Remove all disabled user from an Active Directory Group with Power Shell using Quest Active Roles AD Management

The following code snippet which I ran through PowerShell ISE (learn how to get it on Windows Server) will remove all disabled users from a particular group.  Useful for the end of year / start of year clean up in a school environment.

You will need the ActiveRoles Management Shell for Active Directory, available by clicking here which were made by Quest Software, now DELL.

Add-PSSnapin Quest.ActiveRoles.ADManagement

Get-QADGroup -SearchRoot "" | Foreach-Object {
     $group = $_
     Get-QADGroupMember -Identity $group -Disabled -Type User | Foreach-Object{
         Write-Host "Removing '$($_.Name)' from group '$group'" -Foreground Green
         Remove-QADGroupMember -Identity $group -Member $_ 
     }
 }

Swap out with a distinguished name of the group you want to remove disabled users from.  Once you execute it, it will run through the group and remove any user objects that are disabled.

Getting Folder Sizes and number of items in a Mailbox for a particular user on Microsoft Exchange using PowerShell

Recently one of our high-end users was going over their mailbox limit. In helping them to cut down I like to let them know what folders are using up the most of their quota (generally it is their sent items folder, but sometimes not). Executing the below PowerShell command in an Exchange Administration Shell gave me a nice ordered list (see output below) of folders in their mailbox along with an associated size and number of items.

Get-MailboxFolderStatistics -Identity <username> | Sort-Object FolderSize 
-Descending | FT folderpath, foldersize, ItemsinFolder -autosize

After executing the above PowerShell you’ll get an output similar to the below

FolderPath                    FolderSize                  ItemsInFolder
----------                    ----------                  -------------
/Inbox                        32.89 MB (34,486,717 bytes)           158
/Carbon Copies                16.9 MB (17,725,567 bytes)            168
/Sent Items                   685.3 KB (701,797 bytes)               14
/Deleted Items                554.4 KB (567,723 bytes)              189
/Calendar                     27.6 KB (28,267 bytes)                  7
/Contacts                     1.492 KB (1,528 bytes)                  4
/Drafts                       138 B (138 bytes)                       1
/Sync Issues/Local Failures   0 B (0 bytes)                           0
/Sync Issues/Conflicts        0 B (0 bytes)                           0
/Sync Issues                  0 B (0 bytes)                           0
/Sync Issues/Server Failures  0 B (0 bytes)                           0

From this I can could then give to the user so they could clear out their mailbox. Hope that helps someone out.

Get-MessageTackingLog cmdlet for Exchange 2010 Returns Cannot process argument transformation on parameter ‘Start’. Cannot convert value to type “System.DateTime” because String was not recognized as a valid DateTime.

Recently, I was conducting some investigative work around mail delivery for a client.  PowerShell cmdlets for Exchange are awesome and give us as administrators some real power in trying to figure out what is wrong.  Some things in PowerShell though don’t take into account the regional language settings of the machine you’re working on.  One example of this that left me scratching my head a little was when I was running Get-MessageTackingLog. Being in Australia we do our date as dd/mm/yyyy so I had the following command ready to run

Get-MessageTrackingLog -Server SRV-MBX-02 -Start "14/08/2014 08:00:00" 
-End "14/08/2014 15:00:00" -Sender "[email protected]" | 
ConvertTo-Html > "C:\Scripts\MsgTrack.html"

When I ran this I got an error around trying to convert a DateTime, I was sure I had entered the right format (also trying – and .)

Cannot process argument transformation on parameter 'Start'. Cannot convert value "14/08/2014 08:00:00" to type "System
.DateTime". Error: "String was not recognized as a valid DateTime.
    + CategoryInfo          : InvalidData: (:) [Get-MessageTrackingLog], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MessageTrackingLog

After a few minutes, I worked out the date needed to be in US Date/Time format of mm/dd/yyy. Swaping around my month and day got the command to work correctly and pipe out what I was after to a html page.

Interestingly, if you copy and paste a command out of the Tracking Log explorer the date and time format in there is based on the regional settings of the computer you are on, but run them through the Exchange Management Shell and you’ll also receive the above date/time error.

An error occurred while attempting to start the selected virtual machine(s) The security ID structure is invalid (0x80070539)

So I was recently working with some really old Virtual machines in a development environment that came across from another organisation. One particular virtual machine gave me an error message when I tried to start it up “An error occurred while attempting to start the selected virtual machine(s)… The security ID structure is invalid (0x80070539)”.  When this happens, Hyper-V basically doesn’t have permission to start the selected virtual machines under the user.  A quick administrative PowerShell cmdlet will grant me or a user permission and allow us to start the VM up;

Grant-VMConnectAccess -VMName "Name of VM not starting" -UserName 
"DOMAIN\Username of current user"

Changing -VMName to match the virtual machine giving you the error and a DOMAIN\Username of the user you are now logged on as.

