Script – IT Blog

Lance LingerfeltJune 25, 2019

Exchange Server Client Access URL Configuration Script

In my career, I have to be able to be efficient as most of my projects are on a time crunch schedule. Being able to quickly configure Exchange when setting up a server environment is crucial to the success of the project.

While still honing my skills in PowerShell, I was attempting to create my own script to help configure all of the Virtual Directories in one shot rather than go to each setting and configure them manually. It did not go very well, so as I do, I research and find great professionals that do great work in scripting so that I may learn from them.

In doing so, I found Paul Cunningham’s script that performs this. I took the following script and modified it to add the PowerShell Virtual Directory to it as I like to configure that as well.

***YOU CAN REM THE LINES OUT SHOULD YOU NOT WANT TO CONFIGURE THAT DIRECTORY***

Here is my version of the script:

<#
.SYNOPSIS
ConfigureExchangeURLs.ps1

.DESCRIPTION 
PowerShell script to configure the Client Access server URLs
for Microsoft Exchange Server 2013/2016. All Client Access server
URLs will be set to the same namespace.

If you are using separate namespaces for each CAS service this script will
not handle that.

The script sets Outlook Anywhere to use NTLM with SSL required by default.
If you have different auth requirements for Outlook Anywhere  use the optional
parameters to set those.

.PARAMETER Server
The name(s) of the server(s) you are configuring.

.PARAMETER InternalURL
The internal namespace you are using.

.PARAMETER ExternalURL
The external namespace you are using.

.PARAMETER InternalSSL
Specifies the internal SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.PARAMETER ExternalSSL
Specifies the external SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.EXAMPLE
.\ConfigureExchangeURLs.ps1 -Server sydex1 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.EXAMPLE
.\ConfigureExchangeURLs.ps1 -Server sydex1,sydex2 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.LINK
http://exchangeserverpro.com/powershell-script-configure-exchange-urls/

.NOTES
Written by: Paul Cunningham

For more Exchange Server tips, tricks and news
check out Exchange Server Pro.

* Website:	http://exchangeserverpro.com
* Twitter:	http://twitter.com/exchservpro

Find me on:

* My Blog:	http://paulcunningham.me
* Twitter:	https://twitter.com/paulcunningham
* LinkedIn:	http://au.linkedin.com/in/cunninghamp/
* Github:	https://github.com/cunninghamp

License:

The MIT License (MIT)

Copyright (c) 2015 Paul Cunningham

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

Change Log:
V1.00, 13/11/2014 - Initial version
V1.01, 26/06/2015 - Added MAPI/HTTP URL configuration
V1.02, 27/08/2015 - Improved error handling, can now specify multiple servers to configure at once.
V1.03, 09/09/2015 - ExternalURL can now be $null
V1.04, 17/11/2016 - Removed Outlook Anywhere auth settings, script now sets URLs only
V1.05, 18/11/2016 - Added AutodiscoverSCP option so it can be set to a different URL than other services
V1.06, 25/06/2019 - Added PowerShell Virtual Directory Configuration Requiring SSL and using Basic Authentication

.ADDENDUM
V1.06 Modified by Lance Lingerfelt for similar use. 

* Website:	http://www.ldlnet.net
* IT Blog:	       http://itblog.ldlnet.net

#>

#requires -version 2

[CmdletBinding()]
param(
	[Parameter( Position=0,Mandatory=$true)]
	[string[]]$Server,

	[Parameter( Mandatory=$true)]
	[string]$InternalURL,

	[Parameter( Mandatory=$true)]
    [AllowEmptyString()]
	[string]$ExternalURL,

	[Parameter( Mandatory=$false)]
	[string]$AutodiscoverSCP,

    [Parameter( Mandatory=$false)]
    [Boolean]$InternalSSL=$true,

    [Parameter( Mandatory=$false)]
    [Boolean]$ExternalSSL=$true
	)


#...................................
# Script
#...................................

Begin {

    #Add Exchange snapin if not already loaded in the PowerShell session
    if (Test-Path $env:ExchangeInstallPath\bin\RemoteExchange.ps1)
    {
	    . $env:ExchangeInstallPath\bin\RemoteExchange.ps1
	    Connect-ExchangeServer -auto -AllowClobber
    }
    else
    {
        Write-Warning "Exchange Server management tools are not installed on this computer."
        EXIT
    }
}

Process {

    foreach ($i in $server)
    {
        if ((Get-ExchangeServer $i -ErrorAction SilentlyContinue).IsClientAccessServer)
        {
            Write-Host "----------------------------------------"
            Write-Host " Configuring $i"
            Write-Host "----------------------------------------`r`n"
            Write-Host "Values:"
            Write-Host " - Internal URL: $InternalURL"
            Write-Host " - External URL: $ExternalURL"
            Write-Host " - Outlook Anywhere internal SSL required: $InternalSSL"
            Write-Host " - Outlook Anywhere external SSL required: $ExternalSSL"
            Write-Host "`r`n"

            Write-Host "Configuring Outlook Anywhere URLs"
            $OutlookAnywhere = Get-OutlookAnywhere -Server $i
            $OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname $externalurl -InternalHostname $internalurl `
                                -ExternalClientsRequireSsl $ExternalSSL -InternalClientsRequireSsl $InternalSSL `
                                -ExternalClientAuthenticationMethod $OutlookAnywhere.ExternalClientAuthenticationMethod

            if ($externalurl -eq "")
            {
                Write-Host "Configuring Outlook Web App URLs"
                Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/owa

                Write-Host "Configuring Exchange Control Panel URLs"
                Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/ecp

                Write-Host "Configuring ActiveSync URLs"
                Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

                Write-Host "Configuring Exchange Web Services URLs"
                Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/EWS/Exchange.asmx

                Write-Host "Configuring Offline Address Book URLs"
                Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/OAB

                Write-Host "Configuring MAPI/HTTP URLs"
                Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/mapi

                Write-Host "Configuring PowerShell URLs"
                Get-PowerShellVirtualDirectory -Server $i | Set-PowerShellVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/PowerShell -BasicAuthentication $True -RequireSSL $True -Confirm:$False
            }
            else
            {
                Write-Host "Configuring Outlook Web App URLs"
                Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl https://$externalurl/owa -InternalUrl https://$internalurl/owa

                Write-Host "Configuring Exchange Control Panel URLs"
                Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl https://$externalurl/ecp -InternalUrl https://$internalurl/ecp

                Write-Host "Configuring ActiveSync URLs"
                Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl https://$externalurl/Microsoft-Server-ActiveSync -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

                Write-Host "Configuring Exchange Web Services URLs"
                Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl https://$externalurl/EWS/Exchange.asmx -InternalUrl https://$internalurl/EWS/Exchange.asmx

                Write-Host "Configuring Offline Address Book URLs"
                Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl https://$externalurl/OAB -InternalUrl https://$internalurl/OAB

                Write-Host "Configuring MAPI/HTTP URLs"
                Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl https://$externalurl/mapi -InternalUrl https://$internalurl/mapi

                Write-Host "Configuring PowerShell URLs"
                Get-PowerShellVirtualDirectory -Server $i | Set-PowerShellVirtualDirectory -ExternalUrl https://$externalurl/PowerShell -InternalUrl https://$internalurl/PowerShell -BasicAuthentication $True -RequireSSL $True -Confirm:$False
            }

            Write-Host "Configuring Autodiscover"
            if ($AutodiscoverSCP) {
                Get-ClientAccessServer $i | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverSCP/Autodiscover/Autodiscover.xml
            }
            else {
                Get-ClientAccessServer $i | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$internalurl/Autodiscover/Autodiscover.xml
            }


            Write-Host "`r`n"
        }
        else
        {
            Write-Host -ForegroundColor Yellow "$i is not a Client Access server."
        }
    }
}

End {

    Write-Host "Finished processing all servers specified. Consider running Get-CASHealthCheck.ps1 to test your Client Access namespace and SSL configuration." -ForegroundColor Yellow
    Write-Host "Refer to http://exchangeserverpro.com/testing-exchange-server-2013-client-access-server-health-with-powershell/ for more details."
    Write-Host "Also check out http://itblog.ldlnet.net for Lance's IT Blog of information!" -ForegroundColor Gray

}

#...................................
# Finished
#...................................

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

.SYNOPSIS

ConfigureExchangeURLs.ps1

.DESCRIPTION

PowerShell script to configure the Client Access server URLs

for Microsoft Exchange Server 2013/2016. All Client Access server

URLs will be set to the same namespace.

If you are using separate namespaces for each CAS service this script will

not handle that.

The script sets Outlook Anywhere to use NTLM with SSL required by default.

If you have different auth requirements for Outlook Anywhere use the optional

parameters to set those.

.PARAMETER Server

The name(s) of the server(s) you are configuring.

.PARAMETER InternalURL

The internal namespace you are using.

.PARAMETER ExternalURL

The external namespace you are using.

.PARAMETER InternalSSL

Specifies the internal SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.PARAMETER ExternalSSL

Specifies the external SSL requirement for Outlook Anywhere. Defaults to True (SSL required).

.EXAMPLE

.\ConfigureExchangeURLs.ps1 -Server sydex1 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.EXAMPLE

.\ConfigureExchangeURLs.ps1 -Server sydex1,sydex2 -InternalURL mail.exchangeserverpro.net -ExternalURL mail.exchangeserverpro.net

.LINK

http://exchangeserverpro.com/powershell-script-configure-exchange-urls/

.NOTES

Written by: Paul Cunningham

For more Exchange Server tips, tricks and news

check out Exchange Server Pro.

* Website: http://exchangeserverpro.com

* Twitter: http://twitter.com/exchservpro

Find me on:

* My Blog: http://paulcunningham.me

* Twitter: https://twitter.com/paulcunningham

* LinkedIn: http://au.linkedin.com/in/cunninghamp/

* Github: https://github.com/cunninghamp

License:

The MIT License (MIT)

Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all

copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

SOFTWARE.

Change Log:

V1.00, 13/11/2014 - Initial version

V1.01, 26/06/2015 - Added MAPI/HTTP URL configuration

V1.02, 27/08/2015 - Improved error handling, can now specify multiple servers to configure at once.

V1.03, 09/09/2015 - ExternalURL can now be $null

V1.04, 17/11/2016 - Removed Outlook Anywhere auth settings, script now sets URLs only

V1.05, 18/11/2016 - Added AutodiscoverSCP option so it can be set to a different URL than other services

V1.06, 25/06/2019 - Added PowerShell Virtual Directory Configuration Requiring SSL and using Basic Authentication

.ADDENDUM

V1.06 Modified by Lance Lingerfelt for similar use.

* Website: http://www.ldlnet.net

* IT Blog: http://itblog.ldlnet.net

#requires -version 2

[CmdletBinding()]

param(

[Parameter( Position=0,Mandatory=$true)]

[string[]]$Server,

[Parameter( Mandatory=$true)]

[string]$InternalURL,

[Parameter( Mandatory=$true)]

[AllowEmptyString()]

[string]$ExternalURL,

[Parameter( Mandatory=$false)]

[string]$AutodiscoverSCP,

[Parameter( Mandatory=$false)]

[Boolean]$InternalSSL=$true,

[Parameter( Mandatory=$false)]

[Boolean]$ExternalSSL=$true

)

#...................................

# Script

#...................................

Begin {

#Add Exchange snapin if not already loaded in the PowerShell session

if (Test-Path $env:ExchangeInstallPath\bin\RemoteExchange.ps1)

{

. $env:ExchangeInstallPath\bin\RemoteExchange.ps1

Connect-ExchangeServer -auto -AllowClobber

}

else

{

Write-Warning "Exchange Server management tools are not installed on this computer."

EXIT

}

Process {

foreach ($i in $server)

{

if ((Get-ExchangeServer $i -ErrorAction SilentlyContinue).IsClientAccessServer)

{

Write-Host "----------------------------------------"

Write-Host " Configuring $i"

Write-Host "----------------------------------------`r`n"

Write-Host "Values:"

Write-Host " - Internal URL: $InternalURL"

Write-Host " - External URL: $ExternalURL"

Write-Host " - Outlook Anywhere internal SSL required: $InternalSSL"

Write-Host " - Outlook Anywhere external SSL required: $ExternalSSL"

Write-Host "`r`n"

Write-Host "Configuring Outlook Anywhere URLs"

$OutlookAnywhere = Get-OutlookAnywhere -Server $i

$OutlookAnywhere | Set-OutlookAnywhere -ExternalHostname $externalurl -InternalHostname $internalurl `

-ExternalClientsRequireSsl $ExternalSSL -InternalClientsRequireSsl $InternalSSL `

-ExternalClientAuthenticationMethod $OutlookAnywhere.ExternalClientAuthenticationMethod

if ($externalurl -eq "")

{

Write-Host "Configuring Outlook Web App URLs"

Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/owa

Write-Host "Configuring Exchange Control Panel URLs"

Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/ecp

Write-Host "Configuring ActiveSync URLs"

Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

Write-Host "Configuring Exchange Web Services URLs"

Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/EWS/Exchange.asmx

Write-Host "Configuring Offline Address Book URLs"

Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/OAB

Write-Host "Configuring MAPI/HTTP URLs"

Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/mapi

Write-Host "Configuring PowerShell URLs"

Get-PowerShellVirtualDirectory -Server $i | Set-PowerShellVirtualDirectory -ExternalUrl $null -InternalUrl https://$internalurl/PowerShell -BasicAuthentication $True -RequireSSL $True -Confirm:$False

}

else

{

Write-Host "Configuring Outlook Web App URLs"

Get-OwaVirtualDirectory -Server $i | Set-OwaVirtualDirectory -ExternalUrl https://$externalurl/owa -InternalUrl https://$internalurl/owa

Write-Host "Configuring Exchange Control Panel URLs"

Get-EcpVirtualDirectory -Server $i | Set-EcpVirtualDirectory -ExternalUrl https://$externalurl/ecp -InternalUrl https://$internalurl/ecp

Write-Host "Configuring ActiveSync URLs"

Get-ActiveSyncVirtualDirectory -Server $i | Set-ActiveSyncVirtualDirectory -ExternalUrl https://$externalurl/Microsoft-Server-ActiveSync -InternalUrl https://$internalurl/Microsoft-Server-ActiveSync

Write-Host "Configuring Exchange Web Services URLs"

Get-WebServicesVirtualDirectory -Server $i | Set-WebServicesVirtualDirectory -ExternalUrl https://$externalurl/EWS/Exchange.asmx -InternalUrl https://$internalurl/EWS/Exchange.asmx

Write-Host "Configuring Offline Address Book URLs"

Get-OabVirtualDirectory -Server $i | Set-OabVirtualDirectory -ExternalUrl https://$externalurl/OAB -InternalUrl https://$internalurl/OAB

Write-Host "Configuring MAPI/HTTP URLs"

Get-MapiVirtualDirectory -Server $i | Set-MapiVirtualDirectory -ExternalUrl https://$externalurl/mapi -InternalUrl https://$internalurl/mapi

Write-Host "Configuring PowerShell URLs"

Get-PowerShellVirtualDirectory -Server $i | Set-PowerShellVirtualDirectory -ExternalUrl https://$externalurl/PowerShell -InternalUrl https://$internalurl/PowerShell -BasicAuthentication $True -RequireSSL $True -Confirm:$False

}

Write-Host "Configuring Autodiscover"

if ($AutodiscoverSCP) {

Get-ClientAccessServer $i | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverSCP/Autodiscover/Autodiscover.xml

}

else {

Get-ClientAccessServer $i | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$internalurl/Autodiscover/Autodiscover.xml

}

Write-Host "`r`n"

}

else

{

Write-Host -ForegroundColor Yellow "$i is not a Client Access server."

}

End {

Write-Host "Finished processing all servers specified. Consider running Get-CASHealthCheck.ps1 to test your Client Access namespace and SSL configuration." -ForegroundColor Yellow

Write-Host "Refer to http://exchangeserverpro.com/testing-exchange-server-2013-client-access-server-health-with-powershell/ for more details."

Write-Host "Also check out http://itblog.ldlnet.net for Lance's IT Blog of information!" -ForegroundColor Gray

}

#...................................

# Finished

#...................................

NOTES:

PowerShell script to configure the Client Access server URLs for Microsoft Exchange Server 2013/2016. All Client Access server URLs will be set to the same namespace.
If you are using separate namespaces for each CAS service this script will not handle that.
The script sets Outlook Anywhere to use NTLM with SSL required by default.
If you have different auth requirements for Outlook Anywhere use the optional parameters to set those.
The script sets PowerShell to use Basic with SSL required by default.
If you have different authentication requirements for PowerShell use the optional parameters to set those.
PowerShell was added to the settings. Please be sure to REM those lines of code should you NOT want to configure the PowerShell Virtual Directory.

USAGE:

.\ConfigureExchangeURLs.ps1 -Server EX01 -InternalURL mail.ldlnet.net -ExternalURL mail.ldlnet.net

1	.\ConfigureExchangeURLs.ps1 -Server EX01 -InternalURL mail.ldlnet.net -ExternalURL mail.ldlnet.net

.\ConfigureExchangeURLs.ps1 -Server EX01,EX02,EX03 -InternalURL mail.ldlnet.net -ExternalURL mail.ldlnet.net

1	.\ConfigureExchangeURLs.ps1 -Server EX01,EX02,EX03 -InternalURL mail.ldlnet.net -ExternalURL mail.ldlnet.net

HAPPY SCRIPTING!
POSITIVE ENERGY!
PLEASE COMMENT!

REFERENCES:
Exchange Server Client Access URL Configuration Script
PowerShell Script to Configure Exchange Server Client Access URLs

Lance LingerfeltMay 8, 2019

Importing User Photos to Office 365 in bulk for your company.

In a previous post, I showed how you could update one user’s photo for their Outlook and AD profiles via PowerShell. In this post, we will explore how to do this for your entire organization via PowerShell to Office365.

NOTE: I have not tested the scripts as I do not have enough mailboxes in my O365 tenant along with not using a ‘.’ in my alias. If the scripts are incorrect, please inform me with the correction and I will update accordingly.

Please make sure that your photos are reviewed before posting, and try to keep the file size of the photos to a minimum. In Office 365, there exists a limitation for the user photo not to be more than 10 KB in size, but I will show you how to get around that limitation.

Having a user photo for each of your users is very beneficial as it personalizes each account to a face in the company. The user photos can be viewed in below locations:

Outlook Web Access
Contact Card
Thumbnail in emails
Outlook Client
Yammer
Lync Client
SharePoint (People Search / Newsfeed)

Steps to take:

Remove the 10KB photo size limitation in Exchange Online
Prepare a folder with all users photos
Update the profile photos via a PowerShell cmdlet.

Connect to Exchange Online with the RPS Proxy Method to remove the 10K size limitation

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxyMethod=RPS -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxyMethod=RPS -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

NOTE: In the PowerShell cmdlet above, we connected using a different proxy method. This was to overwrite the limitation of uploading the images with size more than 10KB. Using the different proxy method (/?proxyMethod=RPS ) to connect to Office 365 in the above cmdlet accomplishes this.

Prepare a folder locally and place all the photos in that folder

Create a folder named C:/UserPics and make the filename of each photo be the username of that particular user. (i.e. llingerfelt.png)
The below script should be able account for aliases that have a ‘.’ in the id as well. (i.e. lance.lingerfelt)

NOTE: From my research, there is no set photo type that is required for the photo. My suggestion would be to keep the photos .png for size constraints while maintaining picture clarity.

Update the profile pictures via PowerShell

Create the following script and name it Photos-Update.ps1

$path= 'C:\UserPics\'
$Images = Get-ChildItem $path
$Images |Foreach-Object{
$Identity = ($_.Name.Tostring() -replace '.png','')
$PictureData = $path+$_.name
Set-UserPhoto -Identity $Identity -PictureData ([System.IO.File]::ReadAllBytes($PictureData)) -Confirm:$false }

$path= 'C:\UserPics\'

$Images = Get-ChildItem $path

$Images |Foreach-Object{

$Identity = ($_.Name.Tostring() -replace '.png','')

$PictureData = $path+$_.name

Set-UserPhoto -Identity $Identity -PictureData ([System.IO.File]::ReadAllBytes($PictureData)) -Confirm:$false }

Run Photos-Update.ps1 and the script should upload the photos to Office 365 and apply each photo to the corresponding user.

