Temporarily Moved   Leave a comment

I have been away for a while working on other projects. Some of my other posts are located here: http://www.powershellusers.com. If you are in the Appleton, Wisconsin area, please feel free to attend.

Last Tuesday of the month. Visit the above website for details of when and where.

Posted 2017-04-17 by DonnPoSh in Uncategorized

PowerShell is Speed   Leave a comment

Let me tell you why I like PowerShell. It’s fast. How fast you ask? Alright, let’s compare some common day to day tasks.

Assuming you have two windows open, ‘Active Directory Users and Computers’ (ADUC) and PowerShell. Let’s also assume you are running an Active Directory Domain 2012 and your client computer is Windows 8. (Yes, those versions are now old and should be upgraded to 2012R2 and 8.1, by the way, what is your current environment at?) Let’s also assume you have Remote Server Admin Tools installed because let’s face it, ADUC isn’t part of the default tools when loading Windows 8.

So, quickly modify a user’s description… and… go!

Using ADUC, (1) right click (2) click Find (3) move hands from mouse to keyboard and type in the users login name (4) right click the user and (5) click Properties. (6) Click in Description field and move hand back to keyboard to type in a description. (7) Click OK. (8) Close Find window. By the way, using Active Directory Administrative Center (ADAC) is faster than ADUC, but most people running a 2008 Domain do not use ADAC. Not sure why, but most of the admins I meet do not know what ADAC is.

See how easy that was! Now let’s try the same thing in PowerShell.

Using PowerShell, type Set-ADUser djacobs -Description ‘MCT at HBS’ and hit enter. Done!

So, which way is faster? Yep, PowerShell. And to those of you out there saying to yourself, “Hey you need to load the Module first!” The answer is no I don’t. Within PowerShell version 3, if the module is within the module search path, it will automatically load the module for you. And to those of you who don’t know what a module is, class starts soon.

Now, imagine HR gives you an Excel file and they want you to update several fields for all users; telephone numbers, offices, descriptions, titles, and managers. Within ADUC, you can spend days updating those fields for all your users, several factors depending. And for those of you with 60 users, hopefully it doesn’t take you days to do it… Within PowerShell, I input data either directly from Excel, or save the data as a CSV file into an array and loop through the data doing modifications for all the users on the list within seconds.

OK, now critics out there will be saying, yeah, but it took you 30 minutes to write the code, add error checking and create an HTML report of any errors and successes to send back to HR in an email. Yes, it did, but next month when HR sends me another Excel file with more users to be updated, I just rerun the script and go get a cup of coffee, or tea, or a beverage of my choice. The good news is, I can spend a minute deciding what I want to drink and still be done before you start those clickety click changes using ADUC. So… your choice.

And for those of you thinking, “By the hour, not by the job” that is a true statement. However, those people are also still writing batch files to map drives for their users during login (don’t get me started on that one). Those are the people who are telling their boss how long it takes to do this stuff and expecting sympathy because they are so overworked.

Work smarter, not harder. Use PowerShell.

Posted 2016-01-31 by DonnPoSh in Uncategorized

What’s in my BackPack   Leave a comment

This is a little different than most of my posts. I thought I needed a new backpack because the new one wasn’t big enough I thought. Let me start by saying, I like to be prepared for any situation while I’m at work. I don’t have a desk and I don’t go to the same place too often. I get called to go to some customer and fix whatever they need. Now, most of the time, that involves my laptop, power cord, and a mouse. However, I don’t like it when I need something and don’t have it.

WP_20150722_011

Looking at the picture…

  • Misc CDs
  • Lifesavers leftover at the bottom of my bag
  • Some notebooks used to scribble some notes in.
  • Power cord
  • Headphones
  • Corded mouse and a wireless mouse
  • Misc adapters
  • Laptop
  • External HD
  • Spare batteries for mouse
  • Misc meds
  • Misc Pens and Pencils
  • 3 Ethernet cords
  • Misc USB cables
  • 3 bouncy balls
  • Cooling pad
  • D&D book
  • Small toolkit
  • Glasses
  • TUMS
  • Lock picking set
  • Spare socks (Used under laptop to help cushion it)

Posted 2015-12-31 by DonnPoSh in Donnisms

PowerShell Removing …   Leave a comment

$FormatEnumerationLimit = -1

Posted 2015-04-24 by DonnPoSh in Uncategorized

Preserve mailbox data for eDiscovery using inactive mailboxes in Exchange Online   Leave a comment

This is a re-post from http://blogs.technet.com/b/exchange/archive/2013/03/21/preserve-mailbox-data-for-ediscovery-using-inactive-mailboxes-in-exchange-online.aspx because I think its important and an option for people looking to replace archivers or keep data for regulatory reasons.

 

By Bharat Suneja [MSFT]
21 Mar 2013 4:05 PM 12

In Exchange Online and Exchange Server 2013, you can use In-Place Hold or Litigation Hold to preserve mailbox content for litigation or investigations. Many organizations also need to preserve mailbox data for users who are no longer in the organization.

In on-premises Exchange deployments, this has typically been done by disabling the Active Directory user account and performing actions such as removing it from distribution groups, preventing inbound/outbound email to and from the mailbox (including setting delivery restrictions and configuring message size limits), hiding the mailbox from the Global Address List (GAL), and also setting an account expiration date on the user account in Active Directory. Licensing costs are not a concern in this scenario, because you do not need a Client Access License (CAL) for a mailbox that’s no longer active.

