Category: Powershell

ComputerCarriage > Posts > Powershell
Compress and Archive IIS logs using PS Script

Compress and Archive IIS logs using PS Script

The low disks space may lead to cause service outage to the customer if that unnoticed.
As we know most of the disk space gets occupied by log files and that could be any log files on windows or third party application running on windows.

Exchange servers can consume lot of IIS log files over time.As a best practice administrators configure IIS to store logs on a different disk to avoid problems, rest will wait for free disk space alerts and manually remove old logs from time to time.

Exchange 2013 Cumulative Update installation Best Practices – Part 2

This article will continue demonstrate the remaining step by step installation procedure for installing cumulative update for Exchange 2013 DAG

Cumulative Update

Send & Receive connectors configuration Backup

Once you done with the exchange virtual directories backup as mentioned in the part 1 make sure to export the configuration of Send & receive connectors . This result will help you to refer in case any mismatch occur in send & receive connector configuration post CU upgrade

Open exchange PowerShell and run the following commands to take the send and receive connector backups,

$FormatEnumerationLimit =-1

Get-sendConnector | fl | Format-List | Out-File “C:\sendconnector.txt”

Get-ReceiveConnector -Server | fl | Format-List | Out-File “C:\erver1_Receiveconnector.txt”

Disable Services

Prior to cumulative update upgrade disable third party and below services.This will help you to upgrade the cumulative update smoothly

  • BES Client
  • Antivirus services
  • Monitoring appplication services
  • Qualys Cloud Agent
  • SplunkUniversalForwarder
  • Scan mail for Exchange
  • Backup Services ( Data Protector , Netbackup )

OWA Customization Backup

In case if your organization / customer customized their owa page then you have to take the backup of owa theme from the following path

c:\program files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\15.0.1365\themes)

Certificate Revocation

Starting with IE 7.0, server certificate revocation checking is enabled by default.You can disable this feature by clicking Internet Options on the Tools menu, selecting the Advanced tab, and uncheck the Check for server certificate revocation check box as shown in the figure. You need to restart IE in order for this setting to take effect.

Disabling the revocation check in production environments isn’t recommended, so you must make sure to enable it again after cumulative update upgrade. Certificate revocation checking protects your clients against the use of invalid server authentication certificates either because they have expired or because they were revoked (e.g., when a server certificate was compromised).

certificate revocation
certificate revocation

Execution Policy

By default execution policy is Unrestricted. In case your organization configured the execution policy to RemoteSigned or Restricted then make sure to set the value to Unrestricted by using the following command

Set-ExecutionPolicy Unrestricted

Make sure to revert back the value to original once the cumulative update is over

Upgrade cumulative update

You can download the cumulative update from Microsoft download center.In this article i am going to show you how to upgrade cumulative update 23 .You can download the cumulative update 23 from the below given link

https://www.microsoft.com/en-us/download/details.aspx?id=58392

Once the cumulative update downloaded you can extract the file in to the separate folder.

Cumulative updates and Service Packs should be installed in the internet-facing site first, before installing in other sites in the organization.

  • The first servers to be updated in a site are the Mailbox servers.
  • The Client Access servers are updated second.
  • Edge Transport servers can be updated last.

Now the scenario we are going to see is upgrading the cumulative update on multi role server ( Mailbox , CAS & HUB ) infrastructure

So before start the upgrade, put the server in to the maintenance mode by manual or inbuilt script. Here we are going to use the inbuilt script to put the server in to maintenance mode

The entire process can be done from the Exchange Shell.

To start open EMS and go to:

C:\programs files\micrsoft\exchange server\v15\scripts

In the first step we put the first Exchange server In the DAG Into maintenance mode by typing the cmdlet below:

C:\programs files\micrsoft\exchange server\v15\scripts>.\StartDagServerMaintenance.ps1 –servername Server1

Once run all DBs will move to the second Exchange server

To verify that the server is In maintenance mode type:

Get-databaseavailabilitygroup –status | fl name, server*

DAG Maintenance

Cumulative updates can be applied using either the command line or graphical setup whichever you prefer.Follow the pre-installation processes outlined earlier in this article.

Do not run the upgrade from the Exchange Management Shell as this will cause it to fail due to locked files.
Run the upgrade from an elevated command prompt.

Upgrading Using the Command Line

In an elevated command prompt run the following command from the location where you extracted the cumulative update files.


Setup /m:upgrade /IAcceptExchangeServerLicenseTerms

The command prompt window will display the progress as the upgrade proceeds.

CU_Update

After the cumulative update has been install restart the server once prompted to do so.

