Showing posts from July, 2017

Microsoft Exchange Server and .Net Framework Compatibility

Microsoft Exchange is a product that relies on the .NET Framework heavily. The Exchange Server Supportability Matrix  describes the .NET requirements for each Exchange Server version among other requirements and compatibility with other software. When updating Exchange, you have to check if your current .NET version is supported and if not upgrade it. Moreover, there might be post installation steps - e.g. security update installation - that you have to take. In case you're skipping a few CU levels, you might not be able to update directly to the desired CU level. For example, if you are currently on CU 12 and want to update to CU 17, you have to update to CU 15, update the .NET Framework to version 4.6.2 that is supported by CU 15 and CU 16 and later and then update to CU 17. Another task regarding the .NET Framework is to block the installation of feature versions that are not supported by your Exchange version. This is accomplished by updating the registry, usually using a

Active Directory Group Membership Recursively

A few days ago, I published an article on how to use the "Get-ActiveDirectoryGroupMember" function to get all the objects that are members of a group recursively. With this article, I'm going to show you how to use the "Get-ActiveDirectoryMembership" function in order to get all the groups that an object is a member of  recursively. As always, my user account will be the test subject! When I get the groups that I am a member of, the list contains only the groups that I am a direct member. PS C:\> $user = Get-ADUser cpolydorou PS C:\> Get-ActiveDirectoryGroupMembership -Identity $user.DistinguishedName Name                    DistinguishedName ----                    ----------------- Domain Admins           CN=

Creating Self Signed Root and Server Certificates

Certificates are a requirement for almost all communications in order to be secure. The purpose of this article it to describe the process of creating a Root CA certificate and then a Server certificate signed by the first. This is very useful when developing or testing an application and you do not have a CA set up or budget to buy a certificate. The following command will create a Root CA certificate in the Personal folder of the current user certificate store. $RootCert = New-SelfSignedCertificate -DnsName "CPolydorou Root CA" ` -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyLength 4096 ` -KeyUsageProperty All ` -KeyUsage CertSign,CRLSign,DigitalSignature ` -KeyExportPolicy Exportable ` -KeyAlgorithm RSA ` -FriendlyName "CPolydorou Root Certification Authority Certificat

Updates to the Foreach-Object-Parallel function

One of the most used functions of the CPolydorou.General module is "Foreach-Object-Parallel". This function allows us to execute PowerShell commands in parallel. This is accomplished by using new PowerShell runspaces and the most recent enhancement allows us to feed the runspaces with parameters. First, a quick example of the ForEach-Object-Parallel function. PS C:\> (0..5) | ForEach-Object-Parallel -MaxThreads 2 -ScriptBlock {$_; Start-Sleep -s 2} 0 1 2 3 4 5 This does not seem that much but if you execute the above command, you'll notice that the numbers appear in pairs due to the MaxThreads being set to "2". Each object passing the pipeline is being passed to the scriptblock of the Foreach-Object-Parallel function and can be accessed using the $_ variable. The issue here is that since the scriptblock is executed on another PowerShell runspace, all the variables of the original runspace are not available. Let's see how the enhancemen

Get Active Directory Group Members Recursively

A very common scenario when assigning permissions is having nested security groups. Although this is an easier way to manage the permission delegation, is adds complexity when there's the need to determine whether a principal is granted the permission or getting a list with all the principles involved. The CPolydorou.ActiveDirectory module now includes a function that is the solution to the problem. The Get-ActiveDirectoryGroupMember function will return all the objects that are members of a specified Active Directory group. The "-Recurse" parameter will query Active Directory and return all the members of the group recursively. This way, we are able to get a list of all the objects that are granted a permission without having to consider the nested groups. Let's take a quick look at an example. We have a group named "NestedGroup" that the user CPolydorou is a member of. This group is also a member of another group named "Group". PS C: