How to: Powershell list all computers in Active Directory

Sometimes you would need to have a list of all the computers joined to the domain in your infrastructure. Instead of going through all the Organizational Units (OUs) in your AD infrastructure and listing all the computers, you can easily use the below Powershell Script.

CLS
Import-Module ActiveDirectory
$ComputerName = get-ADComputer -Filter * | Select -Expand Name
Foreach ($CN in $ComputerName)
{  write-host $CN}

This will type a list of all the computers joined in your AD infrastructure.  Save it to a file with extension PS1 and run it. If you would like to save the output to file simply run the file by adding > filename.txt and replace the write-host with write-output (226)

Fix: Your automatic reply settings cannot be displayed because the server is unavailable

When setting up the automatic reply and out of office from your Outlook 2010 having Exchange 2010 you might have the problem with a pop-up saying “Your automatic reply settings cannot be displayed because the server is unavailable”.

I have managed to solve this with a DNS record in your infrastructure. Create the following SRV record to fix the issue.

Service: _autodiscover
Protocol: _tcp
Port Number: 443
Host: myexchangeserver.mydomain.local

On the client PC run the following to refresh the DNS. Make sure you run the CMD as Administrator

ipconfig /flushdns
ipconfig /registerdns

This should fix the problem and the user will be prompted to enter his Out of office settings. (7336)

Fix: No remote desktop license server is specified

After installing the licenses on your Windows 2008 R2 and upper for Terminal services and activated both the license and server you might have a popup message saying No Remote Desktop license server is specified. Also when you open the Remote Desktop Session Host Configuration you might see a similar message under the licensing diagnosis.

To fix this issue you must specify the Remote Desktop Services License Server. This can be done by the following:

Open the Remote Desktop Session Host Configuration from the Administrative Tools
Left click on the RD Session Host Configuration node
Double click on the Remote Desktop license servers
Add the server where the licenses have been installed

This should solve the issue and stop the message from showing (3089)

How to: Delete and re-create the Exchange ECP Virtual Directory

To delete the ECP virtual directory of your Exchange server and re-create it from scratch, you can use the below to get the identity of the virtual directory.

get-EcpVirtualDirectory |fl

Use this to remove the virtual directory in question

Remove-EcpVirtualDirectory -identity "MYSERVER\ecp (Exchange Back End)"

Create the new virtual directory use the below

New-EcpVirtualDirectory -externalurl "https://outlook.mydomain.com/ecp" -internalurl "https://myserver/ecp" -Server "myserver.mydomain.local"
(11001)

Fix: Error 500 when loading Shell or ECP on Exchange 2013 SP1

After installing Exchange 2013 with SP1 you might notice that when you open the Management Shell, you will get a bunch of errors with mainly the error 500: Internal Server Error. This can also be seen when you try to access the ECP or OWA on the server in question. This issue is only on Exchange 2013 with SP1 and with Client Access role installed.

The culprit can be the following three:

#1 Time synchronization

On the Primary Domain Controller (PDC) do the below

net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org
w32tm /config /reliable:yes
net start w32time

On the other DCs and servers do the following

net stop w32time
w32tm /config /syncfromflags:domhier /reliable:no /update
net start w32time


#2 Kerberos issues

Do the following on the effected servers to re-create the Powershell virtual directory.

Get-PowerShellVirtualDirectory -Server | Remove-PowerShellVirtualDirectory
New-PowerShellVirtualDirectory -Server -Name PowerShell
Get-PowerShellVirtualDirectory -Server | Set-PowerShellVirtualDirectory -BasicAuthentication:$false
IISReset

After virtual directory re-creation I have checked its modules in IIS and made sure, that Kerberos module is native and the path to its DLL is correct.

#3 WinRM Extensions

The feature might be missing, do the below to add the feature

Get-WindowsFeature *IIS* #to check if it is installed
Add-WindowsFeature Winrm-IIS-Ext # to install
(9139)

How to: Remove Arbitration mailboxes from Exchange Mailbox servers

Sometimes you would like to uninstall a mailbox server or un-install a mailbox server but when you make the Get-Mailbox -Arbitration -Database DataBase1 you see some mailboxes there. These are there to prevent you from deleting the mailbox database or server. These are used by the Exchange server. You can either move or delete these mailboxes. If this is not the last mailbox server in your setup I would suggest you move them, otherwise delete them or you will not be able to uninstall the server.

