Exchange: Delete Meetings of terminated users’ in conference room calendars


How to free up the conference room calendar from terminated employees’ meetings? Here are the base line PowerShell commands for you to write a script.

To check if any meetings booked by employees in any of the conference rooms who no longer works in your office:

Get-Mailbox -RecipientTypeDetails RoomMailbox |  Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -EstimateResultOnly | Select Identity,ResultItemsCount | ft -AutoSize

Note: Replace <DisplayName> in the command above with terminated user’s display name.

To Delete the meetings booked by the terminated employees:

Get-Mailbox -RecipientTypeDetails RoomMailbox |  Search-Mailbox -Searchquery "kind:meetings from:<DisplayName>" -DeleteContent -Force

Now the script to purge all meeting booked by terminated users.
Note: Change the SEARCHBASE options according to your AD environment. If you remove -SEARCHBASE option from Search-ADAccount command in the script, it will list all disabled accounts from entire domain. 

<#
* * * * * Purge Meetings Booked by Terminated Users * * * * *

Delete meetings from conference rooms booked by employees terminated last 7 days.

Written by: Anand, the Awesome
Created on: 12/21/2018
#>

$dt = date_time 
$logfile = ".\PurgeMeetings-of-termed-users" + $dt + ".log"
Start-Transcript -Path $logfile

#Get the terminiated user list
<#
Note: Important

REPLACE THE SEARCH BASE - BASED ON YOUR AD ENVIRONMENT HERE BELOW
#>
$TermedUsers = Search-ADAccount -AccountDisabled -SearchBase 'OU=Users,DC=corp,DC=company,DC=com'

#List all conference rooms
$ConferenceRooms = Get-Mailbox -RecipientTypeDetails RoomMailbox

foreach($TermedUser in $TermedUsers) 
{
Write-Host "Processing $($Termeduser.Name).."

#Delete tehe meeting booked by terminated user
$ConferenceRooms | Search-Mailbox -Searchquery "kind:meetings from:$($TermedUser.Name)" -DeleteContent -Confirm:$false -Force
}

Stop-Transcript

# * * * End of the Script * * *
Advertisements

Get-MailboxFolderPermission – The security principal specified is already on the permission set


Are you getting this error when running Get-MailboxFolderPermission?

PS E:\> Get-MailboxFolderPermission deptcalendar@company.com:\calendar
The security principal specified is already on the permission set.
    + CategoryInfo          : NotSpecified: (:) [Get-MailboxFolderPermission], CorruptDataException
    + FullyQualifiedErrorId : [Server=ZN1UR12MB0288,RequestId=b4f155be-a238-4a98-8b3f-f3d9258e22d2,TimeStamp=6/19/2018 10:10:41 PM] [FailureCategory=Cmdlet-CorruptDataException] F8D77EE2,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
    + PSComputerName        : outlook.office365.com

The error message seems cryptic, right? But it is not. It means there is a DUPLICATE entry for the same user (security principal) is in the permission set for the calendar folder permissions.

So how do we fix it?

The ONLY way is to use Outlook to remove the duplicate entry.

Yes, that means

  1. give yourself full access permission to the mailbox,
  2. create an Outlook profile (or just a calendar),
  3. go to Calendar, right click and go to properties, & then Permissions
  4. remove the duplicate user entry

Enjoy. 🙂

Exchange: list mailbox folders size and items count


As Exchange Administrator, if you want to find out any user’s mailbox size information by folder and number of items in each folder, you can to the right place. Here is the PowerShell Command to list the folders, number of items in the folder and size of the folders.

Replace the username@domain.com with user’s primarySMTPAddress.

(Get-MailboxFolderStatistics -Identity Username@Domain.com) |sort itemsinfolder -descending |ft folderpath,itemsinfolder,FolderSize

 

The results will look like this:

FolderPath                                       ItemsInFolder FolderSize
----------                                       ------------- ----------
/Inbox/Important_email                                 1907851 2.661 GB (2,857,213,378 bytes)
/Junk E-Mail                                            461173 1.801 GB (1,933,977,887 bytes)
/Inbox/S - Archived/KIRA                                 15085 539.8 MB (566,024,075 bytes)
/Deleted Items                                           12202 418.3 MB (438,663,132 bytes)
/Recoverable Items                                        9109 56.48 MB (59,219,680 bytes)
/Calendar                                                 3276 127.2 MB (133,343,630 bytes)
/Inbox/1 - Archived/Munchkins                             2558 48.49 MB (50,848,487 bytes)
/Sent Items                                               1355 45.74 MB (47,961,704 bytes)
/Inbox/0 - YOps Mist                                      1339 389.1 MB (408,029,942 bytes)
/Inbox/1 - Archive                                          1147 118 MB (123,761,904 bytes)
/Inbox/5 - Alerts                                          929 33.92 MB (35,571,617 bytes)
/Inbox/1 - Archive2                                        920 142.1 MB (149,002,073 bytes)

 

Group Policy is failed to update on Windows 10 computer


On my Windows 10 computer, I found Group Policy is not being applied anymore. If I ran group policy update on a administrative command shell, I get this:

PS C:\WINDOWS\system32> gpupdate /force
Updating policy…
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

So after some research I found the issue and fixed it. The solution is

Make the freaking NETLOGON service to start automatically and start the service.

Did this solution helped you? leave me a reply here.

Firefox: Website Certificate Warning–“This website does not supply ownership information”


Are you seeing this error on Firefox (which is common for intranet websites)?

image

There is two reasons for this warning. 

1. You may have meddled with OCSP settings. Firefox checks Certificate validity by checking “Certificate Revocation List” (CRL) using OCSP. Firefox couldn’t get the CRL info, thus this error.

2. Your internal Certificate Authority (CA) doesn’t have OCSP installed and/or Firefox doesn’t have Root and Sub-ordinate CA Certificate in the store (Freaking Firefox has it’s own Certificate Store).

For the first issue (OCSP), you can reset the settings and fix the issue.

  1. In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
  2. In the search box above the list, type or paste ocsp and pause while the list is filtered
  3. If the security.OCSP.require preference is bolded and “modified” or “user set” to true, double-click it to restore the default value of false
  4. Close Firefox and reopen it. Try browsing the same website.

For the second issue (no CA certificate in Firefox Cert Store), you need to add the Internal CA certificates to the store.

  1. Get the Certificate Authority (CA) certificate chain in P7B format. e.g., CAChain.p7b
  2. Open Firefox
  3. Open the Firefox menu from the far right side of the Firefox toolbar
  4. Select “Options” from menu
  5. Select “Privacy & Security”
  6. Scroll to the bottom of the page and click on “View Certificates”
  7. Click “Import…”
  8. select the certificate to add click Open and navigate to the directory you know contains the p7b certificate chain file, select the file and click “Open”
  9. Scroll down within the Certificate Manager window that is open and verify the certificate you imported is listed.
  10. click “Ok” and now you can navigate to the page you want to browse.

If this fixed it for you, leave me a reply.

Exchange: How to convert IMCEAEX to X500 Address?


From the NDR message if you find the IMCEAEX address, you CAN convert this to X500 address & ADD it as another email address to the correct mailbox or distribution group. I have wrote an small PowerShell Script to convert IMCEAEX address to X500 address quickly.

Here is the script. Copy this script and paste into notepad. Save it as Convert-X500Address.ps1. Run the script with the parameter of IMCEAEX address.

E.g., Convert-X500Address  -IMCEAEXString “IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=Don+2Doe@contoso.com


<#
Convert-X500Address.ps1

Convert IMCEAEX string from NDR message to X500 Address format. This
Script simply displays the X500 string. Copy it and make a new
X.500 Email address to the Exchange object.

Parameter: Pass the IMCEAEX string from NDR message in double quotes

Written By: Anand, the Awesome, Venkatachalapathy

#>
param($IMCEAEXString)

((((((($IMCEAEXString.Replace(“IMCEAEX-“,””)).Replace(“_”,”/”)).Replace(“+20″,” “)).Replace(“+28”,”(“)).Replace(“+29″,”)”)).Replace(“+2E”,”.”).Replace(“+2C”,”,”)).Replace(“+5F”,”_”))

#* * * End of the Script * * *


Enjoy! Smile with tongue out

Exchange: How to restore a soft deleted mailbox?


If you try Connect-Mailbox command to link the mailbox to the user account, sadly you will get this error on Soft-Deleted mailbox:

Error:
Mailbox “501e70da-059f-44f5-9811-77cefdfa14fd” doesn’t exist on database “EXCHDBxx”

I know what you thinking. Me too. Why doesn’t mailbox exist on the database?   I freaking checked the mailbox is in the database. It’s right there!!. Angry smile

Migrated or moved mailboxes were goes to soft-deleted mode in the database. Since it was soft-deleted mailbox, we CANNOT connect back to a user account to restore the mailbox.  BUT we can restore the mailbox contents to another mailbox (may be temporary test mailbox). Here is how you do it.

Open PowerShell and connect to your Exchange server, Or open Exchange Admin Shell on the Exchange server.

Step 1: Create a new mailbox restore request. We are telling Exchange to Restore the Source mailbox from Source database to Target folder named “RestoreMailboxContents” on a  specified Target mailbox.

New-MailboxRestoreRequest –SourceStoreMailbox <Soft-Deleted Mailbox name or GUID> –SourceDatabase <Database Name> 
-TargetMailbox <Temporary mailbox name> -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”

e.g.,

New-MailboxRestoreRequest -SourceStoreMailbox “John Freaking Doe” -SourceDatabase EXCHDB09 -TargetMailbox “MyTemp Mailbox” -AllowLegacyDNMismatch -TargetRootFolder “RestoredMailboxContents”

Step 2: Start the mailbox restore request to actually restore the mailbox to the target mailbox. 

If you know the Mailbox Request identity/name, then run this on the Exchange Admin Shell.

Get-MailboxRestoreRequest -Identity “MailboxRestoreRequestName” | Resume-MailboxRestoreRequest

Otherwise run this:

Get-MailboxRestoreRequest | Resume-MailboxRestoreRequest

Step 3: Wait for the restore to complete. Run “Get-MailboxRestoreRequest” to check status of the progress.

Step 4:  Once the Restore process is completed, Delete the Restore request from the system by running this:

Get-MailboxRestoreRequest | Remove-MailboxRestoreRequest

Now open the target mailbox in Outlook (or OWA) to find your restored mailbox contents under “RestoredMailboxContents” folder. Yay! Open-mouthed smile

Did it help. Leave me a comment.