How to migrate from Exchange Server 2010 to Exchange 2016

How to migrate from Exchange Server 2010 to Exchange 2016

I have recently been engaged to move a customer from Microsoft Exchange 2010 to Exchange 2016 so they can move to a moderm platform and leverage the features such as cloud deployments, improved reliability, and new architecture that is more in line with their technology roadmap

Before I move on I just want to highlight the features of 2016 in comparsion to 2010.

Architecture

Exchange 2010 had separate components such as Mailbox,  Hub Transport, Unified Messaging, and Client Access for performing separate roles in the server. In 2016, all of these components have been combined into a single component called Mailbox, and this component performs the combined role of other components.

Exchange Admin Center

Exchange Admin Center (EAC) has been greatly enhanced to help you connect from anywhere using a web browser. It acts as a single point of control for all operations and is optimized for on-premise, online, and hybrid Exchange deployments. Due to this enhanced EAC, Exchange Management Console (EMC) of 2010 has taken a back seat. Microsoft observed delayed updates in EMC, and this is why it decided to limit its scope in 2016.

Hybrid Configuration Wizard (HCW)

Exchange 2016 has a cloud-based application called Hybrid Configuration Wizard (HCW) that helps to connect with other Microsoft tools like Office 365 in real-time. Improved diagnostics and troubleshooting make it ideal for hybrid deployments.

MAPI over HTTP

MAPI over HTTP is the default protocol in Exchange 2016, as it is more reliable and stable than the RPC over HTTP protocol of Exchange 2010. Also, this protocol allows Outlook to pause a connection, change networks, and resume hibernation, things that were difficult to implement in Exchange 2010.

Certificate Management

In 2010, you had to install certificate for every server through EMC, while in 2016, you can install certificates across multiple servers at the same time through EAC. You can also see the expiry details in EAC.


Now that you know why Exchange 2016 is better, let’s see how to migrate from version 2010 to 2016.

Update the existing environment

If you unsure of the version you’re using, open the Exchange Management Shell and run this command:

Get-ExchangeServer : Format-List Name, Edition, AdminDisplayVersion

This should bring up the current version you’re using. Make sure it says Exchange 2010.

The first step is to update the existing environment to make the 2010 version suitable for upgrading to 2016.  To do that, install Exchange 2010 Service Pack 3 and Exchange 2010 SP3 Update Rollup 11. These are the minimum supported patch level updates for 2010, and the installation process is fairly self-explanatory.

exchange-server-2010-sp3-upgrade
installing-update-rollup

The next step is to consider updating the Directory Service Requirement and Outlook Client. For Exchange 2016, the minimum Directory Service Requirement is AD Functional Level 2008, and for Outlook Client, it is Exchange 2016 Support Outlook 2010 and above on Windows and Mac Outlook 2011 and above on Mac. You should update clients to this minimum supported version before implementing Exchange 2016.

Prepare the System for Exchange Server 2016

Do you have the system requirements needed to support Exchange 2016? Let’s double check the below requirements again, as Exchange Server 2016 supports only the following:

  • Windows Server 2012 / 2012 R2
  • Minimum memory requirement for Mailbox server role is 8GB plus an additional minimum requirement of 4GB for edge transport
  • Paging file size should be set to physical RAM, and an additional 10MB to 32788MB, depending on the size of the RAM. If you’re using 32GB of RAM, then go for the maximum of 32788MB
  • Disk space of at least 30GB on the drive on which you plan to install Exchange. Also, an additional 500MB is needed for every Unified Messaging (UM) language pack that you want to install. Additionally, you need 200MB of available disk space on the system drive, and a hard disk of a minimum of 500MB of free space for message queue database
  • A screen resolution of 1024 X 768 pixels.
  • Disk partitions that are formatted on the NTFS file system
  • .NET framework and UCS API should be installed before installing Exchange 2016. You can download both from Microsoft website and install it in your system.

Make sure your system meets all these prerequisites before installing Exchange 2016.

Next, you have to prepare the schema update. This step is irreversible, so make sure you have a full backup of Active Directory before proceeding.

A good part about this migration is you don’t have to worry much about changing HTTPS names for OWA as both the versions support the same set of naming services and active sync directories.

Install Active Directory for Exchange 2016

Next, run the Exchange 2016 setup. Choose a specific directory to extract all the files of this setup. Once the extraction is complete, run the following commands, one after the other. Open the command prompt and go to the directory where you have extracted the files.

The first command is to prepare the schema, which is, setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

prepare-active-directory-schema

Now your schema is prepared, so move on to the next command, which is, setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms. Once that’s done, prepare your domain with the command setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms. With this, we have completed the Active Directory installation for Exchange 2016.

Install Exchange 2016

Windows Server 2012 and 2012 R2

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS
exchange-2016-pre-requisites-01

A restart is required after the roles and features have finished installing. If you’d prefer that the server restarts itself automatically simply append -Restart to the command.

After the restart download and install (in order):

Windows Server 2016

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Next, install the following (in order):

Now that you have the environment set up and Exchane prerequisites are now met we can now install Exchange 2016. Using the installation wizard lets follow the steps through.

Browse through the setup directory, and run the file called Setup.exe.

initializing-setup

During the installation, you’ll be prompted to choose the server role selection. Choose “Mailbox role,” and the other options will automatically be deactivated because Mailbox and Edge Transport cannot coexist in the same machine.

server-role-selection

Installation will complete within the next few minutes.

server-progress-exchange-setup

Once the installation is complete, click on the Finish button. This will load the Exchange Admin Center on the browser.

exchange-admin-center

Exchange management console in 2010 is replaced with a web-based Exchange Admin Center in 2016. This is the place where you can have greater control over all operations.

exchange-admin-center-interface

Other Configurations

After installing Exchange 2016 successfully, update the Service Connection Point for AutoDiscover. To do this, use the Set-ClientAccess command from Exchange Management Shell.

Go to the Exchange Management Shell, and type this command:

Set-ClientAccessService -Identity 'ServerName' -AutoDiscoverServiceInternalURI https://autodiscover.yourURL.com/Autodiscover/Autodiscover.xml

Next, update the settings of Outlook Anywhere. To do this, go to EAC, and click on servers on the left hand side. This will open up the list of servers. Click the Edit icon and a pop-up will open. Choose the Outlook Anywhere option, and update the DNS lookup and IMAP4 settings with the name of your new server.

outlook-anywhere-interface

Once you’ve configured the settings, run IIS RESET. To do this, go to your command prompt and run the command iisreset. This will stop and restart IIS services.

The next step is to configure your Receive Connector to relay email applications. To configure this, go to the mail flow option in your EAC, click on a connector, and edit it.

receive-connector

Next up is your Mail Database installation. When you install 2016, a default database is created. You can rename this database and move it from C Drive to another drive. Open the EMC shell and run these commands to rename and move your database.

Get-MailboxDatabase -Server 'ServerName' : Set-MailboxDatabase -Name 'DatabaseName'

Move-DatabasePath -Identity 'ServerName' -EdbFilePath E:\Database\'ServerName'\'DatabaseName'.EDB. -LogFolderPath E:\Database\'DatabaseName'_Log

Once that’s done, update the OWA directory. Exchange 2016 supports acting-as-a-proxy for 2010, so both the versions can coexist using the same URLs. Now, change the OWA and autodiscover URL to Exchange 2016, to ensure all URLs go through Exchange 2016. You can use the below script to do that.

$Server  = 'SeverName'
$HTTPS_FQDN = your_URL
Get -OWAVirtualDirectory -Server $Server | Set -OWAVirtualDirectory -ExternalURL $null
Get -ECPVirtualDirectory -Server $Server | Set -ECPVirtualDirectory -ExternalURL $null
Get -OABVirtualDirectory -Server $Server | Set -OABVirtualDirectory -ExternalURL $null
Get -ActiveSyncVirtualDirectory -Server $Server | Set -ActiveSyncVirtualDirectory -ExternalURL $null
Get -WebServicesVirtualDirectory -Server $Server | Set -WebServicesVirtualDirectory -ExternalURL $null
Enable -OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN

Lastly, update the DNS, so it points to autodiscover and OWA. To do that, open your Accu Directory Domain Controller Machine. Open the DNS Manager, and change the record to ensure that it points to the new server.

Test your configuration

Finally, it’s time to test if your configurations work. It’s best to create a new user to login and test the account functionality. To create a new user, open EAC and click on Recipients. From here, add a new user and check if everything is working fine.

If all is good, migrate all users from the Exchange 2010 to the Exchange 2016 database.

In short, much has changed between Exchange 2010 and Exchange 2016, so it’s best you migrate to the latest version to make the most of the new functionalities. Migrating to 2016 is not so difficult when you follow the aforementioned steps.

Regards,
The Author – Blogabout.Cloud

Get Disabled Users who have an Exchange Mailbox with PowerShell

Get Disabled Users who have an Exchange Mailbox with PowerShell

If there’s one thing most IT department are not great at its removing Exchange Mailboxes for Disabled Users. So here’s a quick Powershell win to determine who within your Exchange organisation has a mailbox and a disabled AD account.

On-Premises Users

$Mailboxes = Get-Mailbox | where {$_.RecipientTypeDetails -eq 'UserMailbox'}
$Disabled = @()

Foreach ($Mailbox in $Mailboxes) {
    if((Get-ADUser -Identity $Mailbox.SamAccountName).Enabled -eq $False){
        $Disabled += Get-MailboxStatistics $Mailbox.SamAccountName | Select -Property DisplayName,TotalItemSize
    }    
}
$Disabled | Export-Csv -Path $env:userprofile\desktop\DisabledADUserwithMailbox.csv -NoTypeInformation

Cloud Users

Connect-MsolService
  
  $Mailboxes = Get-Mailbox | Where-Object {$_.RecipientTypeDetails -eq 'UserMailbox'}
  $Disabled = @()

  Foreach ($Mailbox in $Mailboxes) {
    if((Get-msolUser -userprincipalname $Mailbox.userprincipalname).Enabled -eq $False){
        $Disabled += Get-MailboxStatistics $Mailbox.userprincipalname | Select-Object -Property DisplayName,TotalItemSize
    }    
  }
  $Disabled | Export-Csv -Path $env:userprofile\desktop\DisabledAzureADUserwithMailbox.csv -NoTypeInformation

Regards

The Author – Blogabout.Cloud

Method invocation failed because [System.Management.Automation.PSObject] doesn’t contain a method named ‘op_Addition’.

Method invocation failed because [System.Management.Automation.PSObject] doesn’t contain a method named ‘op_Addition’.

While constructing a PowerShell script for gathering information about Distribution Lists within a customers environment, I ran into the following error

Method invocation failed because [System.Management.Automation.PSObject] doesn’t contain a method named ‘op_Addition’. 

ERROR!!!
1

This error was being generated by a missing array within my PowerShell code


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Call Distribution Lists
$dist = @(Get-DistributionGroup -resultsize unlimited)

# Start Transcript
Start-Transcript -Path $env:USERPROFILE\desktop\DLsandMember.txt

# Report on Distribution List
foreach ($dl in $dist)
{
 
  $count =@(Get-DistributionGroup $dl.samaccountname).count
  $report = New-Object -TypeName PSObject
  $report | Add-Member -MemberType NoteProperty -Name 'Group Name' -Value $dl.Name
  $report | Add-Member -MemberType NoteProperty -Name 'samAccountname' -Value $dl.samaccountname
  $report | Add-Member -MemberType NoteProperty -Name 'Group Type' -Value $dl.grouptype
  $report | Add-Member -MemberType NoteProperty -Name 'DN' -Value $dl.distinguishedName
  $report | Add-Member -MemberType NoteProperty -Name 'Manager' -Value $dl.managedby
  $report | Add-Member -MemberType NoteProperty -Name 'Member Depart Restriction' -Value $dl.memberdepartrestriction
  $report | Add-Member -MemberType NoteProperty -Name 'Member Join Restriction' -Value $dl.memberjoinrestriction
  $report | Add-Member -MemberType NoteProperty -Name 'PrimarySMTPAddress' -Value $dl.primarysmtpaddress
  $report | Add-Member -MemberType NoteProperty -Name 'EmailAddress' -Value $dl.emailaddresses
  $report | Add-Member -MemberType NoteProperty -Name 'GrantSendOnBehalfto' -Value $dl.GrantSendOnBehalfto
  $report | Add-Member -MemberType NoteProperty -Name 'EmailAddressPolicyEnabled' -Value $dl.EmailAddressPolicyEnabled
  $report | Add-Member -MemberType NoteProperty -Name 'Number of Members' -Value $count
  Write-Host ('INFO: {0} has {1} members' -f $dl.name, ($count))
 
  $reportoutput += $report
}

# Stop Transcript
Stop-Transcript

By adding the following lines to my above script I was able to successful export the required information into an Array and dump out to CSV.


1
2
# Array
$reportoutput=@()

Regards

The Author – Blogabout.Cloud

PowerShell – ForEach do  action X or do Y

PowerShell – ForEach do action X or do Y

PowerShell is one of the greatest tools within any IT Professional toolkit, it enables you to do far more than any GUI available to you today. In my life as a Consultant for a Global Microsoft SI (System Integrator), I face challenges every day where PowerShell has come to the rescue. One of the best cmdlet I use in a lot of script is

ForEach which is the alias name of ForEach-Object

Imagine you need to modify an ExtensionAttribute for your entire organization or grant a permission to a subset of users, ask yourself this? How would I do this in a GUI? and the answer would be “with great difficulty or very time consuming”. This is Foreach-Object comes into play, in the below example I need to modify the PrimarySMTPAddress due to special characters being used

Get-DistributionGroup

In order to correct this, I will be using a source CSV file which contains SamAccountName for the identity of each DistributionList and the correct PrimarySMTPAddress.

Source CSV file

Now for the most important element, the powershell script which will be used to modify the PrimarySMTPAddress. The below script has been designed to achieve the required outcome but also includes the ability to;

  • Be ran using native PowerShell for On-Premises Exchange Servers (2007 through to 2019)
  • Be ran against Exchange Online

So as we can see the Foreach command is being used in the following;

  • For each $row within the $csv which is being imported try and get the distribution list using the column heading SamAccountName
    • If the Identity cannot be found the script will move to the catch
    • If the Identity can be found the script will set the distribution list using the column heading PrimarySMTPAddress
  • The catch is alert if there are any unsuccessful attempts at setting the PrimarySMTPAddress

Simples!!

 Clear-Host
$file = "$env:USERPROFILE\OneDrive\Desktop\groups.csv"
$csv = import-csv -Path $file
region Exchange Module SnapIn
# Exchange 2007
#Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin;
# Exchange 2010
#Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;
# Exchange 2013/2016
#Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
endregion
Transcript
Start-Transcript -Path $env:USERPROFILE\OneDrive\Desktop\Get-DistributionGroup.txt
Foreach ($row in $csv)
{
try {
Get-DistributionGroup -Identity $row.SamAccountName | Set-DistributionGroup -PrimarySmtpAddress $row.PrimarySmtpAddress
Write-Host 'INFO:' ($row.SamAccountName),'Primary SMTP Address has now been modified to',($row.PrimarySmtpAddress) -BackgroundColor Green
}
catch
{
Write-Host 'ERROR:' ($row.SamAccountName),'Primary SMTP Address has not been modified to',($row.PrimarySmtpAddress) -BackgroundColor Red
}
}
Stop-Transcript
Get-DistributionGroup
Image result for meerkat simples gif

I have included Start-Transcript as this will dump out all Write-Host entry whether they was successful or not.

Regards

The Author – Blogabout.Cloud

Do I have duplicate Recipient Alias within my Exchange organization?

Do I have duplicate Recipient Alias within my Exchange organization?

So do you know if you have duplicate recipient alias within your Exchange organisation? Heres a quick script that will look at your Exchange Environment and download all recipient address into a handy csv file you to play with.

