Author: Steve Man

“Can’t remove the access control entry on the object “CN=TestUser,DC=xyz,DC=com” for account “xyzsteve” because the ACE doesn’t exist on the object.”

Scenario:  You are attempting to remove the full access permission on a mailbox by running the remove-mailboxpermission command:

remove-mailboxpermission TestUser -user steve -accessrights Fullaccess -confirm:$False

But you are receiving this error :

Warning= “Can’t remove the access control entry on the object “CN=TestUser,DC=xyz,DC=com” for account “xyzsteve” because the ACE doesn’t exist on the object.”

Clearly the permission exists when you check with the get-mailboxpermission.

 

Solution:  Append the -deny:$True to the end of the powershell command and try it again.

remove-mailboxpermission TestUser -user steve -accessrights Fullaccess -confirm:$False -deny:$True

Get-ADUser to find Exchange Mailboxes

Scenario:  You want to use Get-ADUser to find all Exchange mailboxes in your environment.

Scriptlet:   Running the following will provide you with the detail:

#First, lets store some results into $1 for every mailbox
$1 = Get-ADUser -filter {HomeMDB -ne ‘$null’} -Properties MailNickName, HomeMDB, DisplayName| Select MailNickName, HomeMDB, DisplayName

 

#Now its time to play with your data

#Grab a count of mailboxes Excluding the HealthMailboxes
($1 | Where MailNickName -notlike “HealthMailbox*”).Count

#Grab a count of mailboxes per DB Excluding the HealthMailboxes
$1 | Where MailNickName -notlike “Healthmailbox*” | Group HomeMDB | Sort Name

#Filter mailboxes on a specific database
$1 | Where HomeMDB -like “CN=DB01*”

 

Cannot View Free/Busy information of user after Outlook 2016 client upgrade

Scenario:  After a Outlook client upgrade to 2016, you notice that you cannot view/alter the calendar of someone you have delegated permissions for in the Outlook client. OWA works fine and you can still view/alter the calendar through a Outlook 2013 client.

Resolution:  We found that the WindowsEmailAddress is:

  • Different than the PrimarySMTPAddress
  • not a email alias for the mailbox (The WindowsEmailAddress shows a alias that is not in the proxy addresses/Emailaddresses).

Change the WindowsEmailAddress to an address that matches the PrimarySMTPAddress (which is a alias/proxyaddress for the mailbox)

Set-Mailbox jdoe1 -windowsemailaddress <whatever the primarysmtpaddress is>

Get a list of all users that have a target address of a specific domain

Scenario:  You wish to see how many remote mailboxes have the correct email domain configured for their remote routing address (TargetAddress).  You want to perform a AD PowerShell query for speed.

Scriptlet:

Get-ADuser -filter {TargetAddress -like “*.mail.onmicrosoft.com”} | Select Name, TargetAddress

OR you just want a count:

(Get-ADuser -filter {TargetAddress -like “*.mail.onmicrosoft.com”} | Select Name, TargetAddress).count

Format the TLSCertificateName in a SendConnector so it uses the X.509 certificate value

Scenario:  You need to change the TLSCertificateName for the send connector because you recently upgraded your certificate.  (Get-sendconnector | Select Name, TLSCertificateName)

Solution: Perform the following steps:

#Pull the Cert Info into a Variable:

$TLSCert = Get-ExchangeCertificate -Thumbprint <Thumbprint> -server <Servername>

#Format the CertName so it an acceptable value for the TLSCertificateName property

$TLSCertName = “<I>$($TLSCert.Issuer)<S>$($TLSCert.Subject)”

#Set the TLSCertificateName for the send connector:

Set-SendConnector <Name of send connector> -TLSCertificateName $TLSCertName

 

 

 

 

 

Check MountPoints for Database

Scenario:  You use mountpoints in your Exchange organization and you want to check for specific disk information for your mountpoints by database name.   Note: The label of the mountpoint reflects the database name.

Script:

 

#Enter the DB Variable
$Db = "DB01"
#Script
$Servers = Get-mailboxdatabasecopystatus $DB | Select -ExpandProperty MailboxServer
$1 = @()
$Servers | %{
    "Checking on $_ for $Db"
    $1+= Invoke-Command -Computer $_ -argumentlist $db -ScriptBlock {Get-WmiObject win32_volume | Where label -like $args[0] | Select Name, Label, FreeSpace, FileSystem, SerialNumber}
}
#ViewResults
$1

 

User PowerShell to send a test email that allows you to insert custom header information

Scenario:  You want to test the ability to send a test email that includes custom header information within the message.  You plan on using this custom header information to perform a logical action based off the header value.

Scriptlet:

[string[]] $To = "steve@domain.com","chris@domain.com”
[string] $Subject = "Testing for custom header info"
[string] $Body = "testing 123 "
[string] $SmtpHost = "smtp.domain.com"
[string] $From = steve@domain.com
$email = New-Object System.Net.Mail.MailMessage
foreach($mailTo in $to)
{
    $email.To.Add($mailTo)
}
$email.From = $from
$email.Subject = $subject
$email.Body = [string]::Format("{0}",$body);
$email.Headers.Add("X-Test", "true");
$email.Headers.Add("X-Test2", "false");
## Send the mail
$client = New-Object System.Net.Mail.SmtpClient $smtpHost
$client.UseDefaultCredentials = $true
$client.Send($email)

Failure downloading upgrade list: received invalid update manifest response

Scenario:  When upgrading Cisco Email Security Appliances, you may run into the following error when upgrading from one OS to the next:

Error:  Failure downloading upgrade list: received invalid update manifest response

Solution: Check where the server is pointing to for pulling the list of updates:

Run the following commands via the CLI:

  • Updateconfig
  • dynamichost
  • update-manifests.sco.cisco.com:443
  • Commit

Cleanup Mobile Devices older than 180 Days

Scenario:  You want a script that will remove all mobile devices older than 180 days.  You also want to report the CAS Mailboxes that have a mobile device partnership and the list of mobile devices removed.

Scriptlets:

Here are the commands broken down by output type:

#Collect CasMailboxes with Mobile Devices
$cas = Get-CASMailbox -ResultSize unlimited –Filter {(HasActiveSyncDevicePartnership -eq $true)} | Select -expandproperty Identity

#Export a List of Cas Mailboxes
$cas | Sort | Export-csv C:tempCASmailbox.csv 

#Collect devices older than 180 days old
$device = @()
$cas | sort | %{
"Checking $_" 
$device += Get-MobileDeviceStatistics -Mailbox $_ | Where-Object {$_.LastSuccessSync -le ((Get-Date).AddDays(“-180”))} 
}

#Export-csv Stale Devices
$Device | Export-csv C:tempStaleDevices.csv

#Remove Mobile Devices
$Device | Remove-mobiledevice -confirm:$false