Remove Windows Server Disabled Roles and Features Payload Files

microsoft black logo

If you are running a Windows Server environment and you are becoming increasing low on system drive space, then you may want to consider removing the built in payload files for Windows Features. Windows Server comes with the payload files readily available if you want to add any additional Features or Roles to your server. … Read more

Exchange Shell – All Permissions on all Mailboxes

Exchange-Export-all-permissions-on-all-mailboxes

We carried out a project recently which was to migrate around 150 mailboxes to the Office 365 (Exchange Online) platform.

Part of scope of works that was required was to provide the team leaders within the business a list of all the mailboxes and what permissions they had on them.

This was mostly a housekeeping exercise due to years of neglect in that area. As an example, one users mailbox had permissions on it for a colleague to be able to access their inbox whilst they were on annual leave – but was still set on it two and a half years later!

So we turned to Exchange Shell again…

The gift that just keeps giving, PowerShell, or for Exchange, Exchange Shell, was the perfect tool for this job. One simple command and we could output all this information to a CSV file.

Get-Mailbox | Get-MailboxPermission | Select {$_.AccessRights}, Deny, InheritanceType, User, Identity, IsInherited, IsValid | Export-Csv c:\TGH\mbx_permissions.csv

You can amend the above command if you wish to bring in, or remove, any columns of data.

We would then take this CSV file, turn it into a XLSX file and send it to the people that wanted it. If we really wanted to, we could put this into a PowerBI report and create pretty graphs etc – but for this job, an Excel file would do!

The people requesting this information were delighted and a bit shocked that it only took a few minutes to provide to them – but that’s the value of PowerShell.

Feedback

If you run into any problems with this, or if you would like some assist expanding the data column information, please feel free to leave us a message below in our comments section and we will get back to you as soon as we can.

Get OU Distinguished Name

Active Directory Logo

There are many reasons as to why you would need to identify an Active Directory Organisational Unit’s Distinguished Name.

Most techies out there will use an AD distinguished name when writing or using PowerShell scripts.

However, quickly finding what the Distinguished name of a particular OU is not immediately clear. You can click on the object tab for information, but not the distinguished name.

Using PowerShell to get the Distinguished Name

The simple solution on how to quickly find an OU’s distinguished name is to use PowerShell itself.

The information you will need first is:

  • OU Name
  • AD Integration for PowerShell

That’s it – once you have this, you can go ahead and run the below PowerShell script:

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

The only part you need to change in this PowerShell script is the * wildcard. If you leave it as a wildcard, it will bring back the distinguished name for all of your OU’s.

To bring back just one particular OU distinguished name, then change this * wildcard to the name of your OU.

Comments

If you have any problems with getting this working or if you just want to leave us a thanks – feel free to leave us a message below in the comments box.

Newsletter

If you want to be notified when we post more quality guides like this one, sign up to our newsletter and you will receive an email when a new post is live.

Join 520 other subscribers.

Don’t worry, we won’t be filling your inbox with spam and you can unsubscribe anytime you like.

Windows 10 1903 RSAT Installation

rsat

The Windows 1903 upgrade has now been released however, yet again, RSAT has not been included in the upgrade. So it comes as a bit of a shock when you update your Windows version to the latest and then do not have Group Policy, DNS and Active Directory Users and Computers available. For some reason, … Read more

System Center Operations Manager Invalid Management Group Removal

Invalid Management Group Removal

We recently carried out some work for a client who had a completely ruined installation of System Center Operations Manager (SCOM).

Who had done what to it, we may never know, but it was clear that the only fix was to start again. This was not such a bad thing as they did want to change the name of their Management Group anyway – which secretly lead us to believe that someone had been messing and trying to carry this out, hence the mess of the installation!

We went ahead and carried out a completely new installation of Operations Manager as this is what they wanted, however, if you are an administrator of Operations Manager, you will probably know about the potential for an absolute nightmare here – the old Management Group and the new Management Group now being referenced on the servers and end users machines (although in this case, they only wanted servers being monitored by Operations Manager).

We managed to resolve this issue by using a PowerShell script. We did not write this PowerShell script ourselves and we apologise now for not giving the credit where it is due, but we cannot remember where we got it from – if it’s you, let us know and we will update with credit.

The plan is very simple, go into the Operations Manager server, check for error EventID 20046 in the Event Viewer (which will give you the name of a server trying to report with an invalid Management Group) then edit and run the PowerShell script to remove the reportedly invalid Management Group from that server.

