Do you enjoy the "Tip of the day" that EMS gives you whenever you open it up? Something like

Ever wanted to retrieve a list of all available tips? It's pretty easy. Just type

1..200 | foreach {get-tip -local:$_}

This will give you an output of all available Tips in the EMS.

Enjoy!

I just thought i'd do a quick one on Powershell, and how it can be used to modify Active Directory attributes, especially regarding multi-valued ones. In this example, i'm using the [ADSI] accelerator for direct access to AD. I'm also utilizing the .putex method, for more granular control. For more information on .putex, please see http://support.microsoft.com/kb/260251.

And there you go....

------------------------------------------------------------------------------

#Scripting example of using PS and [ADSI] accelerator to modify AD attributes
#This example reads, modifies and deletes all the values in the "proxyaddresses"-attribute of an user object.
#
#USE THIS CODE AT YOUR OWN RISK. DO PROPER LAB TESTS. NO WARRANTIES IMPLIED. LEGAL BLAH.
#(c) 2009, Georg Hinterhofer

#Clear Screen
cls

#Dim array to hold multi-valued attributes
[array] $proxy

#Set LDAP path
$LDAPPath ="LDAP://CN=test,CN=Users,DC=forest1,DC=local"
$ADUser = [ADSI]"$LDAPPath"

#Read multi-valued properties
$proxy = $aduser.proxyAddresses

#Delete a multi-valued properties
$ADUser.putex(1,"proxyAddresses",$null)
$ADUser.setinfo()

#Set a multi-valued property
[Array] $newProxy = "SMTP:test@microsoft.at","smtp:test2@test.at"
$ADUser.putex(2,"proxyAddresses",$newProxy)
$ADUser.setinfo()

#Add a property to multi-valued
[array] $smtpToAdd = "smtp:test3@test.at"
$ADUser.putex(3,"proxyAddresses",$smtpToAdd)
$ADUser.setinfo()

#Remove a property from multi-valued
[array]$smtpToRemove = "smtp:test2@test.at"
$ADUser.putex(4,"proxyAddresses",$smtpToRemove)
$ADUser.setinfo()

------------------------------------------------------------------------------

So enjoy this one,

Regards,

Georg

I recently joined Microsoft as a Premier Field Engineer for Messaging. One of the top issue's i started seeing are mailboxes that are converted to linked or shared mailboxes after migration from Exchange 2003, whereas they should be plain user mailboxes.

While it's no problem to convert a shared mailbox to a user mailbox - Set-Mailbox UserMbx1 -Type Regular - you will have a hard time converting a large number of linked mailboxes to user mailboxes, as the official procedure calls for disconnecting and reconnecting (!) the mailbox.

Let's start and see why this happens and what we can do about it -

Back in the days of 5.5, every mailbox had to have a so called "Associated External Account" - or short "AEA". This was necessary because Exchange 5.5 had it's own directory service, and NT accounts had to be matched somehow. In Exchange 2000 / 2003 / 2007, the AEA account is mostly used for ressource forest deployments, where a disabled mailbox account needs to be matched with an enabled user account from a user forest.

The problem here is that most customers have always upgraded their enviroment since the earliest days - and therefore still have (obviously no longer existing) accounts carrying the AEA property in their mailbox rights ACL's - this probably looks something like below: More...

This one's for Jamie :-) There seems to be a lot of confusion with customers on how Outlook Anywhere works, especially when using a multiple AD-Site's setup.

Imagine the following scenario in the image below: 

And let us further assume that the users mailbox is located in "Site B" and the combined CAS/HT/MBX in "Site B" isn't accessible from the internet. The user tries to access his mailbox via RPC/HTTPS (Outlook Anywhere) on the CAS in "Site A". Oulook Anwhere is not enabled in "Site B"

So how does this work? More...

Are you tired of Exchange 2007 Rollups taking 1h + to install, even on high end production servers? Don't panic, there's a possible workaround - disable the certificate revocation check in Internet Explorer. Yeah, you heard right.

 It can be found in the Internet Explorer options, see screenshot below:

Doing this brought my RU5 install time down to around 10 minutes instead of approx one and a half hours.

Hope you find this usefull!

Regards,

Georg

 "In what way do Exchange and the PDC Emulator relate?" Well, before starting this topic you should know what the PDC Emulator is.

The PDC Emulator is one of the 5 Active Directory FSMO Roles (in Full - "Flexible Single Master Operation Roles"). The others are Schema Master, Domaining Naming master, Infrastructure Master and the RID Master.

What are the duties of the PDC Emulator:

• The PDC Emulator emulates a Windows NT 4.0 Primary Domain Controller - so that NT 4 Backup Domain Controllers can successfully replicate Directory Information (of course, in a pure Win2k/2k3 enviroment, this feature becomes obsolete).
  
  
• When a User changes his/her password on another DC, the password change is preferentially replicated to the PDC Emulator before any other DC.
  
  
• Furthermore, if a user tries to log on to a DC and the DC didn't receive the password change it will forward the logon request to the PDC Emulator (as mentioned before, the PDC Emulator gets preferential treatment on password changes).
  
  
• Account lockouts are processed by the PDC Emulator.
  
  
• When modifying or creating GPO's, this is always done on the SYSVOL - Share of the PDC Emulator.
  
  
• The PDC Emulator is the authoritive source of time in the domain - all other servers and clients will try to obtain time information from the PDC Emulator (for that reason, the PDC Emulator should always be configured with an external accurate time source).
  
  

So the PDC Emulator is a pretty important role within a domain. But what's up with Exchange? More...