Scenario: You want to flush DNS client cache on multiple remote computers.
Script:
$1 = get-exchangeserver Ex*
$1 | %{Invoke-Command {Clear-DnsClientCache} -ComputerName $_.name}
Category: Powershell
MSexchangeHMWo restarted server
Scenario: A Exchange 2013 Server rebooted on its own. After reading the memory dump file, you see the information below. We need to determine what caused this and how to prevent a reboot.
ModuleName: wininit.exe
Process_Name: MSexchangeHMWo
Default_Bucket_ID: WIN8_Driver_Fault_Server
Solution: We know that Exchange’s Health Manager rebooted the server for us automatically, but why? First we need to figure out which responder did this. On the server that rebooted, run the following Powershell:
$1 = (Get-WinEvent -LogName Microsoft-Exchange-ManagedAvailability/* | % {[XML]$_.toXml()}).event.userData.eventXml| ?{$_.ActionID -like “*ForceReboot*”}
$1 | Select ActionID,RequesterName
Now that we have the requestername, you can choose to troubleshoot the requester and put in a global monitor override so it does not restart the server anymore. In our scenario, ServiceHealthActiveManagerForceReboot was the responder that rebooted our servers so we applied one of the following Global Monitoring Overrides to prevent the reboot.
Add-GlobalMonitoringOverride -Identity ExchangeServiceHealthActiveManagerForceReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 -ApplyVersion 15.00.1210.003
OR
Add-GlobalMonitoringOverride -Identity ExchangeServiceHealthActiveManagerForceReboot -ItemType Responder -PropertyName Enabled -PropertyValue 0 -duration 60.00:00:00
Determine who has a mailbox and remote mailbox via AD Powershell
Scenario: You have a list of username’s in a .csv file with a column header labeled: name. You want to quickly determine which usernames have a Mailbox and RemoteMailbox.
Script:
Import-module ActiveDirectory $Members = Import-csv C:sharecvusers.csv | Select -ExpandProperty Name $Members = $Members | Sort $Members_OnPrem = @() $Members_o365 = @() $Members | %{ "$_" $type = Get-ADUser $_ -properties msExchRecipientTypeDetails | Select -ExpandProperty MSexchRecipientTypeDetails If ($type -eq "1"){$Members_OnPrem += $_} If ($type -eq "2147483648"){$Members_o365 += $_} }
Performing a Search-Mailbox with complex search criteria
Scenario: Batman is at it again. He is now under litigation hold for attacking Superman and you want to search in Superman’s mailbox for any message that was received and sent by Batman, or specific terms were in the Subject, Body, or attachments. You are only interested for messages sent after 1/1/2012.
Script:
Search-Mailbox Superman -SearchDumpster -SearchQuery "(Received:1/1/2012..5/18/2016) AND (To:Batman@DC.com OR From:Batman@DC.com OR CC:Batman@DC.com OR BCC:Batman@DC.com OR 'Batman' OR 'Bruce' OR 'Wayne')" –targetmailbox BobTheLawyer -loglevel full -targetfolder "Search_Batman"
Test-ActiveSyncConnectivity to verify EAS is working properly
Scenario: You want to test whether ActiveSync (EAS) is working properly. You can use the following script to determine if EAS is failing on any of your Exchange Client Access Servers:
Script:
#Gather Credentials for the Test User into a variable $1 = get-credential ("DomainEASTestuser") #Gather Servers into a variable $Servers = Get-clientaccessserver #Define your collection variable $EAS = @() #Loop through each server and test $Servers | %{$EAS += Test-ActiveSyncConnectivity -AllowUnsecureAccess:$true -ClientAccessServer $_ -MailboxCredential $1 -lightmode}
Use PowerShell to filter by or count when files were created.
Scenario: You suspect that logs are not being generated properly and you want to find the logs or count the logs based on any log created after a specific date.