If you had placed the server into maintenance mode then you can run the inbuilt script for stopping maintenance mode after the installation is finished

C:\programs files\micrsoft\exchange server\v15\scripts>.\stopDagServerMaintenance.ps1 –servername Server1

Once the cumulative update completed on all servers you can use the in built RedistributeActiveDatabases.ps1 script to redistribute the database based on activation preference

.\RedistributeActiveDatabases.ps1 –DagName DAG1 –BalanceDBsByActivationPreference –Confirm:$false

To verify and confirm the exchange build number post cumulative upgrade you can run the below command to list down for all servers as shown below

$servers=get-exchangeserver -identity servername*
$servers | foreach { Invoke-Command -ComputerName $_.name -ScriptBlock {Get-Command Exsetup.exe | ForEach-Object {$_.FileversionInfo} } }

Cumulative upgrade 23

Note : Above is the product version of Cumulative update 23 and Security Update For Exchange Server 2013 CU23 (KB4536988)

Exchange 2013 Cumulative Update installation Best Practices – Part 1

Exchange 2013 Cumulative Update installation Best Practices – Part 1

This article will demonstrate the step by step installation procedure for installing cumulative update for Exchange 2013 DAG

Microsoft support policy on CU:

Microsoft will support last two cumulative update updates, so currently they will support cumulative updates 22 & 23 . The cumulative updates will get released every 3 to 6 months once.

Below are the best practices which needs to be considers before the CU upgrade

  • Make sure to install & test the CU update in the DEV / Test environment before into the production
  • If you don’t have dev / test environment, consider to waiting for a week or two from the date of CU release before installing the update into production
  • Make sure to have a good exchange & AD full back up before the upgrade
  • Backup if any customized configuration exists in the environment (Like any customization done in owa theme)
  • Backup all virtual directory configurations
  • If the cumulative update requires active directory schema update, please make sure you have the required rights / permission for your account
  • As a best practice always run the schema update from the domain controller not from the exchange server
  • Make sure to deselect “Check for Publisher’s certificate” and “Check for server certificate revocation”, from Internet Explorer -> Internet Options, Advanced tab, Security options
  • Disable antivirus software & services
  • Disable backup services to make sure no backup running during the time of cumulative update
  • Always make sure to run the cumulative update from the elevated command prompt
  • Download the CU from Microsoft download center and extract the downloaded file
  • Put the DAG member into maintenance mode (if required)
  • Upgrade active directory schema (if required)
  • Install the CU update
  • Take out the DAG members from maintenance mode
  • Reboot the servers before and after cumulative upgrade for smoother upgrade
  • Make sure to do the required server health checks and end to end client post checks after the CU upgrade.
  • As part of prerequisite if the version Cumulative update requires .Net Framework version to get updated then make sure the required version of .Net frame work updated in exchange servers as well as the Domain controller from where you are updating the schema.

Here is the wiki link for Microsoft to verify the CU built number and link for download the CU`s

https://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollup-build-numbers.aspx

Exchange 2013

Cumulative Update

Configuration Backup

You can use the following command to take the configuration backup of your environment especially virtual directories, which will help you in case if any configuration mismatch occur post CU upgrade

  • Get-OwaVirtualDirectory -Server | fl > owavirdir.txt
  • Get-EcpVirtualDirectory -Server | fl > ecpvirdir.txt
  • Get-ActiveSyncVirtualDirectory -Server | fl > ASvirdir.txt
  • Get-WebServicesVirtualDirectory -Server | fl > Webservvirdir.txt
  • Get-OabVirtualDirectory -Server | fl > oabvirdir.txt
  • Get-MapiVirtualDirectory -Server | fl > mapivirdir.txt
  • Get-OutlookAnywhere -Server | fl > outlookanywhere.txt
  • Get-ClientAccessServer -Identity | fl > CAS_Server.txt
  • Get-mailboxServer -Identity | fl > MBX_Server.txt
  • Get-transportServer -Identity | fl > Transport_Server.txt

Active Directory Schema Update

As mentioned earlier some cumulative update versions does required to update the active directory schema before actual exchange CU update

For Exchange 2013 , you can refer the below link for Exchange 2013 objects in Active Directory that get updated each time you install a new version of Exchange 2013. You can compare the object versions you see with the values in the table below to verify that the version of Exchange 2013 you installed successfully updated Active Directory during installation

https://docs.microsoft.com/en-us/exchange/prepare-active-directory-and-domains-exchange-2013-help

For Exchange 2013 CU update , below objects in Active Directory that get updated from the previous version

You can use the following commands to verify the object version and range Upper value in your environment before and after the schema update

  • Get-ADObject -Identity “CN=ms-Exch-Schema-Version-Pt,CN=schema,CN=configuration,DC=contoso,DC=net” -properties rangeUpper | select rangeUpper | format-List
  • Get-ADObject -Identity “CN=sternauto,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=net” -properties objectVersion | select objectVersion | Format-List
  • Get-ADObject -Identity “CN=sternauto,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=net” -properties msExchProductId | select msExchProductId | Format-List
  • $RootDSE= ([ADSI]””).distinguishedName

