Windows Server Administration

Well it is coming to that time of year again where we will be given a list of new students that will be enrolled for the 2009 School Year, and of course it is up to the IT Department to created the hundreds of accounts. This year I thought I would have a crack at using PowerShell to do a bulk import into Active Directory.

The first thing that I found was that PowerShell doesn’t have any specific Active Directory CMDLets, so I found these PowerShell CMDLets from Quest. A must have if you are working with Active Directory and PowerShell. There are a few pre requesests before installing so grab the PDF document associated and have a read. Let’s build the script!

I want to be able to import users from a CSV file so the the cmdlet that I amm interested in is Import-CSV which takes a parameter for the file name like so:

Import-CSV C:\New.csv

Next Step is to iterate through the file. This is done by piping the contents of the csv file to the For-EachObject cmdlet which inturn uses the New-QADUser cmdlet.

ForEach-Object {New-QADUser -ou domain.local/Students/2009 -name $_.Name -Description $_.Description -City $_.City -UserPassword $_.Password -SamAccountName $_.sAMAccountName -FirstName $_.FirstName -LastName $_.LastName -DisplayName $_.Name -UserPrincipalName $_.UPN}

If you type in get-help New-QADUser you will see the syntax and all the parameters you can include. In the above script you will see $_.Name etc etc. These correlate to the CSV File. My CSV File had Name, Description, UserPassword, sAMAccountName, FirstName, LastName, DispplayName and UPN. You can see the connection above. It doesn’t even matter what order they are in in the CSV File!

Did you Like This Post? Stay Updated with more How To’s and Tips by Subscribing to My RSS Feed

For the past couple of days I have been struggling with our Exchange 2007 implementation. But I am glad to say that all things are looking good and we can now send and receive mail! Whoo Hoo…..

What I have been playing with is the Edge Server and the new improved Anti Spam features that it brings to the table. Which for us is a reason in itself to implement an Exchange 2007 Mail system. But what has been frustrating is the fact that it did not seem to be working! But Yesterday we had a massive breakthrough.

The setup that I had was the Edge Server is sitting behind our ISA 2006 firewall which is forwarding all SMTP Traffic to the Edge Server. But it wouldn’t work unless we had “Request Appear to come from the ISA Server computer” selected and the ISA Server Computer’s Ip Address in the “Allowed IP List” on the Edge Server. Now that was no good because then all the mail appeared to be coing from the ISA box and not the origional client.

So….What I did was I changed the gateway of the Edge Server to the ISA 2006 box and then changed the “Request Appear to come from the ISA Server computer” to “Request Appear to come from the origional client” in the SMTP Publishing Rule and BINGO the Edge Server is doing it’s Anti Spamming Job!

The downside to that was that we now could not send any mail. Because the ISA box is in our DMZ we could get out. So after subscribing the Edge Server to Active Directory and the Organization it automatically creates Send and Receive Connectors. So what I did was change the “Source Server” from the Edge Server (which had a gateway of the ISA box) to our CAS (Client Access Server) which was also running the Hub Transprt Role. Our CAS Server had a different gateway and could send mail out. We now have a working model. And what is more important the new SPAM agent on the Edge Server is working a treat!!!!

Daniel
Creating a Working Exchange 2007 Infrastructure.

Oliver over at the Windows Server Division Weblog has just written a post on the Announcement of Windows Server R2, among the enchancements that caught my eye were the ones to do with virtualization, a new Hyper-V is built in offering some great new features.

Considering I will be consolidating alot of my servers over the coming months this will add some great benefits. I currently have 2 Exchange 2007 servers riunning on a Hyper-V box and seem to be going OK. One is running the CAS and Hub Transport Roles and the other is running the MailStore Role.

Make sure you check out the other inclutions in R2 on the Windows 2008 Server Website.

Let me first start by saying that we have a pretty unorginsaeed Active Directory Structure at the moment, but that will change. Today I took the first step to getting some order in our AD Structure, disable all accounts that ahve been inactive for a period of time. To do this I simply used DSQuery and piped the results to DSMod and there we have it all the accounts are disabled.

Here was the command I used:

dsquery user -inactive 40 -limit 0 | dsmod user -disabled yes

I know, I know pretty simple but something that is good to have in the tool kit. I then went on and did it using the computer accounts. Then from Active Directory Users and Computers snap in I could then create a query to lookup all the disabled user and computer account and eother delete them or move them to a temp OU before deleting.

Daniel Anderson
Cleaning up my Active Directory.

As the migration form Exchange 2003 to Exchange 2007 continues, one of the areas that is a MUST is the ability to backup mailboxes. In this Exchange 2007 How To, I will show you how you can export malboxes from your Exchange 2007 Database to individual PST Files.

In order to export or import mailboxes to PST files you will need to make sure that the following this are in order.

• Export/Import to PST must be run from a 32 bit client machine with Exchange Management Tools installed (Version Exchange 2007 SP1 or later). The 32bit requirement comes from a dependency with the Outlook client.
• Either Outlook 2003 or Outlook 2007 must be installed on the client machine.
• The user running the task must be an Exchange Organization Admin or an Exchange Server Admin on the server where the mailbox to export/import lives.

Open up the Exchange Management Shell, then what we are going to do is pipe the results from the GET-MAILBOX command to EXPORT-MAILBOX, Like so.

get-mailbox -database “SERVER_NAME\DATABSE_NAME” | export-mailbox -PSTFolderPath C:\PSTFiles

What I think is great about this is that you can select different mail databases. For example we have 2 seperate databases, one for staff and one for students. Therefore we can split this process up and run it on different days.

Next up is to create a scheduled task to run the Powershell Command. Subscribe to my RSS Feed to keep up to date with more Windows Server Tips, Tricks and Tutorials.

I have been working on a migration from an Exchange 2003 environment to Exchange 2007 over the past week and have just about completed it. A thing that I wanted to point out that I thought was pretty cool was how easy it was to grant people permissions to open up other users mailboxes from the new Exchange 2007 Command Shell (PowerShell)

Add-ADPermission “DataBase Name” -User “Username” -ExtendedRights “Receive As”

There is a great need for this in my environment as I am often asked to track BAD Emails that students may or may not have sent. Executing the above command and replacing “Username” with my username, “Database Name” with the name of the database, in my case I have 2 seperate mail store databases for Staff and Students, and bingo I now have the ability to open all mailboxes in the database that I specified.