Book Image

Microsoft Exchange Server 2016 PowerShell Cookbook - Fourth Edition

By : Jonas Andersson, Nuno Mota, Mike Pfeiffer
Book Image

Microsoft Exchange Server 2016 PowerShell Cookbook - Fourth Edition

By: Jonas Andersson, Nuno Mota, Mike Pfeiffer

Overview of this book

We start with a set of recipes on core PowerShell concepts. This will provide you with a foundation for the examples in the book. Next, you'll see how to implement some of the common exchange management shell tasks, so you can effectively write scripts with this latest release. You will then learn to manage Exchange recipients, automate recipient-related tasks in your environment, manage mailboxes, and understand distribution group management within the Exchange Management Shell. Moving on, we'll work through several scenarios where PowerShell scripting can be used to increase your efficiency when managing databases, which are the most critical resources in your Exchange environment. Towards the end, you'll discover how to achieve Exchange High Availability and how to secure your environment, monitor the health of Exchange, and integrate Exchange with Office Online Server, Skype for Business Server, and Exchange Online (Office 365). By the end of the book, you will be able to perform administrative tasks efficiently.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Exchange Server 2016 PowerShell Cookbook - Fourth Edition
Jonas Andersson | Nuno Mota | Mike Pfeiffer
Jul, 2017 | 648 pages
Small book image
Practical PowerShell Exchange Server 2016
Dave Stork | Damian Scoles
Feb, 2020 | 557 pages
Small book image
Practical PowerShell Exchange Server 2019
Damian Scoles
Jun, 2020 | 688 pages
Small book image
Practical PowerShell Office 365: Exchange Online
Damian Scoles
Feb, 2020 | 438 pages
Table of Contents (17 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
PowerShell Key Concepts
PowerShell Key Concepts
Introduction
Using the help system
Understanding command syntax and parameters
Command aliases
Setting up a PowerShell profile
Understanding the pipeline
Working with variables and objects
Working with arrays and hash tables
Looping through items
Creating custom objects
Using debugger functions
Understanding the new execution policy
Using the Save-Help function
Working with script repositories
2
Exchange Management Shell Common Tasks
Exchange Management Shell Common Tasks
Introduction
Manually configuring remote PowerShell connections
Using explicit credentials with PowerShell cmdlets
Transferring files through remote shell connections
Managing domains or an entire forest using a recipient scope
Exporting reports to text and CSV files
Sending SMTP emails through PowerShell
Scheduling scripts to run at a later time
Logging shell sessions to a transcript
Automating tasks with the scripting agent
Scripting an Exchange server installation
3
Managing Recipients
Managing Recipients
Introduction
Creating, modifying, and removing mailboxes
Working with contacts
Managing distribution groups
Managing resource mailboxes
Creating recipients in bulk using a CSV file
Configuring MailTips
Working with recipient filters
Adding and removing recipient email addresses
Hiding recipients from address lists
Configuring recipient moderation
Configuring message delivery restrictions
Managing automatic replies and out-of-office settings for a user
Adding, modifying, and removing server-side inbox rules
Managing mailbox folder permissions
Importing user photos into Active Directory
4
Managing Mailboxes
Managing Mailboxes
Introduction
Reporting on mailbox sizes
Reporting on the mailbox creation time
Working with move requests and performing mailbox moves
Email notification on mailbox moves
Importing and exporting mailboxes
Deleting messages from mailboxes using Search-Mailbox
Deleting messages from mailboxes using Compliance Search
Managing disconnected mailboxes
Setting storage quotas for mailboxes
Finding email addresses with numbers
Finding mailboxes with different SIP and Primary SMTP addresses
Finding inactive mailboxes
Detecting and fixing corrupt mailboxes
Restoring deleted items from mailboxes
Managing public folder mailboxes
Reporting on public folder statistics
Managing user access to public folders
5
Distribution Groups and Address Lists
Distribution Groups and Address Lists
Introduction
Reporting on distribution group membership
Adding members to a distribution group from an external file
Previewing dynamic distribution group membership
Backing up distribution groups membership
Excluding hidden recipients from a dynamic distribution group
Converting and upgrading distribution groups
Allowing managers to modify group permissions
Removing disabled users from distribution groups
Working with distribution group naming policies
