Wednesday, August 25, 2010

powershell - import .pst files in exchange 2010

I haven’t figured out how to get proper resultcodes or errorhandling from the “Import-Mailbox” command, but you can use your transcript file for that. See my other post for that.

You’ll need some global vars, e.g.:

$folder_with_psts="C:\exmerge\primary database export files"

Then it’s as simple as this:

function import_mailboxes()
  $UserDetails=Import-Csv -delimiter ";" $your_import_file
  foreach($UD in $UserDetails)
    $full_path_to_pst=$folder_with_psts + $username + ".pst"
    $FileExists = Test-Path $full_path_to_pst
    if ($FileExists)
      write-host "$count - $username - Ready to import ($full_path_to_pst)" -ForegroundColor Green
      Import-Mailbox -Identity $username -PSTFolderPath $folder_with_psts
      write-host "$count - $username - No matching pst file found!" -ForegroundColor Red
  write-host "Summary: Found (and hopefully successfully imported): $found, Not Found: $notfound"

Friday, August 13, 2010

Create lists of all smtp email addresses

Create .csv files from all smtp email addresses in your (exchange 2003) environment.

csvde -f groups.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=group)(mail=*))" -l "DN,displayName,proxyAddresses"
csvde -f users.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=user)(mail=*))" -l "DN,samAccountName,displayName,mail,proxyAddresses"
csvde -f contacts.csv -d "dc=home,dc=yourdomain,dc=local" -r "(&(objectClass=contact)(mail=*))" -l "DN,displayName,targetAddress"

Wednesday, August 11, 2010

Outlook 2007 - Annoyances (RSS, Online Help, Search)

When running Outlook 2007 for the first time, you get those annoying 3 questions.
Download the “2007 Office system (SP2) Administrative Template files (ADM, ADMX, ADML)” (currently for SP2) and add it to your policies. Then:

User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\
- enable the "Disable Opt-in Wizard on first run".

User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options\Preferences\Search Options\
- enable the "Prevent installation prompts when Windows Desktop Search ..."

User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools |Account Settings\RSS Feeds
- disable the "Default RSS Feeds"
- disable the "Synchronize Outlook RSS Feeds with Common Feed List"

Tuesday, August 10, 2010

powershell - mail-enable a user (exchange 2010)

This script uses the RemoteExchange calls for Exchange 2010:

. 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'
Connect-ExchangeServer -auto

And the function:

function enable_mailbox_for_existing_user([string]$username)
  $check = get-aduser -Filter { samAccountName -eq $username }
  if($check -eq $null)
    write-host "- User does not exist - ERROR" -ForegroundColor Red
    # seems like the user exists
    $mailbox_test = get-user $username | select recipienttype
    if ($mailbox_test.RecipientType -eq "userMailbox")
      write-host "- User is allready mail-enabled - WARNING" -ForeGroundColor Yellow
    if ($mailbox_test.RecipientType -eq "User")
      Enable-Mailbox -Identity $username -Alias $username | Out-Null
      write-host "- Mailbox for user created - OK" -ForeGroundColor Green

powershell - add (a user to) a securitygroup

Again, you’ll need the Windows 2008 r2 ActiveDirectory module for this to work:

import-module ActiveDirectory

Some static variables:


And the functions:

function add_security_group([string]$StrGroupName)
  $check = get-adgroup -Filter { name -eq $StrGroupName }
  if($check -eq $null)
    $ad_path = $default_securitygroup_ou + (get-addomain).distinguishedname
    New-ADGroup -Path $ad_path -name $StrGroupName -GroupScope Global -GroupCategory Security
    write-host "- Security Group created - OK" -ForeGroundColor Green
    write-host "- Security Group allready exists" -ForeGroundColor Yellow

function add_user_to_group([string]$username, [string]$security_group)
  $grp = get-adgroup -Filter { name -eq $security_group }
  if ($grp -eq $null)
    write-host "- Security Group does not exist - ERROR" -ForeGroundColor Red
    # group does exist, lets see if the users is allready a member
    $members = get-adgroupmember -Identity $security_group
    foreach ($mem in $members)
      if($mem.samAccountName -eq $username)
        $found = $true
    if ($found)
      write-host "- User is allready a member of this Security Group - WARNING" -ForegroundColor Yellow
      add-adgroupmember -identity $security_group $username
      write-host "- User succesfully added to Security Group - OK" -ForegroundColor Green

powershell - add user

In addition to the previous example it would be nice to create users from the .csv files.

