Adding Computers to AD Group with Powershell

Adding computers from a text file like:


using powershell could look like that:

Get-Content "C:\file.txt" | ForEach-Object {Get-QADComputer $_ |`
 Add-QADGroupMember -Credential $usercredential -Identity "our_ad_group" }

Everything should be pretty clear, in the variable $usercredential are credentials for the user which has rights to modify AD group membership.
You can set it at any time with

$UserCredential = Get-Credential

I am personally setting it in the powershell profile so it’s always available after starting powershell window.

Importing Server Certificate with private key on IIS without creating CSR

Ok, here is a guide how to import a server certificate which comes with a key in a file. Additionally the import is being made on a Server on which hasn’t been created a CSR for the certificate.

Continue reading Importing Server Certificate with private key on IIS without creating CSR

BSOD Process1_initialization_failed Stop: 0x0000006B

Recently I got a very unpleasant Error on my Exchange 2010 SP1 running on Windows 2008 R2 SP1. After installing some MS Patches (KB2494016, KB2520235, KB2521907) I was forced to restart the server and after that came the bad news. Server didn’t want to come up, resulting in a blue screen with enigmatic description
STOP: 0X0000006B

After trying different options with F8 and Last Known Good Configuration, Safe Mode or even disabling Driver Signature I came up with an Idea from Internet. Below are the steps to solve the problem (the Problem can have many varied sources, from hardware failure to software issues and even Trojans, but in ca. 80% cases this solution should work)

  1. After rebooting the Server from Blue Screen there is an option to go to recovery options
  2. As the first thing we need to choose the right language and after that we can login with an local Administrator.
  3. Then we get a window with 3 options like Recovering from last recovery image, starting a Command Line Prompt, something that I don’t remember[sorry].
  4. We choose the command Line and go to c:\windows\system32\codeintegrity, you’ll find there a file bootcat.cache which is very probably corrupted.
  5. If you have such a file on other similar system (the same OS Version, same Platform) you should copy that file on USB Stick and overwrite the one on the system that’s not running.

That was what I did. Some tips say, you could also just delete the corrupt file and reboot the Server, but I didn’t try that. Important is though, you shouldn’t just rename the corrupt file while keeping its main name, like to bootcat.cache.old – that solution is not working and the server comes again to a Blue Screen after reboot.

How to remove ghost Network Interfaces in Windows 7/2008

Sometimes when you remove an old network interface, even if you uninstall drivers for that interface, the information about it and some data stays in the registry. It’s not critical situation but you’ll be unable to rename a new Interface connection to the same as the old one was, you will also not able to use the same IP address, also windows will report problems on this in some situations. If you’re running network services on your server like TMG 2010 it can also report different problems.

Unfortunately it’s not easy to remove such ghost NIC from system. You won’t see it in Device Manager even if you check the option to show hidden devices. But there is a solution on how to remove such NIC using devcon.exe tool. It is an alternate tool to Device Manager, which lets you manage Windows devices.

Continue reading How to remove ghost Network Interfaces in Windows 7/2008

Wrong HomeMTA, Event ID 2937

After migrating to Exchange 2010 and deleting the last Exchange 2003 or 2007 Server, it’s possible that you’ll get event warnings coming from MSExchange ADAccess with event ID 2937. In that case you’ll see something like that:

Process w3wp.exe () (PID=5884). Object [CN=User1,OU=!Users,DC=dc,DC=test,DC=com]. Property [HomeMTA]
is set to value [ Objects/Microsoft MTA
DEL:e5d442f7-b37a-4b80-84e2-4212b78db7bf], it is pointing to the Deleted Objects container in Active Directory.
This property should be fixed as soon as possible.

