LiquidObject

PowerShell Scripting Signing

If you ever need to get in the script signing business the need to sign multiple scripts can be done via some of the commercially available development tools but it can also be done without any of them. Here’s a short script to simplify the script signing process.

 

if($args[0] -ne $NULL)
{
    $myfile = $args[0]
    $cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0]
    if($cert.Verify() -eq $true)
    {
        Write-Host "Beginning to sign: " $myfile
        Set-AuthenticodeSignature "$myfile" $cert
    }
    else
    {
        Write-Host "Error: The current user does not have a valid code-signing certificate"
        Write-Host
        Write-Host "Raw cert dump:"
        Write-Host $cert | FL *
    }
}
else
{
   Write-host "The script needs to be called in the format: .\ScriptSigner.ps1 file-path-of-script-to-sign"
   Write-Host
   Write-Host "All scripts are signed according to the current user's code signing certificate"
   $error = 1
}
, ,
April 26, 2012 at 1:24 pm Comments (0)

Removing old SMTP Addresses in Exchange

If you’ve ever changed domain names or changed e-mail addresses within an organization usually there are always some leftovers which no one wants to clean up because it too much of a headache. For example smithj@testdomain.local changed to smithj@mynewdomain.local along with thousands of other users. Now after removing the old relaying information and MX records the addresses are no longer valid. Wrong, they are still valid for are users within the same Exchange Organization. Now to clean the addresses out for good you can process them one at a time or run something similar to the below.

In this sample script I have it divided up only to run on certain mailbox databases at a time, this is handy if you are consolidating multiple exchange organizations into a single organization where some users already exist and do not need to be looked at.

 

$mydb = "Employees_5"
$mydb = "Employees_6"
$mydb = "Employees_7"
$mydb = "Employees_8"
$mydb = "Employees_12"
$mydb = "Employees_15"
$icount = 0


if((Get-PSSnapin Microsoft.Exchange.Management.PowerShell.*).count -lt 2) {Add-PSSnapin Microsoft.Exchange.Management.PowerShell.*}
sleep 1

$mailbox = get-mailbox -Database "$mydb" -resultsize unlimited
$mailbox | foreach {
for ($i=0;$i -lt $_.EmailAddresses.Count; $i++)
{
    $address = $_.EmailAddresses[$i]
    if($_.EmailAddresses.Count -gt 1)
    {
    Write-host $_.SamAccountName","$_.EmailAddresses","$_.EmailAddresses.Count
        $i++
    }
    
    if ($address.SmtpAddress -notlike "*@liquidobject.com" )
    {
        Write-host("Removed smtp address: " + $address.AddressString.ToString() )
        $icount++
        $_.EmailAddresses.RemoveAt($i)
    }
}
write-host "Total of: " $icount " users in DB: $mydb"
, ,
April 16, 2012 at 10:22 am Comments (0)

Exchange Set-OutOfOffice

Recently I’ve had the need to have a programmable solution to toggling the out-of-office auto-reply functionality on a users mailbox. The below script will let you disable or enable the feature or get the current status of the out-of-office state. In my scenario I was looking for a way to time of day based enabling/disabling of a standardized auto-reply feature for a service desk which is open during the day but not at night. When combining this script with a scheduled task we can easily accomplish this.

 

The script below was originally saved as: Set-OutOfOffice.ps1

 

if(Get-PSSnapin Microsoft.Exchange.Management.PowerShell.*){}
else {
    Remove-PSSnapin Add-PSSnapin Microsoft.Exchange.Management.PowerShell.*
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.*
}

$error = 0

if($args[0] -ne $NULL)
{
    $mailbox = $args[0]
    if($args[1] -ne $NULL)
    {
        $enabledisable = $args[1]
    }
    else
    {
        Write-host The script needs to be called in the format: .\Set-OutOfOffice.ps1 mailbox-to-adjust disable/enable/status
        $error = 1
    }
}
else
{
    Write-host The script needs to be called in the format: .\Set-OutOfOffice.ps1 mailbox-to-adjust disable/enable/status
    $error = 1
}



if($error -eq 0)
{
    if($enabledisable -like "disable")
    {
        Write-Host ""
        Write-Host ""
        write-host "Disabling auto-reply on mailbox: $mailbox"
        get-mailbox $mailbox | Set-MailboxAutoReplyConfiguration -AutoReplyState Disabled
        Write-Host ""
        Write-Host ""
    }
    if($enabledisable -like "enable")
    {
        Write-Host ""
        Write-Host ""
        write-host "Enabling auto-reply on mailbox: $mailbox"
        get-mailbox $mailbox | Set-MailboxAutoReplyConfiguration -AutoReplyState Enabled
        Write-Host ""
        Write-Host ""
    }
    if($enabledisable -like "status")
    {
        Write-Host ""
        Write-Host ""
        $mystate = get-mailbox $mailbox | Get-MailboxAutoReplyConfiguration | Select-Object AutoReplyState
        write-host "Auto-reply for mailbox" $mailbox "is currently configured as:" $mystate.AutoReplyState
        Write-Host ""
        Write-Host ""
    }
    
}
, , ,
April 16, 2012 at 10:14 am Comments (0)

Active Directory account and computer restoration

Active Directory has changed forest functional levels every few years with each iteration adding new features. One of the new features with the 2008 R2 functional level (if enabled) is the Active Directory Recycle Bin. This functionality was available before with the use of LDP and ADSI Edit however the process for restoring accounts has gotten much easier.

Import-Module ActiveDirectory
Get-ADObject -filter {SamAccountName -eq "mydeleteduser"} | Restore-ADObject

Compared to the multiple steps before this is pretty simple.

Now lets attempt to restore a previously deleted computer. First step, get the GUID value

Import-Module ActiveDirectory
Get-ADObject -Filter {(isdeleted -eq $true)-and (Name -like "My_Desktop*")} -IncludeDeletedObjects

Now lets restore the computers

Get-ADObject -Filter {(isdeleted -eq $true) -and (ObjectGUID -eq "Whatever my GUID Value is")} -IncludeDeletedObjects  | Restore-ADObject -TargetPath "CN=Computers,DC=liquidobject,DC=com"

Now the computer has been stored to the built-in computers OU.

, ,
April 16, 2012 at 10:06 am Comments (0)

Simple ActiveSync Device Reporting

Here’s a quick script for reporting back users their ActiveSync partnerships.

$myusers= Get-CASMailbox -resultsize unlimited -Filter {HasActiveSyncDevicePartnership -eq $true} | select samaccountname,Name

$mydevices = foreach($i in $myusers){Get-ActiveSyncDeviceStatistics -Mailbox $i.samaccountname | select-object identity}

$mydevices | Export-Csv ActiveSyncDevices.csv
,
April 16, 2012 at 9:56 am Comments (0)