This is a place for Systems Administrators and IT Professionals to find and share ideas, solutions and templates. If you have something that helps you solve a problem, chances are it will help someone else too. So pay it forward and send an email to TheAgreeableCow at gmail. Full mudos to you!

Sunday 18 August 2013

Creating SSL certificates for Exchange 2010 Edge servers

I recently moved from an on-premise email security gateway to a cloud service. As such, I had to setup some new Exchange Edge roles and install SSL certificates on them to provide TLS encryption. As there is a limited GUI, all of this needs to be done via powershell. Here is a quick, high level overview of the steps taken.

Generate Cert Request
 $data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=AU, o=IT Dept," -PrivateKeyExportable $true  
 Set-Content -Path "c:\Temp\mailcert.req" -Value $Data  

Submit Request to CA
  • Common name should be the public name eg. 
  • Add in additional 'Subject Alternate Names' for the actual server names eg.

Complete Certificate Request
 Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\Temp\mail_mydomain_com_au.cer -Encoding Byte -ReadCount 0))  

Note the thumbprint that is shown when successfully imported.

Assign the certificate to SMTP service
 Get-ExchangeCertificate -Thumbprint ABCD12345ABCD12345ABCD12345ABCD12345ABCD | Enable-ExchangeCertificate -Services SMTP  

Update the intermediate Certs

  • Download and run the Digicert Certificate Utility (, on the edge server.
  • "Repair" the cert if it's showing any missing/misplaced intermediate certificates

Export the certificate (and repeat import on second server)
$file = Export-ExchangeCertificate -Thumbprint ABCD12345ABCD12345ABCD12345ABCD12345ABCD -BinaryEncoded:$true -Password (Get-Credential).password  
Set-Content -Path "c:\Temp\mailcert.pfx" -Value $file.FileData -Encoding Byte  
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\Temp\mailcert.pfx -Encoding Byte -ReadCount 0)) -Password (Get-Credential).password  
Get-ExchangeCertificate -Thumbprint ABCD12345ABCD12345ABCD12345ABCD12345ABCD | Enable-ExchangeCertificate -Services SMTP  

Update intermediate cert via Digicert Certificate Utility as above
Complete a synchronisation cycle (on an internal Hub Transport server)

         (oo)  ok
   /------\/  /
  / |    ||
 *  /\---/\
    ^^   ^^

Wednesday 7 August 2013

Automatically re-size and import photos into Active Directory with Powershell

This script is a great example of how IT can hand back responsibility one of those trivial admin jobs to a non-IT department. You know the scenario; Marketing or HR get all of the staff photos together and send them to IT for posting to Active Directory for a bunch of relevant systems such as Outlook, Lync or a SharePoint corporate directory. Every time a photo changes, it's yet another request into IT. Well, if you implement this script, you'll never have to worry about manually re-sizing and importing these photos again!

In summary, the script bulk imports photos into AD, by selecting them from a network share based on their age. It will even re-size the photos on the fly according to Microsoft's recommendations, whilst ensuring to keep the original proportions. The cool thing is, that you can launch it from a scheduled task, so all someone has to do is save any new photos to the nominated location and they will get imported automatically.

During the import process the photos get checked against valid users in AD, so they need to be in the format of username.jpg. Everything is logged and if this test fails it will be added to the user friendly email output which can again become someone else's responsibility to receive and action. IT can get CC'd on this of course and step in as necessary.

The syntax to use is as follows

    Set-ADPhotos SourcePath Days

For example

    .\Set-ADPhotos '\\Server1\sharename' 1

The 'Source Path' can be any local folder or network share that's accessible. The photos are then copied down to a local working path for the actual import. Both the original photo (if one exists) and the new photos are date stamped and backed up. So if you have to restore a photo, you can simply place a copy (as username.jpg), back into the working directory and do a manual run without having to wait for the next schedule.

The 'Days' parameter is used to filter the import of photos based on the modified date. So for example '1' will only import photos modified in the last day. Assuming you run this as a scheduled task, it's important then to match the schedule with the the number of days entered.

