Showing posts from January, 2017

Active Directory: Password Expiration

Today's topic: Active Directory and Password Expiration! Not being able to login due to an expired password is a very common scenario for Active Directory user administration. If the password for a user is not set to never expire, then a group policy will most definitely make it expire after a period of time since the last change. Our goal for today? We are going to create a report that will contain the setting for the expiration of the password, the time it was last set and the time since the change. To get that information we are going to use Powershell and the ActiveDirectory module. All it takes is a singe Get-ADUser command to get the information from Active Directory piped to a Select-Object command in order to form the output: Get-ADUser -Filter * -Properties passwordlastset, ` passwordneverexpires | Select-Object Name, ` SamAccountName, ` PasswordNeverExpires, ` PasswordL

Exchange Server: Active Directory Attributes Behind Mail Flow

Today I would like to talk a bit about the Active Directory attributes related with mail flow on Exchange server. There are five settings on an exchange recipient that control mail flow (represented by the name of the Powershell parameter of the relative cmdlets): AcceptMessagesOnlyFrom AcceptMessagesOnlyFromDLMembers RejectMessagesFrom RejectMessagesFromDLMembers RequireAllSendersAreAuthenticated Let's examine them one by one! AcceptMessagesOnlyFrom When this is set, the recipient will only be able to receive messages from the specified recipients. Corresponding AD attribute: "authOrig". AcceptMessagesOnlyFromDLMembers Same as above but for the members of the specified DLs. The relative AD attribute is "dLMemSubmitPerms". RejectMessagesFrom When this is set, messages from the specified recipients will be rejected. The AD attribute behind this setting is "unauthOrig". RejectMessagesFromDLMembers Same as above but for the members o

Microsoft Exchange 2013: Removing Deafult Mailbox Databases

Hello and Happy 2017! Today I'd like to talk about removing the databases created during an Exchange 2013 setup. During the setup of Exchange 2013, two mailbox databases are created on the server, usually named like "Mailbox Database ...". Since most Exchange setups are using a Database Availability Group, I usually remove those databases and create new ones with a more useful name. Let's see those databases on a newly installed exchange server. Using the Get-MailboxDatabase cmdlet we get the databases on the server. [PS] C : \Windows\system32> Get-MailboxDatabase Name Server Recovery ReplicationType ---- ------ -------- --------------- Mailbox Database 1816881568 EXCHANGE2013A False None IT EXCHANGE2013A False Remote Systems EXCHANGE2013A False Remote PublicFolders