The script

 Clear-Host
$start = [datetime]::Now
Start Transcript
Start-Transcript -Path "$env:USERPROFILE\Desktop\Mailbox Alias\mailboxaliaslog.txt"
Get-Recipent
$Mailboxes = Get-Recipient -ResultSize Unlimited -RecipientType UserMailbox |
Sort-Object -Property @{ Expression = { $_.EmailAddresses.Count } } -Descending
$Results = foreach( $Mailbox in $Mailboxes ){
$Stats = $Mailbox | Get-MailboxStatistics

$Properties = [ordered]@{ FirstName = $Mailbox.FirstName LastName = $Mailbox.LastName DisplayName = $Mailbox.DisplayName TotalItemSize = $Stats.TotalItemSize PrimarySmtpAddress = $Mailbox.PrimarySmtpAddress } $AltAddresses = $Mailbox.EmailAddresses | Where-Object { $_ -match '^smtp:' -and $_ -ne $Mailbox.PrimarySmtpAddress } $i = 1 Write-Host ('INFO: Working {0}.PrimarySmptAddress' -f $Mailbox) foreach( $Address in $AltAddresses ){ $Properties.Add( ('AltAddress{0}' -f $i), $Address -replace '^smtp:' ) $i++ } [pscustomobject]$Properties }

$Results |
Export-Csv -Path "$env:USERPROFILE\desktop\MailboxAliasReport.csv"
$end = [datetime]::Now
$resulttime = $end - $start
Stop Transcript
Stop-Transcript
Write-Host ('Execution : {0}Days:{1}Hr:{2}Min:{3}Sec' -f $resultTime.Days, $resultTime.Hours, $resultTime.Minutes, $resultTime.Seconds)

Download

Get-RecipientAlias (146 downloads)

Is Get-ADUser a bit slow in getting required result? Hello ADSISearcher using PowerShell.

Is Get-ADUser a bit slow in getting required result? Hello ADSISearcher using PowerShell.

Sometimes Get-ADUser just isn’t enough if you are working thousands upon thousands of AD Objects. In a recent scenario, while resolving an Active Directory Health issue. I needed the ability to be able to compare AD Objects from 2 Active Directory Domains from within a resource forest.


What is ADSISearcher?

ADSISearcher is a command line driven LDAP Lookup procedure has the ability to query Active Directory. As ADSISearcher looks up Active Directory it enables a faster discovery of the required AD Objects.

My scenario

I need to ensure CustomAttribute10 in Child1.domain.com matches CustomAttribute10 in Child2.domain.com, yes I could use Get-ADUser | export-csv but this has proved to take to long and needed a faster solution.

ADSISearcher has proved to reduce the time required to execute this script and dumping out to a transcript file with “,” separating the text allows the information to be imported to excel if required.

