoActivationPolicy Blocked
Move-ActiveMailboxDatabase -Server "EXCH002" -ActivateOnServer "EXCH001"
Get-MailboxDatabaseCopyStatus -Server “EXCH002” | Where {$_.Status -eq “Mounted”}
Get-Queue
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Inactive -Requester Maintenance
Get-ServerComponentState “EXCH002” | Select Component, State
Get-ServerComponentState “EXCH002” | Select Component, State
Take Dag out Maintenance Mode-
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Active -Requester Maintenance
Resume-ClusterNode “EXCH002”
Set-MailboxServer EXCH002 –DatabaseCopyAutoActivationPolicy Unrestricted
Set-ServerComponentState EXCH002 –Component HubTransport –State Active –Requester Maintenance
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $false
Set-ServerComponentState “EXCH002” -Component ServerWideOffline -State Active -Requester Maintenance
Resume-ClusterNode “EXCH002”
Set-MailboxServer EXCH002 –DatabaseCopyAutoActivationPolicy Unrestricted
Set-ServerComponentState EXCH002 –Component HubTransport –State Active –Requester Maintenance
Set-MailboxServer “EXCH002” -DatabaseCopyActivationDisabledAndMoveNow $false
Get-ServerComponentState “EXCH002” | Select Component, State
Check Dag Health-
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Get-MailboxDatabaseCopyStatus -Server $_}}
Check Dag Database Active Server-
Get-MailboxDatabaseCopyStatus * -Active | Select Name,Status,MailboxServer,ActivationPreference,ContentIndexState
(Get-DatabaseAvailabilityGroup) | ForEach {$_.Servers | ForEach {Get-MailboxDatabaseCopyStatus -Server $_}}
Check Dag Database Active Server-
Get-MailboxDatabaseCopyStatus * -Active | Select Name,Status,MailboxServer,ActivationPreference,ContentIndexState
Resume Mailbox Copy-
Resume-MailboxDatabaseCopy -Identity DB1\MBX1
Non-Exchange-
Get list of enabled accounts sorted by password last changed date-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | sort passwordlastset -descend | ft -property samaccountname,passwordlastset
Get Members of Domain Admin-
Get-ADGroupMember "Domain Admins" | ft -property samaccountname
Get Password Never Expires-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordneverexpires | sort PasswordNeverExpires | ft -property SamAccountName,PasswordNeverExpires
Last Logon-
Get-ADUser -filter {Enabled -eq $True} -Properties LastLogonDate | sort LastLogonDate | ft -property SamAccountName,LastLogonDate
Find Windows 7 Computers that logged in within 30 days-
Get-ADComputer -Properties * -Filter {Enabled -eq $True -and OperatingSystem -like "Windows 7*"} | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) } | FT Name, OperatingSystem, LastLogonDate -Autosize
To sync AD sync-
Import-Module ADSync
# For a Delta Sync (most common, and used for most situations):
Start-ADSyncSyncCycle -PolicyType Delta
# For a Full Sync (only necessary in some situations):
Start-ADSyncSyncCycle -PolicyType Initial
Resume-MailboxDatabaseCopy -Identity DB1\MBX1
Mailbox Size
Get-MailboxDatabase | Get-MailboxStatistics | Sort-Object TotalItemSize -Descendin | ft -property DisplayName,TotalItemSize
How to find discovery mailbox name-
Get-Mailbox -Resultsize unlimited -Filter {RecipientTypeDetails -eq "DiscoveryMailbox"}
How to create discover mailbox-
New-Mailbox -Name "Discovery Search Mailbox" -Discovery
Add-MailboxPermission "Discovery Search Mailbox" -User Administrator -AccessRights FullAccess -InheritanceType all
Get-MailboxDatabase | Get-MailboxStatistics | Sort-Object TotalItemSize -Descendin | ft -property DisplayName,TotalItemSize
How to find discovery mailbox name-
Get-Mailbox -Resultsize unlimited -Filter {RecipientTypeDetails -eq "DiscoveryMailbox"}
How to create discover mailbox-
New-Mailbox -Name "Discovery Search Mailbox" -Discovery
Add-MailboxPermission "Discovery Search Mailbox" -User Administrator -AccessRights FullAccess -InheritanceType all
How to export discovery mailbox (or any other mailbox) to PST-
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -FilePath "\\server\share\export.pst"
Get-MailboxExportRequest | Get-MailboxExportRequestStatistic
Get all Mailbox Move Statistics-
Get-MoveRequest -resultsize unlimited | Where-Object {$_.status -notlike “null”} | Get-MoveRequestStatistics | select DisplayName, StatusDetail, *Size, *Percent* | ft
Get list of who has full access to a mailbox-
Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Calendar Permissions-
Get-MailboxFolderPermission -identity “username:\Calendar”
To change permissions on a Calendar item, type the following command:
Add-MailboxFolderPermission -identity “Managingdirector:\Calendar” -user “personalassistant” -AccessRights Editor
Give user full access to mailbox-
Add-MailboxPermission -identity Bob@domain.com –user Alan@domain.com –AccessRights FullAccess -AutoMapping:$false
Give user full access to ALL mailboxes-
Get-Mailbox | Add-mailboxpermission -user Alan@domain.com -AccessRights FullAccess
Forward to External Email address *without* making a contact-
Set-Mailbox -Identity user@internaldomain.com -DeliverToMailboxAndForward $true -ForwardingSMTPAddress user@externaldomain.com
See if mail is forwarding-
Get-Mailbox user@domain.com | FL DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress
Check all forwarding-
Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Select Name, ForwardingAddress, ForwardingsmtpAddress, DeliverToMailboxAndForward
Change UPN-
Set-MsolUserPrincipalName -UserPrincipalName <OldUPN> -NewUserPrincipalName <NewUPN>
Check Searching-
Get-MailboxDatabaseCopyStatus -Server $env:ComputerName | Format-Table Name,Status,ContentIndex* -Auto
Test-ExchangeSearch -Identity AlanBrewer@contoso.com
Distribution Group Send As
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@Megastarfinance.onmicrosoft.com
Add-RecipientPermission -Identity accounting@megastarfinancial.com -Trustee dlewis@megastarfinancial.com -AccessRights SendAs
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -FilePath "\\server\share\export.pst"
Get-MailboxExportRequest | Get-MailboxExportRequestStatistic
Get all Mailbox Move Statistics-
Get-MoveRequest -resultsize unlimited | Where-Object {$_.status -notlike “null”} | Get-MoveRequestStatistics | select DisplayName, StatusDetail, *Size, *Percent* | ft
Get list of who has full access to a mailbox-
Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Calendar Permissions-
Get-MailboxFolderPermission -identity “username:\Calendar”
To change permissions on a Calendar item, type the following command:
Add-MailboxFolderPermission -identity “Managingdirector:\Calendar” -user “personalassistant” -AccessRights Editor
Give user full access to mailbox-
Add-MailboxPermission -identity Bob@domain.com –user Alan@domain.com –AccessRights FullAccess -AutoMapping:$false
Give user full access to ALL mailboxes-
Get-Mailbox | Add-mailboxpermission -user Alan@domain.com -AccessRights FullAccess
Forward to External Email address *without* making a contact-
Set-Mailbox -Identity user@internaldomain.com -DeliverToMailboxAndForward $true -ForwardingSMTPAddress user@externaldomain.com
See if mail is forwarding-
Get-Mailbox user@domain.com | FL DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress
Check all forwarding-
Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Select Name, ForwardingAddress, ForwardingsmtpAddress, DeliverToMailboxAndForward
Change UPN-
Set-MsolUserPrincipalName -UserPrincipalName <OldUPN> -NewUserPrincipalName <NewUPN>
Check Searching-
Get-MailboxDatabaseCopyStatus -Server $env:ComputerName | Format-Table Name,Status,ContentIndex* -Auto
Test-ExchangeSearch -Identity AlanBrewer@contoso.com
Distribution Group Send As
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@Megastarfinance.onmicrosoft.com
Add-RecipientPermission -Identity accounting@megastarfinancial.com -Trustee dlewis@megastarfinancial.com -AccessRights SendAs
Non-Exchange-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | sort passwordlastset -descend | ft -property samaccountname,passwordlastset
Get Members of Domain Admin-
Get-ADGroupMember "Domain Admins" | ft -property samaccountname
Get Password Never Expires-
Get-ADUser -filter {Enabled -eq $True} -Properties passwordneverexpires | sort PasswordNeverExpires | ft -property SamAccountName,PasswordNeverExpires
Last Logon-
Get-ADUser -filter {Enabled -eq $True} -Properties LastLogonDate | sort LastLogonDate | ft -property SamAccountName,LastLogonDate
Find Windows 7 Computers that logged in within 30 days-
Get-ADComputer -Properties * -Filter {Enabled -eq $True -and OperatingSystem -like "Windows 7*"} | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) } | FT Name, OperatingSystem, LastLogonDate -Autosize
Only enabled accounts
Get-ADUser -filter {Enabled -eq $True} -Properties passwordlastset | ft -property samaccountname,passwordlastset | export-csv test.csv
All accounts-
Get-ADUser -filter * -Properties passwordlastset | select Name,samaccountname,passwordlastset,Enabled | export-csv test.csv
Get-ADUser -filter * -Properties passwordlastset | select Name,samaccountname,passwordlastset,Enabled | export-csv test.csv
Sample user inventory-
$date = Get-Date -Format ddMMMyyyy_HH_mm
$date = Get-Date -Format ddMMMyyyy_HH_mm
Get-ADUser -Filter * -server dc1 -Properties DistinguishedName, DisplayName, Enabled, whenCreated, whenChanged, lastLogon, LastLogonDate, memberOf | Select Name,DisplayName,DistinguishedName,Enabled,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}},LastLogonDate, whenCreated,whenChanged,@{n="memberof";e={[string]$_.memberof}}, @{N='DOMAIN';E={("XXX ")}} | Export-Csv -Delimiter ~ c:\temp\AD_Users_$date.txt -NoTypeInformation
To sync AD sync-
Import-Module ADSync
# For a Delta Sync (most common, and used for most situations):
Start-ADSyncSyncCycle -PolicyType Delta
# For a Full Sync (only necessary in some situations):
Start-ADSyncSyncCycle -PolicyType Initial
Output - Out-GridView
Set-User callie@providentconstruction.com -PermanentlyClearPreviousMailboxInfo
Open PowerShell, type-
get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
To Export to CSV-
Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:tempuser-password-info-20131119.csv
For enabled only-
get-aduser -filter 'enabled -eq $true' -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
To see an accounts creation date-
Get-ADUser <UserName> -Properties whenCreated | Format-List Name,whenCreated
No comments:
Post a Comment