NOTE: If you’re still having some issues with the alias having a ‘.’ in the name, you can also configure the Photos-Update.ps1 script in this manner to get that working properly:

$path= 'C:\UserPics\'
$Images = Get-ChildItem $path
$Images |Foreach-Object{
$Identity = ($_.Name.Tostring() -split "\.")
$count = $Identity.count
If($count -gt 2)
{
for($i=0; $i -le $count-2; $i++)
{
$username=$username+$Identity[$i]+"."
}
$Id=$username.TrimEnd(".")
}
Else
{
$Id=$Identity[0]
}
$PictureData = $path+$_.name
Set-UserPhoto -Identity $Id -PictureData ([System.IO.File]::ReadAllBytes($PictureData)) -Confirm:$false
$username=$null
}

$path= 'C:\UserPics\'

$Images = Get-ChildItem $path

$Images |Foreach-Object{

$Identity = ($_.Name.Tostring() -split "\.")

$count = $Identity.count

If($count -gt 2)

{

for($i=0; $i -le $count-2; $i++)

{

$username=$username+$Identity[$i]+"."

}

$Id=$username.TrimEnd(".")

}

Else

{

$Id=$Identity[0]

}

$PictureData = $path+$_.name

Set-UserPhoto -Identity $Id -PictureData ([System.IO.File]::ReadAllBytes($PictureData)) -Confirm:$false

$username=$null

}

HAPPY SCRIPTING!
PLEASE COMMENT!

store.ldlnet.net — LDLNET LLC! Your Source for Pofessional IT Services!

www.servermonkey.com — Contact ServerMonkey.com for your IT Hardware Needs!

REFERENCES:
How to import Office365 User photos over 10KB & without CSV in bulk

Lance LingerfeltApril 24, 2019

Purging Soft Deleted mailboxes from Exchange Server

If you’re a seasoned administrator, you have knowledge that in Exchange, the database settings will allow you to set the deleted mailbox retention. The default is 30 days, but sometimes you need to purge all those deleted mailboxes to do some ‘spring cleaning’ as it were. Note that doing these cmdlets does not change the ‘Whitespace’ of the database or the size. In my case, I had to purge everything of a toxic individual that was tainting my network much to my disappointment and did the following to complete that task.

The following cmdlet will seek all Soft Deleted mailboxes within the database you select and manually purge them from Exchange.

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "SoftDeleted"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}

1	Get-MailboxStatistics -Database "DB01" \| where {$_.DisconnectReason -eq "SoftDeleted"} \| foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}

Now, should you only want to remove one mailbox, you will need to get the GUID of that Soft Deleted mailbox first so that you can enter it for the identity parameter.

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "SoftDeleted"} | Sort-Object DisconnectDate -descending | ft -a -wr

Get the Mailbox GUID in the list for the deleted mailbox. 
Then Run:

Remove-StoreMailbox -Database "DB01" -Identity "mailboxguid" -MailboxState SoftDeleted | ft -a -wr

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "SoftDeleted"} | Sort-Object DisconnectDate -descending | ft -a -wr

Get the Mailbox GUID in the list for the deleted mailbox.

Then Run:

Remove-StoreMailbox -Database "DB01" -Identity "mailboxguid" -MailboxState SoftDeleted | ft -a -wr

You can also preform a similar task for a disabled mailbox:

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "Disabled"} | Sort-Object DisconnectDate -descending | ft -a -wr

Get the Mailbox GUID in the list for the deleted mailbox. 
Then Run:

Remove-StoreMailbox -Database "DB01" -Identity "mailboxguid" -MailboxState Disabled | ft -a -wr

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "Disabled"} | Sort-Object DisconnectDate -descending | ft -a -wr

Get the Mailbox GUID in the list for the deleted mailbox.

Then Run:

Remove-StoreMailbox -Database "DB01" -Identity "mailboxguid" -MailboxState Disabled | ft -a -wr

You can perform the task on all disabled mailboxes for that database as well:

Get-MailboxStatistics -Database "DB01" | where {$_.DisconnectReason -eq "Disabled"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState Disabled}

1	Get-MailboxStatistics -Database "DB01" \| where {$_.DisconnectReason -eq "Disabled"} \| foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState Disabled}

NOTE: I would be very careful when performing either of these cmdlets as they will completely purge the mailboxes from the schema. If these cmdlets assist you with your ‘spring cleaning’, I will have been happy to assist.

HAPPY PURGING!
PLEASE COMMENT!
IGNORANCE IS NOT BLISS!

References:
Purging Deleted Mailboxes on Exchange 2013

Server Monkey — LDLNET LLC’s Preferred Server Equipment Hardware Vendor

Lance LingerfeltMarch 27, 2019March 27, 2019

Installation of Exchange Server 2019 on Windows Server 2019

I have realized recently that I am an Exchange Messaging Professional, but yet, I have not posted the methodology of how I install an Exchange Server Mailbox Role. So here it is!

Install Windows Server 2019

Exchange Server 2019 requires Windows Server 2019 to run. For my environment, I haven’t necessarily need to follow all the enterprise level design aspects of database numbers to mailbox size ratios, number of servers, front/back end configurations, DAG Implementation, etc… If you want or need to delve into that realm, you can go here. I have need for a single server with only a few databases for a small number of mailboxes, so I am approaching it from that standpoint.

So first, in Hyper-V, I configured my VM with the following specifications:

Processors: 2 procs with 2 cores each – 4 Virtual Processors Total
RAM: 32GB with dynamic memory enabled optional
Drives: 2 .vhdx drives of 120GB each (OS / Exchange Data)
CD: Windows 2019 ISO
Default Settings for the rest of the VM Settings

Next I installed Windows Server 2019 Datacenter with the GUI! You can install it on Server Core if you wish. That information can be found in this link.

I ran through the setup of Windows and installed the OS on my first vhdx drive. I booted up, set the local admin password, and logged in. Once in Windows, I went to the Local Server Settings in Server Manager and configured the following settings:

Set the Date, Time, and Time Zone. (Once in the Domain, this would sync through Group Policy)
Set IE ESC to allow Administrators to have full IE access.
Set Remote Desktop Settings to gain RDP access. (This would be locked down with Group Policy as well once on the Domain)
Set the IP Settings to Static Settings. (DNS Servers, Gateway, WINS, etc…)
Join the server to the Active Directory Domain.
Reboot the VM Server.
Logon to your Domain.
Configure Windows Update Settings. (I have WSUS through Group Policy, this was configured automatically upon reboot)
Download and install all Windows Updates for the server. Then Reboot.
Open Disk Management and configure the secondary vhdx drive to be your Exchange Data Drive.
I configured the drive to be a mounted folder ‘C:\Exchange\Data’ rather than another drive letter as that seems to be the more accepted form of installation for the data drive these days. That is based on the multiple configurations that I have seen for Exchange through experience in Enterprise environments. Again, to each is own and depending on you design specifications, you might want to do that differently.

Next, we need to install the prerequisites for the Exchange Mailbox Server. I have always used practical365.com to get the PowerShell script to install the prerequisites, but couldn’t find the article this time. Great site though! Instead, I got the information and ran the following from an elevated PowerShell Session locally on the server:

Install-WindowsFeature Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Static-Content,Web-Http-Redirect,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Basic-Auth,Web-Client-Auth,Web-Digest-Auth,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Mgmt-Service,NET-Framework-45-ASPNET,NET-WCF-HTTP-Activation45,NET-WCF-MSMQ-Activation45,NET-WCF-Pipe-Activation45,NET-WCF-TCP-Activation45,Server-Media-Foundation,MSMQ-Services,MSMQ-Server,RSAT-Feature-Tools,RSAT-Clustering,RSAT-Clustering-PowerShell,RSAT-Clustering-CmdInterface,RPC-over-HTTP-Proxy,WAS-Process-Model,WAS-Config-APIs

Install-WindowsFeature Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Static-Content,Web-Http-Redirect,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Basic-Auth,Web-Client-Auth,Web-Digest-Auth,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Mgmt-Service,NET-Framework-45-ASPNET,NET-WCF-HTTP-Activation45,NET-WCF-MSMQ-Activation45,NET-WCF-Pipe-Activation45,NET-WCF-TCP-Activation45,Server-Media-Foundation,MSMQ-Services,MSMQ-Server,RSAT-Feature-Tools,RSAT-Clustering,RSAT-Clustering-PowerShell,RSAT-Clustering-CmdInterface,RPC-over-HTTP-Proxy,WAS-Process-Model,WAS-Config-APIs

As part of the prerequisites you will need to install the following packages onto the server as well:

UCMA Runtime Install
Visual C++ Redistributable Packages for Visual Studio 2013

Once completed, you can begin the install of Exchange. If this is your first Exchange 2019 Server in your Organization, then you will need to run the following to update the Forest, Schema, and Domain so that Exchange will install properly:

setup.exe /p /IacceptexchangeServerLicenseTerms

1	setup.exe /p /IacceptexchangeServerLicenseTerms

setup.exe /ps /IacceptexchangeServerLicenseTerms

1	setup.exe /ps /IacceptexchangeServerLicenseTerms

setup.exe /pad /IacceptexchangeServerLicenseTerms

1	setup.exe /pad /IacceptexchangeServerLicenseTerms

NOTE: If you run into Prerequisite issues with the installation due to a “pending reboot”, check out my blog post for information on remediation of that issue.

Now that the environment is prepared for Exchange, you can actually begin the installation. I wanted to make my default database and logs folder to be on the Exchange Data volume that I created, so I included those settings in the setup command. Please look at the reference to the setup.exe switches for more information on that. Here is the command:

setup.exe /Mode:Install /IacceptexchangeServerLicenseTerms /Role:Mailbox /DBFilePath:"C:\Exchange\Data\MDB\EX2019-DB01.edb" /LogFolderPath:"C:\Exchange\Data\LOGS" /MdbName:"EX2019-DB01"

1	setup.exe /Mode:Install /IacceptexchangeServerLicenseTerms /Role:Mailbox /DBFilePath:"C:\Exchange\Data\MDB\EX2019-DB01.edb" /LogFolderPath:"C:\Exchange\Data\LOGS" /MdbName:"EX2019-DB01"

Setup should go through the installation via the PowerShell window and complete successfully. Reboot the Exchange Server, then you can then logon to the Exchange Admin Center and begin the process of configuration of how you need to integrate the Mailbox Server into your Server Farm. That configuration is for a later post.

PLEASE CHECK BACK FOR UPDATES!
PLEASE COMMENT!

References:
UCMA Runtime Install
Visual C++ Redistributable Packages for Visual Studio 2013
Install Exchange Server 2019 on Windows Server 2019 Core
Exchange Server Design Planning
Use unattended mode in Exchange Setup
Practical365 on Exchange 2019

Lance LingerfeltMarch 9, 2019

How to transfer FSMO Roles using PowerShell

A rare weekend post for me! HA! I am currently migrating my server environment from VMWare 6.7 to Server 2019 Hyper-V. I have a separate standalone box that I use for my VM backups and as a tertiary DC. Since I had to shut down my VMs in order to convert them, I needed to quickly move my FSMO roles from the DC Virtual Machine to the Standalone box so things would stay running.

I found this great article on how to do that quickly through PowerShell since it is a pain to go into ADUC, ADDT, and setup an MMC for the Schema snap-in.

When you create a domain, all FSMO roles assigned to the first domain controller in the forest by default. You can transfer FSMO roles from one DC to another both the Active Directory graphics snap-ins and the PowerShell command line. Moving FSMO roles using AD PowerShell has the following benefits:

You do not need to connect with a MMC snap-ins to the future role owner;
Transferring or seizing FSMO roles does not require a connection to the current or future role owner. You can run AD-PowerShell module cmdlets on a Windows Client or Server running RSAT Tools;
To seize the FSMO role (if the current owner is not available), it suffices to use an additional parameter -force.

Import the Active Directory Module Into PowerShell:

Import-Module ActiveDirectory

1	Import-Module ActiveDirectory

To get the current forest level FSMO role owners (Domain Naming Master and Schema Master roles) you can use the following PowerShell cmdlet:

Get-ADForest ldlnet.net | ft DomainNamingMaster, SchemaMaster -a -wr

1	Get-ADForest ldlnet.net \| ft DomainNamingMaster, SchemaMaster -a -wr

To view domain-wide FSMO roles (Infrastructure Master, PDC Emulator and Relative Identifier Master roles):

Get-ADDomain ldlnet.net | ft InfrastructureMaster, PDCEmulator, RIDMaster -a -wr

1	Get-ADDomain ldlnet.net \| ft InfrastructureMaster, PDCEmulator, RIDMaster -a -wr

Transfer FSMO Roles using PowerShell

To transfer FSMO roles between Active Directory domain controllers, we use the PowerShell cmdlet:
Move-ADDirectoryServerOperationMasterRole

To use the Move-ADDirectoryServerOperationMasterRole cmdlet, you must meet the following requirements:

There must be at least one DC with a version of Windows Server 2008 R2 or higher
PowerShell version 3.0 or newer
Active Directory module (2.0 or newer)

NOTE: Unlike the Ntdsutil.exe utility, the Move-ADDirectoryServerOperationMasteRole cmdlet can be performed from any domain computer to migrate the Operations Master roles if you have the appropriate rights (Domain admins and Enterprise Admins).

Import the AD Module:

Import-Module ActiveDirectory

1	Import-Module ActiveDirectory

I needed to move all the roles from one server to the other, so, I ran the following to do so:

Move-ADDirectoryServerOperationMasterRole -Identity “servername” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster -Confirm:$False

1	Move-ADDirectoryServerOperationMasterRole -Identity “servername” –OperationMasterRole DomainNamingMaster,PDCEmulator,RIDMaster,SchemaMaster,InfrastructureMaster -Confirm:$False

NOTE: To simplify the command, you can replace the names of roles with numbers from 0 to 4. The correspondence of names and numbers is given in the table:

PDCEmulator	0
RIDMaster	1
InfrastructureMaster	2
SchemaMaster	3
DomainNamingMaster	4

So, by having knowledge of these numbers, you can simplify your cmdlet:

Move-ADDirectoryServerOperationMasterRole -Identity “servername” –OperationMasterRole 0,1,2,3,4 -Confirm:$False

1	Move-ADDirectoryServerOperationMasterRole -Identity “servername” –OperationMasterRole 0,1,2,3,4 -Confirm:$False

NOTE: In the event that the current owner of one or all of the FSMO roles fails, the forced transfer of FSMO roles is performed by the same command, but with the -Force option. Also, after the FSMO roles have been seized, the domain controller from which the roles was seized should never be connected to the domain. You will need to preform a metadata cleanup of the Schema before even thinking about putting that failed server back into production.

Once completed, I ran the previous cmdlets of Get-ADForest and Get-ADDomain to verify that the FSMO roles moved to the destination server.

As of now, my conversion to Hyper-V is going smoothly, although it takes quite a bit of time to convert the hard disks. Thanks again!

HAPPY TROUBLESHOOTING! KEEP SCRIPTING!
PLEASE COMMENT!

Reference:
How To Transfer FSMO Roles Using PowerShell

Lance LingerfeltMarch 5, 2019

Generate Automated E-Mail From Performance Counter Alert

Recently, I was trying to load this IT Blog and noticed that the page took a very long time to load properly. So, first thing I did was logon to my Web Server to check things and saw that the Performance was very slow, almost to a halt. When I was able to pull up Server Manager, I saw the following:

The Performance Alert was pegged at 99+ alerts. I went into the alerts for the performance and saw the following:

My CPU Usage was pegged at 100% for many hours. As I was having issues with the server and could not dig any deeper to find what was running to cause the error other the the w3wp process, I decided to reboot the server.
Rebooting did resolve the issue at hand, but I needed a better way to alert myself when the processor pegged at 95% or more over at least a steady two minute period. That way I could keep the websites going and restart the server if necessary due to an issue with a process pegging the CPU.

I don’t have SCCM or any robust alerting software like we have a my employer, but not to worry, Windows Server has a built in method to generate a task using Task Scheduler when the Performance Counter is above threshold for the time period that you set.

Step 1 – Create your PowerShell Script

The first thing that you need to do is write a Powershell script that when run can send an email. While researching this I discovered many ways to accomplish this task, feel free though to experiment and use what is right for your environment.

Here is an example of a Powershell script that when used in conjunction with Task Scheduler and Perfmon can send an email alert automatically when any user defined performance counter threshold condition is met. In my environment I set this to C:\PowerShell\AlertEMail.ps1

#Alert E-Mail Script to generate an email from PowerShell.
#Created and Modified by Lance Lingerfelt - LDLNET LLC - Life In Action!&#x2122;

#Set your variables
$counter = $Args[0]
$dtandtime = $Args[1]
$ctr_value = $Args[2]
$threshold = $Args[3]
$value = $Args[4]
$FileName="$env:ComputerName"

#Setup the E-Mail Content
$EmailFrom = "servername@domain.com"
$EmailTo = "webadmin@domain.com"
$Subject ="CPU Alert From $FileName"
$Body = "Data and Time of Alert: $dtandtime`nPerfmon Counter: $ctr_value`nThreshold Value: $threshold `nCurrent Value: $value"

#Define your SMTP Server variables. This assumes that you do NOT have to provide credentials to the SMTP Server and that you will send your E-Mail over port 25. Make necessary changes as needed.
$SMTPServer = "mailserver.domain.com"
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)
$SMTPClient.EnableSsl = $false

#Send the actual completed E-Mail
$SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body)

#Alert E-Mail Script to generate an email from PowerShell.

#Created and Modified by Lance Lingerfelt - LDLNET LLC - Life In Action!™

#Set your variables

$counter = $Args[0]

$dtandtime = $Args[1]

$ctr_value = $Args[2]

$threshold = $Args[3]

$value = $Args[4]

$FileName="$env:ComputerName"

#Setup the E-Mail Content

$EmailFrom = "servername@domain.com"

$EmailTo = "webadmin@domain.com"

$Subject ="CPU Alert From $FileName"

$Body = "Data and Time of Alert: $dtandtime`nPerfmon Counter: $ctr_value`nThreshold Value: $threshold `nCurrent Value: $value"

#Define your SMTP Server variables. This assumes that you do NOT have to provide credentials to the SMTP Server and that you will send your E-Mail over port 25. Make necessary changes as needed.

$SMTPServer = "mailserver.domain.com"

$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)

$SMTPClient.EnableSsl = $false

#Send the actual completed E-Mail

$SMTPClient.Send($EmailFrom, $EmailTo, $Subject, $Body)

If you notice, this Powershell script takes four arguments and assigns them to variables used in the output. It also saves the computer name to a variable which is also used as part of the output. By doing this the script can be used to send an email on any Perfmon Alerting Counter and on any server without additional customization of the script.

Step 2 – Setup a Scheduled Task To Be Run

In Task Scheduler we are going to Create a new Task as show in the following screen shots.

Give the Task a name, you will need to remember it for the next step. Make sure the task is run with an administrative account and is run whether the user is logged on or not.

There are no Triggers to setup here. This Task will actually be triggered through the Perfmon Counter Alert we will set up in Step 3.

On the Action tab you want to define a new action. The action will be to Start a Program and use the following inputs, please adjust for your specific environment.

Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add Arguments: -File C:\PowerShell\AlertEMail.ps1 $(Arg0)

Next, set your Conditions and Settings Tabs to the following settings as I did for this purpose. If need be, you might need to set them differently, but these settings should work just fine.

Step 3 – Create the Alert Trigger in Performance Monitor

Open Performance Monitor and Create a new Data Collector Set under Data Collector Sets > User Defined

Name the Alert (This one is for the Processor Usage)

Assign it as a Performance Counter Alert

I needed to monitor the Total % Processor Time for all processors on the server combined, so I set the counter to monitor from the available counters.