Finally, if you're a Lync shop, the script can trigger an update of the Address Book which gets the photos out to the clients pretty quickly.

Here's the full script, or download it from GitHub.

         (oo)  ok
   /------\/  /
  / |    ||
 *  /\---/\
    ^^   ^^

Saturday 29 June 2013

SysAdmin Modular Report for Exchange

The SysAdmin Modular Reporting framework provides a consistent, flexible data collection and reporting tool with 'traffic light' style alerts for your environment. Written in Powershell using an easy to follow style, the framework collates any number of user generated plugins (function scripts), into a single report for any Windows system supporting Powershell.

Quick Start

For a full overview of the framework and information to help create your own scripts, please see the Quick Start Guide (pdf).
  1. Download modules from GitHub links below*
  2. Save to a server with Exchange 2010/2013 Management Tools
  3. Customise Global_Variables.ps1 (with relevant server names, email addresses etc)
  4. Review the plugins (reorder, remove, update thresholds etc)
  5. Run the report  Get-SAMReport Exchange [Email/OnScreen]
Review the scripts on GitHub
*I encourage you to review and understand any script downloaded from the internet. Also ensure to "unblock" each .ps1 files (Right click | Properties | Unblock), to avoid the [D] Do not run [R] Run once [S] Suspend security prompts.


SAMReports can provide a very detailed look into the health of your environment. You can view the relevant data that has been gathered and quickly see any Warnings or Alerts based on your thresholds. The overall title of the report will reflect the worst result, so for example if there were 6 sections and only one showed a Warning, the report title will be coloured as a Warning.

The result is a rich report with clear status indicators giving you an instant overview and the details to back it up.

      Picture 1. Sample Report showing just a few of the plugins


The independent plugin system is very flexible and provides an easy way to only report on information that you need. The template style provides a consistent output, but also makes it easy to adapt or add new plugins. The warnings or alerts are based on a failed test or data falling outside of thresholds that you can define.

Each plugin can generate four types of output:
  • Results Text (html formatted)
  • Results Data (html formatted table)
  • Results Status (Alert, Warning, Good colour codes)
  • A File (either saved to the \output folder or included as an email attachment)

This is a list of the current plugins for Exchange:
  • Environment Summary.ps1 Shows an overview of the Exchange environment
  • Services Check.ps1 Checks that the appropriate services are running for each role
  • Transport Queues.ps1 Checks for delayed messages in Transport Queues
  • Database Mount Status.ps1 Checks the mount status of Public folder and Mailbox databases
  •  DAG Database Health.ps1 Checks the health status of the Databases which are part of a DAG
  • DAG Replication Health.ps1 Checks the health status of the DAG replication
  • Backup Status.ps1 Checks when each of the databases were last backed up
  • Database and Disk Statistics.ps1 Checks database statistics and available disk space
  • Check Mail Flow.ps1 Checks mail flow between each Mailbox server
  • Test MAPI Connectivity.ps1 Verifies server functionality for MAPI and LDAP
  • Test OWA Connectivity.ps1 Verifies server functionality for Outlook Web Access
  • Test Web Services.ps1 Verifies server functionality for Outlook Anywhere
  • Test POP Connectivity.ps1 Verifies server functionality for POP3
  • Test IMAP Connectivity.ps1 Verifies server functionality for IMAP4
  • Test SMTP Connectivity.ps1 Verifies server functionality for SMTP
  • Test System Health.ps1 Analyses your environment according to best practices
  • Get Event Logs.ps1 Event Log entries that match defined criteria
  • ActiveSync Device Count.ps1 Checks the number of EAS devices for each user

This is a community driven project if you have any suggestion or module scripts you have created, I would love to include them here - with full mudos to you of course.

See the main SysAdmin Modular Reports page for more details, including working with Scheduled Tasks and downloads for other modules.

         (oo)  ok
   /------\/  /
  / |    ||
 *  /\---/\
    ^^   ^^