You’ll need the Windows 2008 r2 ActiveDirectory module for this to work:

import-module ActiveDirectory

Also i have a couple of static variables:


And here we go:

function add_user([string]$username, [string]$plaintextpassword, [string]$group, [string]$givenname, [string]$surname, [string]$displayname, [bool]$enabled)
  # syntax: add_user f.deboer mypass$78 teacher "Boer, De" "Frank" "Boer, De, Frank" $true

  $check = get-aduser -Filter { samAccountName -eq $username }
  if($check -eq $null)
    $user_password=ConvertTo-SecureString -string $plaintextpassword -asPlainText -Force
    $ad_user_path=$default_users_ou + (get-addomain).distinguishedname
    $loginscript=$group + ".bat"
    New-ADUser -Name $displayname -SamAccountName $username -UserPrincipal "$username@$ad_domain" -AccountPassword $user_password -CannotChangePassword $true -PasswordNeverExpires $true -Enabled $enabled -ProfilePath "$share_profiles\$username" -HomeDirectory $share_users\$username -HomeDrive $homeshare_drive -ScriptPath $loginscript -GivenName $givenname -Surname $surname -DisplayName $displayname -Path $ad_user_path
    write-host "- User Created - OK" -ForeGroundColor Green
    write-host "- User allready exists" -ForeGroundColor Yellow    

powershell - parse .csv file

Powershell is ideal for bulk operations, e.g. creating lots of users in active directory.

Say we have a .csv file that looks like this:

f.deboer;f;de;boer;Boer, de, Frank;teacher;mypass$78
r.deboer;r;de;boer;Boer, de, Ronald;teacher;123pass60
m.manager;m;;manager;Manager, Mike;manager;superpassw0rd

You might want to specify some global variables first.


Now let’s create a simple function to read the file.

function readcsvfile()
  $UserDetails=Import-Csv -delimiter ";" $import_file
  foreach($UD in $UserDetails)

    echo "$username"
    echo "$password"
    # or something else you want to do with tis information

powershell - windows 2008 r2’s ActiveDirectory module

# Modules
# -
import-module ActiveDirectory

powershell - log entire session

To log your entire powershell session to a file you can use the start-transcript and stop-transcript commands.

$mypowershellapplicationdir = "c:\myapp"
$logfiledate = (get-date).tostring("yyyyMMddHHssmm") + ".txt"
start-transcript -path $mypowershellapplicationdir\logs\$logfiledate

Stop-transcript will automatically be done when leaving powershell.

Wednesday, August 4, 2010

Import and Export .pst files Exchange 2010

Currently, Exchange 2010 SP1 is still in beta. Among other new features it’s not longer necessary to install Outlook 2010 (64 bit!!) on your Exchange 2010 server.
For now you have to.

To import or export .pst files you need to get the right Role Assignment. From the Exchange Management Shell:

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User “Administrator”

Then it’s just a matter of:

Export-Mailbox Administrator -PSTFolderPath E:\

If you have all the roles (Mailbox, Client Access and Hub Transport) on the same server, you’ll run into error:

Error occurred in the step: Approving object. An unknown error has occurred., error code: -2147221219


  • Either move the Mailbox (+Outlook 2010 64bit) to a second Exchange server.
  • Or change the following:
    • adsiedit
    • connect to..
    • Well known Naming Context: Configuration
    • CN=Configuration,DC=your,DC=domain,DC=local
    • CN=Services,
    • CN=Microsoft Exchange,
    • CN=<Your Organization Name>,
    • CN=Administrative Groups,
    • CN=Exchange Administrative Group (FYDIBOHF23SPDLT),
    • CN=Databases,
    • CN=Mailbox Database 0123456789,
    • Now rightclick on “CN=Mailbox Database 0123456789” (left pane), properties
    • security tab
    • Grant the System user the following rights: Read, Administer information store, Allow Impersonation to Personal Exchange, Create named properties in the information store, Open mail send queue, Receive as, Send as, View information store status
    • Restart

This should be fixed in SP1 or even before that.