I then set the threshold to Alert when the processor is over 95% with Processor Time. I also let it run as the System account, and then saved the settings:

Once you have created the Data Collector Set go into the Properties of it and make sure the Alerting threshold and Sample Interval is set properly for each Performance Counter. Keep in mind, if you sample every 10 seconds then you should expect to receive an email every 10 seconds as long as the performance counter exceeds the threshold you set. I set my Sample Interval to 2 minutes so that if the percentage stays above 95% over that long of a time interval, I should take a look at the server and see what process is pegging the CPU:

If you select the Log an entry in the application event log don’t expect to see any entries in the normal Application event log. It will be written to the Microsoft-Windows-Diagnosis-PLA/Operational log in the Application and Services log directory.

Finally, we have to set an Alert Task that will trigger the Scheduled Task (AlertEMail) that we created in Step 2. You see that we also pass some of the Task arguments which are used by the PowerShell script to customize the email with the exact error condition associated with the Alert:

Once the Data Collector is configured properly you will want to start it.

If you configured everything correctly you should start receiving emails any time that alert threshold is surpassed. I also manually ran the script once from PowerShell with no Argument Data just to make sure the script would generate the email to my E-Mail Address.

Step 4 – Set the Data Collector Set to run upon server startup.

You now have one more step. Whenever you reboot a server the Perfmon Counter Alert will not start automatically. In order to survive a reboot you must run the following at a command prompt.

Note: “Processor Usage Alert” referenced in the script below is the name of my user defined Data Collector Set.

schtasks /create /tn 'Processor Usage Alert' /sc onstart /tr "logman start 'Processor Usage Alert'" /ru system

1	schtasks /create /tn 'Processor Usage Alert' /sc onstart /tr "logman start 'Processor Usage Alert'" /ru system

I now have a simple way to monitor my Web Server should this event happen again with the processor being pegged over a two minute period.

PLEASE COMMENT! I LOVE IMPROVEMENTS TO MY SCRIPTS! HAPPY TROUBLESHOOTING!

Reference:
Setup E-Mail Generation from a Performance Counter Alert

Lance LingerfeltFebruary 26, 2019February 26, 2019

Check Windows Updates Installed via PowerShell

I had an issue last night where a server lost Secure Channel Connection to the PDC Emulator (NETLOGON Event IDs 5719 and 5783). All tests to test the secure channel via PowerShell were failing. (i.e. nltest or Test-ComputerSecureChannel cmdlets) The server essentially needed to be rebooted. I had a dumb dumb in my brain and forgot to check to see if there were any pending Windows Updates, because those need to be installed at the proper time and to a schedule. So, when I ran the following command to reboot:

shutdown.exe /r /t 000 /c "Rebooting DC01 Due To NETLOGON Errors"

1	shutdown.exe /r /t 000 /c "Rebooting DC01 Due To NETLOGON Errors"

The Windows Updates were installed inadvertently which could have caused even more issues if they were NOT approved or caused another failure on the server. TO NOT DO THIS IN THE FUTURE, remember to run the following command to shut off the Windows Update Service BEFORE initiating the reboot of the server:

net stop wuauserv

OR

Stop-Service wuauserv

net stop wuauserv

Stop-Service wuauserv

But, the deed was done. NOW, I had to find out quickly what updates WERE installed via PowerShell so that I could alert the proper folks and give them a heads up on possible issues. Luckily, the server did NOT have any issues and the initial problem with NETLOGON was resolved. Here is the command I ran to find out the installed hotfixes filtered by today’s date:

wmic qfe where "InstalledOn = '2/26/2019'" list full

1	wmic qfe where "InstalledOn = '2/26/2019'" list full

Here was the Output:

Caption=http://support.microsoft.com/?kbid=4480960
CSName=DC01
Description=Security Update
FixComments=
HotFixID=KB4480960
InstallDate=
InstalledBy=NT AUTHORITY\SYSTEM
InstalledOn=2/26/2019
Name=
ServicePackInEffect=
Status=

Caption=http://support.microsoft.com/?kbid=4480965
CSName=DC01
Description=Security Update
FixComments=
HotFixID=KB4480965
InstallDate=
InstalledBy=NT AUTHORITY\SYSTEM
InstalledOn=2/26/2019
Name=
ServicePackInEffect=
Status=

Since there were no issues, I was able to resolve the incident. I did notify the account team though of the inadvertent installation so that they could revert the changes if necessary.

Remember, troubleshooting to resolution is a methodical process, and when in an enterprise environment, you MUST be aware of all factors of change process, even when the resolution is a simple reboot of the affected server.

HAPPY TROUBLESHOOTING!
I LOVE COMMENTS! THANKS FOR READING!

References:
Methods of generating installed updates via PowerShell
Check Windows Update History via PowerShell
Disable or Bypass Windows Update Installation During Reboot/Shutdown of a Server

Lance LingerfeltFebruary 22, 2019February 22, 2019

Website Availability Checker Script

We get alerts from time to time that SharePoint and Skype Websites might not be loading correctly or not at all. The following is a script that will generate a report, with time and date, showing the availability of the websites in question and the time it takes to load them.

First off, you want to create a text file called URLList.txt that will have the list of websites you want to check. I save the file in the C:\PowerShell directory but you can change the path to where you need it. If this happens often, having this list prepared will help you evaluate the environment quickly and allow you to troubleshoot if necessary efficiently.

Here is the script:

##WebsiteChecker.ps1 built by Lance Lingerfelt - LDLNET LLC - Life In Action! E-Mail: lance.lingerfelt@ldlnet.net - Learn, Do, Live!

## Provide the path to the URL list to test 
$URLListFile = "c:\PowerShell\URLList.txt"   
$URLList = Get-Content $URLListFile -ErrorAction SilentlyContinue 
  $Result = @() 
  $booltime = 0
 
##Begin the function cmdlet and define the variables  
  Foreach ($Uri in $URLList) { 
  $time = try{ 
  $request = $null 
  
## Request the URL, and measure how long the response took. 
  $result1 = Measure-Command { $request = Invoke-WebRequest -Uri $uri -UseDefaultCredentials } 
  $result1.Totalseconds 
  $ResultsTime = $result1.TotalSeconds
  if($ResultsTime -gt 0)
    {
    write-host $uri, $ResultsTime
    $booltime++
    write-host $booltime
    }
  }  
  catch 
  { 

## If the request generated an exception (i.e.: 500 server error or 404 not found), we can pull the status code from the Exception.Response property 
   $request = $_.Exception.Response 
   $time = -1 
  }   
  $result += [PSCustomObject] @{ 
  Time = Get-Date; 
  Uri = $uri; 
  StatusCode = [int] $request.StatusCode; 
  StatusDescription = $request.StatusDescription; 
  ResponseLength = $request.RawContentLength; 
  TimeTaken =  $time;  
  } 
 
} 

##Prepare the output report body in HTML format 

if($booltime -gt 0 )
{

if($result -ne $null) 
{ 
    $Outputreport = "<HTML><TITLE>Website Availability Report</TITLE><BODY background-color:peachpuff><font color =""#99000"" face=""Microsoft Table""><H2> Website Availability Report </H2></font><Table border=1 cellpadding=0 cellspacing=0><TR bgcolor=gray align=center><TD><B>URL</B></TD><TD><B>StatusCode</B></TD><TD><B>StatusDescription</B></TD><TD><B>ResponseLength</B></TD><TD><B>TimeTaken</B></TD</TR>" 
    Foreach($Entry in $Result) 
    { 
        if($Entry.StatusCode -ne "200") 
        { 
            $Outputreport += "<TR bgcolor=red>" 
        } 
        else 
        { 
            $Outputreport += "<TR>" 
        } 
        $Outputreport += "<TD>$($Entry.uri)</TD><TD align=center>$($Entry.StatusCode)</TD><TD align=center>$($Entry.StatusDescription)</TD><TD align=center>$($Entry.ResponseLength)</TD><TD align=center>$($Entry.timetaken)</TD></TR>" 
    } 
    $Outputreport += "</Table></BODY></HTML>" 
} 
$Filename = "C:\PowerShell\URLCheck-" + [DateTime]::Now.ToString("yyyyMMdd-HHmmss") + ".htm"
$Outputreport | out-file $Filename

## Open the file for viewing
Invoke-Item $Filename

}

##WebsiteChecker.ps1 built by Lance Lingerfelt - LDLNET LLC - Life In Action! E-Mail: lance.lingerfelt@ldlnet.net - Learn, Do, Live!

## Provide the path to the URL list to test

$URLListFile = "c:\PowerShell\URLList.txt"

$URLList = Get-Content $URLListFile -ErrorAction SilentlyContinue

$Result = @()

$booltime = 0

##Begin the function cmdlet and define the variables

Foreach ($Uri in $URLList) {

$time = try{

$request = $null

## Request the URL, and measure how long the response took.

$result1 = Measure-Command { $request = Invoke-WebRequest -Uri $uri -UseDefaultCredentials }

$result1.Totalseconds

$ResultsTime = $result1.TotalSeconds

if($ResultsTime -gt 0)

{

write-host $uri, $ResultsTime

$booltime++

write-host $booltime

}

catch

{

## If the request generated an exception (i.e.: 500 server error or 404 not found), we can pull the status code from the Exception.Response property

$request = $_.Exception.Response

$time = -1

}

$result += [PSCustomObject] @{

Time = Get-Date;

Uri = $uri;

StatusCode = [int] $request.StatusCode;

StatusDescription = $request.StatusDescription;

ResponseLength = $request.RawContentLength;

TimeTaken = $time;

}

##Prepare the output report body in HTML format

if($booltime -gt 0 )

{

if($result -ne $null)

{

$Outputreport = "<HTML><TITLE>Website Availability Report</TITLE><BODY background-color:peachpuff><font color =""#99000"" face=""Microsoft Table""><H2> Website Availability Report </H2></font><Table border=1 cellpadding=0 cellspacing=0><TR bgcolor=gray align=center><TD><B>URL</B></TD><TD><B>StatusCode</B></TD><TD><B>StatusDescription</B></TD><TD><B>ResponseLength</B></TD><TD><B>TimeTaken</B></TD</TR>"

Foreach($Entry in $Result)

{

if($Entry.StatusCode -ne "200")

{

$Outputreport += "<TR bgcolor=red>"

}

else

{

$Outputreport += "<TR>"

}

$Outputreport += "<TD>$($Entry.uri)</TD><TD align=center>$($Entry.StatusCode)</TD><TD align=center>$($Entry.StatusDescription)</TD><TD align=center>$($Entry.ResponseLength)</TD><TD align=center>$($Entry.timetaken)</TD></TR>"

}

$Outputreport += "</Table></BODY></HTML>"

}

$Filename = "C:\PowerShell\URLCheck-" + [DateTime]::Now.ToString("yyyyMMdd-HHmmss") + ".htm"

$Outputreport | out-file $Filename

## Open the file for viewing

Invoke-Item $Filename

}

Here is your output:

HAPPY TROUBLESHOOTING!
MAKE THIS SITE BETTER!
PLEASE COMMENT!

Lance LingerfeltFebruary 21, 2019

Moving mailboxes to O365 via PowerShell in Hybrid Configuration

As many of you have knowledge, I am studying for my MS-202 Exam. And, part of the knowledge needed is to be able to migrate mailboxes between on premises and Exchange Online through PowerShell. Here are the steps for the scenario to move a mailbox from on premises to O365:

1. Connect to Exchange Online via PowerShell

If you have read my previous post: Connect to All PowerShell Modules in O365 with one script
You should have all the settings needed to connect your PowerShell to O365. Note in this scenario, that all these cmdlets will be run from O365 PowerShell and will be monitored from O365 by either PowerShell or the Exchange Admin Center. You will not be able to monitor the moves from On-Premises.

2. Provide your on premises Migration Administrator credentials as a variable for your cmdlet.

$OnPremCred = Get-Credential -Message "Enter the On Premises Exchange Migration Admin account creds"

1	$OnPremCred = Get-Credential -Message "Enter the On Premises Exchange Migration Admin account creds"

3. Move a single mailbox.

In your hybrid configuration you should be doing directory sync with O365/Azure and the accounts should be available in the cloud showing that they are synced with AD. This also assumes that you have your MRS Proxy endpoint enabled, which can be done by the HCW. Also, make sure you have your licensing available for your mailboxes. From my knowledge, you can assign your license to the account in the cloud before moving, especially if you have a particular license that you need to assign the account. Other than that, moving the mailbox will assign an existing license that is available that includes an Exchange Online mailbox feature when the mailbox is moved.
Now we initiate the move with the cmdlet. Similar to what you would do in the GUI, this simple mailbox move cmdlet initiates the move request. It has most of the same parameters as a local move request including BadItemLimit, LargeItemLimit, AcceptLargeDataLoss, etc…

Use the following LINK for documentation on the New-MoveRequest cmdlet.

#Set the identity of the mailbox being moved
$user = Read-Host "Enter the alias or E-Mail Address of the user being migrated: "

#Next Run the cmdlet for the New Mailbox Move Request
New-MoveRequest -Identity $user -remote -RemoteHostName (hybridURL) -TargetDeliveryDomain companyname.mail.onmicrosoft.com -RemoteCredential $OnPremCred -AcceptLargeDataLoss -BadItemLimit 500 -LargeItemLimit 100 -BatchName "$user Mailbox Move to O365"

#Get the status of the mailbox move to completion
Get-MoveRequest | ? {$_.alias -eq "$user"} | Get-MoveRequestStatistics | fl

#Set the identity of the mailbox being moved

$user = Read-Host "Enter the alias or E-Mail Address of the user being migrated: "

#Next Run the cmdlet for the New Mailbox Move Request

New-MoveRequest -Identity $user -remote -RemoteHostName (hybridURL) -TargetDeliveryDomain companyname.mail.onmicrosoft.com -RemoteCredential $OnPremCred -AcceptLargeDataLoss -BadItemLimit 500 -LargeItemLimit 100 -BatchName "$user Mailbox Move to O365"

#Get the status of the mailbox move to completion

Get-MoveRequest | ? {$_.alias -eq "$user"} | Get-MoveRequestStatistics | fl

Now with all migration projects, we expect to have to move multiple mailboxes in a single batch. The following will show the process for moving mailboxes in bulk from on premises to O365:

2. Provide your on premises Migration Administrator credentials as a variable for your cmdlet.

$OnPremCred = Get-Credential -Message "Enter the On Premises Exchange Migration Admin account creds"

1	$OnPremCred = Get-Credential -Message "Enter the On Premises Exchange Migration Admin account creds"

3. Move multiple mailboxes in a single batch.

In your hybrid configuration you should be doing directory sync with O365/Azure and the accounts should be available in the cloud showing that they are synced with AD. This also assumes that you have your MRS Proxy endpoint enabled, which can be done by the HCW. Also, make sure you have your licensing available for your mailboxes. From my knowledge, you can assign your license to the account in the cloud before moving, especially if you have a particular license that you need to assign the account. Other than that, moving the mailbox will assign an existing license that is available that includes an Exchange Online mailbox feature when the mailbox is moved.

This time you want to create a CSV file using the alias or emailaddress as your header and then list the appropriate value for all the users in your batch group. Save the file locally as MigrationBatch01.csv or a name of your choice.

Next you initiate the mailbox moves. When specifying the mailbox identity in the cmdlet, use the respective header in your variable declaration (either $user.EMailAddress OR $user.Alias)

Use the following LINK for documentation on the New-MoveRequest cmdlet.

#Import the CSV into the variable state
$mailboxes = Import-CSV C:\Migration\MigrationBatch01.csv

#Next Run the cmdlet for the New Mailbox Move Request to move each mailbox
foreach ($user in $mailboxes) { New-MoveRequest -Identity $user.EMailAddress -remote -RemoteHostName (hybridURL) -TargetDeliveryDomain companyname.mail.onmicrosoft.com -RemoteCredential $OnPremCred -AcceptLargeDataLoss -BadItemLimit 500 -LargeItemLimit 100 -BatchName "Migration Batch 01 Moves to O365" }

#Get the status of the mailbox moves in the batch to completion
Get-MoveRequest | ? {$_.batchname -like "Migration Batch 01 Moves to O365"} | Get-MoveRequestStatistics | ft -a -wr

#Import the CSV into the variable state

$mailboxes = Import-CSV C:\Migration\MigrationBatch01.csv

#Next Run the cmdlet for the New Mailbox Move Request to move each mailbox

foreach ($user in $mailboxes) { New-MoveRequest -Identity $user.EMailAddress -remote -RemoteHostName (hybridURL) -TargetDeliveryDomain companyname.mail.onmicrosoft.com -RemoteCredential $OnPremCred -AcceptLargeDataLoss -BadItemLimit 500 -LargeItemLimit 100 -BatchName "Migration Batch 01 Moves to O365" }

#Get the status of the mailbox moves in the batch to completion

Get-MoveRequest | ? {$_.batchname -like "Migration Batch 01 Moves to O365"} | Get-MoveRequestStatistics | ft -a -wr

GOOD LUCK WITH YOUR MIGRATIONS!
HAPPY TROUBLESHOOTING!

References:
Moving Individual Mailboxes to O365
Move Mailboxes in Bulk to O365
PowerShell Mailbox Migration to O365
Connect to all PowerShell Modules in O365 with one script
New-MoveRequest Microsoft Document

Lance LingerfeltFebruary 19, 2019February 20, 2019

Exchange DAG Replication Problem: An established connection was aborted by the software in your host machine

I had an issue with a four node DAG where the DR site with two of the DAG members were having replication issues. It was only technically affecting one DAG Member though. The copy queue length was really high and the logs were not committing to the database. A Test-ReplicationHealth cmdlet test told that the copy queue length for the affected database copy was high. No other databases were affected as there were eight databases on this DAG Node. The issue was that the log files were not replicating properly to the one DAG member for that database, causing the log file drives on all the other DAG members to build and become full:

EX04 DAG member has high Copy Queue Length

The purple member (EX04) free space is different from the other three DAG members

Circular Logging was turned on, but since the db was NOT in sync, the logs could NOT truncate properly which rendered CL useless. What was being done to stave the issue was to suspend the database copy of the affected DAG member (EX04), then resume the copy. The logs would replay and commit to the database copy on the DAG member, but over a short period of time, the same issue would arise again, as shown in this graph:

You can see the other DAG members start dropping in free space

There were absolutely no errors in the Event Viewer showing this replication issue. After some research, I ran the following cmdlet showing a particular output parameter that gave me the actual problem:

Get-MailboxDatabaseCopyStatus DAG1DB01 | ft -a -wr Name, Status, IncomingLogCopyingNetwork

Output with the actual error listed for the DR DAG members.

The operative error here was: {An error occurred while communicating with server ‘EX01’. Error: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine.}

Now even though only EX04 was actually having problems with its log replication, both DR members EX03 & EX04 were having the same problem. Again, there were NO events in event viewer showing this issue. I next did some connectivity tests to EX01 from EX04 even though the error said there was an established connection that was broken.

Ping EX01 -f -l 1472

Now the -f states do NOT fragment the packet and send it as a whole to the destination.
The -l states the packet/buffer size you want sent. In this case 1472 bits.
By doing this, you are able to assure that a router or switch is NOT segmenting the packets, packet segmentation of replication logs can cause data corruption and replication issues.

That test passed successfully. I also did a trace route to assure there was no packet loss on the route to the replicating server. That test passed successfully.

I next checked the DAG Network to assure that all networks were working for replication. Now, in this scenario, there was only ONE DAG Network, there was NOT a separate Replication Network. I did not design the DAG and limitations most likely came into play during the design. From my experience, you setup a separate replication network for replication only, but if your network has enough bandwidth, and the design calls for simplification, you can use one DAG network in your design.

Get-DatabaseAvailabilityGroupNetwork | fl

RunspaceId : a1600003-8074-4000-9150-c7800000207f
Name : MapiDagNetwork
Description :
Subnets : {{192.168.1.0/24,Up}, {192.168.2.0/24,Up}}
Interfaces : {{EX01,Up,192.168.1.25}, {EX02,Up,192.168.1.26},{EX03,Up,192.168.2.25}, {EX04,Up,192.168.2.26}}
MapiAccessEnabled : True
ReplicationEnabled : True
IgnoreNetwork : False
Identity : DAG1\MapiDagNetwork
IsValid : True
ObjectState : New

All the DAG Network Members were up and not showing errors. I next did a telnet session to EX01 over the default DAG replication port 64327 to see if there would be any connectivity issues to EX01:

telnet EX01 64327

That test was successful and there were no connectivity issues to EX01 from EX04. Again, there was only ONE database out of eight that was having replication problems. After mulling over the problem, it was decided to restart the MSExchangeRepl service on EX03 AND EX04 since the error was present on both DAG members. We would then, suspend the database copy and resume the database copy on the affected servers.

