GMSA Make Immediately Available

Unfortunately the Add-KdsRootKey -EffectiveImmediately does not happen immediately therefore if happy that this has replicated to all Domain Controllers use the following

Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))

Advertisements

Exchange PowerShell Scripts for Migration

I am using the following scripts to extract Exchange info in readiness for migration to Office 365 as a lot of info does not get transferred.  This is only export as not had time to look at automating the import yet.

# Export User Mailboxes and Permissions
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Select-Object DisplayName,PrimarySmtpAddress, @{Name=”EmailAddresses”;Expression={$_.EmailAddresses | Where-Object {$_.PrefixString -cne “SMTP”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV -NoTypeInformation ex-UserMailbox.csv
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Get-MailboxPermission | Select-Object identity,user,@{Name=”AccessRights”;Expression={$_.”AccessRights”}},IsInherited | Where-Object {$_.User -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Export-CSV -NoTypeInformation ex-UserMailboxPermissions.csv

# Export Shared Mailboxes and Permissions
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Select-Object DisplayName,PrimarySmtpAddress, @{Name=”EmailAddresses”;Expression={$_.EmailAddresses | Where-Object {$_.PrefixString -cne “SMTP”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV -NoTypeInformation ex-SharedMailbox.csv
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | Select-Object identity,user,@{Name=”AccessRights”;Expression={$_.”AccessRights”}},IsInherited | Where-Object {$_.User -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Export-CSV -NoTypeInformation ex-SharedMailboxPermissions.csv

# Export Equipment Mailboxes and Permissions
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails EquipmentMailbox | Select-Object DisplayName,PrimarySmtpAddress, @{Name=”EmailAddresses”;Expression={$_.EmailAddresses | Where-Object {$_.PrefixString -cne “SMTP”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV -NoTypeInformation ex-EquipmentMailbox.csv
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails EquipmentMailbox | Get-MailboxPermission | Select-Object identity,user,@{Name=”AccessRights”;Expression={$_.”AccessRights”}},IsInherited | Where-Object {$_.User -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Export-CSV -NoTypeInformation ex-EquipmentMailboxPermissions.csv

# Export Room Mailbxes and Permissions
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails RoomMailbox | Select-Object DisplayName,PrimarySmtpAddress, @{Name=”EmailAddresses”;Expression={$_.EmailAddresses | Where-Object {$_.PrefixString -cne “SMTP”} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV -NoTypeInformation ex-RoomMailbox.csv
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails RoomMailbox | Get-MailboxPermission | Select-Object identity,user,@{Name=”AccessRights”;Expression={$_.”AccessRights”}},IsInherited | Where-Object {$_.User -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Export-CSV -NoTypeInformation ex-RoomMailboxPermissions.csv

# Export Mail Contacts
Get-Mailcontact -ResultSize Unlimited | Select-Object DisplayName,PrimarySmtpAddress | Export-CSV -NoTypeInformation ex-Mailcontact.csv

# Export User Mailbox Calendar/Contacts/Tasks Permissions
$r = foreach ($m in (get-mailbox -resultsize unlimited)) {Get-MailboxFolderPermission ($m.samaccountname+”:\calendar”) | select @{Name=’Name’;Expression={$m.Name}}, FolderName,Identity,Accessrights;Get-MailboxFolderPermission ($m.samaccountname+”:\contacts”) | select @{Name=’Name’;Expression={$m.Name}}, FolderName,Identity,Accessrights;Get-MailboxFolderPermission ($m.samaccountname+”:\tasks”) | select @{Name=’Name’;Expression={$m.Name}}, FolderName,Identity,Accessrights;}
$r | where-object {$_.Identity -notlike “Anonymous” -and $_.Identity -notlike “Default”} | select @{Name=”Identity”;Expression={$_.Name+”:\”+$_.FolderName}},@{Name=”User”;Expression={$_.Identity}},@{Name=”AccessRights”;Expression={$_.AccessRights}} | Export-CSV -NoTypeInformation ex-UserMailboxFolderPermissions.csv

# Export User Mailbox Forwarders
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Select-Object DisplayName,ForwardingAddress,ForwardingSmtpAddress,DeliverToMailboxAndForward | Where-Object {$_.ForwardingAddress -ne $null -or $_.ForwardingSMTPAddress -ne $null} | Export-CSV -NoTypeInformation ex-UserMailboxForwarders.csv

# Export User Mailboxes with Archives
Get-Mailbox -ResultSize Unlimited | where {$_.ArchiveDatabase -ne $null} | Select-Object name, archivedatabase | Export-CSV -NoTypeInformation ex-UserMailboxArchives.csv

# Export Distribution Lists and Members
Get-DistributionGroup -ResultSize Unlimited | Select-Object DisplayName,PrimarySmtpAddress, @{Name=”EmailAddresses”;Expression={$_.EmailAddresses | Where-Object {$_.PrefixString -cne “SMTP”} | ForEach-Object {$_.SmtpAddress}}},RequireSenderAuthenticationEnabled | Export-CSV -NoTypeInformation ex-DistributionLists.csv
foreach ($g in Get-DistributionGroup) { get-distributiongroupmember $g | ft @{expression={$_.displayname};Label=”$g” } | out-file -append ex-DistributionListsMembers}

Publishing printers from another forest

Assuming that a trust is established between sites then create an OU in AD and then extract printers from the other forest into AD using pubprn.vbs

https://technet.microsoft.com/en-us/library/cc753116.aspx

In my server 2016 environment for some reason the last letter of the servername is missing and breaks the print object.  Using ADSIEDIT.MSC it can be fixed just edit the servername and shortservername attributes of each printer object.  Also the comments and location attributes can be updated in this way if required.