Thomas' Tech Talk

Just Can't Get Enough Of IT

Querying Exchange Server Schema and Version Information

Filed under: Active Directory,Exchange Server — Thomas Stensitzki at 12:42 pm on Tuesday, February 9, 2021  Tagged , , ,

Exchange Server relies heavily on Active Directory. Therefore, you must ensure that the following three Active Directory components are prepared for the most recent release of Exchange Server that you want to install or upgrade to:

  1. The Schema
  2. The Forest
  3. Every domain within the forest you want to use for Exchange Server or Exchange recipient objects

Fellow MVP Michel De Rooij maintains a blog post covering the schema and object versions since Exchange Server 2000.

You can use the following DSQUERY commands to query the information. Ensure to use the correct forest root domain or local domain, if your local Active Directory is not a single forest single domain setup. Adjust the doamin and Exchange organzation names as needed.

 

Querying Exchange Schema for the rangeUpper attribute in the root domain. This is attribute is updated by /prepareSchema.

DSQUERY.exe * "CN=ms-Exch-Schema-Version-Pt,CN=schema,CN=configuration,DC=varunagroup,DC=de" -Scope base -Attr rangeUpper

Example result: 17002

 

Querying Exchange Organization for the objectVersion attribute in the root domain’s configuration partition. This is attribute is updated by /prepareAD.

DSQUERY.exe * "CN=EXCHANGEORGNAME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=varunagroup,DC=de" -Scope base -Attr objectVersion

Example result: 16756

 

Querying Exchange Organization for the msExchProductId attribute in the root domain’s configuration partition. The value returned shows Exchange Server version an build information. This is attribute is updated by /prepareAD.

DSQUERY.exe * "CN=EXCHANGEORGNAME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=varunagroup,DC=de" -Scope base -Attr msExchProductId

Example result: 15.02.0792.003

 

Querying Microfoft Exchange System Objects container for the objectVersion attribute in the domain. This is attribute is updated by /prepareAllDomains, /PrepareDomain, or /PrepareDomain:DOMAINFQDN.

DSQUERY.exe * "CN=Microsoft Exchange System Objects,DC=varunagroup,DC=de" -Scope base -Attr objectVersion

 

Example result: 13239

Use the last example for each domain in your Active Directory forest.

 

Enjoy Exchange Server.

Start Scheduled Tasks Remotely

Filed under: Exchange Server,PowerShell — Thomas Stensitzki at 4:00 pm on Saturday, July 18, 2020  Tagged

When you maintain a number of servers which require to trigger the same scheduled task manually, you can simply the process by triggering the scheduled task remotely.

In this example, I assume that the script is being executed on a dedicated management server (aka job server) within an Exchange Server 2013 environment. The scheduled task must exist on all servers having the same name.

Create a simple PowerShell script at a file location of your choice (i.e. D:\Scripts\Start-RemoteScheduledTasks.ps1)

$cimSession = New-CimSession -ComputerName SERVER1,SERVER2,SERVER3,SERVER4

Start-ScheduledTask TASKNAME -CimSession $cimSession

Remove-CimSession $cimSession

Now create a new shortcut on your server desktop with the following configuration:

Target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command “& D:\Scripts\Start-RemoteScheduledTasks.ps1” 

If required, select “Run as Adminstrator” in the Shortcut -> Advanced settings.

Enjoy!

 


This post was previously published on my legacy SF-Tools blog.
Original publishing date: 2015-02-26

The local machine is not an Exchange server

Filed under: Exchange Server — Thomas Stensitzki at 4:00 pm on Thursday, July 16, 2020  Tagged ,

While trying to get public folder statistics on an Exchange 2007 server I came across the following error: The local machine is not an Exchange server.

Screenshot - The local server is not an Exchange Server

 

Get-PublicFolderStatistics : The local machine is not an Exchange server. Please specify the name of a Mailbox server.
At line:1 char:75
+ Get-PublicFolder “\PUBLICFOLDER” -Recurse | Get-PublicFolderStatistics <<
<<
+ CategoryInfo          : NotSpecified: (0:Int32) [Get-PublicFolderStatistics], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : AFC2C5CC,Microsoft.Exchange.Management.MapiTasks.GetPublicFolderStatistics

 

In this case, the solution was pretty simple. I tried to fetch the public folder statistics on the passive node of the cluster. Even though the Exchange cmdlet Get-PublicFolder “\FOLDER” –Recurse was executed successfully, receiving the public folder statistics failed.

Executing the same query on the active node was successful.

 

Enjoy Exchange Server.

 

 


This post was previously published on my legacy SF-Tools blog.
Original publishing date: 2015-02-28

Create Migration Batches With Common Parameters

Filed under: Exchange Server,PowerShell — Thomas Stensitzki at 2:57 pm on Tuesday, July 14, 2020  Tagged ,

This is a community PowerShell script to simplify Exchange Server mailbox migrations and is available on Github.

