To view Calendar access rights:
Get-MailboxFolderPermission -identity "ManagingUser:\Calendar"
You must remove any user listed as Reviewer before you can add Editor rights.
Remove-MailboxFolderPermission -identity “ManagingUser:\Calendar” -user “PersonalAssitant”
Once Removed Add Editor Access rights:
Add-MailboxFolderPermission -identity “ManagingUser:\Calendar” -user “PersonalAssitant” -AccessRights Editor
Tuesday, August 6, 2019
Grant Mailbox Permission to single user
There are many situations in which permissions to another user’s mailbox should be granted on Exchange Server. Sometimes it is for monitoring purposes, sometimes in order to send emails on behalf of someone else. Full access permissions give the highest level of access to a mailbox, and are necessary, for example, during a migration process. If you want to learn how to set full access permissions on Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016 or Exchange 2019
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'User')} | Add-MailboxPermission -User User@Example.com -AccessRights FullAccess -InheritanceType all -AutoMapping:$false
Full Credit to:
https://www.codetwo.com/admins-blog/how-to-grant-full-access-permissions-to-all-users-mailboxes-exchange/
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'User')} | Add-MailboxPermission -User User@Example.com -AccessRights FullAccess -InheritanceType all -AutoMapping:$false
Full Credit to:
https://www.codetwo.com/admins-blog/how-to-grant-full-access-permissions-to-all-users-mailboxes-exchange/
Wednesday, July 24, 2019
PowerShell-Bulk Export & Import of X500
One of the most important thing to take care is the X.500 Address when you are doing Direct Cut Over migration from Microsoft Exchange Server to a new Exchange Server in different AD Domain or Office 365
The X.500 Address is used by Microsoft Outlook to identify users (NOT SMTP Address) within Exchange Organization (Refer to the http://www.askme4tech.com/exchange-server-x500-address-amazing-thing-know for more detail information.
Please refer to the steps below on how to export & import X.500 using PowerShell Script
To export the ExchangeLegaceyDN from Source Domain.
Get-ADUser -SearchBase “DC=YOUR-DOMAIN,DC=COM” -Filter * -Properties SamAccountName,legacyExchangeDN | Select-Object SamAccountName,legacyExchangeDN | Export-CSV C:\Temp\Exported-LegacyDN.csv -NoTypeInformation
To Import to new Domain Controller.
Import-Module ActiveDirectory
$Input = Import-CSV C:\Temp\Exported-LegacyDN.csv
ForEach ($ADUser in $Input){
if ($ADUser.legacyExchangeDN){
Set-ADUser -Identity $ADUser.SamAccountName -add @{proxyAddresses=”X500:$($ADUser.legacyExchangeDN)”}
}
}
All credits:
https://aventistech.com/2018/07/powershell-bulk-export-import-of-x500/
Source for the Script.
https://www.petenetlive.com/KB/Article/0001468
This describes my exact issue:
https://www.tipsdotcom.com/recipient-not-found-by-exchange-legacy-encapsulated-email-address-lookup.html
Monday, April 2, 2018
Find MAC Addresses of member NICs in a Native Windows Team
This article describes how to get the MAC addresses of all member Network Interface Cards (NICs ) in Native Windows Network Teams present in a Windows Server 2012/2012 R2 using PowerShell.
There are lot of instances where the network communications fail when we are teaming up the incorrect network interfaces. Especially when the team members are the partitions of a virtual partition capable Converged Network Adapter (CNA), we need to make sure that we are teaming up correct partitions from different physical ports for redundancy and proper VLAN traffic. In such situations, the primary troubleshooting step related to network team’s connectivity issue is to validate the network team members.
The easiest way to ensure this is to compare the unique attributes of the partitioned interfaces with the data in the network card BIOS or out-of-band management tools (like iDRAC, ILO etc) or other baseboard management controllers. Media Access Control (MAC) addresses of the partitioned interfaces seen by the Operating System are the easiest and reliable unique identifiers in this scenario as the names for the interfaces will be different for different network cards.
The default available option to get the member NIC’s MAC address is to use the PowerShell command Get-NetAdapter <member NIC name>. For that we have to manually find the native teams in the server, their member NICs and then the MAC addresses of the member NICs.
The following short PowerShell script will automate this process and will list down the MAC addresses of the member NICs of all the native windows teams available in the server. The advantage with the below script is that it can be used on any Windows 2012 or Windows 2012 R2 servers without any modifications/inputs.