Run on EX03:
Restart-Service MSExchangeRepl
Suspend-MailboxDatabaseCopy DAG1DB01/EX03 -Confirm:$False
Resume-MailboxDatabaseCopy DAG1DB01/EX03 -Confirm:$False

Run on EX04:
Restart-Service MSExchangeRepl
Suspend-MailboxDatabaseCopy DAG1DB01/EX04 -Confirm:$False
Resume-MailboxDatabaseCopy DAG1DB01/EX04 -Confirm:$False

After monitoring the databases and log drives, the issue was resolved and replication started functioning properly.

Log Drive Available Space Returned to Normal for DAG members

PLEASE COMMENT! I WELCOME SUGGESTIONS, TIPS, ALTERNATIVE TROUBLESHOOTING! HAVE A GREAT DAY!

Lance LingerfeltFebruary 6, 2019

Checking Drive Space Volumes for DAG DB members through PowerShell

I had received a weird alert for a DB volume for a DAG member being below threshold. This was odd to me due to the fact that there were four DAG members and we only received an alert for one. I went into Azure Log Analytics and ran the following query to render a graph for the past 14 days showing the percent free space of the volume for all the DAG members.

Thanks Georges Moua for the query script!

let PerfCutoff = ago(14d);
let inst = "C:\\ExchangeDB\\DAG1DB001\\DB";
search *
| where TimeGenerated > PerfCutoff
| where Name_s == "PercentFreeSpace"
| where InstanceName_s contains inst
| sort by TimeGenerated desc
| project Resource,Company_s,InstanceName_s,PercentFreeSpace=Value_d,TimeGenerated
| render timechart

let PerfCutoff = ago(14d);

let inst = "C:\\ExchangeDB\\DAG1DB001\\DB";

search *

| where TimeGenerated > PerfCutoff

| where Name_s == "PercentFreeSpace"

| where InstanceName_s contains inst

| sort by TimeGenerated desc

| project Resource,Company_s,InstanceName_s,PercentFreeSpace=Value_d,TimeGenerated

| render timechart

Now the reason I can run the query this way is due to the fact that the Design of the DAG was correctly done and the DB folders are identical on all DAG members. The query rendered the following chart:

As you can see the *Green* DAG member is way below the other DAG members.

I next went to an Exchange Server in the DAG and got the volume data for all the members in the DAG:

$Svrs = Get-MailboxDatabaseCopyStatus DAG1DB001 | Select-Object MailboxServer | Sort-Object MailboxServer 

foreach ($Svr in $Svrs) { $Svr.MailboxServer ; Get-WmiObject -ComputerName $Svr.MailboxServer Win32_Volume | ? {$_.Name -like "*DAG1DB001\DB*"} | select Name,FileSystem,FreeSpace,BlockSize,Capacity | % {$_.BlockSize=(($_.FreeSpace)/($_.Capacity))*100;$_.FreeSpace=($_.FreeSpace/1GB);$_.Capacity=($_.Capacity/1GB);$_} | Sort-Object Name | Format-Table Name,@{n='Free,GB';e={'{0:N2}'-f $_.FreeSpace}},@{n='Free,%';e={'{0:N2}'-f $_.BlockSize}},@{n='Capacity,GB';e={'{0:N3}' -f $_.Capacity}},@{n='FS';e={$_.FileSystem}} -AutoSize }

$Svrs = Get-MailboxDatabaseCopyStatus DAG1DB001 | Select-Object MailboxServer | Sort-Object MailboxServer

foreach ($Svr in $Svrs) { $Svr.MailboxServer ; Get-WmiObject -ComputerName $Svr.MailboxServer Win32_Volume | ? {$_.Name -like "*DAG1DB001\DB*"} | select Name,FileSystem,FreeSpace,BlockSize,Capacity | % {$_.BlockSize=(($_.FreeSpace)/($_.Capacity))*100;$_.FreeSpace=($_.FreeSpace/1GB);$_.Capacity=($_.Capacity/1GB);$_} | Sort-Object Name | Format-Table Name,@{n='Free,GB';e={'{0:N2}'-f $_.FreeSpace}},@{n='Free,%';e={'{0:N2}'-f $_.BlockSize}},@{n='Capacity,GB';e={'{0:N3}' -f $_.Capacity}},@{n='FS';e={$_.FileSystem}} -AutoSize }

EX02’s volume free space is far below the other DAG members

I went on EX02 and found that there was a subfolder named “Restore” that was not present on the other servers. I ran the following script to get the size of that folder in GB:

Write-Host ; $Folder = "{0:N2}" -f ( ( Get-ChildItem '\\EX02\DAG1DB001\DB\Restore' -Recurse -Force | Measure-Object -Property Length -Sum ).Sum / 1GB ) ; Write-Host "Folder Size Is: $Folder GB" -ForegroundColor Green

1	Write-Host ; $Folder = "{0:N2}" -f ( ( Get-ChildItem '\\EX02\DAG1DB001\DB\Restore' -Recurse -Force \| Measure-Object -Property Length -Sum ).Sum / 1GB ) ; Write-Host "Folder Size Is: $Folder GB" -ForegroundColor Green

The folder size was 185 GB. Removing that folder, along with all subfolders/files, would balance the free space to the other DAG members. I ran the following cmdlet to remove the folder and all subfolders/files:

Remove-Item '\\EX02\DAG1DB001\DB\Restore' -recurse -force

1	Remove-Item '\\EX02\DAG1DB001\DB\Restore' -recurse -force

This remediated the alert and balanced the drive space across all DAG members.

POST YOUR COMMENTS OR QUESTIONS!
HAPPY TROUBLESHOOTING!

Lance LingerfeltFebruary 1, 2019February 17, 2019

What the Hybrid Configuration Wizard Performs in the background and configuring Hybrid Co-Existence with Exchange Online

I’m working on getting certified in Exchange Hybrid Scenarios and Exchange Online configuration as part of my skill set for Exchange. In doing so, I had successfully implemented a complete Full Hybrid Exchange Environment between my Exchange Online Tenant and my On Premises Exchange 2019 Environment last evening.

I wanted to give an update that was posted to my LinkedIn Posting on this. Thank you Brian Day for the vote of confidence and caution that running these cmdlets manually is not supported by Microsoft and that the HCW, like all the Online Microsoft Products, is constantly changing and being updated.

As preparation, I bought some Exchange Online Plan 1 licenses which give me a 50 GB mailbox limit and basic mailbox functionality. It does not include the more advanced features such as ATP, or DLP. I am running most of those features through my On Premises Environment. I mainly wanted to be able to place mailboxes in the cloud and have a hybrid setup. My plan was to have mail flow continue through my On Premises environment so that my Exchange Server features would be used and I would not have to change any MX or SPF records. I also had my certificates in place for SSL and OWA so I would want keep mail flow routed that way, through on premises. I do want to be able to have Free/Busy lookups cross-premise so federation would have to be enabled as well. I would also have to enable the MRS proxy on my Exchange Server so that mailbox migration could be implemented cross-premise. I also have previously configured Azure AD Sync along with ADFS for Single Sign On. In my case, another server was not needed as I didn’t have enough mailboxes or real need to split my frontend and backend deployment. Running the Hybrid Configuration Wizard would not open any new ports or change any existing port traffic that was already configured on my firewall. These are just a few of the considerations that need to be looked at when considering a hybrid integration.

Here is a great article to read for the prerequisites
Exchange Hybrid Deployment Pre-requisites

So, once I had all those considerations handled in my design, I ran the Hybrid Configuration Wizard. What I want to do in this blog post is to go through the steps that the wizard does in the background to setup the Hybrid Environment as you go through the Wizard.

I mainly used the following blog post as a reference, but have approached it differently by diving into the cmdlets that are run during the process:

Exchange/Office 365 Hybrid Configuration Wizard – step by step guide

1. The HCW validates the On-premises and Online Exchange Connection.

The Hybrid Configuration Wizard checks if it is possible to connect to both servers with PowerShell. It runs the Get-ExchangeServer cmdlet on premises after resolving the server in DNS. It then connects to Exchange Online, authorizing the connection:

Authority=https://login.windows.net/common Resource=https://outlook.office365.com ClientId=abcdefgh-a123-4566-9abc-2bdflancelin

2. The HCW collects data about Exchange configuration from the on-premises Active Directory

The Wizard gathers information about the local domain. In order to do that, the HCW executes a series of cmdlets.

These include, in order:

Get-MailboxDatabase -IncludePreExchange2013: $true

Get-OrganizationConfig

Get-HybridConfiguration

Get-AcceptedDomain

Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo: $false

Get-FederationTrust

Get-WebServicesVirtualDirectory -ADPropertiesOnly: $true

Get-RemoteDomain

Get-MailboxDatabase -IncludePreExchange2013: $true

Get-OrganizationConfig

Get-HybridConfiguration

Get-AcceptedDomain

Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo: $false

Get-FederationTrust

Get-WebServicesVirtualDirectory -ADPropertiesOnly: $true

Get-RemoteDomain

3. The HCW collects information on the Exchange online (Office 365) configuration

This task repeats what has been done in the previous step, only for the Exchange online, instead of the on-premises one.

The cmdlets include, in order:

Get-OrganizationConfig

Get-OnPremisesOrganization

Get-AcceptedDomain

Get-MigrationEndpoint

Get-OrganizationConfig

Get-OnPremisesOrganization

Get-AcceptedDomain

Get-MigrationEndpoint

4. Federation Trust is determined. If not present, a new Federation Trust and the required certificate will be created on the local Exchange Server

You will be prompted in the Wizard to create a Federation Trust if not present. The following articles explain Federation and its requirements:

Understanding Federation – Link Here
Understanding Federated Delegation – Link Here
Create a Federation Trust – Link Here

If the activity is finished successfully, a new certificate should appear on the on-premises Exchange Certificates list. The new certificate includes “Federation” in its Subject field. To make sure the certificate is there, you can run a cmdlet: Get-ExchangeCertificate | ft -a -wr

5. The HCW creates a new Hybrid Configuration Object in the local Active Directory

The HCW will run cmdlets based on the information you provide in the HCW for the certificate, the on premises Exchange Server, the domain(s), and what features you want turned on:

New-HybridConfiguration -Name 'Hybrid Configuration'

Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null -Domains 'ldlnet.net' -OnPremisesSmartHost 'mail.ldlnet.net' -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated' -SendingTransportServers EX01 -ReceivingTransportServers EX01 -EdgeTransportServers $null -Features FreeBusy,MoveMailbox,Mailtips,MessageTracking,OwaRedirection,OnlineArchive,SecureMail,CentralizedTransport,Photos

New-HybridConfiguration -Name 'Hybrid Configuration'

Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null -Domains 'ldlnet.net' -OnPremisesSmartHost 'mail.ldlnet.net' -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated' -SendingTransportServers EX01 -ReceivingTransportServers EX01 -EdgeTransportServers $null -Features FreeBusy,MoveMailbox,Mailtips,MessageTracking,OwaRedirection,OnlineArchive,SecureMail,CentralizedTransport,Photos

It then checks the settings through the following cmdlets:

Get-OrganizationConfig

Get-AcceptedDomain

Get-RemoteDomain

Get-OrganizationConfig

Get-AcceptedDomain

Get-RemoteDomain

It then enables Organization Customization for both environments through this cmdlet:

Enable-OrganizationCustomization

1	Enable-OrganizationCustomization

6. Configuration is then completed to modify the settings on the on premises Exchange environment

EmailAddressPolicy – HCW adds address @tenant.mail.onmicrosoft.com
The HCW configures remote domains – adds tenant.mail.onmicrosoft.com and tenant.onmicrosoft.com
The HCW adds a new accepted domain – adds tenant.mail.onmicrosoft.com

Some of the cmdlets run:

Set-EmailAddressPolicy -Identity 'ldlnet.net' -ForceUpgrade: $true -EnabledEmailAddressTemplates 'smtp:%1g%s@ldlnet.net','SMTP:%g.%s@ldlnet.net','smtp:%m@LDLNET.mail.onmicrosoft.com'

Update-EmailAddressPolicy -Identity 'ldlnet.net' -UpdateSecondaryAddressesOnly: $true

New-RemoteDomain -Name 'Hybrid Domain - LDLNET.mail.onmicrosoft.com' -DomainName 'LDLNET.mail.onmicrosoft.com'

Set-RemoteDomain -TargetDeliveryDomain: $true -Identity 'Hybrid Domain - LDLNET.mail.onmicrosoft.com'

New-RemoteDomain -Name 'Hybrid Domain - LDLNET.onmicrosoft.com' -DomainName 
'LDLNET.onmicrosoft.com'

Set-RemoteDomain -TrustedMailInboundEnabled: $true -Identity 'Hybrid Domain - LDLNET.onmicrosoft.com'

New-AcceptedDomain -DomainName 'LDLNET.mail.onmicrosoft.com' -Name 'LDLNET.mail.onmicrosoft.com'

Set-EmailAddressPolicy -Identity 'ldlnet.net' -ForceUpgrade: $true -EnabledEmailAddressTemplates 'smtp:%1g%s@ldlnet.net','SMTP:%g.%s@ldlnet.net','smtp:%m@LDLNET.mail.onmicrosoft.com'

Update-EmailAddressPolicy -Identity 'ldlnet.net' -UpdateSecondaryAddressesOnly: $true

New-RemoteDomain -Name 'Hybrid Domain - LDLNET.mail.onmicrosoft.com' -DomainName 'LDLNET.mail.onmicrosoft.com'

Set-RemoteDomain -TargetDeliveryDomain: $true -Identity 'Hybrid Domain - LDLNET.mail.onmicrosoft.com'

New-RemoteDomain -Name 'Hybrid Domain - LDLNET.onmicrosoft.com' -DomainName

'LDLNET.onmicrosoft.com'

Set-RemoteDomain -TrustedMailInboundEnabled: $true -Identity 'Hybrid Domain - LDLNET.onmicrosoft.com'

New-AcceptedDomain -DomainName 'LDLNET.mail.onmicrosoft.com' -Name 'LDLNET.mail.onmicrosoft.com'

7. The HCW Configures the Organization Relationship between the local server and the cloud.

This configuration is not necessary in minimal hybrid deployment. Since I have a full hybrid deployment configured, the cmdlets were run as needed to configure it. Thanks to the correct configuration, it is possible to synchronize free/busy status of mailboxes and their elements between the on-premises Exchange Environment and Exchange online.

Some of the cmdlets run in the process:

Get-FederationTrust

Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo: $false

Get-FederationInformation -DomainName 'LDLNET.mail.onmicrosoft.com' -BypassAdditionalDomainValidation: $true

Get-OrganizationConfig

Get-OrganizationRelationship

Set-FederatedOrganizationIdentifier -DefaultDomain 'LDLNET.mail.onmicrosoft.com' -Enabled: $true

New-OrganizationRelationship -Name 'On-premises to O365 - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -TargetApplicationUri 'outlook.com' -TargetAutodiscoverEpr 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity' -Enabled: $true -DomainNames 'LDLNET.mail.onmicrosoft.com'

New-OrganizationRelationship -Name 'O365 to On-premises - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -TargetApplicationUri 'FYDIBOHF25SPDLT.ldlnet.net' -TargetAutodiscoverEpr 'https://autodiscover.ldlnet.net/autodiscover/autodiscover.svc/WSSecurity' -Enabled: $true -DomainNames 'ldlnet.net'

Set-OrganizationRelationship -MailboxMoveEnabled: $true -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -ArchiveAccessEnabled: $true -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'http://outlook.com/owa/LDLNET.onmicrosoft.com' -Identity 'On-premises to O365 - 48e7bec9-404c-4d24-b59e-4b46b64d7e03'

Set-OrganizationRelationship -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'https://mail.ldlnet.net/owa' -Identity 'O365 to On-premises - 48e7bec9-404c-4d24-b59e-4b46b64d7e03'

Add-AvailabilityAddressSpace -ForestName 'LDLNET.mail.onmicrosoft.com' -AccessMethod InternalProxy -UseServiceAccount: $true -ProxyUrl 'https://mail.ldlnet.net/EWS/Exchange.asmx'

Get-FederationTrust

Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo: $false

Get-FederationInformation -DomainName 'LDLNET.mail.onmicrosoft.com' -BypassAdditionalDomainValidation: $true

Get-OrganizationConfig

Get-OrganizationRelationship

Set-FederatedOrganizationIdentifier -DefaultDomain 'LDLNET.mail.onmicrosoft.com' -Enabled: $true

New-OrganizationRelationship -Name 'On-premises to O365 - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -TargetApplicationUri 'outlook.com' -TargetAutodiscoverEpr 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity' -Enabled: $true -DomainNames 'LDLNET.mail.onmicrosoft.com'

New-OrganizationRelationship -Name 'O365 to On-premises - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -TargetApplicationUri 'FYDIBOHF25SPDLT.ldlnet.net' -TargetAutodiscoverEpr 'https://autodiscover.ldlnet.net/autodiscover/autodiscover.svc/WSSecurity' -Enabled: $true -DomainNames 'ldlnet.net'

Set-OrganizationRelationship -MailboxMoveEnabled: $true -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -ArchiveAccessEnabled: $true -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'http://outlook.com/owa/LDLNET.onmicrosoft.com' -Identity 'On-premises to O365 - 48e7bec9-404c-4d24-b59e-4b46b64d7e03'

Set-OrganizationRelationship -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'https://mail.ldlnet.net/owa' -Identity 'O365 to On-premises - 48e7bec9-404c-4d24-b59e-4b46b64d7e03'

Add-AvailabilityAddressSpace -ForestName 'LDLNET.mail.onmicrosoft.com' -AccessMethod InternalProxy -UseServiceAccount: $true -ProxyUrl 'https://mail.ldlnet.net/EWS/Exchange.asmx'

8. The HCW and setting connectors on both Exchange servers

The HCW checks to see if the connectors are there, if not, it sets them up. During this workflow, four connectors are set – one receive and one send connector for each server. Those connectors guarantee the mail flow between the on-premises and Exchange Online.

Some of the cmdlets run in the process:

Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null

New-SendConnector -Name 'Outbound to Office 365' -AddressSpaces 'smtp:LDLNET.mail.onmicrosoft.com;1' -DNSRoutingEnabled: $true -ErrorPolicies Default -Fqdn 'mail.ldlnet.net' -RequireTLS: $true -IgnoreSTARTTLS: $false -SourceTransportServers EX2019 -SmartHosts $null -TLSAuthLevel DomainValidation -DomainSecureEnabled: $false -TLSDomain 'mail.protection.outlook.com' -CloudServicesMailEnabled: $true -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated'

Set-ReceiveConnector -AuthMechanism 'Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer' -Bindings '[::]:25','0.0.0.0:25' -Fqdn 'EX2019.ldlnet.local' -PermissionGroups 'AnonymousUsers, ExchangeServers, ExchangeLegacyServers' -RemoteIPRanges '::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff','0.0.0.0-255.255.255.255' -RequireTLS: $false -TLSDomainCapabilities 'mail.protection.outlook.com:AcceptCloudServicesMail' -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated' -TransportRole FrontendTransport -Identity 'EX2019\Default Frontend EX2019'

New-InboundConnector -Name 'Inbound from 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -CloudServicesMailEnabled: $true -ConnectorSource HybridWizard -ConnectorType OnPremises -RequireTLS: $true -SenderDomains '' -SenderIPAddresses $null -RestrictDomainsToIPAddresses: $false -TLSSenderCertificateName '.ldlnet.net' -AssociatedAcceptedDomains $null

New-OutboundConnector -Name 'Outbound to 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -RecipientDomains '*' -SmartHosts 'mail.ldlnet.net' -ConnectorSource HybridWizard -ConnectorType OnPremises -TLSSettings DomainValidation -TLSDomain 'mail.ldlnet.net' -CloudServicesMailEnabled: $true -RouteAllMessagesViaOnPremises: $true -UseMxRecord: $false -IsTransportRuleScoped: $false

Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null

New-SendConnector -Name 'Outbound to Office 365' -AddressSpaces 'smtp:LDLNET.mail.onmicrosoft.com;1' -DNSRoutingEnabled: $true -ErrorPolicies Default -Fqdn 'mail.ldlnet.net' -RequireTLS: $true -IgnoreSTARTTLS: $false -SourceTransportServers EX2019 -SmartHosts $null -TLSAuthLevel DomainValidation -DomainSecureEnabled: $false -TLSDomain 'mail.protection.outlook.com' -CloudServicesMailEnabled: $true -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated'

Set-ReceiveConnector -AuthMechanism 'Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer' -Bindings '[::]:25','0.0.0.0:25' -Fqdn 'EX2019.ldlnet.local' -PermissionGroups 'AnonymousUsers, ExchangeServers, ExchangeLegacyServers' -RemoteIPRanges '::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff','0.0.0.0-255.255.255.255' -RequireTLS: $false -TLSDomainCapabilities 'mail.protection.outlook.com:AcceptCloudServicesMail' -TLSCertificateName 'CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=USCN=mail.ldlnet.net, OU=Domain Control Validated' -TransportRole FrontendTransport -Identity 'EX2019\Default Frontend EX2019'

New-InboundConnector -Name 'Inbound from 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -CloudServicesMailEnabled: $true -ConnectorSource HybridWizard -ConnectorType OnPremises -RequireTLS: $true -SenderDomains '' -SenderIPAddresses $null -RestrictDomainsToIPAddresses: $false -TLSSenderCertificateName '.ldlnet.net' -AssociatedAcceptedDomains $null

New-OutboundConnector -Name 'Outbound to 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -RecipientDomains '*' -SmartHosts 'mail.ldlnet.net' -ConnectorSource HybridWizard -ConnectorType OnPremises -TLSSettings DomainValidation -TLSDomain 'mail.ldlnet.net' -CloudServicesMailEnabled: $true -RouteAllMessagesViaOnPremises: $true -UseMxRecord: $false -IsTransportRuleScoped: $false

The Intra-Organization is set as well:

Get-IntraOrganizationConfiguration -OrganizationGuid '48e7bec9-404c-4d24-b59e-4b46b64d7e03'

New-IntraOrganizationConnector -Name 'HybridIOC - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -DiscoveryEndpoint 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -TargetAddressDomains 'LDLNET.mail.onmicrosoft.com' -Enabled: $true

New-IntraOrganizationConnector -Name 'HybridIOC - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -DiscoveryEndpoint 'https://mail.ldlnet.net/autodiscover/autodiscover.svc' -TargetAddressDomains 'ldlnet.net' -Enabled: $true

Get-IntraOrganizationConfiguration -OrganizationGuid '48e7bec9-404c-4d24-b59e-4b46b64d7e03'

New-IntraOrganizationConnector -Name 'HybridIOC - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -DiscoveryEndpoint 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -TargetAddressDomains 'LDLNET.mail.onmicrosoft.com' -Enabled: $true

New-IntraOrganizationConnector -Name 'HybridIOC - 48e7bec9-404c-4d24-b59e-4b46b64d7e03' -DiscoveryEndpoint 'https://mail.ldlnet.net/autodiscover/autodiscover.svc' -TargetAddressDomains 'ldlnet.net' -Enabled: $true

9. The HCW configures OAuth Authentication across the Hybrid

This LINK explains how OAuth is configured between Exchange On Premises and Exchange Online. It’s a very good article to read as it shows how to get the Modern Authentication style working. Now the HCW does this for you and at the end of the article, you can run cmdlets to test the validity of the configuration.

If you want to go into a deep dive about how the Hybrid Authentication works, see the following:
Deep Dive Into Hybrid Authentication – from the MS Exchange Team Blog

Here are some of cmdlets run during this process workflow:

Get-AuthConfig

Get-ExchangeCertificate -Thumbprint F6C56C57EA7C86C3963FXXXXXXXXXXXXXXXXXXX

Get-ActiveSyncVirtualDirectory -ADPropertiesOnly: $true

Get-PartnerApplication -Identity 'Exchange Online'

Set-PartnerApplication -Identity 'Exchange Online' -Enabled: $true

New-AuthServer -Name ACS -AuthMetadataUrl 'https://accounts.accesscontrol.windows.net/663cad0b-70f7-42a5-b411-9d63337f0130/metadata/json/1'

Get-AuthServer

New-AuthServer -Name EvoSts -AuthMetadataUrl 'https://login.windows.net/LDLNET.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml' -Type AzureAD

Get-AuthConfig

Get-ExchangeCertificate -Thumbprint F6C56C57EA7C86C3963FXXXXXXXXXXXXXXXXXXX

Get-ActiveSyncVirtualDirectory -ADPropertiesOnly: $true

Get-PartnerApplication -Identity 'Exchange Online'

Set-PartnerApplication -Identity 'Exchange Online' -Enabled: $true

New-AuthServer -Name ACS -AuthMetadataUrl 'https://accounts.accesscontrol.windows.net/663cad0b-70f7-42a5-b411-9d63337f0130/metadata/json/1'

Get-AuthServer

New-AuthServer -Name EvoSts -AuthMetadataUrl 'https://login.windows.net/LDLNET.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml' -Type AzureAD

Again, look at both of those links to get a little more detail as to what each cmdlet does and how it sets up OAuth. Here are the two cmdlets used to test OAuth:

Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox onprem@ldlnet.net -Verbose | fl

1	Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox onprem@ldlnet.net -Verbose \| fl

Test-OAuthConnectivity -Service EWS -TargetUri https://mail.ldlnet.net/metadata/json/1 -Mailbox ExOnlineMbx@ldlnet.net -Verbose | fl

1	Test-OAuthConnectivity -Service EWS -TargetUri https://mail.ldlnet.net/metadata/json/1 -Mailbox ExOnlineMbx@ldlnet.net -Verbose \| fl

10. Enable MRS Proxy for Migration

In order to be able to move mailboxes between Exchange On Premises and Exchange Online, you have to enable the Exchange Web Services Virtual Directory to use the MRSProxy (Microsoft Replication Service proxy). You also have to set your EWS Virtual Directory to use Basic Authentication. You’ll want to do this before running the HCW or else you will receive the following error when the HCW validates the Migration setup and configuration:

Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the server ‘mail.ldlnet.net’ could not be completed. —> Microsoft.Exchange.MailboxReplicationService.RemoteTransientException: The call to ‘https://mail.ldlnet.net/EWS/mrsproxy.svc’ failed. Error details: The HTTP request was forbidden with client authentication scheme ‘Negotiate’. –> The remote server returned an error: (403) Forbidden.. —> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request was forbidden with client authentication scheme ‘Negotiate’. —> Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned an error: (403) Forbidden.

Some of the cmdlets run to test Migration and MRS Proxy Settings are as follows:

Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'mail.ldlnet.net' -Credentials (Get-Credential -UserName DOMAIN\MigrationAdminAccount)

 Get-MigrationEndpoint 

New-MigrationEndpoint -Name 'Hybrid Migration Endpoint - EWS (Default Web Site)' -ExchangeRemoteMove: $true -RemoteServer 'mail.ldlnet.net' -Credentials (Get-Credential -UserName  
DOMAIN\MigrationAdminAccount)

Get-WebServicesVirtualDirectory -ADPropertiesOnly: $true

Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'mail.ldlnet.net' -Credentials (Get-Credential -UserName DOMAIN\MigrationAdminAccount)

Get-MigrationEndpoint

New-MigrationEndpoint -Name 'Hybrid Migration Endpoint - EWS (Default Web Site)' -ExchangeRemoteMove: $true -RemoteServer 'mail.ldlnet.net' -Credentials (Get-Credential -UserName

DOMAIN\MigrationAdminAccount)

Get-WebServicesVirtualDirectory -ADPropertiesOnly: $true

11. Final HCW Configuration and cleanup.

The HCW runs from final cmdlets to finish up the installation of the Hybrid environment. Here are the cmdlets run:

Get-OnPremisesOrganization

Set-OnPremisesOrganization -Identity '48e7bec9-404c-4d24-b59e-4b46b64d7e03' -Comment 'Bunch of letters and numbers'

Get-OnPremisesOrganization

Set-OnPremisesOrganization -Identity '48e7bec9-404c-4d24-b59e-4b46b64d7e03' -Comment 'Bunch of letters and numbers'

All this information was found in the setup logs that are in the following directory
C:\Users\%username%\AppData\Roaming\Microsoft\Exchange Hybrid Configuration

REFERENCES
Understanding Federation
Understanding Federated Delegation
Create a Federation Trust
Hybrid deployment prerequisites
Exchange Specific OAuth 2.0 Protocol Specification
Understanding WS-Security
JSON Web Tokens
Using OAuth2 to access Calendar, Contact and Mail API in Office 365 Exchange Online
Configurable token lifetimes in Azure Active Directory (Public Preview)
OAuth Troubleshooting
Principles of Token Validation
Troubleshooting free/busy issues in Exchange hybrid environment
How to configure Exchange Server on-premises to use Hybrid Modern Authentication
Microsoft 365 Messaging Administrator Certification Transition (beta)
Microsoft 365 certification exams
Exchange Server build numbers and release dates

PLEASE LEAVE QUESTIONS, COMMENTS, UPDATES! I WOULD LOVE TO HEAR FROM YOU!

Lance LingerfeltJanuary 29, 2019January 29, 2019

The Complete Guide To PowerShell Punctuation

In this short little snippet, I wanted to provide a good download that I had found. In my searching for more knowledge through PowerShell, I found this great PDF file that has listed all the different symbols used in PowerShell Scripting and their meanings.

Here is the download:

PowerShell Punctuation Wall Chart Download

Please feel free to download it and use it in your education of PowerShell. I have knowledge that I will be using it. The website I got it from has some good explanation of functions and punctuation for PowerShell as well. See below…

Reference:
PowerShell Punctuation

Lance LingerfeltJanuary 29, 2019January 29, 2019

Measuring CPU Processor Times Per Core Across Multiple Servers through PowerShell.

I want to thank Jason Field for the bulk of this script!

Our team was presented with an issue where we needed to measure the CPU Percentage Processor Times for Each Core within the Physical Processor and be able to output that data quickly through PowerShell. We all have knowledge that Performance Monitor can do this through a GUI, but it is very difficult to be able to output that data to a file in a manner that can be easily read. We had an original PowerShell cmdlet that would accomplish this for the total percent processor time for all cores over a one minute period:

"Average Processor Time for 60 seconds: $([math]::round((get-counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 1 -MaxSamples 60 |  select -ExpandProperty countersamples | select -ExpandProperty cookedvalue | Measure-Object -Average).average,2))%"

1	"Average Processor Time for 60 seconds: $([math]::round((get-counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 1 -MaxSamples 60 \| select -ExpandProperty countersamples \| select -ExpandProperty cookedvalue \| Measure-Object -Average).average,2))%"

Our challenge was to be able to do this per core, over the same time period, and get the average for each core, so that we could measure the output accordingly. I had been working on a script that was able to run the command, but not in a parallel fashion. The script was running in sequence and was taking way longer than one minute to complete. Frustrating to say the least.

In comes Jason Field, showing me the meaning and value of the back tick as well has how to run and monitor job functions in a PowerShell Script so that the task could be completed, as needed, across a server array.

The main purpose of the (back tick) is that it allows for variables to be used in the script block on the remote server instead of being filled in before creating the script block.

Here is the script:

<# CPUProcTimeForArray.ps1 - This Script is prepared by Jason Field. Modified by Lance Lingerfelt - LDLNET LLC. #> 
<# The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above. #> 
<# This script will measure the Percentage Processor Time of each CPU core in each target server in your server array for one minute and average it for a total of four cores per processor. The results will be exported to a CSV file in C:\Reports #> 
<# Please Adjust the Script as needed for your Server Array and number of total Processor Cores that need to be measured. #> 
<# While this script has been tested multiple times, it is recommended that you test it in a test environment before using it in a production environment. #> 
<# While every attempt has been made to make this script error free, we do not take any responsibility for any consequence that would happen while running the script. Modifications to the script are not our responsibility either.#>

Write-Host "This script will measure the Percentage Processor Time of each CPU core in each target server in your server array for one minute and average it for a total of four cores per processor. The results will be exported to a CSV file in C:\Reports" -ForegroundColor Green
Write-Host "Please Adjust the Script as needed for your Server Array and number of total Processor Cores that need to be measured." -ForegroundColor Yellow

$results=@()
$jobs=@()
$date = Get-Date -Format G


#Set your Server array of hosts to be processed.
$servers = "Server01","Server02","Server03","Server04","Server05","Server06"

Foreach($server in $servers){
If($server -eq $env:computername){
               
               $script = "

               `$counter = Get-Counter -ComputerName $server '\Processor(*)\% Processor Time' -SampleInterval 1 -MaxSamples 60
               `$Counter = `$counter.Countersamples
               `$Core1 = [math]::Round(((`$counter | where{`$_.instancename -eq '0'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core2 = [math]::Round(((`$counter | where{`$_.instancename -eq '1'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core3 = [math]::Round(((`$counter | where{`$_.instancename -eq '2'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core4 = [math]::Round(((`$counter | where{`$_.instancename -eq '3'} | Measure-Object -Property CookedValue -Average).average),2)
               `$ALLCores = [math]::Round(((`$counter[0..3] | Measure-Object -Property Cookedvalue -Average).average),2)

               `$ServerReport = New-Object -TypeName PSObject -Property @{
               Server = '$server'
               LongJoins = `$longJoin
               Core1 = `$Core1
               Core2 = `$Core2
               Core3 = `$Core3
               Core4 = `$Core4
               ALLCores =`$ALLCores

                              }
               `$ServerReport   
               "
               
               $scriptblock = [scriptblock]::Create($Script)
               
               $Session = New-PSSession  
                              
               $jobs+=Invoke-Command -Session $Session -ErrorAction 'SilentlyContinue' -ScriptBlock $scriptblock -asjob
               
               } 

Else{
               $Session = New-PSSession -ComputerName $server 
                              
               $script = "

               `$counter = Get-Counter -ComputerName $server '\Processor(*)\% Processor Time' -SampleInterval 1 -MaxSamples 60 
               `$Counter = `$counter.Countersamples
               `$Core1 = [math]::Round(((`$counter | where{`$_.instancename -eq '0'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core2 = [math]::Round(((`$counter | where{`$_.instancename -eq '1'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core3 = [math]::Round(((`$counter | where{`$_.instancename -eq '2'} | Measure-Object -Property CookedValue -Average).average),2)
               `$Core4 = [math]::Round(((`$counter | where{`$_.instancename -eq '3'} | Measure-Object -Property CookedValue -Average).average),2)
               `$ALLCores = [math]::Round(((`$counter[0..3] | Measure-Object -Property Cookedvalue -Average).average),2)

               `$ServerReport = New-Object -TypeName PSObject -Property @{
               Server = '$server'
               LongJoins = `$longJoin
               Core1 = `$Core1
               Core2 = `$Core2
               Core3 = `$Core3
               Core4 = `$Core4
               ALLCores =`$ALLCores

                              }
               `$ServerReport   
               "

                              $scriptblock = [scriptblock]::Create($Script)
                              $jobs+=Invoke-Command -Session $Session -ErrorAction 'SilentlyContinue' -ScriptBlock $scriptblock -asjob
               }
}
               
$ActiveJobs=Get-Job
               while ($ActiveJobs){
               $CompletedJobs=Get-Job -State 'Completed' 
               if ($CompletedJobs) {
                              Write-output ("Checking {0} job(s) out of remaining {1}" -f $CompletedJobs.count, $ActiveJobs.count)
                              foreach ($job in $CompletedJobs) {
                                             #Adds completed jobs to Results 
                                             $results+=Receive-Job -Id $job.ID
                                             Remove-Job -Id $job.id
                              }
               }
               #Checks for failed jobs and reports on failed jobs
               $FailedJobs=Get-Job -State 'FAILED'
               if ($FailedJobs) {
                              Write-output ("Checking failed jobs")
                              foreach ($job in $FailedJobs) {$cpu
                                             Write-Output ("Failed Job Removed")                                    
                                             $results+=Receive-Job -Id $job.ID
                                             Remove-Job -Id $job.id
                              }
               
                                             }
               
                              $ActiveJobs=Get-Job
                              if($ActiveJobs) {sleep 30}
               }
               
#Remove Sessions
Get-PSSession | Remove-PSSession

#Gathers Results
$date
$results | Select Server,Core1,Core2,Core3,Core4,ALLCores

#Exports Results to CSV
$results | Select Server,Core1,Core2,Core3,Core4,ALLCores | Export-csv c:\Reports\CPUProcTimeForArray.csv -NoTypeInformation

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

<# CPUProcTimeForArray.ps1 - This Script is prepared by Jason Field. Modified by Lance Lingerfelt - LDLNET LLC. #>

<# The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above. #>

<# This script will measure the Percentage Processor Time of each CPU core in each target server in your server array for one minute and average it for a total of four cores per processor. The results will be exported to a CSV file in C:\Reports #>

<# Please Adjust the Script as needed for your Server Array and number of total Processor Cores that need to be measured. #>

<# While this script has been tested multiple times, it is recommended that you test it in a test environment before using it in a production environment. #>

<# While every attempt has been made to make this script error free, we do not take any responsibility for any consequence that would happen while running the script. Modifications to the script are not our responsibility either.#>

Write-Host "This script will measure the Percentage Processor Time of each CPU core in each target server in your server array for one minute and average it for a total of four cores per processor. The results will be exported to a CSV file in C:\Reports" -ForegroundColor Green

Write-Host "Please Adjust the Script as needed for your Server Array and number of total Processor Cores that need to be measured." -ForegroundColor Yellow

$results=@()

$jobs=@()

$date = Get-Date -Format G

#Set your Server array of hosts to be processed.