PowerShell Script to Remove SCOM Invalid Management Group

The PowerShell script we used is below, note these variables that you must enter per server:

  • $ComputerName = The server name with the invalid management group
  • $ManagementGroup = The name of the invalid management group
param(
$ComputerName = "SERVERNAME",
$ManagementGroup = "MGMT GROUP NAME"
)

Function Remove-SCOMManagementGroup ($ComputerName)
{
$sb = {
param($ManagementGroup,
$ComputerName)
Try {
$OMCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
} catch {
throw "$ComputerName doesn't have the SCOM 2012 agent installed"
}
$mgs = $OMCfg.GetManagementGroups() | %{$_.managementGroupName}
if ($mgs -contains $ManagementGroup) {
$OMCfg.RemoveManagementGroup($ManagementGroup)
return "$ManagementGroup removed from $ComputerName"
} else {
return "$ComputerName does not report to $ManagementGroup"
}
}
Invoke-Command -ScriptBlock $sb -ComputerName $ComputerName -ArgumentList @($ManagementGroup,$ComputerName)
}
Remove-SCOMManagementGroup -ManagementGroup $ManagementGroup -ComputerName $ComputerName

Once the PowerShell script has completed, you either need to restart the Microsoft Monitoring Agent service (Service Name is: HealthService) on the affected machine or reboot it.

If you then go into your server Control Panel and then into the Microsoft Monitoring Agent applet, you should now see that you only have the corrent new Management Group on there and that the invalid old one has been removed.

System Center Orchestrator

Of course, if you know how to use System Center Orchestrator and you have it installed in your environment, you can setup a new Runbook to check for EventID 20046 and then trigger the PowerShell script from there.

Feedback

If you have any questions or feedback on this guide, we would love to hear from you. You can contact us via our Social Media channels or just leave us a message below in the comments box.

Exchange Shell – Get all Shared Mailboxes Information

Exchange 2013

Following on from our previous post about how IT professionals can use the tools available to them to make their lives easier, we have another Exchange Management Shell (EMS) script which will get all the information available from all Shared Mailboxes including the sizes of each mailbox.

Guide

Open up the Exchange Management Script tool and enter this command:

Get-mailbox -RecipientTypeDetails sharedmailbox -Resultsize unlimited | ft Name, Identity, ItemsInFolder, FolderSize

This will return all the information on your businesses shared mailboxes. However, this is only on screen using the EMS and the formatting is not the best.

Export to CSV

The better option is to take all the data and export it to CSV. You can then save the CSV as an XLSX file and carry out any formatting and tidying up that may be required.

So, go back into your EMS and run this command:

Get-mailbox -RecipientTypeDetails sharedmailbox -Resultsize unlimited | ft Name, Identity, ItemsInFolder, FolderSize | Export-CSV C:sharedmailboxinfo.csv

where:

  • C:sharedmailboxinfo.csv = CSV export location and file name

You should now find that you have a CSV file with all the information you require in it.

What more can make my life easier?

Well, we have a number of Powershell scripts available here which might help you out. Otherwise, just that a browse around our site and see what you can find. In the top right is a search function too.

Feedback

If you have any questions or feedback on this guide, please feel free to leave us a message below in our comments section and we will try and get back to you as soon as we can.

Exchange Shell – Export all shared mailbox permissions to CSV

Exchange 2013 1

Sometimes as IT professionals, we get asked to supply a lot of data to company bosses. This can be extremely frustrating especially when what you want to do is fix stuff, but IT is becoming more and more like an admin role all the time. It doesn’t mean you stop fixing stuff, it just means you have to carry out an admin role as well!

So, to try and make our lives easy, we need to use the tools available to us as well as our technical skills.

Our blog is absolutely packed full of user guides for a whole range of different technical areas, but over the next few weeks, our posts are going to largely evolve around PowerShell scripts and how we can use them to make our lives easier.

Microsoft Exchange

Although email is rapidly moving aware from on premise Microsoft Exchange servers and into the cloud, there are still a hell of a lot of business still using older versions of Exchange. In this scenerio, a project manager has asked to be supplied with all Exchange shared mailboxes and who has what permissions to each one.

To carry this out, we can use the Exchange Management Shell (EMS) to input a basic script which will output this information to CSV which then in turn can be passed on to the project manager.

EMS Script

Enter the below script into EMS and this will export the results into a .csv file:

Get-Mailbox -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv C:sharedmailboxpermission.csv –NoTypeInformation

where:

  • C:sharedmailboxpermission.csv = CSV save location and file name (don’t actually save to the root of your C: drive – that is stupid and usually throws a permissions error!)

Once the script has completed going through the Exchange databases, it will out the CSV to the location that you specified in the script.

What more can make my life easier?

Well, we have a number of Powershell scripts available here which might help you out. Otherwise, just that a browse around our site and see what you can find. In the top right is a search function too.

Feedback

If you have any questions or feedback on this guide, please feel free to leave us a message below in our comments section and we will try and get back to you as soon as we can.