#View the file information for the logs: Get-ChildItem "\Ex2013Server1C$Program FilesMicrosoftExchange ServerV15LoggingHttpProxyEas" | Where-Object { $_.CreationTime -gt [datetime]"2016/05/17" } | Sort-Object CreationTime | Format-Table Name, CreationTime #Count the Logs (Get-ChildItem "\Ex2013Server1C$Program FilesMicrosoftExchange ServerV15LoggingHttpProxyEas" | Where-Object { $_.CreationTime -gt [datetime]"2016/05/17" } | Sort-Object CreationTime | Format-Table Name, CreationTime).count
Powershell Data Formatting
Scenario: You have collected information into a variable, and you want to run different formatting commands against that variable to performs tasks such as Sorting, Grouping, Selecting, Ect.
Don’t forget the Pipe! $final | Sort name
Example of the command you ran:
$final = get-mailboximportrequest -batchname ‘502’
#To display all properties:
$final | FL #List Style
$final | Select * #Table or List Style
$final | FT # Table Style
#Sorting based on a property:
$final | Sort Identity #Ascending Order
$final | Sort Identity -Descending #Descending Order
$final | Sort -unique # Sorts Unique Values
#Grouping based on a property
$final | Group RequestQueue #Provides a Count of number of objects in array based on the value of the RequestQueue. $final | Group Request Queue | Sort Count #Same as command above by sorts by the count of the value of the Request Queue
# Where statements: Filter your variable based on a Property Value with
$final | Where Status -ne Completed $final | Where {$_.Status -ne "Completed"} $final | Where Status -like "*Failed*" $final | Where WhenCreated -gt "5/3/2016 2:00:00 PM" #common conditions: -eq equals -ne not equals -gt greater than -ge greater than or equal -lt less than -le less than or equal -like Contains -notlike Does not contain
#Rename a Property
$final | Select Identity, @{Name="Database";Expression={$_.RequestQueue} #this will display the request queue as the headername of Database.
Number of Mounted Databases on All Servers
Scenario: You want to check the number of mounted databases on all of your exchange servers and sort by count.
Script:
Get-MailboxServer servers* | Get-Mailboxdatabasecopystatus | Where status -like Mounted |group activedatabasecopy |sort count |select count,name
Monitor Registry Key via Powershell for Remote Computers (Monitor SSLv3)
Scenario: You have a registry key you want to monitor and to alert you if the value changes. We noticed after the install of Exchange 2013 CU11, it enabled SSLv3 which was manually disabled before.
Script:
#Start #Define Server Collection $Servers = Get-ExchangeServer | Where AdminDisplayVersion -like "Version 15*" #Loop for SSLv3 $sslv3_svr = @() #Create Array Variable $Servers | %{ $Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $_.name) $RegKey= $Reg.OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server") $SSLv3 = $RegKey.GetValue("Enabled") If($SSLV3 -ne 0){ $sslv3_svr += $_.name } } #Email it $body ="" $smtp = "smtp.domain.com" [string[]]$to = "steve@domain.com","Batman@domain.com" $from = "SSLv3Monitor@Domain.com" $subject = "SSLv3 monitor" $body += "<b><Font color=#0404B4>SSLv3 is enabled on the following server and needs to be turned off: </b></font><br><br>" $body += "<Font color=red>$sslv3_svr</font><br><br><br>" send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml -Priority high
Mail automatically deletes itself as soon as it enters into the Inbox.
Scenario: A mailbox was recently created and every time mail is sent to this mailbox, it immediately deletes from the Inbox.
You have already verified that there are no mailbox rules, mobile devices, and applications that are causing this behavior.
Solution: Check the RecipientType of the mailbox that was created by running the following command:
get-recipient iBroke
We had a mailbox that was incorrectly configured as a Room Mailbox and this mailbox needed to be a normal user mailbox. The automatic calendar processing was immediately deleting this message. We resolved this issue by running:
Set-Mailbox iBroke -Type Regular
Ex-Shell 