I’ve historically avoided importing photos into Active Directory. Not because it wasn’t a neat feature, but when you do it for one person you’ll quickly find yourself doing it for many. The other day someone asked me if there was an easier way to accomplish these imports, and so after giving it another look I found this utility -
Select a domain, user and photo and you’re off to the races!
As a precursor, complete props on this solution belong to www.ehloworld.com. Pat Richard at “Ehlo World!” has put together a PowerShell script that accomplishes the following:
-Redirects HTTP to HTTPS.
(ie; http://email.domain.com/owa to https://email.domain.com/owa)
-Catches and redirects those who forget to append /owa to the URL.
(ie; http://email.domain.com to https://email.domain.com/owa)
After trying to follow many articles on the subject, with the combination of his script and one manual action I was successfully able to implement on multiple nodes within a CAS Array. Instructions and download can be found below:
Run:
.\Set-Exchange2010RedirectSSL.ps1 -url https://email.domain.com/owa
Open “web.config” in:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa
Delete:
<system.webServer>
<httpRedirect enabled=”true” />
</system.webServer>
Download:
Set-Exchange2010RedirectSSL
If you’ve worked with Share point in any capacity then you’re well aware of it’s nature to sprawl. It’s not often, but on occasion I’ll be asked to gather working permissions on a given site collection. You can use a bit of Powershell to ease the pain of manually collecting this data.
Save the following as a .ps1, updating the site collection url for the site you’ll be collecting information on:
$site = Get-SPSite http://servername/site/collection
$groups = $site.RootWeb.sitegroups
foreach ($grp in $groups) {“Group: ” + $grp.name; foreach ($user in $grp.users) {“ User: ” + $user.name} }
$site.Dispose()
You can use the script as such:
.\script.ps1 > c:\output.txt
Which will result in something like:
Group: Site Collection ABC Members
User: Alan
User: Bobby
User: Catherine
Group: Site Collection ABC Owners
User: Alan
Group: Site Collection ABC Visitors
Group: Approvers
Group: Designers
Group: Hierarchy Managers
Group: Quick Deploy Users
Group: Restricted Readers
Group: Style Resource Readers
User: All Authenticated Users
User: NT AUTHORITY\authenticated users
Easy enough!
(Credit to this one goes to Mike Smith’s Tech Training Notes)
I’ve run across this issue a few times while importing and exporting certificates into Exchange, and again today while issuing an internal cert from my CA to a Lync Edge server. Lync will not allow you to import your external certificate unless the proper security chain is in place and the certificate being assigned has a Private Key associated with it.
If you’ve prepared an offline CSR and then grabbed the certificate from https://certauthority/certsrv, you will likely have a certificate without a corresponding Private Key.
To generate the private key, we can run a simple command to repair the certificate. Open up a command prompt and run:
certutil -repairstore my “certificate thumbprint (hash value serial number) without spaces”
To verify, open the certificate to view the details. You’ll want to confirm that there is now a small key in the lower left hand corner of the window and text that describes “You have a private key that corresponds to this certificate.”
Exporting mailboxes has changed some from Exchange 2007/2010 RTM to Exchange 2010 SP1. On one hand, it’s nice that you no longer need to install Outlook on the client you’re running the Exchange Management Tools from. On the other hand, you’ll need to create first create a share with unique permissions that Exchange can output the file to.
First, create a share that the Exchange server can reach. While specifying permissions, you’ll need to allow Full Access to the Exchange Trusted Subsystem group.
Exchange Management Shell commands:
Allows the user to perform the command:
New-ManagementRoleAssignment –Role “Mailbox Import Export” –User domain\user
(Restart the EMS after performing this command for the permissions to be recognized.)
Creates the Export Job:
New-MailboxExportRequest -Mailbox user@domain.com -FilePath “\\server\share\filename.pst”
View the progress:
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics
Notes:
An Archive Mailbox can be exported in a very similar fashion to a regular one. You’ll need to supplement the -IsArchive flag after the identity of the mailbox. Example:
New-MailboxExportRequest -Mailbox user@domain.com -IsArchive -FilePath \\server\share\filename.pst
*Be sure to name the Archive .pst output file something unique if you have already exported the primary mailbox.
After multiple iterations of home-brewed/home-hosted blogs over the years that have gone to the wayside as I’ve upgraded and migrated my lab environments, I decided it was time to throw a few bucks GoDaddy’s way and let them host something.
Expect to find tricks and shortcuts to solving annoying problems as I encounter them while working with Microsoft products. Of late, I’ve been interested in and working pretty extensively with Exchange 2010, so that will likely dominate for the time being.
Cheers!
Recent Comments