Script:
foreach ($i in ((Get-NetLbfoTeam).name))
{
Write-Host "`nTeam Name - "$i`n"Team Members: "
Get-NetAdapter (Get-NetLbfoTeamMember -Team $i).Name | Format-Table
}
Source TechNet
There are lot of instances where the network communications fail when we are teaming up the incorrect network interfaces. Especially when the team members are the partitions of a virtual partition capable Converged Network Adapter (CNA), we need to make sure that we are teaming up correct partitions from different physical ports for redundancy and proper VLAN traffic. In such situations, the primary troubleshooting step related to network team’s connectivity issue is to validate the network team members.
The easiest way to ensure this is to compare the unique attributes of the partitioned interfaces with the data in the network card BIOS or out-of-band management tools (like iDRAC, ILO etc) or other baseboard management controllers. Media Access Control (MAC) addresses of the partitioned interfaces seen by the Operating System are the easiest and reliable unique identifiers in this scenario as the names for the interfaces will be different for different network cards.
The default available option to get the member NIC’s MAC address is to use the PowerShell command Get-NetAdapter <member NIC name>. For that we have to manually find the native teams in the server, their member NICs and then the MAC addresses of the member NICs.
The following short PowerShell script will automate this process and will list down the MAC addresses of the member NICs of all the native windows teams available in the server. The advantage with the below script is that it can be used on any Windows 2012 or Windows 2012 R2 servers without any modifications/inputs.
Script:
foreach ($i in ((Get-NetLbfoTeam).name))
{
Write-Host "`nTeam Name - "$i`n"Team Members: "
Get-NetAdapter (Get-NetLbfoTeamMember -Team $i).Name | Format-Table
}
Source TechNet
Restore from Backup Exec Retired Media
retired media
Media that has been taken out of service, usually because of an excessive number of errors. Media that is retired is available for restore jobs but not for backup jobs. Media must be retired before it can be deleted. If you want to use media that has been deleted, Backup Exec will recognize it as imported media. It must be cataloged before you can restore from it.
Tuesday, August 15, 2017
Symantec Messaging GatewayPacket capture
Symantec Messaging Gateway version 10.6.x part of the Symantec Endpoint Protection Suite.
Packet capture:
Running the TCPDUMP command
1. Login to the command line (via SSH “Putty” or locally in the VM console or directly connected with monitor and keyboard) as admin.
2. Run command “set-support” and create a new password for the support account. (This account will be automatically disabled after 7 days and can be re-enabled without knowing the password by re-running the command)
3. Logout by typing “exit” (in a Putty session this will require that you reconnect)
4. Login with the username “support” and password you created.
5. Run the “tcpdump” command.
Examples:
Capture only SMTP traffic
tcpdump -s 0 -w /tmp/capture.cap -i any tcp port 25 -Z support
Gathering the Data to send to a support agent
Any files named *.cap in /tmp/ will be gathered by running a diagnostics.
If you run the diagnostics from the Control Center, you can download the file to your desktop.
OR
You can get the diagnostics by using WinSCP.
1. Download and install WinSCP (Available for free on the internet winscp.net)
2. Connect to the inbound IP of the appliance (The protocol will be SCP and the port 22) with the username support.
3. Browse to /tmp/ to find the diagnostics file. (or the path you directed the diagnostics to)
4. Copy to your workstation.
5. You can use Wireshark to analyze the caputer file.
Friday, January 23, 2015
Access Based Enumeration (ABE)
To enable "Access Based Enumeration on a Windows 2008
or later server, ensure that the appropriate NTFS and Share permissions are set
on the root share directory. In my case
I needed to allow everyone the ability to see the root share but restrict
access to the subdirectories. To avoid
giving the users unnecessary access, I removed the "Everyone Group"
and added the "Authenticated Users Group" with the Read and Change
Share permissions. I then gave explicit
NTFS permissions to those groups who needed access to any of the
subdirectories.
Since I only wanted the "Authenticated Users to see the
Root Share but not have access to the sub directories, I gave the “Authenticated Users” Read NTFS
permissions which includes the Travers folder permissions to allow them
to drill down past the root share. I
then broke inheritances and made sure the “Authenticated Users” group had the following
Special NTFS permissions. I also made sure to select “ Apply only to this
folder”.
List folder / read data
Read attributes
Read extended
attributes
Read permissions
I then added my other groups with explicit permissions to their
respective directories. So at this point
the root share is visible to all Authenticated Users but the subdirectories are
only displayed to those users/groups with explicit NTFS permissions, “Read,
Write and Modify” and all of the special permissions that are included.
Subscribe to:
Posts (Atom)