Christos Polydorou

Password expiration is a subject that troubles most helpdesk departments since users are getting locked out if they do not update their password. Today we are going to use Powershell and the ActiveDirectory module in order to create a report that will contain the information related to the passwords. The Active Directory attributes that are going to get our attention are: PasswordNeverExpires, to check if the password is set to never expire PasswordLastSet, to get the date the password was last set msDS-UserPasswordExpiryTimeComputed, to get when the password is going to expire Let's combine the above fields in order to create a report for all the users in our Active Directory: Get-ADUser -Filter * -Properties SamAccountName, ` Mail, ` PasswordNeverExpires, ` PasswordLastSet, ` msDS-UserPasswordExpiryTimeComputed | Select-Object -Prop...

Today's topic? Powershell and Scheduled Tasks! Powershell provides a much more friendlier way to interact with scheduled task using the ScheduledTask module than the sc.exe does, but lets go through the cmdlets in that module. First we have the Enable/Disable-ScheduledTask that are used in order to enable or disable a task. Then there are the Start/Stop-ScheduledTask that start or stop a task when it's running. We can use the Register/UnRegister-ScheduledTask in order to add or remove a task and Export-ScheduledTask in order to export a task to an XML file. Let me add a command that I find very useful when it comes to importing tasks from a file here: Register-ScheduledTask -Xml ( Get-Content 'C:\Temp\MyTask.xml' | Out-String ) ` -TaskName "MyTask" ` -User 'user' ` -Password 'password' – Force First we get the content of the MyTask.xml file and then we regist...

Hi, Today I'm going to write about a project I was recently involved with that involves Microsoft Exchange server and Citrix NetScaler. One on the most common scenario when load balancing Exchange servers - and any other website as a matter of fact - is that on the web server logs, the IP of the client is not the IP of the machine that makes the requests but the IP of the load balancer instead. This is normal since the connections from the clients are terminated on the load balancer and not the web server. The load balancer opens new connections towards the web servers in order to serve the request. Lets take the following architecture for example. The connection from Client1 will be terminated on the Load Balancer and then the Load Balance will create a new connection to the Server2 server. Since the connection to the web server is initiated from the load balancer, the load balancer's IP will be the client IP as far as the web server is concerned. There are two pos...

Today's topic: Active Directory and Password Expiration! Not being able to login due to an expired password is a very common scenario for Active Directory user administration. If the password for a user is not set to never expire, then a group policy will most definitely make it expire after a period of time since the last change. Our goal for today? We are going to create a report that will contain the setting for the expiration of the password, the time it was last set and the time since the change. To get that information we are going to use Powershell and the ActiveDirectory module. All it takes is a singe Get-ADUser command to get the information from Active Directory piped to a Select-Object command in order to form the output: Get-ADUser -Filter * -Properties passwordlastset, ` passwordneverexpires | Select-Object Name, ` SamAccountName, ` PasswordNeverExpires, ` PasswordL...

Today I would like to talk a bit about the Active Directory attributes related with mail flow on Exchange server. There are five settings on an exchange recipient that control mail flow (represented by the name of the Powershell parameter of the relative cmdlets): AcceptMessagesOnlyFrom AcceptMessagesOnlyFromDLMembers RejectMessagesFrom RejectMessagesFromDLMembers RequireAllSendersAreAuthenticated Let's examine them one by one! AcceptMessagesOnlyFrom When this is set, the recipient will only be able to receive messages from the specified recipients. Corresponding AD attribute: "authOrig". AcceptMessagesOnlyFromDLMembers Same as above but for the members of the specified DLs. The relative AD attribute is "dLMemSubmitPerms". RejectMessagesFrom When this is set, messages from the specified recipients will be rejected. The AD attribute behind this setting is "unauthOrig". RejectMessagesFromDLMembers Same as above but for the members o...

Hello and Happy 2017! Today I'd like to talk about removing the databases created during an Exchange 2013 setup. During the setup of Exchange 2013, two mailbox databases are created on the server, usually named like "Mailbox Database ...". Since most Exchange setups are using a Database Availability Group, I usually remove those databases and create new ones with a more useful name. Let's see those databases on a newly installed exchange server. Using the Get-MailboxDatabase cmdlet we get the databases on the server. [PS] C : \Windows\system32> Get-MailboxDatabase Name Server Recovery ReplicationType ---- ------ -------- --------------- Mailbox Database 1816881568 EXCHANGE2013A False None IT EXCHANGE2013A False Remote Systems EXCHANGE2013A False Remote PublicFolders ...

Today I would like to share some guidelines on how to apply formatting to custom powershell objects. There are many times when writing advanced functions, cmdlets and modules where a custom object is very useful, so let's start by creating an object type for our custom objects. Creating a type is very simple, you just define the type as you would in C# and then add it: add-type @' namespace TestModule.CustomObject { public class ExchangeServerMaintenanceMode { public string Name; public bool Enabled; public int ID; } } '@ I should also add here that Powershell 5 makes it even easier by allowing us to create classes directly! Now that we have added the type of our custom object, lets create some objects! $myuser = New-Object TestModule.CustomObject $myuser .Id = "1" $myuser .Name = "User1" $myuser .Enabled = $false Here, we have created a new object of type TestModule.CustomObject and we...