$servers = "Server01","Server02","Server03","Server04","Server05","Server06"

Foreach($server in $servers){

If($server -eq $env:computername){

$script = "

`$counter = Get-Counter -ComputerName $server '\Processor(*)\% Processor Time' -SampleInterval 1 -MaxSamples 60

`$Counter = `$counter.Countersamples

`$Core1 = [math]::Round(((`$counter | where{`$_.instancename -eq '0'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core2 = [math]::Round(((`$counter | where{`$_.instancename -eq '1'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core3 = [math]::Round(((`$counter | where{`$_.instancename -eq '2'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core4 = [math]::Round(((`$counter | where{`$_.instancename -eq '3'} | Measure-Object -Property CookedValue -Average).average),2)

`$ALLCores = [math]::Round(((`$counter[0..3] | Measure-Object -Property Cookedvalue -Average).average),2)

`$ServerReport = New-Object -TypeName PSObject -Property @{

Server = '$server'

LongJoins = `$longJoin

Core1 = `$Core1

Core2 = `$Core2

Core3 = `$Core3

Core4 = `$Core4

ALLCores =`$ALLCores

}

`$ServerReport

$scriptblock = [scriptblock]::Create($Script)

$Session = New-PSSession

$jobs+=Invoke-Command -Session $Session -ErrorAction 'SilentlyContinue' -ScriptBlock $scriptblock -asjob

}

Else{

$Session = New-PSSession -ComputerName $server

$script = "

`$counter = Get-Counter -ComputerName $server '\Processor(*)\% Processor Time' -SampleInterval 1 -MaxSamples 60

`$Counter = `$counter.Countersamples

`$Core1 = [math]::Round(((`$counter | where{`$_.instancename -eq '0'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core2 = [math]::Round(((`$counter | where{`$_.instancename -eq '1'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core3 = [math]::Round(((`$counter | where{`$_.instancename -eq '2'} | Measure-Object -Property CookedValue -Average).average),2)

`$Core4 = [math]::Round(((`$counter | where{`$_.instancename -eq '3'} | Measure-Object -Property CookedValue -Average).average),2)

`$ALLCores = [math]::Round(((`$counter[0..3] | Measure-Object -Property Cookedvalue -Average).average),2)

`$ServerReport = New-Object -TypeName PSObject -Property @{

Server = '$server'

LongJoins = `$longJoin

Core1 = `$Core1

Core2 = `$Core2

Core3 = `$Core3

Core4 = `$Core4

ALLCores =`$ALLCores

}

`$ServerReport

$scriptblock = [scriptblock]::Create($Script)

$jobs+=Invoke-Command -Session $Session -ErrorAction 'SilentlyContinue' -ScriptBlock $scriptblock -asjob

}

$ActiveJobs=Get-Job

while ($ActiveJobs){

$CompletedJobs=Get-Job -State 'Completed'

if ($CompletedJobs) {

Write-output ("Checking {0} job(s) out of remaining {1}" -f $CompletedJobs.count, $ActiveJobs.count)

foreach ($job in $CompletedJobs) {

#Adds completed jobs to Results

$results+=Receive-Job -Id $job.ID

Remove-Job -Id $job.id

}

#Checks for failed jobs and reports on failed jobs

$FailedJobs=Get-Job -State 'FAILED'

if ($FailedJobs) {

Write-output ("Checking failed jobs")

foreach ($job in $FailedJobs) {$cpu

Write-Output ("Failed Job Removed")

$results+=Receive-Job -Id $job.ID

Remove-Job -Id $job.id

}

$ActiveJobs=Get-Job

if($ActiveJobs) {sleep 30}

}

#Remove Sessions

Get-PSSession | Remove-PSSession

#Gathers Results

$date

$results | Select Server,Core1,Core2,Core3,Core4,ALLCores

#Exports Results to CSV

$results | Select Server,Core1,Core2,Core3,Core4,ALLCores | Export-csv c:\Reports\CPUProcTimeForArray.csv -NoTypeInformation

What I learned from this script is that the back tick ” ` “ allows for multiple commands to be run in a sub-routine within the script job and be gathered before the main script command is run and the output given. This gets past the multi-threading issue I was having with my original script. The script can then be run across multiple servers using the Invoke-Command cmdlet or over a remote PowerShell session as a Job. The jobs can then be monitored as the scripts finish across the multiple servers in the time period given for the samples. I had modified the script to do the multiple samples and then take the average of the CookedValue per the original cmdlet. I could not, however, get the ExpandProperty parameter to work with the script.

Please, as I am still learning, if you see an error with this script, please alert me with a comment or contact me directly so that I can update the script properly.

Thanks again Jason! It really was like a light bulb going “DING” when I figured it out with concern to the back tick. I had also been having issues with the active job monitoring process. It was a real help!

PLEASE COMMENT, SHARE, AND HAPPY TROUBLESHOOTING!

Lance LingerfeltJanuary 21, 2019

PowerDNS Script

I was compiling some scripts to be able to modify DNS records in my previous post. While browsing through different scripts in the TechNet Gallery, I came across the following Script that provides a menu, options, and different settings which really make it a great script to use if you do a lot of DNS Modification and want to do it through PowerShell.

Here is the link to the original script page, but I have updated and modified the script to include being able to add/remove DNS Zones as well.

<# Welcome to PowerDNS V1.0! This Script is prepared by Subhro Majumder. Modified by Lance Lingerfelt - LDLNET LLC. #> 
 
<# The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above. #> 
 
<# Using this script , you can Look-Up, Create and Delete A,PTR and CNAME Records. You can also Look-Up, Create, and Remove DNS Zones.#> 
 
<# This script is suitable for single record entry as well as bulk entry. For every operation there are two options, Single and Bulk.  
 
For Bulk entry you need to create an input file in CSV format. Sample input files has been provided along with this script. #> 
 
<# While Deleting records, you will get a confirmation box for each record, to ensure that you are going to delete the correct record. #> 
 
<# While this script has been tested multiple times, I recommend that you test it in a test environment before using it in a production environment.#> 
 
<# While every attempt has been made to make this script error free, I will not take any responsibilty for any consequence that would happen while running the script.#> 
 
 
function Show-Menu 
 
{ 
 
 
     param ( 
           [string]$Title = 'Welcome to the PowerDNS! This is a one stop solution for all DNS related work' 
     ) 
     cls 
     Write-Host "===== $Title =====" -ForegroundColor Yellow
     Write-Host "                   " 
      
     Write-Host "Using this script, you can Look-Up, Create and Delete A,PTR and CNAME Records. You can also Look-Up, Create, and Remove DNS Zones." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "This script is suitable for single record entry as well as bulk entry. For every operation there are two options, Single and Bulk." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "For Bulk entry you need to create an input file in CSV format. Sample input files has been provided along with this script." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "While Deleting records/zones, you will get a confirmation box for each record/zone, to ensure that you are going to delete the correct record/zone." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "While this script has been tested multiple times, I recommend that you test it in a test environment before using it in a production environment." -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "While every attempt has been made to make this script error free, I will not take any responsibilty for any consequence that would happen while running the script." -ForegroundColor Yellow
 
     Write-Host "                   " 
 
     Write-Host "--------------MENU----------------" -ForegroundColor Yellow
     Write-Host "                   " 
     Write-Host "1: Press 1 to Lookup DNS Records." -ForegroundColor DarkYellow
     Write-Host "                   " 
     Write-Host "2: Press 2 to Create Host Records." -ForegroundColor Green
     Write-Host "                   " 
     Write-Host "3: Press 3 to Create PTR Records." -ForegroundColor Green
     Write-Host "                   " 
     Write-Host "4: Press 4 to Create CNAME Records." -ForegroundColor Green
     Write-Host "                   " 
     Write-Host "5: Press 5 to Delete Host Records." -ForegroundColor Red
     Write-Host "                   " 
     Write-Host "6: Press 6 to Delete PTR Records." -ForegroundColor Red
     Write-Host "                   " 
     Write-Host "7: Press 7 to Delete CNAME Records." -ForegroundColor Red
     Write-Host "                   "
     Write-Host "8: Press 8 to Create DNS Primary Zones." -ForegroundColor DarkGreen
     Write-Host "                   "
     Write-Host "9: Press 9 to Create DNS Secondary Zones." -ForegroundColor DarkGreen
     Write-Host "                   "
     Write-Host "10: Press 10 to Create DNS Stub Zones." -ForegroundColor DarkGreen
     Write-Host "                   "
     Write-Host "11: Press 11 to Remove DNS Zones." -ForegroundColor Magenta
     Write-Host "                   "    
     Write-Host "Q: Press 'Q' to quit this Program." -ForegroundColor Yellow
     Write-Host "----------------------------------" -ForegroundColor Yellow
     Write-Host "                   " 
 
} 
 
function Lookup-SingleDNS 
 
{ 
 
cls 
'You chose Single DNS Lookup' 
$input = Read-Host "Please enter the value you want to look up" 
 
Resolve-DNSName -Name "$input" -nohostsfile -type All | ft Name,Type,TTL,IPAddress,NameExchange,Preference,Namehost,Strings -autosize 
"                       " 
"                        " 
  
}  
 
function Lookup-BulkDNS 
 
{ 
 
cls 
'You chose Bulk DNS Lookup' 
 
$inputfile = Read-Host "Please enter the location of the input file"
 
$output1= Read-Host "Please enter the location of the output file" 
 
$records= Get-Content $inputfile 
  
foreach ($record in $records) 
{ 
  
$output=Resolve-DnsName -Name $record -NoHostsFile -Type ALL
 
$output | ft Name,Type,TTL,IPAddress,NameExchange,Preference,Namehost,Strings | Out-File -FilePath $output1 -Append -NoClobber 
  
  
} 
 
} 
 
 
function Create-SingleHostEntry 
 
{ 
 
Write-Host "Please Note: While creating the Host Record, corresponding PTR Record will also be created." -ForegroundColor Yellow
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$zone= Read-Host "Please enter the Zone Name"
 
$name= Read-Host "Please enter the Record value (Without FQDN )"
 
$IP= Read-Host "Please enter the IP Address" 
 
Add-DnsServerResourceRecordA -ComputerName $dnsserver -Name $name -ZoneName $zone -IPv4Address $IP -TimeToLive 05:00:00 -CreatePtr -Confirm 
 
 
} 
 
function Create-BulkHostEntry 
 
{ 
 
Write-Host "Please Note: While creating the Host Records, corresponding PTR Records will also be created." -ForegroundColor Yellow
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$zone= Read-Host "Please enter the Zone Name" 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include these headers: name,IP" 
 
import-csv -Path $inputfile | foreach-object {Add-DnsServerResourceRecordA -computername $dnsserver -Name $_.name -ZoneName $zone -IPv4Address $_.IP -TimeToLive 05:00:00 -CreatePtr -Confirm} 
 
 
} 
 
 
function Create-SinglePTREntry 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$zone= Read-Host "Please enter the Reverse Zone Name" 

$FQDN= Read-Host "Please enter the record value (With FQDN )" 

$IP= Read-Host "Please enter the Host octects of the IP Address.Please do not include Network octets." 
 
Add-DnsServerResourceRecord -ComputerName $dnsserver -Name $IP -PTR -ZoneName $zone -PtrDomainName $FQDN -TimeToLive 05:00:00 -Confirm 
 
} 
 
function Create-BulkPTREntry 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$zone= Read-Host "Please enter the Reverse Zone Name" 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include these headers: IP,FQDN" 
 
Import-Csv -Path $inputfile| foreach-object { Add-DnsServerResourceRecord -ComputerName $dnsserver -Name $_.IP -PTR -ZoneName $zone -PtrDomainName $_.FQDN -TimeToLive 05:00:00 -Confirm} 
 
} 
 
 
function Create-SingleCNAMEEntry 
 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$alias= Read-Host "Please enter the Alias Name" 

$zonename= Read-Host "Please enter the Zone Name" 

$FQDN= Read-Host "Please enter the FQDN for the alias" 
 
 
Add-DnsServerResourceRecord -CName -ComputerName $dnsserver -Name $alias -HostNameAlias $FQDN -ZoneName $zonename -TimeToLive 05:00:00 -Confirm 
 
} 
 
 
function Create-BulkCNAMEEntry 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"
 
$zonename= Read-Host "Please enter the Zone Name" 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV: alias,FQDN." 
 
Import-Csv -Path $inputfile| foreach-object { Add-DnsServerResourceRecord -CName -ComputerName $dnsserver -Name $_.alias -HostNameAlias $_.FQDN -ZoneName $zonename -TimeToLive 05:00:00 -Confirm } 
 
  
} 
 
 
function Delete-SingleHostEntry 
 
{ 
 
Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record for the matching IP address will be deleted" -ForegroundColor Yellow
Write-Host "For Example: In contoso.com zone there are two records test.contoso.com > 192.168.1.23 and test.contoso.com > 192.168.1.24. This action removes only one of the entries of test.contoso.com, matching the IP address." -ForegroundColor Yellow
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the Record"
 
$zonename= Read-Host "Please enter the Zone Name"
 
$name= Read-Host "Please enter the Host Record Name (Without FQDN)" 

$IP= Read-Host "Please enter the IP address of the Host Record which you want to delete" 
 
 
Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "A" -Name $name -RecordData $IP -Confirm 
 
 
} 
 
function Delete-BulkHostEntry 
 
{ 
Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record for the matching IP address will be deleted" -ForegroundColor Yellow
Write-Host "For Example: In contoso.com zone there are two records test.contoso.com > 192.168.1.23 and test.contoso.com > 192.168.1.24. This action removes only one of the entries of host.contoso.com, matching the IP address." -ForegroundColor Yellow
Write-Host "                  " 
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"
 
$zonename= Read-Host "Please enter the Zone Name where the Record is located" 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV.Please include these Headers: name,IP." 
 
 
Import-Csv -Path $inputfile| foreach-object { Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "A" -Name $_.name -RecordData $_.IP -Confirm } 
 
 
} 
 
 
function Delete-SinglePTREntry 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"
 
$zonename= Read-Host "Please enter the Reverse Zone Name" 

$IP= Read-Host "Please enter the IP address of the PTR Record. Only the Host octet is required." 
 
 
Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "PTR" -Name $IP -Confirm 
 
} 
 
 
function Delete-BulkPTREntry 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record" 

$zonename= Read-Host "Please enter the Reverse Zone Name" 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV.Include the Header: IP." 
 
 
Import-Csv -Path $inputfile| foreach-object {Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "PTR" -Name $_.IP -Confirm} 
 
} 
 
 
function Delete-SingleCNAMEEntry 
 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record" 

$zonename= Read-Host "Please enter the Zone Name where the Alias Record is located." 

$name= Read-Host "Please enter the Alias Name (Without FQDN)" 
 
 
Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "CNAME" -Name $name -Confirm 
 
 
} 
 
 
function Delete-BulkCNAMEEntry 
 
 
{ 
 
$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record" 
 
$zonename= Read-Host "Please enter the Zone Name where the Alias Record is located." 
 
$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include the Header: aliasname." 
 
 
Import-Csv -Path $inputfile | foreach-object {Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "CNAME" -Name $_.alias -Confirm} 
 
 
} 

function Add-PrimaryDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Primary DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

Add-DnsServerPrimaryZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true

}

function Add-PrimaryBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone." 

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerPrimaryZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true}

}

function Add-SecondaryDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Secondary DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

Add-DnsServerSecondaryZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true

}

function Add-SecondaryBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone." 

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerSecondaryZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true}

}

function Add-StubDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Stub DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$ms= Read-Host "Please specify the ip of the server that holds the authoritative records for the zone. (i.e. 192.168.3.107)"

Add-DnsServerStubZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -MasterServers $ms -PassThru -Confirm:$true

}

function Add-StubBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$ms= Read-Host "Please specify the ip of the server that holds the authoritative records for the zone. (i.e. 192.168.3.107)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone." 

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerStubZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -MasterServers $ms -PassThru -Confirm:$true}

}

function Remove-DNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to remove the DNS zone"

$zonename= Read-Host "Please enter the Stub DNS Zone Name you want to remove. (i.e. ldlnet.local)"


Remove-DnsServerZone -ComputerName $dnsserver -Name $zonename -PassThru -Confirm:$true -Verbose

}

function Remove-BulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to remove the DNS zones"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone." 

Import-Csv -Path $inputfile | foreach-object {Remove-DnsServerZone -ComputerName $dnsserver -Name $_.zone -PassThru -Confirm:$true -Verbose}

}
 
do 
{ 
     Show-Menu 
     $input = Read-Host "Please make a selection" 
     switch ($input) 
     { 
           '1' { 
                cls 
                'You have selected option #1' 
                'Press 1 for Single DNS Lookup' 
                'Press 2 for Bulk DNS Lookup' 
                'Press Q to Return to the Main Menu' 
                $input1=Read-Host "Please make a selection" 
                switch ($input1) 
 
                { 
 
                  1 { Lookup-SingleDNS } 
 
                  2 { Lookup-BulkDNS } 
 
                  Q { Show-Menu }  
 
                } 
 
                  }  
            
           '2' { 
                cls 
                'You have selected option #2' 
 
                'Press 1 for Single Host Entry' 
                'Press 2 for Bulk Host Entries' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Create-SingleHostEntry } 
 
                  2 { Create-BulkHostEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 
            
            
            
           '3'  { 
                cls 
                'You have selected option #3' 
 
                'Press 1 for Single PTR Record' 
                'Press 2 for Bulk PTR Records' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Create-SinglePTREntry } 
 
                  2 { Create-BulkPTREntry } 
 
                  Q { Show-Menu}  
 
                } 
 
                  } 
 
 
               '4'  { 
 
                cls 
 
                'You have selected option #4' 
 
                'Press 1 for Single CNAME Record' 
                'Press 2 for Bulk CNAME Records' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Create-SingleCNAMEEntry } 
 
                  2 { Create-BulkCNAMEEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 
 
 
 
                     '5'  { 
 
                cls 
 
                'You have selected option #5' 
 
                'Press 1 to Delete Single Host Record' 
                'Press 2 to Delete multiple Host Records ' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Delete-SingleHostEntry } 
 
                  2 { Delete-BulkHostEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 
 
 
 
                  '6'  { 
 
                cls 
 
                'You have selected option #6' 
 
                'Press 1 to Delete Single PTR Record' 
                'Press 2 to Delete multiple PTR Records ' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Delete-SinglePTREntry } 
 
                  2 { Delete-BulkPTREntry } 
 
                  Q { Show-Menu}  
 
                } 
 
                  } 
 
 
 
 
                  '7'  { 
 
                cls 
 
                'You have selected option #7' 
 
                'Press 1 to Delete Single CNAME Record' 
                'Press 2 to Delete multiple CNAME Records ' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Delete-SingleCNAMEEntry } 
 
                  2 { Delete-BulkCNAMEEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 
 
 
                 '8'  { 
 
                cls 
 
                'You have selected option #8' 
 
                'Press 1 to Create a Single Primary DNS Zone' 
                'Press 2 to Create multiple Primary DNS Zones' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Add-PrimaryDNSZoneEntry } 
 
                  2 { Add-PrimaryBulkDNSZoneEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 

                 '9'  { 
 
                cls 
 
                'You have selected option #9' 
 
                'Press 1 to Create a Single Secondary DNS Zone' 
                'Press 2 to Create multiple Secondary DNS Zones' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Add-SecondaryDNSZoneEntry } 
 
                  2 { Add-SecondaryBulkDNSZoneEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  } 

                '10'  { 
 
                cls 
 
                'You have selected option #10' 
 
                'Press 1 to Create a Single Stub DNS Zone' 
                'Press 2 to Create multiple Stub DNS Zones' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Add-StubDNSZoneEntry } 
 
                  2 { Add-StubBulkDNSZoneEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  }

                '11'  { 
 
                cls 
 
                'You have selected option #11' 
 
                'Press 1 to Remove a Single DNS Zone' 
                'Press 2 to Remove multiple DNS Zones' 
                'Press Q to Return to the Main Menu' 
 
                $input1=Read-Host "Please make a selection" 
 
                 switch ($input1) 
 
                { 
 
                  1 { Remove-DNSZoneEntry } 
 
                  2 { Remove-BulkDNSZoneEntry } 
 
                  Q { Show-Menu }  
 
                } 
 
                  }

           
           'q' { 
                return 
               } 
     } 
     pause 
} 
until ($input -eq 'q')

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

<# Welcome to PowerDNS V1.0! This Script is prepared by Subhro Majumder. Modified by Lance Lingerfelt - LDLNET LLC. #>

<# The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above. #>

<# Using this script , you can Look-Up, Create and Delete A,PTR and CNAME Records. You can also Look-Up, Create, and Remove DNS Zones.#>

<# This script is suitable for single record entry as well as bulk entry. For every operation there are two options, Single and Bulk.