Working with distribution group membership approval
Creating address lists
Exporting address list membership to a CSV file
Configuring hierarchical address books
6
Mailbox Database Management
Mailbox Database Management
Introduction
Managing the mailbox databases
Moving databases and logs to another location
Configuring the mailbox database limits
Reporting on mailbox database size
Finding the total number of mailboxes in a database
Determining the average mailbox size per database
Reporting on database backup status
Restoring data from a recovery database
7
Managing Client Access
Managing Client Access
Introduction
Managing ActiveSync, OWA, POP3, and IMAP4 mailbox settings
Setting internal and external CAS URLs
Managing Outlook Anywhere settings
Blocking Outlook clients from connecting to Exchange
Reporting on active OWA and RPC connections
Controlling ActiveSync device access
Reporting on ActiveSync devices
8
Managing Transport Servers
Managing Transport Servers
Introduction
Configuring transport limits
Managing connectors
Allowing application servers to relay emails
Checking if the IP address is in a receive connector
Comparing receive connectors
Adding IP address to receive connectors
Working with custom DSN messages
Managing connectivity and protocol logs
Searching message tracking logs
Determining which email client sent an email
Working with messages in transport queues
Searching anti-spam agent logs
Implementing a header firewall
Configuring the Edge Transport server role
9
Exchange Security
Exchange Security
Introduction
Granting users full access permissions to mailboxes
Finding users with full access to mailboxes
Sending email messages as another user or group
Throttling client connections
Working with Role Based Access Control
Creating a custom RBAC role for administrators
Creating a custom RBAC role for end users
Troubleshooting RBAC
Generating a certificate request
Installing certificates and enabling services
Importing certificates on multiple Exchange servers
Configuring Domain Security
Configuring S/MIME for OWA
Configuring Windows Defender Exclusions
10
Compliance and Audit Logging
Compliance and Audit Logging
Introduction
Configuring journaling
Managing archive mailboxes
Configuring archive mailbox quotas
Creating retention tags and policies
Applying retention policies to mailboxes
Placing mailboxes on retention hold
Placing mailboxes on in-place hold or litigation hold
Searching and placing a hold on public folders
Performing eDiscovery searches
Performing Compliance searches
Configuring data loss prevention
Configuring administrator audit logging
Searching the administrator audit logs
Configuring mailbox audit logging
Searching mailbox audit logs
11
High Availability
High Availability
Introduction
Creating a Database Availability Group
Adding mailbox servers to a Database Availability Group
Configuring Database Availability Group network settings
Adding mailbox copies to a Database Availability Group
Activating mailbox database copies
Reseeding a database copy
Working with lagged database copies
Using the automatic reseed feature
Performing maintenance on Database Availability Group members
Reporting on database status, redundancy, and replication
12
Monitoring Exchange Health
Monitoring Exchange Health
Introduction
Using Exchange test cmdlets
Using Health Probe checks
Checking the server health and health sets
Monitoring transaction logs
Monitoring the disk space
Checking database redundancy
13
Integration
Integration
Introduction
OAuth configuration
Configuring Exchange archiving for Skype for Business Server
Configuring and enabling the Unified Contact Store
Integrating Skype for Business with Outlook on the web
Configuring a user with a high-resolution photo
Office Online Server integration
Validating Exchange hybrid
14
Scripting with the Exchange Web Services Managed API
Scripting with the Exchange Web Services Managed API
Introduction
Getting connected to EWS
Sending email messages with EWS
Working with impersonation
Searching mailboxes
Retrieving the headers of an email message
Deleting email items from a mailbox
Creating calendar items
Exporting attachments from a mailbox
15
Common Shell Information
Common Shell Information
Exchange Management Shell reference
Properties that can be used with the -Filter parameter
Properties that can be used with the -RecipientFilter parameter
16
Query Syntaxes
Query Syntaxes
Using the word phrase search
Using a date range search
Using the message type search
Using search operators

Understanding the new execution policy

Windows PowerShell implements script security to keep unwanted scripts from running in your environment. You have the option of signing your scripts with a digital signature to ensure that scripts that run are from a trusted source.

