Friday, April 4, 2008

More EMS Goodies

Reading Secure Strings
If you have a PowerShell script that needs to have the user enter a password, but obviously don't want the input echoing to the screen, try this:

$Password = Read-Host "Please enter password: " -AsSecureString

The variable $Password can then be passed along to commands that require a secure password string as a parameter.

Distribution Group Goodies
To add the ability to Send-As a group:

Add-AdPermission "Group Name" -user "User Name" –AccessRights extendedright -ExtendedRights "send as"


To delegate rights to modify group membership:
Add-ADPermission –Identity "name of distribution group" -User "name of user" -AccessRights WriteProperty –Properties “Member”


More details: Add-ADPermission.

Thursday, April 3, 2008

EMS Goodies: Distribution Groups and PowerShell

Here are a few PowerShell scripts that I cobbled together to help with our current mailbox migrations from Exchange 2003 to Exchange 2007. The first, grp_and.ps1, takes the names of two distribution groups as parameters and lists all users who are present in both groups. The second grp_not.ps1, lists all users who are in the first group but NOT in the second group. Note that Exchange 2007 SP1 is required to make use of MemberOfGroup in the recipient filter.


grp_and.ps1

# Script for listing which recipients can be found in both groups passed as arguements

function Usage
{
""
"Usage: .\grp_and [DistributionGroup1] [DistributionGroup2]"
" Lists accounts that are found in both distribution groups."
" Two arguments required."
""
exit
}

# Help Request
if ( ( $Args -eq '-?') -or ($Args.count -ne 2) )
{
Usage
}


$grp1 = $(Get-DistributionGroup $args[0]).Identity.DistinguishedName
$grp2 = $(Get-DistributionGroup $args[1]).Identity.DistinguishedName

""
$grp1
" and"
$grp2
" both contain the following recipients..."
"-------------------------------------------------------"
get-recipient -RecipientPreviewFilter {(MemberofGroup -eq $grp1) -and (MemberofGroup -eq $grp2)}
"-------------------------------------------------------"


grp_not.ps1

# Script for listing which recipients are in the first group but not the second, passed as arguements

function Usage
{
""
"Usage: .\grp_not.ps1 [DistributionGroup1] [DistributionGroup2]"
" Lists accounts that are found in the first group but not the second."
" Two arguments required."
""
exit
}

# Help Request
if ( ( $Args -eq '-?') -or ($Args.count -ne 2) )
{
Usage
}


$grp1 = $(Get-DistributionGroup $args[0]).Identity.DistinguishedName
$grp2 = $(Get-DistributionGroup $args[1]).Identity.DistinguishedName
""
"The following recipients are in "
$grp1
"but are not in "
$grp2
"----------------------------------------------------------------"
get-recipient -RecipientPreviewFilter {(MemberofGroup -eq $grp1) -and (MemberofGroup -ne $grp2)}
"----------------------------------------------------------------"

Tuesday, April 1, 2008

Major Flaw in Exchange 2007: a Blast from the Past!

KB article 812806 describes a serious bug in Exchange 2000 and Exchange 2003, as well as its fix. The bug manifests itself when an Exchange user sends an SMTP message to an external mailing list address, and the delivery attempt to one or more members of the mailing list generates an NDR, the NDR presented by Exchange to the original sender makes it appear that delivery to the list address itself failed.


Well, this bug has resurfaced in Exchange 2007. A Microsoft PSS support engineer has confirmed to me that the fix described in the aforementioned KB article does not work with Exchange 2007, nor is there a fix in place. An ECR was apparently filed last year to address the issue, but it seems that there has been no progress made on getting a fix out.


Can't Micosoft fix a bug and keep it fixed? Especially on such a blatantly serious bug?


Update: Within minutes of posting this, I received an update from PSS. A hotfix is in the works. Release is tentatively slated for late April.

Laugh. It's funny.

Go go gadget accelerometer!