Author: vijayarelangovan

Sr IT Consultant. Helps clients to improve their IT infrastructure, Migrating to Azure, Office 365.

Resolving Time sync issues

We have had lot of issues with Time sync on members servers.  If the time is not in sync with the domain controller, you may see issues but those errors and problem may not directly point to Time issues.

Problem:

Once such scenario that I ran in to, in my environment, there are different time source,

  • My root domain is syncing with parent company
  • My primary child domain is syncing properly with root domain
  • DMZ, and resource domain time are syncing with Vmware, and external source.

To add more complication to the existing problem,

  • Partly my resource domain servers are in DMZ as well
  • I have windows 2000 and windows 2003 servers

The best thing about resolving the problem is that, I don’t have to restart the server after making the changes. So i can make changes immediately and restart the time service without any downtime

Solution:

  • To prepare myself to resolve the problem is that, I need a report of all the servers which are not synching with the DC’s or domain.  The script from Time Sync report from member servers and create a .txt file called server.txt and add all the servers in your organization in the same path where you have this .ps1 folder
  • I need to segregate the list of servers based on their operating system
  • Then I need to find their location (DMZ, site) to identify the nearest DC that I can contact

Finally, I could sort about 200 computers which are not syncing with DC’s.  I tweaked the script and run the script to do a mass change.  Of course, windows 2000 and windows 20003 must be treated differently (fortunately I just had 10 servers of this nature, so I did it individually)

Note: I don’t own the script, i’m not responsible for the scripts if it malfunctions

AD discovery

I started focusing more on Active directory.  I thought it would help others to share my experience not just related to Exchange, but also Active directory, powershell scripts and so on.

Having said that, I was tasked to extract the information about my active directory topology,

Microsoft Active Directory Topology Diagrammer,  tool was very useful.

But that wasn’t sufficient to document.  I have found a script which extract almost all the information about your forest.AD Discovery script

There are 3 scripts, you can use either GUI or .exe file.  I have ran this in my environment several time without any issues

Note: I don’t own this script.  I’m not responsible for any consequences caused by this script as i didn’t program it

 

Script to help assign permisison to folders and subfolders

I thought that easy, when you have just 2 or 3 folders. How about 100 folder, it is still easy though if you know the script.

Get-MailboxFolderStatistics Mailboxname | where{ $_.folderpath -eq “/Foldername”) | Add-MailboxFolderPermission Mailbox -User Username -AccessRights “Level of access”

Unfortunately the above command won’t work. I found a script in a blog,

  1. Get-MailboxFolderStatistics Username – This gives the list of folders
  2. Filter a specific folder and it subfolder which needs access, where{ $_.folderpath.Contains(“//Foldername”)
  3. Assign permission Add-MailboxFolderPermission Mailbox -User Username -AccessRights “Level of access”

Putting al together

foreach( $Folder in (Get-MailboxFolderStatistics username | where{ $_.folderpath.Contains(“/Foldername”) -eq $true } ))
{
$FPath = “Mailbox Name:” + $Folder.folderpath.replace(“/”,”\”);
Add-MailboxFolderPermission Mailbox -User Username -AccessRights “Level of access”
}

  • Foreach is to help choose each folder and assign permission.
  • $FPath = “Mailbox Name:” + $Folder.folderpath.replace(“/”,”\”) – This is to get the complete path of the subfolder

Thanks,
Vijay

Shared Mailbox Permission – Bug

Recently i got into a situation where i had to streamline the permissions that are given to the shared mailbox.  So i’ve decided to do that in the following ways

1. Create a Shared mailbox
2. Create a group for the shared mailbox
3. Add the users to the Group who needs permission
4. Give permission to the Group on the shared mailbox

Everything went fine. Permissions are set. But users inside the group started reporting that they cannot see the folders in the shared mailbox.  So i’ve started to check all the permission and nothing seem to give a clue

Finally,

I gave permission to a user on the shared mailbox – cool, folders shows up. Seems so wired. how can a user object works but not the Group. I just thought i can try adding the group from the outlook – perfect, folders shows up.

Conclusion,

When you give permission to the shared mailbox throught powershell, you will experience the issue. Instead either give permission to the user object or add the group from the outlook.

Hope this was informative.

VJ

Deleting a particular email in Exchange 2010

Recently I’ve encountered a scenario to delete a particular message with a certain subject. Which is no big deal

Export-Mailbox -TargetMailbox “To Mailbox to which you wanted to copy the mails” -TargetFolder ” To Delete” -SenderKeywords “Sender id” -SubjectKeywords ”Subject of the mail that you want to delete” –DeleteContent

The above command will search the Mail which matches the “Sender id” and “Subject.

Hmm. But the above command only applies to Exchange 2007 only. So what if you want to delete an email in Exchange 2010. I googled around and i came across reading lot things, but couldnt get to the bottom.

After an hour i’ve zeroed down to the following command

Get-Mailbox | Search-Mailbox -DeleteContent -SearchQuery “sub:Subject of the message”,from:”Senderemail address”

This will search all the mailbox in the organisation [ you can use -ResultSize unlimited to include more than 1000 users] for the mail that matches the subject and the sender email address. -DeleteContent will delete those emails.

Along with this, using -TargetMailbox “Mailbox” will copy the mails and summary of the Deletion.

VJ

Exchange server 2010 SP2 is available

Exchange server SP2 is available for download – http://www.microsoft.com/download/en/details.aspx?id=28190

It includes the following features

Outlook Web App (OWA) Mini – OWA designed for low bandwidth
Cross-Site Silent Redirection for Outlook Web App
Hybrid Congfiguration Wizard – those who have combination or on-&-off premises Exchange server
Address Book Policies – For those who do hosting for different companies

And other customer requested fixes

Cannot view the certificate on the server – Resolved

Few weeks back i have posted about an issue “Certificate Missing on the Server – BUG?” – http://wp.me/pM6aD-1Q.

I was just googling around without sucess and finally figured out that turned out to be a “Permission issue”. But how?

Solution:
when we do Get-ExchangeCertificate, it pulls the list of certificate from the location “All Users Profile\Application Data\Microsoft\Crypto\RSA folder”.

So if you manually navigate to the location, you will find all the certificate installed on the server. You can double click one of them which you dont find it while running the get-exchangecertificate, it throws and error message saying “You dont have permission”

To make these certificate appears in the Get-ExchageCertificate, you have to do the following

Under the All Users Profile\Application Data\Microsoft\Crypto\RSA\S-1-5-18

Click on the advanced tab – owner tab – select administrator, it might shows “cant display the information”, therefore click on administrator and then apply
Add owner rights to administrator account
Now can view the security tab and summary tab
Under security lab – clicked on advanced , checked “allow inheritance”

But why it should be a permission issue though im an administrator?….

Cannot receive emails or work with BB device – Read this

I guess some may have problem in using their BB device, like cannot send/receive emails, cannot check calendar and so on. If you are located in a region somewhere in Europe, France, Middle east…

Dont worry.. Its not your problem. RIM servers are down

Read this – http://www.foxnews.com/scitech/2011/10/10/blackberry-service-crashes-for-millions-worldwide/ . So Administrators.. relax.