Powershell – Export all Active Directory User Information to CSV

powershell

If you need to export all Active Directory user information to CSV, then you can use a simple Powershell script to carry this out. First Import the Active Directory module: Then get the user information from Active Directory. For the example below we are just going to grab all information, hence the * wildcard, but … Read more

Powershell – Export Active Directory User Last logged on information to CSV

powershell

If you want to export all your Active Directory users last logged on information, you can carry this out using Powershell and then exporting to CSV format.

Guide

First of all, you will need to import the ActiveDirectory module if you have not already done so. To do this, just open up a Powershell command box and run the following script:

Import-Module ActiveDirectory

Once this has completed, you can now add the below script into a PS1 file or use PowerShell ISE to run it:

Get-ADUser -Filter * -SearchBase "DC=techygeekshome,DC=info" -ResultPageSize 0 -Property CN, Description, LastLogonTimestamp |
Select-Object -Property CN, Description, @{ n = "LastLogonDate"; e = { [datetime]::FromFileTime( $_.lastLogonTimestamp ) } } |
Sort-Object -Property CN, Description, LastLogonDate |
Export-CSV -NoTypeInformation "C:\TGH\lastlogon.csv"

This will then export to CSV file where you enter the location at the end of the script.

Feedback

If you have any questions or feedback on this post then please feel free to leave us a message below using our comments section and we will get back to you as soon as we can.

Powershell – Export all members of all AD Security Groups to CSV

powershell

Powershell is an awesome tool and can help IT professionals in gathering information in a split second whereas otherwise it could take hours manually.

We were recently asked to carry out a number of tasks for information gathering for annual housekeeping. The tasks were varied but were made up of information from Active Directory and Exchange. This meant that we could use Powershell and Exchange Management Shell to get this information quickly and efficiently.

So, over the next few weeks we thought we would share our Powershell and Exchange Management Shell scripts on our blog here so that they can be reused by others.

This is our first script but you can visit our Powershell category to find many more that we have posted on here in the past and the many more we will be posting over the next few weeks.

Export all members of all AD Security Groups to CSV

For our first Powershell script, we were asked to provide a few list of all Active Directory Security Groups, their members and provide it in Excel format. So, below is the script we used to get the information and then export it to CSV file format.

Get-ADGroup -filter "Groupcategory -eq 'Security' -AND GroupScope -ne 'DomainLocal' -AND Member -like '*'" |
foreach {
Write-Host "Exporting $($_.name)" -ForegroundColor Cyan
$name = $_.name -replace " ","-"
$file = Join-Path -path "C:\TGH" -ChildPath "$name.csv"
Get-ADGroupMember -Identity $_.distinguishedname -Recursive |
Get-ADObject -Properties SamAccountname,Title,Department |
Select Name,SamAccountName,Title,Department,DistinguishedName,ObjectClass |
Export-Csv -Path $file -NoTypeInformation
}

where:

  • “C:\TGH” = CSV output directory
  • $name.csv – this will automated create a filename, or you can amend this how you want it.

What this will do is output a CSV file with all Active Directory Security Groups and all user accounts that are in each security group. You can then if you wish convert this to XLSX within Excel.

Feedback

If you have any questions or comments on this guide, please feel free to leave us a message below using our comments section.

Exchange Shell – Get all shared mailboxes with primary SMTP

Exchange 2013 1

We recently received a request to provide a project manager with a full list of all shared mailboxes with their primary SMTP addresses that were in Microsoft Exchange.

To do this is a pretty straight forward task using Exchange Management Shell (EMS).

Just go ahead and open your EMS and run the following command:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Select Identity,Alias,DisplayName,primarysmtpaddress | sort displayname

This will go through your Exchange environment and give you a list of all shared mailboxes, their name and the primary SMTP address for each Shared Mailbox.

If you want to export this information to CSV, use the command below:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Select Identity,Alias,DisplayName,primarysmtpaddress | sort displayname | export-CSV C:\TGH\sharedmailboxes.csv

where:

  • C:\TGH\sharedmailboxes.csv = the filepath where you want to save your CSV file

This will then export all the information into a CSV file where you specified in your command line.

Feedback

If you have any questions or feedback on this guide, please feel free to leave us a message below in our comments section and we will get back to you as soon as we can.

Import Active Directory Powershell Module

powershell

If you want to use Active Directory modules for Powershell then you can will need to run the commands to import the required module and then install the RSAT tools.

To do this, open up an elevated Powershell command box and run the following command to import the Server Manager module:

Import-Module ServerManager

Import Active Directory Powershell Module 1

Once that has completed, then run the following command to install the required Remote Server Administration Tools (RSAT) feature:

Add-WindowsFeature RSAT-AD-PowerShell

Import Active Directory Powershell Module 2

For it to work you need at least one Domain Controller in the domain as Windows Server 2008 R2 or above and have Active Directory Web Services (ADWS) installed on it.

You should now be able to use Active Directory commands within Powershell.

Feedback

If you have any questions or feedback on this post, please feel free to leave us a message below in our comments section.