Copy Receive Connector Settings

I came across a particularly useful set of commands today while needing to enter a huge list of allowed IP’s for a receive connector in Exchange on multiple servers.  This comes in particularly handy when needing to copy allowed IP addresses from one connector to another (usually on multiple servers) for the purpose of say anonymous relaying.

$connector = Get-ReceiveConnector “ServerName\ConnectorName

Set-ReceiveConnector “ServerName\ConnectorName” –RemoteIPRanges $connector.RemoteIPRanges

Very simple set of commands used frequently in Powershell, just thought this one was particularly useful as we have additional addresses to add and subtract from anonymous relaying connectors on mutliple servers frequently.

Remove Old Email Addresses from Exchange 2010

If you’ve ever changed an email address policy in Exchange, you are aware that old addresses from previous policies are not deleted.  This is by design and intentional but what if you made a mistake in your policy and need to remove hundreds of invalid addresses from accounts.  For instance… you created a policy for [firstinitial.lastname@domainname.org] when you really meant to set an underscore  as a separator instead of the period.

The following script will use a regular expression to find all email addresses containing periods between firstinitial and lastname then remove them.

$allmailboxes = get-mailbox
$allmailboxes |% {$a = $_.emailaddresses; $b = $_.emailaddresses; foreach ($e in $a) {if ($e.tostring() -match “[a-z]+\.[a-z]+@domainname.org”) {$b -= $e;}}$_ | set-mailbox -emailaddresses $b}

By simply editing the regular expression in this script, you can search for all kinds of different combinations of addresses and remove them from your users mailboxes.

Fine Grained Password Policies

Needed to setup fine grained password policies for the first time today.  Used the following TechNet article to guide me through the setup: http://technet.microsoft.com/en-us/library/cc754461%28v=ws.10%29.aspx

Exchange 2010 Multi-Tenancy Powershell Script

I wrote the following powershell script to assist in carving out new Exchange 2010 tenants for additional child domains in our Exchange forest.  The script provisions mailbox databases, adds database copies to our DAG hosts, creates separate address lists, global address lists, address book policies, and sets up delegated administration.  Prior to running the script you would need to deploy an AD group for delegated recipient administration.  The group name will be prompted during execution of the script.  Also, modification of the script text in red will be necessary for your environment.  Hope some of you can take bits and pieces of this script and put it to use!

$EntityName = read-host “Entity Name”
$EntityAbbr = read-host “Antity Abbreviation”
$EntityFQDN = read-host “Entity Fully Qualified Domain Name (EXAMPLE: my.internaldomain.internal)

<# Carve out Address Lists and Policies #>
New-GlobalAddressList $EntityName” Global Address List” -IncludedRecipients MailboxUsers, Resources, MailContacts, MailGroups, MailUsers -RecipientContainer $EntityFQDN
Update-GlobalAddressList $EntityName” Global Address List”
New-AddressList $EntityName -IncludedRecipients MailboxUsers -RecipientContainer $EntityFQDN
Update-AddressList $EntityName
New-AddressList “All $EntityName Rooms” -Container “\$EntityName” -RecipientContainer $EntityFQDN -RecipientFilter {((Alias -ne $null) -and (((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’))))}
Update-AddressList “All $EntityName Rooms”
New-AddressList “All $EntityName Groups” -Container “\$EntityName” -RecipientContainer $EntityFQDN -IncludedRecipients MailGroups
Update-AddressList “All $EntityName Groups”
New-OfflineAddressBook “$EntityName Offline Address Book” -AddressLists “\$EntityName” -VirtualDirectories “CASSERVER1\OAB (Default Web Site)”, “CASSERVER2\OAB (Default Web Site)”, “CASSERVER3\OAB (Default Web Site)”, “CASSERVER4\OAB (Default Web Site)
Update-OfflineAddressBook “$EntityName Offline Address Book”
New-AddressBookPolicy $EntityName -GlobalAddressList “$EntityName Global Address List” -RoomList “\$EntityName\All $EntityName Rooms” -OfflineAddressBook “$EntityName Offline Address Book” -AddressLists “\$EntityName\All $EntityName Groups”