The policy has five (Unrestricted, RemoteSigned, AllSigned, Restricted, Default, Bypass, and Undefined) different states to be set in five different scopes (MachinePolicy, UserPolicy, Process, CurrentUser, and LocalMachine).

A short description of the different states and what they can or can't do follows:

  • Undefined - There is no execution policy set for the current scope
  • Restricted - No script, be it local, remote, or downloaded can be executed
  • AllSigned - All script that is run required to be digitally signed
  • RemoteSigned - All remote (UNC) or downloaded scripts required to be digitally signed
  • Bypass - Nothing is blocked and there are no warnings or prompts
  • Unrestricted - All scripts are allowed to be executed

And the following is a description of the different scopes:

  • MachinePolicy - The execution policy set by a Group Policy applies to all users
  • UserPolicy - The execution policy set by a Group Policy applies to the current user
  • Process - The execution policy applies to the current Windows PowerShell process
  • CurrentUser - The execution policy applies to the current user
  • LocalMachine - The execution policy applies to all users of the computer

Windows PowerShell implements script security to keep unwanted scripts from running in your environment. You have the option of signing your scripts with a digital signature to ensure that scripts that are run are from a trusted source.

It is possible to manage Exchange 2016 through PowerShell remoting on a workstation or server without Exchange Tools installed. In this case, you'll need to make sure your script execution policy is set to either RemoteSigned or Unrestricted. To set the execution policy, use the following command:

    Set-ExecutionPolicy RemoteSigned

Make sure you do not change the execution policy to AllSigned on machines where you'll be using the Exchange cmdlets. This will interfere with importing the commands through a remote PowerShell connection, which is required for the Exchange Management Shell cmdlets to run properly.

How to do it...

The following are some examples of cmdlets that can be used for configuring the execution policy:

    Get-ExecutionPolicy -List | Format-Table -AutoSize
    
    Set-ExecutionPolicy AllSigned
    
    Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy ` RemoteSigned

How it works...

The default scope is set to LocalMachine if nothing is specified, which means it will apply to everyone on this machine. If the execution policy is set to Undefined in all scopes, the effective execution policy is Restricted.

We started with listing the current policy settings and then continued with configuring the LocalMachine policy to require scripts to be digitally signed or else they will be prohibited from being executed.

The last cmdlet which was used configured the CurrentUser to RemoteSigned instead of AllSigned, which was configured to the LocalMachine policy.

Once this change is done, the configuration would look like the following screenshot:

This makes it possible to have the execution policy configured to require digital signatures for scripts that are being executed by everyone, except the current logged in user.

If you are uncertain as to which user that is logged on, use the whoami command.

There's more...

Since the default execution policy is configured to RemoteSigned, the effect is that all remote (UNC) or downloaded scripts required to be digitally signed.

It is very common that when a script is downloaded, we need to unblock this file before it can be executed when the policy is set to default settings.

Of course, the recommendation before unblocking any downloaded file is to test it in a test environment so it doesn't harm any production environment or it doesn't contain any malicious code in some way:

    Unblock-File -Path C:\Scripts\HarmlessScript.ps1
    
    Get-ChildItem C:\DownloadFolder | Unblock-File

The first line unblocks the specified downloaded file, while the second line retrieves all files from a folder called DownloadFolder and then unblocks them. This, in the end, makes it possible to execute these files with the default configuration.

Unblock-File performs the same operation as the Unblock button on the Properties dialog box in File Explorer.

For more detailed information, use the Get-Help about_Execution_Policies cmdlet.

See also

  • The Working with the desired state configuration recipe in this chapter
  • The Working with script repositories recipe in this chapter
  • The Using the Save-Help function recipe in this chapter
Previous Section
End of Section 13
Next Section