In Exchange Online, admins remove mailboxes for departed users. However, once you remove a mailbox, it can no longer be included in In-Place eDiscovey searches (Multi-Mailbox Search in the previous version of the service and in Exchange 2010). Additionally, 30 days after you remove a mailbox, it is permanently deleted from Exchange Online and can no longer be recovered. In-Place eDiscovery requires that the mailbox be active, which means an Exchange Online or Office 365 plan is required for the mailbox for as long as you want to preserve data for eDiscovery.

Note: You can preserve mailbox data offline by exporting it to a PST file using Microsoft Outlook and then remove the mailbox. However, if you need to perform an eDiscovery search, you would need to inject it back to an Exchange Online mailbox.

Inactive Mailboxes

In the new Exchange Online, we’ve introduced the concept of inactive mailboxes to handle departed users. When a user leaves the organization and you need to retain their mailbox data for some time to facilitate eDiscovery (or meet retention or business requirements), you can place the mailbox on In-Place Hold or Litigation Hold before removing the Office 365 user. This preserves the mailbox, but prevents it from sending/receiving messages, hides it from users so it’s no longer visible in the GAL and other recipient lists. You can add inactive mailboxes to In-Place eDiscovery searches. Inactive mailboxes do not require an Exchange Online or Office 365 plan.

When your eDiscovery, retention or other business requirements are met and you no longer need to preserve the mailbox content, you can remove the mailbox from In-Place Holds or Litigation Hold. After you remove hold, the normal mailbox removal behavior of Exchange Online will resume for the mailbox – which means, if the mailbox was removed more than 30 days ago, it will be permanently deleted. If it was removed less than 30 days ago, it will be permanently deleted after 30 days of removal.

For more details, see Managing Inactive Mailboxes (short url: aka.ms/inactivembx) in Exchange Online documentation.

Inactive mailboxes are available in March 2013 in the E3, E4, A3, A4, G and Exchange Online P2 plans.

Migrating inactive mailbox data to Exchange Online

If you already have inactive mailboxes in your on-premises Exchange 2010 or Exchange 2013 environment or a third-party archive, you can move the data to inactive mailboxes in Exchange Online by first provisioning an Exchange Online mailbox, which requires a plan subscription, importing the data to the Exchange Online mailbox, placing the user on In-Place Hold or Litigation Hold and then deleting the user account, making it an inactive mailbox. You do not require a plan subscription for that mailbox after you make it inactive. However, you will need a subscription during the provisioning and data import process. If you have a large number of inactive mailboxes, you can provision them in batches using a smaller number of subscriptions. Note, the Product Usage Rights (PUR) states that licenses can only be reassigned once every 90 days.

How long can a mailbox be inactive?

You can preserve data in inactive mailboxes for as long as you need to, based on your organization’s retention and eDiscovery requirements. Of course, you would need to continue to be an Office 365/Exchange Online customer.

How can you remove data from an inactive mailbox?

Inactive mailboxes are not processed by the Managed Folder Assistant, so deletion policies (i.e. Retention Policies) are not applied to it. If you’ve specified a hold duration using In-Place Hold or Litigation Hold, the parameter does not impact inactive mailboxes. All content in an inactive mailbox is on hold until you remove the hold from the mailbox.

Bharat Suneja

Posted 2015-03-25 by DonnPoSh in Office 365

End Users Automatically Added to your O365 environment – no more   Leave a comment

If you are an educational facility, Microsoft has made it possible for teachers and students to your Office 365 domain before you are ready for them to be added. http://products.office.com/en-us/student?tab=teachers.

For some smaller districts without a dedicated IT department, this could be a good thing, teachers and students sign up, setup their password and get going in minutes. If you are a larger district that implements DirSync, this could be a bad thing. If you want to disable this feature it has to be done through PowerShell and affects your entire organization.

Disable automatic license distribution : Use this Windows PowerShell script to disable automatic license distributions for existing users.

To disable automatic license distribution for existing users: 
Set-MsolCompanySettings -AllowAdHocSubscriptions $false

To enable automatic license distribution for existing users:
Set-MsolCompanySettings -AllowAdHocSubscriptions $true

Disable automatic tenant join : Use this Windows PowerShell command to prevent new users from joining a managed tenant:

To disable automatic tenant join for new users:
Set-MsolCompanySettings -AllowEmailVerifiedUsers $false

To enable automatic tenant join for new users:
Set-MsolCompanySettings -AllowEmailVerifiedUsers $true

https://support.office.com/en-us/article/Office-365-Education-ProPlus-Benefits-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins

Posted 2015-03-06 by DonnPoSh in Office 365, PowerShell

Tagged with ,

Exchange ECP without a Mailbox   Leave a comment

You can access the EAC by adding the Exchange version to the URL. For example, to access the EAC whose virtual directory is hosted on the Exchange Server 2013 Client Access server, use the following URL: https://<Exchange2013CAS>/ecp?ExchClientVer=15

If you want to access the Exchange 2010 ECP and your mailbox resides on an Exchange 2013 Mailbox server, use the following URL: https://<Exchange2013CAS>/ecp?ExchClientVer=14

Sometimes, you need to add more, use this URL: https://<Exchange2013CAS>/ecp/?exsvurl=1&p=Mailboxes&ExchClientVer=15

Posted 2014-10-26 by DonnPoSh in Exchange