Once you issue this command the virtual machine will start without any issues.

Backup MySQL Databases running on a Windows Server using Systems Center Data Protection Manager (DPM) 2012.

Running MySQL on a Windows machine is pretty straight forward.  One of the down sides though is that MySQL is not VSS aware and may mis-behave when back up software such as Data Protection Manager or ShadowProtect.  Data Protection Manager (DPM) has the ability (basically called Pre-Backup and Post-Backup Scripts) to perform actions before and after a backup run.

After installing the DPM Protection Agent onto the computer you want to run the protect (by default its %ProgramFiles%\Microsoft Data Protection Manager\DPM) You’ll find a Scripting Folder and inside a ScriptingConfig.xml file which should only contain XML Schema data, we will want to expand on this by adding the following lines inside ScriptConfiguration

   <DatasourceScriptConfig DataSourceName="Data source">
     ”Path\Script Parameters” 
     "Path\Script Parameters” 
     30

DataSourceName needs to be the name of the Data Source that you are protecting (matching in DPM Console) for example C:\MySQL_Backup and in our case we only want to use a PreBackupScript (ie C:\MySQL_Backup\BackupDB.cmd) which will dump a backup from our MySQL Databse into a single SQL file before the actual DPM Backup event.  As an example, the following will execute a backup for MySQL.  You will need to change -User -Password and the MaharaProd to something that suits your environment.

@echo off
set CurrentDate=%date:~-10,2%_%date:~7,2%_%date:~-4,4%
move /y C:\MySQL_Backup\Mahara-*.sql C:\MySQL_Backup\PreviousBackup.sql
mysqldump –user backupuser –password=changethis MaharaProd > C:\MySQL_Backup\Mahara-%CurrentDate%.sql

The above will output a Mahara-DD_MM_YYYY.sql file as well as make a Previous Backup before allowing DPM to go ahead and create the restore point.

Check out this TechNet article for more details on how to get this running.

Save Time by using CLI to Copy Command Output from HP switches to a TFTP Server

So I was recently doing some troubleshooting and needed to do a “show tech all” on a couple of our Switches to do some further analysis.  My usual way was to fire up PuTTY (or KiTTY which is an improved “fork” of Putty) and do a “show tech all” then manually copy and paste into a waiting notepad window to save the text file.

I recently found out there is a copy command that allows an administrator to copy a large number of configuration and logs files from a switch as well as a command-output option which allows an administrator to specify a CLI command to copy output of.  All you need to take advantage of this feature is an TFTP or SFTP server to copy the output to.  So a sample output to a TFTP server would be (where the IP address is your TFTP server and what ever filename you want to save the output as)

copy command-output "show tech all" tftp 172.16.20.57 show_tech_all.txt

After entering that in, you will see the switch perform the TFTP download with the output of the specified CLI command.  Once done, navigate to your TFTP (or SFTP) server Root Directory and you’ll have a show_tech_all.txt file ready to open in Notepad.  You can also do running config (swName# show run) and crash logs using the method above, just to TAB completion on the copy command to see what is available on your particular switch.

Generate Mailbox Size and Usage Report using PowerShell for Exchange 2010 / 2013

So I recently wanted to create a report to show us who was using up the most space on our mailbox servers, previous administrators had either done away for limits for mailboxes or had set them to be very very generous and our users weren’t really the ones to either keep their mailbox tidy or archive items away.

I knew the quick and easy solution would be powershell and then getting the output to either a CSV file or HTML.  So a bit of a look around TechNet for Get-MailboxStatistics got me the commands I needed, but what else could I select out of that.  After a bit more digging I found a list on MSDN for MailboxStatistics members which allowed me to extract exactly what I was after.  After putting all that together, I cam up with the following

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName,
TotalItemSize,ItemCount,Database,LastLogonTime,LastLoggedOnUserAccount | Sort 
TotalItemSize -Descending | ConvertTo-Html -Title "Mailbox Stats"| 
Out-file "C:\MailboxStatistics.html"

That gave me a nice HTML page output, you could easily improve on this with colours depending on outputs from StorageLimitStatus or LastLogonTime where we found that some mailboxes hadn’t even been used.

Solving the FIM (Forefront Identity Manager 2010 R2) FIMService start timeout (Portal) and getting it to Start

We were recently making changes to our FIM environment where our Forefront Identity Manager boxes required restarts.  With FIM we’re always making changes in our Development kit before moving into production (which is something everyone should try do).  We quickly found that we couldn’t get back into the FIM portal and taking a quick look at the services management console we could see the FIM Service as stopped.  We had already set it to delayed start in the beginning of the setup as we found it had a much more reliable rate of starting up in our particular environment.