Features

  • Validate CSV file for required column EmailAddress prior to creating migration batch in Exchange
  • Automatic batch naming based on CSV file name
  • Common notification email address settings
  • Variable AutoComplete of batches
  • Common logging of script activities

 

Examples

Migrate users configured in in CSV file MyBatchFile.csv and complete migration automatically

.\Move-MailboxesAsBatch.ps1 -CSVFile .\MyBatchFile.csv -AutoComplete

Migrate users configured in in CSV file MyBatchFile.csv, allow 10 bad items, notify it@mcsmemail.de and do not complete migration automatically

.\Move-MailboxesAsBatch.ps1 -CSVFile .\MyBatchFile.csv -BadItemLimit 10 -NotificationEmails @("it@mcsmemail.de")

Links

 


This post was previously published on my legacy SF-Tools blog.
Original publishing date: 2015-07-17

Unable to download NuGet package provider

Filed under: PowerShell,Windows Server — Thomas Stensitzki at 4:38 pm on Thursday, June 11, 2020  Tagged

When you try to install a module from PowerShell Gallery using the Install-Module cmdlet it might fail.

Installing a PowerShell module requires the NuGet package provider installed first. Installing the package provide might fail as well with the following error:

WARNING: Unable to download from URI ‘https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409’ to ”. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider ‘NuGet’. The package provider requires ‘PackageManagement’ and ‘Provider’ tags. Please check if the specified package has the tags. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21 + … $null = PackageManagement\Install-PackageProvider -Name $script:N … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Microsoft.Power…PackageProvider:InstallPackageProvider) [Install-Pac kageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro vider PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name ‘NuGet’. Try ‘Get-PackageProvider -ListAvailable’ to see if the provider exists on the system. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21 + … $null = PackageManagement\Import-PackageProvider -Name $script:Nu … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv ider

 

Reason

The installation fails because the server’s .NET Framework is not configured for the use of TLS 1.2.

 

Workaround

Enable TLS 1.2 for your current PowerShell session using the follow command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

 

Solution

Add two registry keys to enable the use of TLS 1.2 for 32- and 64-bit .Net Framework libraries.

  • 32-bit
    • Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type DWord
  • 64-bit
    • Set-ItemProperty -Path ‘HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319’ -Name ‘SchUseStrongCrypto’ -Value ‘1’ -Type DWord

 

Enjoy PowerShell!

 

 

User Group Membership – Quick Query

Filed under: On-Premises — Thomas Stensitzki at 11:26 am on Monday, March 23, 2020  Tagged ,

You sometimes need to know the Active Directory domain group memberships of a user currently logged in to a Windows computer. Mostly, you need this information for troubleshooting purposes.

The easiest way is using the following command line query:

net user /domain %username%

Example

C:\>net user /domain %username%
User name varadmin
Full Name Varuna Admin
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never

Password last set 22.01.2016 10:09:53
Password expires Never
Password changeable 23.01.2016 10:09:53
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 22.03.2020 18:08:15

Logon hours allowed All

Local Group Memberships *ADSyncAdmins
Global Group memberships *NoSpamProxy People an*NoSpamProxy Monitorin
                         *Foresite_Admins *Compass_Admins
                         *NoSpamProxy Disclaime*Enterprise Admins
                         *Mailscape_Users *Group Policy Creator
                         *Organization Manageme*Compass_Users
                         *Foresite_Users *Mailscape_Admins
                         *Schema Admins *Domain Admins
                         *NoSpamProxy Configura*Domain Users

The command completed successfully.

 

Enjoy.

Move FSMO Roles in Windows Server 2019

Filed under: On-Premises,Windows Server — Thomas Stensitzki at 11:34 am on Saturday, March 21, 2020  Tagged , ,

In the past, we’ve used NETDOM to identify FSMO-systems and to move assigned FSMO-roles to other Windows Server systems.

With Windows Server 2016 or newer you can use PowerShell to easily move FMSO-roles to a new domain controller.

 

Move a single FSMO-role to a new domain controller

Move-ADDirectoryServerOperationMasterRole -Identity DC01 `
-OperationMasterRole RIDMaster

 

Move all FSMO-roles to a new domain controller

Move-ADDirectoryServerOperationMasterRole -Identity DC01 `
-OperationMasterRole PDCEmulator,InfrastructureMaster,SchemaMaster,`
DomainNamingMaster,RIDMaster

 

Read more about the cmdlet and all supported parameters in cmdlet-documentation.

Links

 

Enjoy.

Thomas’ Tech Talk – Overview

Filed under: Exchange Online,Exchange Server,Tech Talk,Video — Thomas Stensitzki at 10:00 am on Saturday, March 14, 2020  Tagged

Thomas’ Tech Talk – YouTube Channel

Overview of my YouTube recordings (in German).

 

  • Tech Talk 12: Exchange Server Support Life-Cycle
    Cover Tech Talk 12 - Exchange Server Support Life-Cycle
  • Tech Talk 11: Exchange Server und HealthChecker.ps1
    Cover Tech Talk 11 - Exchange Server und HealthChecker.ps1
  • Tech Talk 10: Exchange Server und hybride Identitäten
    Cover Tech Talk 10 - Exchange Server und hybride Identitäten
  • Tech Talk 9: Exchange Server vNext
    Cover Tech Talk 9 - Exchange Server vNext
  • Tech Talk 8: Exchange Server 2016 Ende Mainstream Support
    Cover Tech Talk 8 - Exchange Server 2016 Ende Mainstream Support
  • Tech Talk 7: ADFS oder PTA?
    Cover Tech Talk 7 - ADFS oder PTA?
  • Tech Talk 6: Deaktivierung Basic Authentication in Exchange Online
    Cover Teah Talk 6 - Deaktivierung Basic Authentication in Exchange Online
  • Tech Talk 5: Exchange Server – Edge Transport Role
    Cover Tech Talk 5 - Exchange Server - Edge Rolle
  • Tech Talk 4: Exchange Server 2019 – Lohnt sich ein Wechsel?
    Cover Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
  • Tech Talk 3: Exchange Hybrid
    Cover Thomas' Tech Talk 3 - Exchange Hybrid
  • Tech Talk 2: Migration von Exchange Server zu Exchange Online
    Cover Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
  • Tech Talk 1: Supportende von Exchange Server 2010
    Cover Thomas' Tech Talk 1 - Supportende von Exchange Server 2010

 

Enjoy.

Purge-LogFiles updated to v2.3

Filed under: Exchange Server,PowerShell — Thomas Stensitzki at 6:35 pm on Thursday, March 12, 2020  Tagged , , ,

The PowerShell script to purge log files of modern Exchange Server editons has been updated to version 2.3.

The new version supports:

  • dynamic Exchange Server installation paths across multiple servers
  • deletion of the HTTPERR folder
  • HTML formatting for email notification email

Additionally, the script is tested with Exchange Server 2019.

You can download the source at GitHub or TechNet Gallery.

Please vote for the script at TechNet Gallery, and post comments, issues, and feature requests at GitHub.

Enjoy.

Select non-default receive connectors

Filed under: Exchange Server,PowerShell — Thomas Stensitzki at 8:46 pm on Sunday, March 8, 2020  Tagged

Sometines you want to select all non-default receive connectors for further processing in PowerShell. The following simple example selects all receive connectors excluding the connectors using server name as part of the connector name.

When querying the receive connectors for a server you will get all configured connectors.

Get-ReceiveConnector -Server $Server | ft -AutoSize

Identity                                  Bindings Enabled
--------                                  -------- -------
DEHVNEX1\Default DEHVNEX1                 {0.0.0.0:2525, [::]:2525} True
DEHVNEX1\Client Proxy DEHVNEX1            {[::]:465, 0.0.0.0:465}   True
DEHVNEX1\Default Frontend DEHVNEX1        {[::]:25, 0.0.0.0:25}     True
DEHVNEX1\Outbound Proxy Frontend DEHVNEX1 {[::]:717, 0.0.0.0:717}   True
DEHVNEX1\Client Frontend DEHVNEX1         {[::]:587, 0.0.0.0:587}   True
DEHVNEX1\Anonymous Relay                  {0.0.0.0:25}              True
DEHVNEX1\From Veruna-BER                  {0.0.0.0:25}              True
DEHVNEX1\APPS-Relay                       {0.0.0.0:25}              True

 

The following PowerShell query excludes the receive connectors as mentioned.

$server='DEHVNEX1'

Get-ReceiveConnector -Server $Server | `
?{(([string]$_.Identity).Split('\')[1]) -notlike "*$($Server)*"} | `
ft -AutoSize

Identity                 Bindings     Enabled
--------                 --------     -------
DEHVNEX1\Anonymous Relay {0.0.0.0:25} True
DEHVNEX1\From Veruna-BER {0.0.0.0:25} True
DEHVNEX1\APPS-Relay      {0.0.0.0:25} True

 

If you want to reuse the filtered output for further processing, simply store the output in a variable, e.g., $ReceiveConnectors.

$ReceiveConnectors=Get-ReceiveConnector -Server $Server | `
?{(([string]$_.Identity).Split('\')[1]) -notlike "*$($Server)*"}

 

This is a basic example and should encourage you to extend it to fit your needs in your Exchange Server environment.

Enjoy Exchange Server.

Next Page »