The script

 Clear-Host
Write-Host "You are currently running Version 1.0" -BackgroundColor DarkGray
[string] $Menu = @'
┌─────────────────────────────────────────────────────────────┐
ADSISearcher for CustomAttribute10
Created by @thewatchernode
└─────────────────────────────────────────────────────────────┘
'@
Menu
$Menu
Transcript
Start-Transcript -Path "$env:userprofile\Desktop\Child1vsChild2.txt"
Start Time
$start = [datetime]::Now
region Client Array
$Child1LDAPFilter = '(objectclass=user)'
$PageSize = 1000
$Child1DN = 'DC=child1,DC=domain,DC=com'
$Child1SB = 'DC=child1,DC=domain,DC=com'
$Child1Searcher = [ADSISearcher]('{0}' -f $child1LDAPFilter)
$Child1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $Child1SB)
$Child1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $child1DN)
$Child1Searcher.PageSize = $PageSize
$Child1Objects = $Child1Searcher.FindAll()
endregion
region Collab Array
$Child2SB = 'DC=child2,DC=domain,DC=com'
$Child2DN = 'DC=child2,DC=domain,DC=com'
endregion
region Client vs Collab
Foreach($Object in $child1Objects){
$childca10 = $Object.Properties.'customattribute10'
$Child2LDAPFilter = "(objectclass=user,customattribute10=$childca10)"
$child2Searcher1 = [ADSISearcher]("{0}" -f $child2LDAPFilter)
$child2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $Child2SB)
$child2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $Child2DN)
$child2Searcher1.PageSize = $PageSize
#$AllObjects1 = $collabSearcher1.FindAll()
$nullvalue = $object.Properties.'customattribute10'
if ($nullvalue -eq $null)
{
Write-Host 'INFO, Null Value Found in Child Domain 1,' $Object.Properties.samaccountname -BackgroundColor Red
}
else
{
try
{
($Object.Properties.'customattribute10' -eq $child2searcher1.Properties.'customattribute10')
Write-Host 'Skipping, Attribute match found in Child domain 2 using Child domain 1,' $Object.Properties.samaccountname -ForegroundColor Green
}
catch
{
Write-Host 'INFO, No Attribute match found in Child domain 2 using Child domain 1,' $Object.Properties.samaccountname -BackgroundColor Red
}
}
}
endregion
Stop Transcript
Stop-Transcript
End Time
$end = [datetime]::Now
$resultTime = $end - $start
Write-Host ('Execution : {0}Days:{1}Hr:{2}Min:{3}Sec' -f $resultTime.Days, $resultTime.Hours, $resultTime.Minutes, $resultTime.Seconds)

Download

Get-ADSISearcher (125 downloads)

Regards

The Author – Blogabout.Cloud

Working with Active Directory Attributes with multi-values.

Working with Active Directory Attributes with multi-values.

It is common for organisations to use or create Active Directory Attributes that may contain multiple different values and when trying to obtain the information using PowerShell you might receive

Microsoft.ActiveDirectory.Management.ADPropertyValueCollection

Which isn’t helpful to man or beast. However, I have been recently working with custom attributes so its time to share my experiences once again. In this post I will be working with information that is located within my personal lab, where I have customattribute10 defined with O365.

# Command
Get-ADUser -Properties * -Filter * | Select-Object samaccountname,customattribute10 | export-csv -Path $env:USERPROFILE\desktop\test1.csv

As you can see that from the above I am not receiving the desired output from Get-ADUser. So lets use a PowerShell string that obtains the required information

Let’s discuss the below string in detail to explain what each part does

@{name=” customattribute10 ”;expression={$_. customattribute10}}

The @ symbol, is the property you are retrieving is an array, which means it contains multiple values. Then you gave the property a name/label (you can name it anything you like). This will be the header of the column in the CSV file

@{name=” customattribute10 ”;

Then you provide an expression; this is the script block where you tell the PowerShell cmdlet what you are trying to fetch. For example; we want to fetch the values for the customattribute10 attribute.

expression={$_. customattribute10}}

So, now we understand the require array to pull the multi-values from lets execute the below command

# Command
Get-ADUser -Filter * -Properties proxyaddresses,customattribute10 | select samaccountname, @{L='customAttribute10'; E={$_.customAttribute10}} | Export-Csv -Path $env:USERPROFILE\desktop\test.csv

Now executing this command you will receive the correct output from the attribute which you desired.

Regards
The Author – Blogabout.Cloud



Granting permissions to users based on Group Membership with PowerShell

Granting permissions to users based on Group Membership with PowerShell

Hello,

Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?

I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.

I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.

  • You have a basic understanding of PowerShell Scripting
  • You have modified all locations shown with ‘#########’ to your requirements

For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
clear-host
# Define Service Account
$username = '#########'
$password = '#########'
$pass = Convertto-Securestring -String $password -asPlaintext -Force
$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)

# Connect to Office 365
Import-Module MSOnline
Connect-MsolService -Credential $credential

# Connect to Skype for Business Online
Import-Module -Name SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession -Session $sfboSession -AllowClobber

# Get Group Members
Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

# Import Users
$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv

# Assign CsClientPolicy
Foreach ($row in $csv) {
If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})
{
Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'
}
else
{
Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"
get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt
}
}

You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.


1
2
# Get Group Members
Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes

Regards

The Author