For Bulk entry you need to create an input file in CSV format. Sample input files has been provided along with this script. #>

<# While Deleting records, you will get a confirmation box for each record, to ensure that you are going to delete the correct record. #>

<# While this script has been tested multiple times, I recommend that you test it in a test environment before using it in a production environment.#>

<# While every attempt has been made to make this script error free, I will not take any responsibilty for any consequence that would happen while running the script.#>

function Show-Menu

{

param (

[string]$Title = 'Welcome to the PowerDNS! This is a one stop solution for all DNS related work'

)

cls

Write-Host "===== $Title =====" -ForegroundColor Yellow

Write-Host " "

Write-Host "Using this script, you can Look-Up, Create and Delete A,PTR and CNAME Records. You can also Look-Up, Create, and Remove DNS Zones." -ForegroundColor Yellow

Write-Host " "

Write-Host "The script has been prepared and tested in Powershell 4.0. So when you run this script, please make sure that the Powershell version is 4.0 or above." -ForegroundColor Yellow

Write-Host " "

Write-Host "This script is suitable for single record entry as well as bulk entry. For every operation there are two options, Single and Bulk." -ForegroundColor Yellow

Write-Host " "

Write-Host "For Bulk entry you need to create an input file in CSV format. Sample input files has been provided along with this script." -ForegroundColor Yellow

Write-Host " "

Write-Host "While Deleting records/zones, you will get a confirmation box for each record/zone, to ensure that you are going to delete the correct record/zone." -ForegroundColor Yellow

Write-Host " "

Write-Host "While this script has been tested multiple times, I recommend that you test it in a test environment before using it in a production environment." -ForegroundColor Yellow

Write-Host " "

Write-Host "While every attempt has been made to make this script error free, I will not take any responsibilty for any consequence that would happen while running the script." -ForegroundColor Yellow

Write-Host " "

Write-Host "--------------MENU----------------" -ForegroundColor Yellow

Write-Host " "

Write-Host "1: Press 1 to Lookup DNS Records." -ForegroundColor DarkYellow

Write-Host " "

Write-Host "2: Press 2 to Create Host Records." -ForegroundColor Green

Write-Host " "

Write-Host "3: Press 3 to Create PTR Records." -ForegroundColor Green

Write-Host " "

Write-Host "4: Press 4 to Create CNAME Records." -ForegroundColor Green

Write-Host " "

Write-Host "5: Press 5 to Delete Host Records." -ForegroundColor Red

Write-Host " "

Write-Host "6: Press 6 to Delete PTR Records." -ForegroundColor Red

Write-Host " "

Write-Host "7: Press 7 to Delete CNAME Records." -ForegroundColor Red

Write-Host " "

Write-Host "8: Press 8 to Create DNS Primary Zones." -ForegroundColor DarkGreen

Write-Host " "

Write-Host "9: Press 9 to Create DNS Secondary Zones." -ForegroundColor DarkGreen

Write-Host " "

Write-Host "10: Press 10 to Create DNS Stub Zones." -ForegroundColor DarkGreen

Write-Host " "

Write-Host "11: Press 11 to Remove DNS Zones." -ForegroundColor Magenta

Write-Host " "

Write-Host "Q: Press 'Q' to quit this Program." -ForegroundColor Yellow

Write-Host "----------------------------------" -ForegroundColor Yellow

Write-Host " "

}

function Lookup-SingleDNS

{

cls

'You chose Single DNS Lookup'

$input = Read-Host "Please enter the value you want to look up"

Resolve-DNSName -Name "$input" -nohostsfile -type All | ft Name,Type,TTL,IPAddress,NameExchange,Preference,Namehost,Strings -autosize

" "

}

function Lookup-BulkDNS

{

cls

'You chose Bulk DNS Lookup'

$inputfile = Read-Host "Please enter the location of the input file"

$output1= Read-Host "Please enter the location of the output file"

$records= Get-Content $inputfile

foreach ($record in $records)

{

$output=Resolve-DnsName -Name $record -NoHostsFile -Type ALL

$output | ft Name,Type,TTL,IPAddress,NameExchange,Preference,Namehost,Strings | Out-File -FilePath $output1 -Append -NoClobber

}

function Create-SingleHostEntry

{

Write-Host "Please Note: While creating the Host Record, corresponding PTR Record will also be created." -ForegroundColor Yellow

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$zone= Read-Host "Please enter the Zone Name"

$name= Read-Host "Please enter the Record value (Without FQDN )"

$IP= Read-Host "Please enter the IP Address"

Add-DnsServerResourceRecordA -ComputerName $dnsserver -Name $name -ZoneName $zone -IPv4Address $IP -TimeToLive 05:00:00 -CreatePtr -Confirm

}

function Create-BulkHostEntry

{

Write-Host "Please Note: While creating the Host Records, corresponding PTR Records will also be created." -ForegroundColor Yellow

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$zone= Read-Host "Please enter the Zone Name"

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include these headers: name,IP"

import-csv -Path $inputfile | foreach-object {Add-DnsServerResourceRecordA -computername $dnsserver -Name $_.name -ZoneName $zone -IPv4Address $_.IP -TimeToLive 05:00:00 -CreatePtr -Confirm}

}

function Create-SinglePTREntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$zone= Read-Host "Please enter the Reverse Zone Name"

$FQDN= Read-Host "Please enter the record value (With FQDN )"

$IP= Read-Host "Please enter the Host octects of the IP Address.Please do not include Network octets."

Add-DnsServerResourceRecord -ComputerName $dnsserver -Name $IP -PTR -ZoneName $zone -PtrDomainName $FQDN -TimeToLive 05:00:00 -Confirm

}

function Create-BulkPTREntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$zone= Read-Host "Please enter the Reverse Zone Name"

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include these headers: IP,FQDN"

Import-Csv -Path $inputfile| foreach-object { Add-DnsServerResourceRecord -ComputerName $dnsserver -Name $_.IP -PTR -ZoneName $zone -PtrDomainName $_.FQDN -TimeToLive 05:00:00 -Confirm}

}

function Create-SingleCNAMEEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$alias= Read-Host "Please enter the Alias Name"

$zonename= Read-Host "Please enter the Zone Name"

$FQDN= Read-Host "Please enter the FQDN for the alias"

Add-DnsServerResourceRecord -CName -ComputerName $dnsserver -Name $alias -HostNameAlias $FQDN -ZoneName $zonename -TimeToLive 05:00:00 -Confirm

}

function Create-BulkCNAMEEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name where you want to create the Record"

$zonename= Read-Host "Please enter the Zone Name"

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV: alias,FQDN."

Import-Csv -Path $inputfile| foreach-object { Add-DnsServerResourceRecord -CName -ComputerName $dnsserver -Name $_.alias -HostNameAlias $_.FQDN -ZoneName $zonename -TimeToLive 05:00:00 -Confirm }

}

function Delete-SingleHostEntry

{

Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record for the matching IP address will be deleted" -ForegroundColor Yellow

Write-Host "For Example: In contoso.com zone there are two records test.contoso.com > 192.168.1.23 and test.contoso.com > 192.168.1.24. This action removes only one of the entries of test.contoso.com, matching the IP address." -ForegroundColor Yellow

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the Record"

$zonename= Read-Host "Please enter the Zone Name"

$name= Read-Host "Please enter the Host Record Name (Without FQDN)"

$IP= Read-Host "Please enter the IP address of the Host Record which you want to delete"

Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "A" -Name $name -RecordData $IP -Confirm

}

function Delete-BulkHostEntry

{

Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record for the matching IP address will be deleted" -ForegroundColor Yellow

Write-Host "For Example: In contoso.com zone there are two records test.contoso.com > 192.168.1.23 and test.contoso.com > 192.168.1.24. This action removes only one of the entries of host.contoso.com, matching the IP address." -ForegroundColor Yellow

Write-Host " "

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"

$zonename= Read-Host "Please enter the Zone Name where the Record is located"

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV.Please include these Headers: name,IP."

Import-Csv -Path $inputfile| foreach-object { Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "A" -Name $_.name -RecordData $_.IP -Confirm }

}

function Delete-SinglePTREntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"

$zonename= Read-Host "Please enter the Reverse Zone Name"

$IP= Read-Host "Please enter the IP address of the PTR Record. Only the Host octet is required."

Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "PTR" -Name $IP -Confirm

}

function Delete-BulkPTREntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"

$zonename= Read-Host "Please enter the Reverse Zone Name"

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV.Include the Header: IP."

Import-Csv -Path $inputfile| foreach-object {Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "PTR" -Name $_.IP -Confirm}

}

function Delete-SingleCNAMEEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"

$zonename= Read-Host "Please enter the Zone Name where the Alias Record is located."

$name= Read-Host "Please enter the Alias Name (Without FQDN)"

Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "CNAME" -Name $name -Confirm

}

function Delete-BulkCNAMEEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to delete the record"

$zonename= Read-Host "Please enter the Zone Name where the Alias Record is located."

$inputfile = Read-Host "Please enter the location of the input file. Input file format is CSV. Include the Header: aliasname."

Import-Csv -Path $inputfile | foreach-object {Remove-DnsServerResourceRecord -computername $dnsserver -ZoneName $zonename -RRType "CNAME" -Name $_.alias -Confirm}

}

function Add-PrimaryDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Primary DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

Add-DnsServerPrimaryZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true

}

function Add-PrimaryBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone."

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerPrimaryZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true}

}

function Add-SecondaryDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Secondary DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

Add-DnsServerSecondaryZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true

}

function Add-SecondaryBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$dynamicupdate= Read-Host "Please specify how the Zone accepts dynamic updates. (i.e. None, Secure, NonSecureAndSecure)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone."

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerSecondaryZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -DynamicUpdate $dynamicupdate -PassThru -Confirm:$true}

}

function Add-StubDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zone"

$zonename= Read-Host "Please enter the Stub DNS Zone Name you want to create. (i.e. ldlnet.local)"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$ms= Read-Host "Please specify the ip of the server that holds the authoritative records for the zone. (i.e. 192.168.3.107)"

Add-DnsServerStubZone -ComputerName $dnsserver -Name $zonename -ReplicationScope $replicationScope -MasterServers $ms -PassThru -Confirm:$true

}

function Add-StubBulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to create the DNS zones"

$replicationScope= Read-Host "Please enter the AD replication scope for the zone. (i.e. Forest, Domain, or Legacy)"

$ms= Read-Host "Please specify the ip of the server that holds the authoritative records for the zone. (i.e. 192.168.3.107)"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone."

Import-Csv -Path $inputfile | foreach-object {Add-DnsServerStubZone -ComputerName $dnsserver -Name $_.zone -ReplicationScope $replicationScope -MasterServers $ms -PassThru -Confirm:$true}

}

function Remove-DNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to remove the DNS zone"

$zonename= Read-Host "Please enter the Stub DNS Zone Name you want to remove. (i.e. ldlnet.local)"

Remove-DnsServerZone -ComputerName $dnsserver -Name $zonename -PassThru -Confirm:$true -Verbose

}

function Remove-BulkDNSZoneEntry

{

$dnsserver= Read-Host "Please enter the DNS Server Name from where you want to remove the DNS zones"

$inputfile = Read-Host "Please enter the full path of the input file. Input file format is CSV. Include the Header: zone."

Import-Csv -Path $inputfile | foreach-object {Remove-DnsServerZone -ComputerName $dnsserver -Name $_.zone -PassThru -Confirm:$true -Verbose}

}

{

Show-Menu

$input = Read-Host "Please make a selection"

switch ($input)

{

'1' {

cls

'You have selected option #1'

'Press 1 for Single DNS Lookup'

'Press 2 for Bulk DNS Lookup'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Lookup-SingleDNS }

2 { Lookup-BulkDNS }

Q { Show-Menu }

}

'2' {

cls

'You have selected option #2'

'Press 1 for Single Host Entry'

'Press 2 for Bulk Host Entries'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Create-SingleHostEntry }

2 { Create-BulkHostEntry }

Q { Show-Menu }

}

'3' {

cls

'You have selected option #3'

'Press 1 for Single PTR Record'

'Press 2 for Bulk PTR Records'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Create-SinglePTREntry }

2 { Create-BulkPTREntry }

Q { Show-Menu}

}

'4' {

cls

'You have selected option #4'

'Press 1 for Single CNAME Record'

'Press 2 for Bulk CNAME Records'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Create-SingleCNAMEEntry }

2 { Create-BulkCNAMEEntry }

Q { Show-Menu }

}

'5' {

cls

'You have selected option #5'

'Press 1 to Delete Single Host Record'

'Press 2 to Delete multiple Host Records '

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Delete-SingleHostEntry }

2 { Delete-BulkHostEntry }

Q { Show-Menu }

}

'6' {

cls

'You have selected option #6'

'Press 1 to Delete Single PTR Record'

'Press 2 to Delete multiple PTR Records '

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Delete-SinglePTREntry }

2 { Delete-BulkPTREntry }

Q { Show-Menu}

}

'7' {

cls

'You have selected option #7'

'Press 1 to Delete Single CNAME Record'

'Press 2 to Delete multiple CNAME Records '

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Delete-SingleCNAMEEntry }

2 { Delete-BulkCNAMEEntry }

Q { Show-Menu }

}

'8' {

cls

'You have selected option #8'

'Press 1 to Create a Single Primary DNS Zone'

'Press 2 to Create multiple Primary DNS Zones'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Add-PrimaryDNSZoneEntry }

2 { Add-PrimaryBulkDNSZoneEntry }

Q { Show-Menu }

}

'9' {

cls

'You have selected option #9'

'Press 1 to Create a Single Secondary DNS Zone'

'Press 2 to Create multiple Secondary DNS Zones'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Add-SecondaryDNSZoneEntry }

2 { Add-SecondaryBulkDNSZoneEntry }

Q { Show-Menu }

}

'10' {

cls

'You have selected option #10'

'Press 1 to Create a Single Stub DNS Zone'

'Press 2 to Create multiple Stub DNS Zones'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Add-StubDNSZoneEntry }

2 { Add-StubBulkDNSZoneEntry }

Q { Show-Menu }

}

'11' {

cls

'You have selected option #11'

'Press 1 to Remove a Single DNS Zone'

'Press 2 to Remove multiple DNS Zones'

'Press Q to Return to the Main Menu'

$input1=Read-Host "Please make a selection"

switch ($input1)

{

1 { Remove-DNSZoneEntry }

2 { Remove-BulkDNSZoneEntry }

Q { Show-Menu }

}

'q' {

return

}

pause

}

until ($input -eq 'q')

The DNS Zone functions have not been tested as of yet. I still have to get on my server farm at home and run this. It will save time though with me having to switch servers when adding a bulk list of DNS zones for my website farm. Play with the script and let me know what you think!

Lance LingerfeltJanuary 17, 2019January 17, 2019

Removing a DNS Record through Powershell

In most environments, an admin usually just jumps on the server that they need to work from and does their work from there. An example of this would be an admin working on an IIS Web server and needing to remove a DNS A record from DNS without having to logon to the DNS server itself so that they can quickly make their changes in IIS.

A quick way to do this would be to run the following ps1 script in PowerShell in order to be able to remove the record quickly:

$NodeToDelete = Read-Host "Please Input the Name of the A Record you want to delete. NO FQDN"
$DNSServer = Read-Host "Please Input your DNS Server FQDN"
$ZoneName = Read-Host "Please Input the DNS Zone the A Record is residing in"
$NodeDNS = $null
$NodeDNS = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -Node $NodeToDelete -RRType A -ErrorAction SilentlyContinue
if($NodeDNS -eq $null){
    Write-Host "The DNS A Record You Were Looking For Was Not Found" -ForeGroundColor Red
} else {
    Remove-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -InputObject $NodeDNS -Force
    Write-Host "Your DNS A Record $NodeToDelete Has Been Removed" -ForeGroundColor Green
}

$NodeToDelete = Read-Host "Please Input the Name of the A Record you want to delete. NO FQDN"

$DNSServer = Read-Host "Please Input your DNS Server FQDN"

$ZoneName = Read-Host "Please Input the DNS Zone the A Record is residing in"

$NodeDNS = $null

$NodeDNS = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -Node $NodeToDelete -RRType A -ErrorAction SilentlyContinue

if($NodeDNS -eq $null){

Write-Host "The DNS A Record You Were Looking For Was Not Found" -ForeGroundColor Red

} else {

Remove-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -InputObject $NodeDNS -Force

Write-Host "Your DNS A Record $NodeToDelete Has Been Removed" -ForeGroundColor Green

}

Now this works for a single DNS A Record. If there are multiple IPs for the same DNS record, for example, test.ldlnet.local points to both 192.168.1.23 and 192.168.1.24, then you probably need to run the following script listed here to keep the script from failing with an error. I have also expanded the entries to help the input be more specific:

Write-Host "This script will remove a DNS Record based on the information provided" -ForegroundColor Yellow
Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record going with the matching IP address that is input will be deleted" -ForegroundColor Red
Write-Host "For Example: In the ldlnet.org zone there are two records test.ldlnet.org > 192.168.1.23 and test.ldlnet.org > 192.168.1.24. This action removes only one of the entries of test.ldlnet.org, matching the IP address that was input." -ForegroundColor Red
$NodeToDelete = Read-Host "Please Input the Name of the DNS Record you want to delete. (NO FQDN)"
$DNSServer = Read-Host "Please Input your DNS Server FQDN"
$ZoneName = Read-Host "Please Input the DNS Zone the DNS Record is residing in"
$RecordType = Read-Host "Please Input the Type of DNS Record It Is (A, CNAME, TXT, etc...)"
$IP = Read-Host "Please Input the IP Address of the Associcated DNS Record"
$NodeDNS = $null
$NodeDNS = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -Node $NodeToDelete -RRType $RecordType -ErrorAction SilentlyContinue
if($NodeDNS -eq $null){
    Write-Host "The DNS A Record You Were Looking For Was Not Found" -ForeGroundColor Red
} else {
    Remove-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -RecordData $IP -Name $NodeToDelete -RRType $RecordType -Force -ErrorAction Stop
    Write-Host "Your DNS A Record $NodeToDelete Has Been Removed" -ForeGroundColor Green
}

Write-Host "This script will remove a DNS Record based on the information provided" -ForegroundColor Yellow

Write-Host "There can be multiple Host Records (IPs) for a given Host Name. Only one Record going with the matching IP address that is input will be deleted" -ForegroundColor Red

Write-Host "For Example: In the ldlnet.org zone there are two records test.ldlnet.org > 192.168.1.23 and test.ldlnet.org > 192.168.1.24. This action removes only one of the entries of test.ldlnet.org, matching the IP address that was input." -ForegroundColor Red

$NodeToDelete = Read-Host "Please Input the Name of the DNS Record you want to delete. (NO FQDN)"

$DNSServer = Read-Host "Please Input your DNS Server FQDN"

$ZoneName = Read-Host "Please Input the DNS Zone the DNS Record is residing in"

$RecordType = Read-Host "Please Input the Type of DNS Record It Is (A, CNAME, TXT, etc...)"

$IP = Read-Host "Please Input the IP Address of the Associcated DNS Record"

$NodeDNS = $null

$NodeDNS = Get-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -Node $NodeToDelete -RRType $RecordType -ErrorAction SilentlyContinue

if($NodeDNS -eq $null){

Write-Host "The DNS A Record You Were Looking For Was Not Found" -ForeGroundColor Red

} else {

Remove-DnsServerResourceRecord -ZoneName $ZoneName -ComputerName $DNSServer -RecordData $IP -Name $NodeToDelete -RRType $RecordType -Force -ErrorAction Stop

Write-Host "Your DNS A Record $NodeToDelete Has Been Removed" -ForeGroundColor Green

}

Output from RemoveDNSRecord.ps1 for removing DNS A Record *test.ldlnet.local* with IP of 192.168.1.24

I have found some other good scripts that I will post to the blog to help manage DNS records through PowerShell. This should get things started for now. Happy Troubleshooting!

Lance LingerfeltJanuary 15, 2019

MaxConcurrentAPI Script for Netlogon Issues

I get incidents from time to time that deal with Netlogon Service Issues. For example: Semaphore Waiters, Semaphore Timeouts, Semaphore Acquires, etc…

Here is a script I got from the Microsoft Gallery
In some enterprise environments the sheer volume of NTLM authentication can produce performance bottlenecks on servers. To help make the problem easier to detect, this PowerShell script was written.