Moving the mailboxes
Get-Mailbox -Arbitration -Database EXCHDB1| New-MoveRequest -TargetDatabase EXCHDB2

Disabling the mailboxes
Get-Mailbox -Arbitration -Database EXCHDB1| Disable-Mailbox -Arbitration

Deleting the mailboxes
Get-Mailbox -Arbitration -Database EXCHDB1| Remove-Mailbox -Arbitration -RemoveLastArbitrationMailboxAllowed

If you would like to re-create them, I would suggest the below

Setup.com /PrepareAD /IAcceptExchangeServerLicenseTerms
or
.\Setup /PrepareAD /IAcceptExchangeServerLicenseTerms (5180)

How to: Uninstall an application with Powershell using GPO

Sometimes you would need to automate an uninstall of an application through Group Policies (GPO). This can be done by running a PowerShell script. Firstly create a PowerShell script as below:

$appplication = Get-WmiObject -Class Win32_Product | Where-Object
{$_.Name -match "My Application Name"}
$application.Uninstall()

Save the file and create a new GPO and set the script to load by setting up the Computer Configuration/ Policies/ Windows Settings/ Scripts/ Startup.
(5124)

How to: Set PowerShell execution policy to unrestricted using GPO

Most often when you have to execute some PowerShell scripts through the GPO and you end up with an error on execution saying that the Execution Policy does not allow you to run un-signed script.

So you would need to create a new GPO to set the Execution Policy. Create a new  GPO and edit it.

Goto Computer Configuration/ Policies/ Administrative Templates/ Windows Components/ Windows PowerShell

Double-click on Turn on Script Execution
Click on Enabled
Select Allow All Scripts

Move the GPO onto the respective OU, wait until the refresh or simple run gpupdate /force on the computers. (7062)

Fix: Missing Server Configuration in Exchange 2010 management console

When opening the Management Console in your Exchange 2010 you might noticed the Server Configuration node missing. Also you might notice that when you open a mailbox you will not see the size and other information and you will get the yellow lock and no data is shown.

In most cases it would be because you have Outlook installed and you logged in with another user in Outlook. The credentials will be saved in the vault and it will try to log into the Management Console with that user. In fact when you launch the Management Console and click on the Microsoft Exchange On-Premises node, while loading you will notice it uses the user.

You would need to do the following:

– Open a command prompt using “Run as Administrator”
– Run the command “control keymgr.dll”
– Click “Back up vault” and follow the prompts to back everything up
– Remove any credentials related to the other user

After this, try to open the Management Console, if the problem persists a quick restart of the server will do the job. (1378)

How to: Remove duplicate items from Exchange Mailboxes using Powershell

During an Exchange migration you sometimes have the issues where users complain that there are duplicate entries of their calendar items. This is normal to happen and can be done directly from the server using Powershell . You will need to download the script here and then install Managed API 1.2 or later which can be downloaded here.

Remove-DuplicateItems.ps1 [-Mailbox] <String> [[-Type] <String>] [-Server <String>] [-Impersonation] [-DeleteMode <String>] [-Mode <String>][-WhatIf] [-Confirm] [<CommonParameters>]

The syntax is below:

-Mailbox is the name of the mailbox to process;
-Type determines what folders are checked for duplicates. Valid options are Mail, Calendar, Contacts, Tasks, Notes or All (Default);
-Server is the name of the Client Access Server to access for Exchange Web Services. When omitted, the script will attempt to use Autodiscover;
-When the Impersonation switch is specified, impersonation will be used for mailbox access, otherwise the current user context will be used;
-DeleteMode specifies how to remove messages. Possible values are HardDelete (permanently deleted), SoftDelete (use dumpster, default) or MoveToDeletedItems (move to Deleted Items folder).
-Mode determines how items are matched. Options are Quick, which uses PidTagSearchKey and is the default mode, or Full which uses a predefined set of attributes to match items, depending on the item class.

For this to work you need to setup the impersonation of the user which you will be running the script. This can be done as below for Exchange 2010

New-ManagementRoleAssignment -Name ImpersonationRole -Role ApplicationImpersonation -User administrator

-Name : Can be anything you put in, it’s just a name
-User: Is the user you will be impersonating as

On Exchange 2007 you can use the below command:

Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity User1 | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}

More info on the script here (8273)