([ADSI]”LDAP://CN=Microsoft Exchange System Objects,$RootDSE”).objectVersion

Below is the sample object version and range update value of the environment which captured before CU 23 upgrade

Cumulative Update

You can find the remaining procedure for cumulative update in Exchange 2013 Cumulative Update installation Best Practices – Part 2

Remove orphaned users and groups from legacy public folder ACL in Exchange

Remove orphaned users and groups from legacy public folder ACL in Exchange

Remove orphaned users and groups from legacy public folder ACL in Exchange
Posted on May 18, 2020 by Anandan
When you are doing the public folder migration (legacy to modern) chances are there for migration to get failed if the orphaned users (deleted users ) still being part of public folders

In these scenarios we must remove the orphaned users from the public folders for the successful public folder migration.

AD Powershell Scripts – for New Active Directory user creation

AD Powershell Scripts – for New Active Directory user creation

Hello All

We all know that there are many ways to create user accounts in Active directory like below :

  • Creating new users with Active Directory Administrative Center
  • Creating new with Active Directory Users and Computer
  • Creating new users with the dsadd command
  • Creating new users user powershell scripts (PS1)

But as a admin you all know powershell script will makes your work easy with less effort and zero error.

To help you in this part we have shared very simple powershell script below which helps you to creates a new active directory(AD) user account in single or bulk. 

and of course, there are plenty of scripts already available in internet but what I noticed and which makes me to write this post is most of the freely available scripts are just downloadable – that’s it, no reference or explanation which is quite hard for the system admin who has null/less experience with scripting to get modified based on their requirement. 

Here in this post I tried to give detailed insight in a simple way about the script for system admins who have less/null experience with scripting so that they can use it directly or alter this flexible script as per their requirement. 

Let’s jump.

Very first thing, to run this script you need active directory powershell module and privilege to create AD user object in your AD domain.

Admin has to type and save the new users details in the newusers.csv before running the script.

Below is the script on the on bold # statement I have given the explanation for the code for your better understanding. Please revert incase of any feedback or query.

AD Powershell Scripts

#Enter a path to your import CSV file
Import-Module ActiveDirectory
$ADUsers = Import-csv C:\scripts\newuser\newusers.csv # This is the file where we will input new users details

foreach ($User in $ADUsers) #For loop capture the details of new users feeded in the above CSV file and stores it in the respective variable
{
$OU = "<OU Path>" #Specify DN of the OU where you wish to create account
$Username = $User.username
$Password = $User.password
$FullName = $User.FullName
$Firstname = $User.firstname
$Lastname = $User.lastname
$DisplayName = $User.DisplayName
$Title = $user.Title
$Department = $User.department
$Manager = $User.Manager # provide manager's AD Samaccount Name in the csv file
$OfficePhone = $User.OfficePhone
$MobilePhone = $User.MobilePhone
$Company = "<Organization's Name>" # Specify organization name
$Country = "<Country Code>" # Specify county code e.g., US for USA, DE for Germany
$GroupName1 = "<Group Name>" # Specify Group name if you want to add user in the any of the group
$GroupName2 = "<Group Name>" # Specify Group name if you want to add user in the any of the group

#Check if the user account already exists in AD
if (Get-ADUser -F {SamAccountName -eq $Username})
{
#If user does exist, output a warning message
Write-Warning "A user account $Username has already exist in Active Directory."
}
else
{
#If a user does not exist then create a new user account

#Account will be created in the OU listed in the $OU variable in the CSV file; don’t forget to change the domain name in the"-UserPrincipalName" variable
New-ADUser `
-SamAccountName $Username `
-UserPrincipalName "$Username@abc.com" `
-Name $FullName `
-GivenName $Firstname `
-Surname $Lastname `
-DisplayName $DisplayName `
-Title $Title `
-Department $Department `
-Manager $Manager `
-OfficePhone $OfficePhone `
-MobilePhone $MobilePhone `
-Company $Company `
-City "Doha" `
-Country $Country `
-Enabled $True `
-ChangePasswordAtLogon $True `
-Path $OU `
-emailaddress "$username@abc.com" `
-AccountPassword (convertto-securestring $Password -AsPlainText -Force) 

write-host $userName 'has been created' -foregroundcolor DarkGreen

#Adding newly created user to the security groups (if any)

Add-ADGroupMember -Identity $GroupName1 -Members $userName
write-host 'Account' $userName 'added' on $GroupName1 -foregroundcolor DarkGreen
Add-ADGroupMember -Identity $GroupName2 -Members $userName
write-host 'Account' $userName 'added' on $GroupName2 -foregroundcolor DarkGreen

}
}

And this is how  the CSV file will look like.

You can download the script & csv file template in the below Github link

GitHub

Refer below link to learn more AD powershell module cmdlets

https://docs.microsoft.com/en-us/powershell/module/addsadministration/?view=win10-ps

Home

AD Powershell Scripts