PARAM ([Switch]$CheckMaxConcurrentApi, [switch]$GetNetlogonInstances, [string]$Computer = "Localhost", [string]$Instance = "_Total", [bool]$CalcMCA = $False)
#************************************************
# CheckMaxConcurrentApiScript.ps1
# Version 1.0
# Date: 3/22/2013
# Author: Tim Springston [MSFT]
# Description:Uses .Net methods and WMI to query
#                a remote or local computer for MaxConcurrentApi
#               problems and return details back in a PSObject.
#************************************************
function CheckMaxConcurrentApi ([string]$InstanceName = "_Total", [string]$ComputerName = "localhost", [bool]$Calc = $false)
{   
	#This function takes three optional parameters to select Netlogon Instance (can be obtained by using
	#sister function GetNetlogonInstances, computer to run against and whether to run
	#MaxConcurrentApi calculation-which takes longer.
    #It returns details about the computer, whether the problem is detected, and suggested MaxConcurrentApi value.
	$ProblemDetected = $false
	$Date = Get-Date
 
	#Get role, OSVer, hotfix data.
	$cs =  gwmi -Namespace "root\cimv2" -class win32_computersystem -Impersonation 3 -ComputerName $ComputerName
	$DomainRole = $cs.domainrole
	$OSVersion = gwmi -Namespace "root\cimv2" -Class Win32_OperatingSystem -Impersonation 3 -ComputerName $ComputerName
	$bn = $OSVersion.BuildNumber
	$150Hotfix = $false
 
	#Determine how long the computer has been running since last reboot.
	$wmi = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $ComputerName
	$LocalDateTime = $wmi.LocalDateTime
	$Uptime = $wmi.ConvertToDateTime($wmi.LocalDateTime) – $wmi.ConvertToDateTime($wmi.LastBootUpTime)
	$Days = $Uptime.Days.ToString()
	$Hours = $Uptime.Hours.ToString()
	$UpTimeStatement = $Days + " days " + $Hours + " hours"
 
	#Get SystemRoot so that we can map the right drive for checking file versions.
	$objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$ComputerName)
	$ObjRegKey = $ObjReg.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion")
	$SystemRoot = $ObjRegKey.GetValue("SystemRoot")
 
	#Parse the drive letter for the remote systemroot and then map the network drive. First though
	#make sure the drive you will map to doesnt exist already.
	$Drives = gwmi -Namespace "root\cimv2"  -ComputerName $ComputerName -Impersonation Impersonate -Class Win32_LogicalDisk
	$DriveLetters = @()
	ForEach ($Drive in $Drives)
		{
		  $Caption = $Drive.Caption
		  $DriveLetters += $Caption
		  $Caption = $null
		}
 
	if ($ComputerName -ne "localhost")
		{
			$PossibleLetters = [char[]]"DEFGHIJKLMNOPQRTUVWXY" 
			$devices = get-wmiobject win32_logicaldisk | select -expand DeviceID
			$PossibleLetters | where {$DriveLetters -notcontains "$($_):"} | Select -First 1 | % {
			$AvailableDriveLetter = $_
			}
			$DriveToMap = $SystemRoot
			$DriveToMap = $DriveToMap.Replace(":\Windows","")
			$DriveToMap = "\\" + $ComputerName + "\" + $DriveToMap + "$"
			$AvailableDriveLetter = $AvailableDriveLetter  + ":"
			$NETUSEReturn = net use $AvailableDriveLetter $DriveToMap
			$RemoteSystem32Folder = $AvailableDriveLetter + "\Windows\System32"
			$NetlogonDll = $RemoteSystem32Folder + "\Netlogon.dll"
		}
		else
			{
			 $NetlogonDll = $SystemRoot + "\System32\Netlogon.dll"
			}
 
	#Check the file versions for the hotfixes.
	$FileVer = [System.Diagnostics.FileVersionInfo]::GetVersionInfo($NetlogonDll).FileVersion
	switch -exact ($bn)
		{"6002" {#Hotfix Check for MCA to 150 KB975363 http://support.microsoft.com/kb/975363
				 $6002HotfixVer = "6.0.6002.22289"
				 if ($6002HotfixVer -eq $FileVer)
				     {$150Hotfix = $true}
				}
		"7600" {#Hotfix Check for MCA to 150 KB975363 http://support.microsoft.com/kb/975363
				$7600HotfixVer = "6.1.7600.20576"
				if ($7600HotfixVer -eq $FileVer)
					{$150Hotfix = $true}
				}
		"7601" {#Hotfix Check for MCA to 150 KB975363 http://support.microsoft.com/kb/975363
				$150Hotfix = $true
				}
		}
	if ($ComputerName -ne "localhost")
		{
		$NETUSEReturn = net use $AvailableDriveLetter /d
		}
 
	#Determine effective MaxConcurrentApi setting based on OS, hotfix presence, role and registry setting.
	$objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName)
	$objRegKey= $objReg.OpenSubKey("SYSTEM\\CurrentControlSet\\services\\Netlogon\\Parameters")
	$MCARegVal = $objRegKey.GetValue('MaxConcurrentApi')
	$CurrentMCA = 0
	if  ($DomainRole -gt 1)
			{    
			if ($bn -ge 9200)
				{
				If (($MCARegVal -lt 10) -or ($MCARegVal -eq $null) -or ($MCARegVal -gt 9999))
					{$CurrentMCA = 10}
					elseif (($MCARegVal -gt 10)    -and ($MCARegVal -lt 9999))
						{$CurrentMCA = $MCARegVal}
				}
				else
					{        
					If (($MCARegVal -gt 10) -and ($150Hotfix -eq $true))
						{        
						$CurrentMCA = $MCARegVal}
						elseif (($MCARegVal -gt 10) -and ($150Hotfix -eq $false))    
							{$CurrentMCA = 2}
							elseif (( $MCARegVal -gt 2 ) -and ($MCARegVal -le 10))
								{$CurrentMCA = $MCARegVal}
								elseif ($MCARegVal -lt 2)
									{$CurrentMCA = 2}
									elseif ($MCARegVal -eq $null)
										{$CurrentMCA = 2}
					}
				}
 
	#Get a sample of the counters.
	$Category = "Netlogon"
	$CounterASHT = "Average Semaphore Hold Time"
	$CounterST = "Semaphore Timeouts"
	$CounterSA = "Semaphore Acquires"
	$CounterSH = "Semaphore Holders"
	$CounterSW = "Semaphore Waiters"
	#Query remote computer for counters.
	$NetlogonRemoteASHT = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterASHT,$InstanceName,$ComputerName)
	$NetlogonRemoteST = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterST,$InstanceName,$ComputerName)
	$NetlogonRemoteSA = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSA,$InstanceName,$ComputerName)
	$NetlogonRemoteSW = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSW,$InstanceName,$ComputerName)
	$NetlogonRemoteSH = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSH,$InstanceName,$ComputerName)
	#Cook values
	$CookedASHT = $NetlogonRemoteASHT.NextValue()
	$CookedST = $NetlogonRemoteST.NextValue()
	$CookedSA = $NetlogonRemoteSA.NextValue()
	$CookedSW = $NetlogonRemoteSW.NextValue()
	$CookedSH = $NetlogonRemoteSH.NextValue()
	if ((($CookedSW -gt 0) -and (-not($CookedSW -gt 4GB))) -or ($CookedSH -eq $CurrentMCA) -or ((($CookedST -gt 0) -and (-not($CookedST -gt 4GB))) -and (($CookedSW -gt 0) -and (-not($CookedSW -gt 4GB)))))
				{$ProblemDetected = $true}
 
	#Do a second data sample and compare results in order to run the "suggested MCA" math.
	if (($ProblemDetected -eq $true) -and ($Calc -eq $true))
		{
		Start-Sleep -Seconds 60
		$NetlogonRemoteASHT = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterASHT,$InstanceName,$ComputerName)
		$NetlogonRemoteST = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterST,$InstanceName,$ComputerName)
		$NetlogonRemoteSA = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSA,$InstanceName,$ComputerName)
		$NetlogonRemoteSW = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSW,$InstanceName,$ComputerName)
		$NetlogonRemoteSH = New-Object System.Diagnostics.PerformanceCounter($Category,$CounterSH,$InstanceName,$ComputerName)
		#Cook values
		$SecondCookedASHT = $NetlogonRemoteASHT.NextValue()
		$SecondCookedST = $NetlogonRemoteST.NextValue()
		$SecondCookedSA = $NetlogonRemoteSA.NextValue()
		$SecondCookedSW = $NetlogonRemoteSW.NextValue()
		$SecondCookedSH = $NetlogonRemoteSH.NextValue()
		#Next, calculate the suggested MCA 
	                            #using formula from http://support.microsoft.com/kb/2688798
	                            #(semaphore_acquires + semaphore_timeouts) * average_semaphore_hold_time / time_collection_length =< New_MaxConcurrentApi_setting
							 #subtract Sample1SA from Sample2SA = SampleSADelta
							 $SampleSADelta = ($SecondCookedSA - $CookedSA)
							 $SampleSTDelta = ($SecondCookedST - $CookedST)
							 $ASHT = ($SecondCookedASHT + $CookedASHT)
							 $SampleASHTDelta = ($ASHT / 2 )
							 $SamplesDeltaSAST = ($SampleSADelta + $SampleSTDelta)
							 $AllSampleDeltas = ($SampleASHTDelta * $SamplesDeltaSAST)
						     $AllSampleDeltas /= 90
							 $SuggestedMCA = $AllSampleDeltas
							 $SuggestedMCA = "{0:N0}" -f $SuggestedMCA
							 if ($SuggestedMCA -le 2)
								{$SuggestedMCA = $CurrentMCA}
		}
	#Create PSObject for returned data.
	$ReturnedData = New-Object PSObject
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Detection Time" -value $Date
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Problem Detected" -value $ProblemDetected
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Server Name" -value $cs.Name
	if ($cs.DomainRole -le 1)
		{add-member -inputobject $ReturnedData  -membertype noteproperty -name "Server Role" -value "Client"}
	if (($cs.DomainRole -eq 3) -or ($cs.DomainRole -eq 2))
		{add-member -inputobject $ReturnedData  -membertype noteproperty -name "Server Role" -value "Member Server"}
	if ($cs.DomainRole -ge 4)
		{add-member -inputobject $ReturnedData  -membertype noteproperty -name "Server Role" -value "Domain Controller"}
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Domain Name" -value $cs.Domain
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Operating System" -value $OSVersion.Caption
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Time Since Last Reboot" -value $UpTimeStatement
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Current Effective MaxConcurrentApi Setting" -value $CurrentMCA
	if ($SuggestedMCA -eq $null)
		{add-member -inputobject $ReturnedData  -membertype noteproperty -name "Suggested MaxConcurrentApi Setting (may be same as current)" -value $CurrentMCA}
		else
		{add-member -inputobject $ReturnedData  -membertype noteproperty -name "Suggested MaxConcurrentApi Setting (may be same as current)" -value $SuggestedMCA}
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Current Threads in Use (Semaphore Holders)" -value $CookedSH
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Clients Currently Waiting (Semaphore Waiters)" -value $CookedSW
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Cumulative Client Timeouts (Semaphore Timeouts) " -value $CookedST
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Cumulative MaxConcurrentApi Thread Uses (Semaphore Acquires)" -value $CookedSA
	add-member -inputobject $ReturnedData  -membertype noteproperty -name "Duration of Calls (Avg Semaphore Hold Time)" -value $CookedASHT
	return $ReturnedData
}
 
function GetNetlogonInstances ([string]$RemoteComputerName = "localhost")
	{
	 #This function takes a computer name as input (default to local computer) and returns
	 #the instances-analagous to secure channels-a computer has. 
	 #Format returned is \\hostname.domainname.com.
	 
	 if ($RemoteComputerName -eq $null)
	     {
		$LocalNetlogon = New-Object System.Diagnostics.PerformanceCounterCategory("Netlogon",$RemoteComputerName)
		$LocalInstances = $LocalNetlogon.GetInstanceNames()
	    $AllLocalInstances = @()
		foreach ($LocalInstance in $LocalInstances)
			{    
	          if ($LocalInstance -ne "_total")
	             {
				 $AllLocalInstances += $LocalInstance
				}         
			} 
			if ($AllLocalInstances -eq $null)
				{
				WriteTo-StdOut "The local computer was missing its DC perf instance so getting DC name from WMI." -shortformat
 
				$Query = "select * from win32_ntdomain where description = '" + $env:userdomain + "'"
				$v2 = get-wmiobject -query $Query
				$DCName = $v2.DomainControllerName
				$AllLocalInstances += $DCName
				WriteTo-StdOut "DCName is $AllLocalInstances" -shortformat
				}
		return $AllLocalInstances
		}
		else
		{
		$RemoteNetlogon = New-Object System.Diagnostics.PerformanceCounterCategory("Netlogon",$RemoteComputerName)
		$RemoteInstances = $RemoteNetlogon.GetInstanceNames()
		$AllRemoteInstances = @()
		foreach ($RemoteInstance in $RemoteInstances)
			{    
	          if ($RemoteInstance -ne "_Total")
	             {
				 $AllRemoteInstances += $RemoteInstance
				}
			}
			if ($AllRemoteInstances -eq $null)
				{
				#If the local computer was missing its DC perf instance so getting DC name from WMI.
				$Query = "select * from win32_ntdomain where description = '" + $env:userdomain + "'"
				$v2 = get-wmiobject -query $Query
				$DCName = $v2.DomainControllerName
				$AllRemoteInstances += $DCName
				}
		return $AllRemoteInstances
		}
	}
 
if (($CheckMaxConcurrentApi) -and ($Instance -ne "_Total") -and ($Computer -ne "Localhost") -and ($CalcMCA -eq $true))
	{CheckMaxConcurrentApi -instancename $Instance -ComputerName $Computer -Calc $CalcMCA  | FL }
elseif (($CheckMaxConcurrentApi) -and ($Instance -ne "_Total") -and ($Computer -ne "Localhost"))
	{CheckMaxConcurrentApi -instancename $Instance -ComputerName $Computer | FL }
elseif (($CheckMaxConcurrentApi) -and ($Instance -ne "_Total"))
	{CheckMaxConcurrentApi -instancename $Instance  | FL}
elseif (($CheckMaxConcurrentApi) -and ($Computer -ne "Localhost"))
	{CheckMaxConcurrentApi -ComputerName $Computer  | FL}
elseif (($CheckMaxConcurrentApi) -and ($CalcMCA -eq $true))
	{CheckMaxConcurrentApi -Calc $calcmca  | FL}
elseif ($CheckMaxConcurrentApi)
	{CheckMaxConcurrentApi | FL}
if (($GetNetlogonInstances) -and ($Computer -ne "Localhost"))
	{GetNetlogonInstances  | FL}
elseif ($GetNetlogonInstances) 
{GetNetlogonInstances -RemoteComputerName $Computer | FL}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

PARAM ([Switch]$CheckMaxConcurrentApi, [switch]$GetNetlogonInstances, [string]$Computer = "Localhost", [string]$Instance = "_Total", [bool]$CalcMCA = $False)

#************************************************

# CheckMaxConcurrentApiScript.ps1

# Version 1.0

# Date: 3/22/2013

# Author: Tim Springston [MSFT]

# Description:Uses .Net methods and WMI to query

# a remote or local computer for MaxConcurrentApi

# problems and return details back in a PSObject.

#************************************************

function CheckMaxConcurrentApi ([string]$InstanceName = "_Total", [string]$ComputerName = "localhost", [bool]$Calc = $false)

{

#This function takes three optional parameters to select Netlogon Instance (can be obtained by using

#sister function GetNetlogonInstances, computer to run against and whether to run

#MaxConcurrentApi calculation-which takes longer.

#It returns details about the computer, whether the problem is detected, and suggested MaxConcurrentApi value.

$ProblemDetected = $false

$Date = Get-Date

#Get role, OSVer, hotfix data.

$cs = gwmi -Namespace "root\cimv2" -class win32_computersystem -Impersonation 3 -ComputerName $ComputerName

$DomainRole = $cs.domainrole

$OSVersion = gwmi -Namespace "root\cimv2" -Class Win32_OperatingSystem -Impersonation 3 -ComputerName $ComputerName

$bn = $OSVersion.BuildNumber

$150Hotfix = $false

#Determine how long the computer has been running since last reboot.

$wmi = Get-WmiObject -Class Win32_OperatingSystem -ComputerName $ComputerName

$LocalDateTime = $wmi.LocalDateTime

$Uptime = $wmi.ConvertToDateTime($wmi.LocalDateTime) – $wmi.ConvertToDateTime($wmi.LastBootUpTime)

$Days = $Uptime.Days.ToString()

$Hours = $Uptime.Hours.ToString()

$UpTimeStatement = $Days + " days " + $Hours + " hours"

#Get SystemRoot so that we can map the right drive for checking file versions.

$objReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$ComputerName)

$ObjRegKey = $ObjReg.OpenSubKey("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion")

$SystemRoot = $ObjRegKey.GetValue("SystemRoot")

#Parse the drive letter for the remote systemroot and then map the network drive. First though

#make sure the drive you will map to doesnt exist already.

$Drives = gwmi -Namespace "root\cimv2" -ComputerName $ComputerName -Impersonation Impersonate -Class Win32_LogicalDisk

$DriveLetters = @()

ForEach ($Drive in $Drives)

{

$Caption = $Drive.Caption

$DriveLetters += $Caption

$Caption = $null

}

if ($ComputerName -ne "localhost")

{

$PossibleLetters = [char[]]"DEFGHIJKLMNOPQRTUVWXY"

$devices = get-wmiobject win32_logicaldisk | select -expand DeviceID

$PossibleLetters | where {$DriveLetters -notcontains "$($_):"} | Select -First 1 | % {

$AvailableDriveLetter = $_

}

$DriveToMap = $SystemRoot

$DriveToMap = $DriveToMap.Replace(":\Windows","")

$DriveToMap = "\\" + $ComputerName + "\" + $DriveToMap + "$"

$AvailableDriveLetter = $AvailableDriveLetter + ":"

$NETUSEReturn = net use $AvailableDriveLetter $DriveToMap

$RemoteSystem32Folder = $AvailableDriveLetter + "\Windows\System32"

$NetlogonDll = $RemoteSystem32Folder + "\Netlogon.dll"

}

else

{

$NetlogonDll = $SystemRoot + "\System32\Netlogon.dll"

}

#Check the file versions for the hotfixes.

$FileVer = [System.Diagnostics.FileVersionInfo]::GetVersionInfo($NetlogonDll).FileVersion

NOTES:

USAGE:

HAPPY SCRIPTING!POSITIVE ENERGY!PLEASE COMMENT!

Connect to Exchange Online with the RPS Proxy Method to remove the 10K size limitation

Prepare a folder locally and place all the photos in that folder

Update the profile pictures via PowerShell

HAPPY SCRIPTING!PLEASE COMMENT!

HAPPY PURGING!PLEASE COMMENT!IGNORANCE IS NOT BLISS!

Install Windows Server 2019

PLEASE CHECK BACK FOR UPDATES!PLEASE COMMENT!

Transfer FSMO Roles using PowerShell

HAPPY TROUBLESHOOTING! KEEP SCRIPTING!PLEASE COMMENT!

Step 1 – Create your PowerShell Script

Step 2 – Setup a Scheduled Task To Be Run

Step 3 – Create the Alert Trigger in Performance Monitor

Step 4 – Set the Data Collector Set to run upon server startup.

PLEASE COMMENT! I LOVE IMPROVEMENTS TO MY SCRIPTS! HAPPY TROUBLESHOOTING!

HAPPY TROUBLESHOOTING!I LOVE COMMENTS! THANKS FOR READING!

HAPPY TROUBLESHOOTING!MAKE THIS SITE BETTER!PLEASE COMMENT!

GOOD LUCK WITH YOUR MIGRATIONS!HAPPY TROUBLESHOOTING!

PLEASE COMMENT! I WELCOME SUGGESTIONS, TIPS, ALTERNATIVE TROUBLESHOOTING! HAVE A GREAT DAY!

Here is the download:

I want to thank Jason Field for the bulk of this script!

Here is the script:

PLEASE COMMENT, SHARE, AND HAPPY TROUBLESHOOTING!

HAPPY SCRIPTING!
POSITIVE ENERGY!
PLEASE COMMENT!

HAPPY SCRIPTING!
PLEASE COMMENT!

HAPPY PURGING!
PLEASE COMMENT!
IGNORANCE IS NOT BLISS!

PLEASE CHECK BACK FOR UPDATES!
PLEASE COMMENT!

HAPPY TROUBLESHOOTING! KEEP SCRIPTING!
PLEASE COMMENT!

HAPPY TROUBLESHOOTING!
I LOVE COMMENTS! THANKS FOR READING!

HAPPY TROUBLESHOOTING!
MAKE THIS SITE BETTER!
PLEASE COMMENT!

GOOD LUCK WITH YOUR MIGRATIONS!
HAPPY TROUBLESHOOTING!