This occurs for users that actively use Exchange and exist in the Directory. To resolve the issue you just execute

Get-Mailbox [user] | Update-Recipient

This way the HomeMTA Attribute of the User is being checked and updated with the new right value.
Of course you can also do it for all users, that encounter the issue:

Get-QADUser -IncludeAllProperties | where {$_.homemta -match "del"} | Get-mailbox | Update-Recipient


Reseting OOF state in Exchange 2010

Do you want reset the Out Of Office state for your Users so that the OOF message is not send only once to the sender while the OOF is active? Here is a small script that I’ve created for this. You can add this script to the task scheduler and run it each night. That way the OOF message will be send to each sender every day.

foreach ($obj in (Get-Mailbox  | Get-MailboxAutoReplyConfiguration |`
where {($_.autoreplystate -eq "enabled")`
-or ($_.autoreplystate -eq "scheduled" -and $_.starttime -le ([DateTime]::Now) -and $_.endtime -ge ([DateTime]::Now))}))
{      if ($obj.autoreplystate -match "Enabled")`
           {Set-MailboxAutoReplyConfiguration $obj.identity -AutoReplyState "disabled"
           ;Set-MailboxAutoReplyConfiguration $obj.identity -AutoReplyState "enabled"}
       elseif ($obj.autoreplystate -match "Scheduled")`
           {Set-MailboxAutoReplyConfiguration $obj.identity -AutoReplyState "disabled";
           Set-MailboxAutoReplyConfiguration $obj.identity -AutoReplyState "scheduled";}


Cisco CLI Role Based Administration + Radius (Part I)

Hi, this time I’ll try to give you a comprehensive guide on how to configure Cisco CLI Role Based Administration together with Windows Radius Authentication using Windows 2008 NPS. This part will concern only configuring Radius Authentication without separating different Administration Roles. In next article I will show you how you can give some users only restricted access to a Cisco device, for example allowing them to execute only show commands.

Continue reading Cisco CLI Role Based Administration + Radius (Part I)

Send as Distribution Group

It’s not difficult to add a user right to send as another user. You can achieve that using Exchange Management Console and  a task “Manage Send As permission”. This easy task gets more complicated if the user wants to send an E-mail as a distribution group instead sending as another user. The permission to send as DG cannot be added with Exchange GUI tolls, unfortunately. You can though, accomplish that task using Powershell. Here is how to do it:

Set-DistributionGroup test_dg -GrantSendOnBehalfTo "new_user"

And if you have already some users being able to send as the group, you can add new ones using following PS script

$dl = Get-DistributionGroup (Read-Host "DL Name")
$dl.grantsendonbehalfto += read-host "new email"
Set-DistributionGroup $dl -GrantSendOnBehalfTo $dl.grantsendonbehalfto



Looking for Mailboxes not being used

Did you have a request to find all mailboxes not being used for an extended period of time? For example 180 days? You could look for Users that haven’t logged in in AD using dsquery or maybe adfind. But what if you have mailboxes that are assigned to multiple users and the mailbox owner never logs in? In Exchange 2010 there is an easier way to find such mailboxes. Just use powershell…

get-mailbox -IgnoreDefaultScope | Get-MailboxStatistics |` 
where {$_.lastlogontime -le ((Get-Date).Adddays(-180))} |` 
ft displayname,lastlogontime,totalitemsize -AutoSize

In example above you’ll find all mailboxes not being used for at least 180 days, despite of, which user ever logged in to them.

Exporting Exchange 2010 Mailbox to PST

Below is an easy script showing how to export a user Mailbox to a .pst file and subsequently how to send an E-mail to specified user with the information of successful (or not) export.

#Create export task and save the pst file to a network share
New-MailboxExportRequest -Mailbox "User1" -BadItemLimit '20' -FilePath "\\mailboxserver\pstexport$\"
#Create a loop which is checking if the task has been finished with 100%
$exstat = Get-MailboxExportRequest | Get-MailboxExportRequestStatistics | where {$_.sourceAlias -eq 'User1'}
do {Start-Sleep -Seconds 5; $exstat = Get-MailboxExportRequest | Get-MailboxExportRequestStatistics | `
where {$_.sourceAlias -eq 'User1'}}
until ($exstat.percentcomplete -eq '100')
#Send a mail to an Administrator with the information that the export has been finished.
Send-MailMessage -To `
-From `
-Subject "PstExport for $exstat finished" `
-Body 'Hello, <BR> The Export for user User1 has been finished and is saved under \\mailboxserver\pstexport$ <BR> Cheers, <BR> Powershell Script' `
-SmtpServer `