<# Provision Mailbox Databases #>
$DatabaseCount = read-host “Number of Exchange Mailbox Databases to Setup”
$DBC = 0

do{
$DBC++
$DatabaseName = read-host “Database Name”
[int32]$QuotaWarningMB = read-host “Quota Warning (in MB)”
$QuotaWarningKB = ($QuotaWarningMB * 1024)
$QuotaWarningBytes = ($QuotaWarningKB *1024)
[int32]$QuotaLimitMB = read-host “Quota Limit (in MB)”
$QuotaLimitKB = ($QuotaLimitMB * 1024)
$QuotaLimitBytes = ($QuotaLimitKB *1024)
New-MailboxDatabase $DatabaseName -EDBFilePath “E:\Databases\$DatabaseName.edb” -LogFolderPath “F:\Logs\$DatabaseName” -Server MAILBOXSRV1
Start-Sleep -s 30
Mount-Database $DatabaseName
Set-MailboxDatabase $DatabaseName -ProhibitSendReceiveQuota Unlimited -IssueWarningQuota $QuotaWarningBytes -ProhibitSendQuota $QuotaLimitBytes
Add-MailboxDatabaseCopy -Identity $DatabaseName -MailboxServer MAILBOXSRV2 -ActivationPreference “2”
Start-Sleep -s 10
Resume-MailboxDatabaseCopy -Identity $DatabaseName\MAILBOXSRV2}
While ($DBC -lt $DatabaseCount)

<# Created Delegated Administration Permissions #>

$DatabaseList = read-host “Enter database names seperated by comma’s for delegated recipient administration”
$RecAdmGrpName = read-host “Specify the active directory group name to delegate privileges to (EXAMPLE: my.internaldomain.internal/Resources/Rule Groups/EXC_Entity_RecipientAdmins)”
New-ManagementScope “$EntityAbbr Databases” -DatabaseList $DatabaseList
Set-AdServerSettings -RecipientViewRoot “internaldomain.internal
$RoleGroup = Get-RoleGroup “Recipient Management”
New-RoleGroup “$EntityAbbr Recipient Management” -Roles $RoleGroup.Roles -CustomConfigWriteScope “$EntityAbbr Databases” -Members $RecAdmGrpName

Active Directory Object Restores

Ever find yourself in the situation where you need to restore an accidentally deleted user account but your backup software only allows for entire system state restores?  I did today and I found out about a really nice freebie tool to retrieve tomb stoned AD objects.  It’s called “Object Restore for Active Directory” by Quest Software: http://www.quest.com/object-restore-for-active-directory/

For future instances since our active directory is running at the Windows Server 2008 R2 functional level, I plan on activating the recycle bin feature of AD.  Directions are as follows:

  1. Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.
  2. Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=mydomain,DC=internal’ –Scope ForestOrConfigurationSet –Target ‘mydomain.internal’

Exchange 2010 Address List Segmentation

I recently had a scenario where I needed to separate global address lists for two different organizations hosted on the same Exchange 2010 environment.  Each organization was configured as a child-domain of the forest hosting Exchange.

  1. Create a new global address list from the Exchange Management Shell.  You cannot create global address lists from the Exchange Management Console.  New-GlobalAddressList “Organization A” –RecipientFilter {RecipientType –eq “UserMailbox”} –RecipientContainer “organizationa.mydomain.internal”  This command creates a new global address list named Organization A where all mailboxes in the domain organizationa.mydomain.local reside.
  2. Next, create any additional address books if not already created to separate users.  These address books can be assigned to users using an Exchange Address Book Policy as demonstrated in the next step.  Example: New-AddressList “Business Department” –RecipientFilter {((RecipientType –eq “UserMailbox) and (ConditionalDepartment –eq “Business”)}  The following command creates an address list called Business Department and populates it based on the department attribute in Active Directory.  Anyone with the department name Business would be a member of this address list.
  3. Next, create an offline address book utilizing the global address list completed in step 1.  New-OfflineAddressBook “Organization A” –AddressLists “\Organization A”
  4. Next, create an address book policy to assign to users in each domain.  The address book policy controls which GAL, OAB, Address Lists and Room Lists show up for the client.  New-AddressBookPolicy “Organization A Policy” -AddressLists “Business Department” –
    GlobalAddressList “Organization A” -OfflineAddressBook “Organization A” -RoomList “All Rooms”

Assign the address book policy to users in the domain to restrict address lists to only their local domain.  Of course you can always add additional address lists to each policy to allow cross-domain sharing of contacts while keeping the GAL’s separate.

Slow Mouse in VMWare Console?

Change your video driver to the one located in C:\Program Files\Common Files\VMware\Drivers\wddm_video\ and reboot.  This works for all flavors of Windows Server 2008 R2 from what I’ve read.