After some Google-fu and digging through event logs seeing entries such as simply The service did not respond to the start or control request in a timely fashion. You may also get Error 1920. Service ‘Forefront Identity Manager Service’ (FIMService) failed to start. Verify that you have sufficient privileges to start system services. Or A timeout was reached (30000 milliseconds) while waiting for the Forefront Identity Manager Service to connect. Basically, one of the main reasons for this service not starting is around .Net verifying the Authenticode signatures for the FIM service.  To try and mitigate the service timeouts we can increase how long the OS is going to wait before issuing an error by adding the following registry key onto the FIM box.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
Name: ServicesPipeTimeout
Type: REG_DWORD
Value (decimal): 60000

You could also go and disable the .Net Authenticode check by following the instructions at http://social.technet.microsoft.com/wiki/contents/articles/13946.fim-troubleshooting-fim-service-start-up-timeout.aspx.

Connection closed gracefully error when sending bulk or large quantity of e-mails in an Exchange 2007/2010 environment

I was recently helping out an old work colleague who were having issues with their CRM software and sending bulk emails through their Exchange 2010 server. After around ten minutes they would receive an error message with connection closed gracefully.  They would then have to restart their mail out and need to monitor it for this issue to ensure it didn’t get stuck every ten minutes with this error.

After poking around their receive connectors on their hub transport server I noticed that the particular connector (for their internal applications) they were using had a connection time out of 10 minutes, which would result in us receiving the connection closed gracefully error from our end user application.  The fix for this is to simply increase the ConnectionTimeout value for our Recieve Connector to anything reasonable, for us it is 3 hours. We would do by issuing the following Exchange PowerShell command:

Set-ReceiveConnector "Internal Connector - Synergetic" -ConnectionTimeout 03:00:00 -ConnectionInactivityTimeout 01:00:00

You will want to make sure that your receive connector is protected (i.e. is only set to allow internal networks) as this basically allows anything to stay connected for up to 3 hours so it could be abused.

Checking the performance of your Windows Server 2012 Hyper-V Server with Performance Monitor and PAL

Windows Server 2012 brings some great improvements to Virtualization.  We’re currently running it in production and it works wonders, especially with the new Hyper-V Replica feature which is great and free way of implementing DR.  So now you’ve got that cluster running, how can we tell if it is performing well.   I recently stumbled upon PAL or Performance Analysis of Logs Tool, which is freely available from http://pal.codeplex.com/.  The tool comes with a Performance Monitor Template file that we can use to easily record the performance of a Hyper-V 2012 Server and get some visibility into our Servers.

pal_wizard

When it comes to Performance things we would want to look at would be Disk Performance, Memory and CPU but understanding what effect these have on Hyper-V isn’t always straightforward, thankfully PAL helps us being making it easy and straightforward.  So first off go and download it from codplex and install it onto your workstation on desktop PC (not on your Hyper-V Host).  Once installed, open it up.  We need to get our Perfmon template so go into the Threshold File tab and select “Microsoft Windows Server 2012 Hyper-V” from the Threshold file title, then choose Export to Perfmon template file. Get this onto your Hyper-V Host and open up Performance Monitor on the host we want to watch.

Open up Performance Monitor on our Hyper-V Host and open up Data Collector Sets, right click on User Defined and select New Data Collector Set.  We can call it Hyper-V Performance Counter Set or what every you wish, keep Create from a template (Recommended) selected.  Click next and then browse, selecting the  XML Template file that we exporter earlier from PAL.  Once you finish the wizard it will show up under the User Defined Data Collector Sets. You can now open up the properties and set it to run from 30 minutes to 1 hour depending on what you’re after.  It is best to run this during peak load times (so business hours).

avg_responseNow that you’ve collected the data you want to browse to it and copy the .blg file to your workstation (or where ever you installed PAL). Back to PAL, select the log file under the Counter Log tab, then move onto the Questions Tab where you need to specify things such as processors, total RAM, drive configuration to help specify thresholds for your performance report. Navigate to the other tabs if you wish to modify anything else and finally execute the report, this can be time consuming depending on how long you’ve captured performance data for (it took me around 20 minutes for a 1 hour capture). Once it has completed generating the report it opens up in your web browser.  Key things to look at are disk latency (as per the graph with RED being critical), memory and CPU issues.

That is a free and easy way to check on the health and performance of your new Hyper-V 2012 Cluster.  You can also use PAL for a Windows Server 2008 R2 Hyper-V Cluster and other services such as Exchange or SQL Server, you just need to select the right template.

%d bloggers like this: