Sep 18

IT/DevConnections Day 3

dc14-header-logoWell, day three has come and gone. It has be a fantastic ride. I’ve learned a lot and it has been a great ride.

I started my last day with Jeff Guillet ( and “Build a Super-Fast Lab Exchange Lab for under $2,000.” I took copious amounts of notes for this; so much information. For Jeff’s presentation, he had a system which he outlines in his own blog ( Jeff was very thorough in his talk. He went over the pieces and parts as well as buying resources and sites he liked and didn’t like. What memory he liked and why he liked it. I’m not going to regurgitate as I’m sure he has already talked about much of this on his own site (

We also had some great discussions about setting up the environment and the tools he uses (I may see about tackling the setup using DSC). If you want to setup your own environment I’m going to suggest hitting his site for all the info you’ll need. I think of all the presentations I’ve been to this is probably the one I’m most interested in getting started with.

Next I went to “Rock your .NET coding” with David McCarter ( Now, this presentation was a bit out of my league as I’m not a professional developer. I do however write a lot of PowerShell code and I’m always trying to improve my code. Therefore a presentation on standards is a great place to go. While much of what was discussed is not directly applicable to me, it does make me think a bit harder about the code I do write, and that is not a bad thing. I will say, if you are a professional coder, you should take a look at Dave’s books and dvds. There was  room full of professional developers there and I feel like he stumped a lot of them with his examples. Proof positive that we can all learn more.

Next I went to “Building Custom tools Using PowerShell” by Kaido Jarvemets and Greg Ramsey. a good portion of this presentation was based around Configuration Manager which, unfortunately, was not mentioned in the description. That being said there was some great topics being discussed. Adding right-clicking capabilities to Configuration Manager which calls PowerShell scripts, Utilizing WPF to easily generate PowerShell GUIs, great for the not-so-PowerShell-Friendly-Admin. Lastly they talked about WMI events and creating actions based on those events (send an email, log the event…). I’ll probably need to go over this stuff myself as some pieces went very fast.

20140918_154654_2The last event was the most fun! “Ask the Exchange Experts” with a panel of Experts and some of the production team in the back of the room piping in as needed. Lots of questions and lots of level-headed answers. This was a lot of fun and I picked up a few things to think about.

And with that I have to say good-bye to IT/DEV Connections for 2014. I learned a lot of stuff that me and my company will be able to benefit from. I’m glad I did it. I wish I could do it more. In this industry you can never stop learning. Fortunately for me, I like the learning.

Thanks everyone and I hope to see you next year!


Sep 17

IT/DevConnections Day 2

dc14-header-logoLots of stuff being crammed into my brain.

Started today with a Jeffry Snover (@jsnover) presentation on Just Enough Admin (JEA) which I had seen in passing but hadn’t really delved into too. Once the explanation got going, I realized the name really was a good identifier of what JEA is. JEA is, basically, not so much taking away admin privileges, but more about only giving the admins what they need to fulfill their role. Just because someone should be able to patch a system or reboot or change an IP doesn’t mean they should be able to read all the (potentially confidential) files on that system. So the “Super-User” should probably go away in favor of the role based administration and JEA is used to make that kind of configuration easily available.

The JEA makes creating a server role for patching, or setting up SMB shares easier to setup the same way Desired State Configuration (DSC) makes it easy to setup a farm of IIS servers with a specific configuration. In fact, JEA uses DSC for it’s implementation. Jeffry was quick to point out that the JEA toolkit is in an Experimental stage (denoted by the ‘x’ in the front of the module name ‘xJEA’) so it may not be 100% for production environments but the concept is solid and, I think, one that should at least be investigated.

The second half of the presentation was a 400 level breakdown of some of the pieces and parts that I’ll need to go over and experiment with before I really have it down. As a bonus, there were some Segways into some of the new features of PowerShell v5. Again, most stuff to learn.

All in all, a great presentation. Just the time with Jeffrey is worth the money for the convention. I dare you to walk away from a Snover presentation on PowerShell and not get excited about it!

After the JEA presentation I went into Rick Claus (@RicksterCDN, on Storage Spaces, Scale Out File Server and SMB 3.0 (the “Fire-breathing Dragon”). Lots of great insights here on the state of things. Also, found out that according to Rick, Amazon and Microsoft don’t use any SANs in their cloud solutions because they are cost prohibitive at that scale. It is much easier, and easier on the wallet to have these large JBODs (Just a Bunch Of Disks) and utilized the storage capabilities of Windows Server 2012.

Rick’s presentation had side by side feature comparisons for SANs and Windows Server 2012 also a good discussion on disk tiering which is using SSDs for busy I/Os (Hot disk) and standard spinals for less busy I/O (Cold disk). The system can move data from one set of disks to the other without the accessing system having any idea of what was going on. Best part, he gave us the scripts and requirements to set these environments up with a USB SSD on a regular ol’ laptop. I love takeaways like that!

Next, I went to this “Mary-Jo Foley and Paul Thurrott on the State of Microsoft” presentation. Now, I’m not really familiar with Mary-Jo or Paul and I may have had preconceived notions of what their presentation was going to be but I found that in the first 10 minutes or so and more “We don’t know but…” statements than I wanted to. “We don’t know if Windows 9 is going to have feature X or not but we have  a screen shot from the [always trustworthy] Internet” or “We’re looking forward to a Microsoft presentation on [datetime]. We don’t know what they’ll say but…” So, I was less than interested in what they didn’t know so I left early.

As a result I found out where I should have been from the beginning, and that’s in Tim McMichael’s “Exchange 2013 Site Resilience” presentation. Boy if you wanted to know about Exchange DAGs and Clustering, Tim is the guy to follow ( Unfortunately for me, I haven’t looked into Exchange 2013 very much, because there isn’t a plan at my company to move to it at this time so I haven’t spent the cycles. Tim went through a whole host of scenarios for Exchange 2013 DAG and cluster failures including the option for a third site <shock>.

I ended my day with Brian Desmond (AD MVP,, @BrianDesmond) talking about all things ADFS and Federation and Microsoft’s new tool which will replace DirSync AADST (Azure Active Directory Sync Tool). It was good to go over this stuff and to know about where AADST isn’t as mature as DirSync and what kinds of things to expect.

Brian made a good point during his presentation, He said ADFS servers should be treated with the same level of security as domain controllers. After all they are holding on to potentially important information which, just like a DC shouldn’t be available on the Internet.

Another great day and I still feel like I’ve gotten my money’s worth. One more day for me. I’ll have to try and get everything I can out of it.


Sep 16

IT/DevConnections Day 1

dc14-header-logoToday was day one (for me) of ITDevConnections 2014 held in Las Vegas. I wanted to do a quick post of some of the sessions I went through and some of the things I learned.

It started at breakfast I started talking to a couple of guys who work for a company doing a new form of marketing which I thought was interesting. I may not be saying this correctly, but the gist was they link banks with various companies such that when you use your ATM card at, in the example we talked about, Home Depot, you would automatically get a coupon applied to your order. Not exactly at that time, but some time down the road, the bank would apply the money you saved back to your account, like a refund. Couponless coupons I think they called it. Anyways, interesting.

My first session was a presentation Mark Minasi (, @mminasi) called “Windows Clusters for Beginners: From Highly Fearful to Highly Reliable in 75 Minutes!” Now, I’ve used clusters before but generally only how the pertain to Exchange. I went to this one hoping to get some new info maybe I didn’t know before. It’s always good to go over things, especially from an expert like Mark.

Mark has a great presentation style, very clear very concise and very engaging. He took the time to talk with everyone before the presentation to get a little info on them and what they wanted to get out of the presentation. The presentation was very much a starting point for learning about Clusters. For me, it was good to go over things. Like I said, I don’t really live in Clustering, and it was helpful to hear the history and how the bits and pieces worked. Mark is very good at presenting complex material in a straight forward way. If you get a chance to see one of his presentations, I would do it. He also presents on (If you don’t know what pluralsight is, check it out).

Next, was a presentation by Andy Malone @AndyMalone. Andy is an MVP for Security and now a published Sci-Fi author (The Seventh Day). Andy’s presentation “Office 365: Migrating Your Business to Office 365” went through all the various ways in which mailboxes can be migrated from using pst files to hybrid. There was only so much time, and really a lot to cover and Andy got it all in, complete with demos. Along the way Andy gave out some key pieces of intel. which anyone doing a migration to Office 365 would like to have.

  • 9 out of 10 errors come from DNS issues (IMAP migrations)
  • OST files are recreated so be ready for that.
  • Where DirSync is needed and when it is not.
  • Dynamic Distribution Lists don’t migrate in a staged migration nor is Send-As rights.
  • And more…

Lots of things to go over. There is a Hybrid migration presentation coming up that I’ll have to go to (If there isn’t something else I’m interested in more)

During lunch, the conversation was about land owners not having mineral rights in the North Dakota areas where they’re doing fracking and how much Cobalt coders are making because no one wants to code in Cobalt! You meet interesting people at these conventions.Bxr0anxCMAAfAi5

After lunch was a REAL treat. One of the reasons I came to the ITDevConnection convention… Jeffry Snover with Hemant Mahawar presenting on “PowerShell Desired State Configuration for Securing Systems.” Jeffry called it “Chewy,” as in lots of information to chew on and boy was he right. The rough concept is you’re environment is hacked <period, end of story>. Here is an easy way to create a secure, cocoon-like area where people can do their work. In short, you create a subdomain of the current domain and, using PowerShell and DSC, create a new environment where “the bad guys” can’t get into. basically strip out the domain admin permissions on systems, setup a “Jumpbox” (a system that administrators need to go through) using PowerShell remoting that is stripped down to only the commands they need and only the end users can read/edit/delete files. In the example we were working with file systems. Here is a slide Jeffry retweeted from someone in the audience: PowerShell DSC for securing systems slide.

I’m sure I’m not doing his presentation justice, so please don’t go by what I say alone. It was a great presentation plus we got to talk about some of the great new features in PowerShell v5 like classes! Such great stuff here. If you’re not using PowerShell you’re wasting your time.

The last presentation for the day, for me, was “MAPI/HTTP in Depth” with Bhargav Shukla who works for Kemp Technologies. This may have been a bit too in-depth for me for the end of the day. I may still have been thinking about the DSC presentation previous. Bhargav did go over a lot of information about the transition from MAPI wrapped in RPC wrapped in HTTP to MAPI under HTTP and where the pros and cons of it is. It seems as though you get better performance and better end-user experience with MAPI over HTTP but there is a higher processor cost on the Exchange CAS servers. In the long run, it may be worth it to make this change. I would speculate the change isn’t going away anytime soon.

So, It was a great day, I learned a ton of stuff and I feel like my first day alone was worth the trip. Did I mention I’m paying for all of this and not my employer or anyone else. I’m doing this for me, so I can be better at what I do and it is totally worth it. Should have started doing this years ago.

Thanks for reading and stay tuned for day 2 & 3!


Apr 24

Rename a distribution group in Exchange with Powershell

Recently I was asked to rename some distribution groups in Exchange. Not so tough of a problem, but painstaking to do one at a time and there were a few of these to do. So I did what any good admin should do, I wrote a script to take care of this.

The issues
To properly rename a distribution group, you need to not only change the name of the group, but also the Alias, DisplayName and entries in the EmailAddresses field. The first two are easy but if you’re like me, you need to add a handful of emailaddresses to these fields. In our environment, we tend to add records when a name is changed rather than swap the old for the new. This way, if someone uses the old address, it still goes to where they want it too. Probably a better answer would be to create a mailbox with the old address and setup an auto reply that says “Hey, use the new address for this list.” That’ll be for another day.

Anyways, here is the script…
I should note, that I’m keeping this function (along with some other Exchange functions on github. you can get the most recent version of this script here:


Some things worth noting

First of all, I’m working trying to make every bit of code I write more of a tool for others rather than something I use in my environment only. As a result, I’m utilizing ShouldContinue and ShouldProcess more. In this script I use them twice. First when I change the Name, Alias and DisplayName fields

The second time I use ShouldProcess and ShouldContinue is when I set the EmailAddresses field.

Also, you’ll notice there isn’t much in the way of actual comments. This is a bit of a departure for me as I love my comments. But, rather than use comments, I’ve decided to use Write-Verbose so that everyone can share in “What should be happening.”

Let me know if you have any questions, or if you think there is a better way.


Feb 27

Exchange 2010 New-MoveRequest and the dumpster

So, you’re migrating from Exchange 200* to Exchange 2010 and you’re using the new fangled “New-MoveRequest.” You might have some questions about the dumpster. You know that thing that if the Admins could just get people to understand it, you would never have to restore from backup except for practice!

If you wanted to find out about New-MoveRequest, you might be tempted to go to the on-line help at New-MoveRequest. But there you wouldn’t find any information about the dumpster itself, only information about the command.

You may then find yourself at Understanding Move Requests which talks about alot of stuff about move requests. You may even find an area that talks about limitations in “Move-Mailbox” (Exchange 2007) which states “The Dumpster folder isn’t moved with the mailbox.” That’s all well and fine, but we want to know about the 2010 Move Request. A few lines down on that same Understanding Move Requests, you may find “Advantages of Move Requests” Where it doesn’t say anything about the dumpster. You might then assume that if it is a limitation in 2007, it must not be a limitation in 2010. And, you’d be right! In Exchange 2010, the New-MoveRequest will move the dumpster…

… if you’re moving from 2010!

If you’re moving from 200*. Sorry, no dumpste for you! Have a look at Troubleshooting Mailbox Moves under “The mailbox dumpster size exceeds the target quota.” A little ways down under “Resolution” you’ll find a line that says “Move requests don’t support moving an Exchange 2003 or Exchange 2007 dumpster to Exchange 2010.” That’s your answer!

Here is a blog entry from that spells this out quite clearly.


Feb 17

Simplify creating a remote PowerShell connection (part 1)

For this example, I’ll be establishing a connection to Exchange 2010. My problem is that I’m lazy and that’s why I always script things out. the function is no different. Everytime I do this it’s the same process and if you’re like me, I usually have 4+ PowerShell windows open at a time. Using this function helps to make things easy for me.

When I do something multiple times I take out parts that change and they become variables in my script. Let’s look at a simple one-line command for creating a remote connection to (in this case) Exchange.

if you want to logon with different credentials you can runas PowerShell, or you can have New-PSSession prompt you using -Credential $(get-credential) in place of -Authentication kerberos like this:

With this second version of the command you get the GUI popup asking for your credentials and all subsequent Exchange commands will use these credentials.

So, in these two commands, the only thing that has changed is the $server variable and if you use remote powershell to Exchange, it doesn’t really matter which server you connect to. You may have a preference, based on server resources, but really it doesn’t matter. Although if you’re in New York I wouldn’t connect to the server in Australia!

Makin’ it easy!
So, to make my life easier, I do a dot-import of my ExchangeFunctions.ps1 file which has two things. the first thing it has is an array of preferred Exchange server names.

The second thing I have is a function called Get-Exchange2010PSSession. In this function, I have PowerShell do all the work and pick a random server for me. There is also a small optimisation that I’ll talk about later. Let’s get to the function…

Walk through
Walking through this function we start with the basic documentation. The first parameter $ServerList is a string array. This is the list we defined earlier in the exchangeFunctions.ps1 file. In the Begin { } section the $ErrorActionPreference is set to “Stop” This way our try { } catch{ } will work and we set what will become our resulting $session variable to a default of $null.

Within the process{ } section we start a do{ } until (condition) statement that will loop through the server list choosing a random server in the list. Remember, we will be getting the same set of commands from each server so it doesn’t really matter which server we connect to. Personally, I like to have the system choose a random server because I don’t want to get into the habbit of always running my code on the same system. Next is a try{ } catch { } block that does two things.

  1. Set the PowerShell Session Options with New-PSSessionOption. I’ll go over this later so we’ll skip this until the end.
  2. Create the new PS Session with New-PSSession using whatever the currently selected server.

If there is an error the function will echo it out in the catch { }. The function will continually try a different server untill $Session is successfully populated with a return from New-PSSession. Once that happens, Get-Exchange2010PSSession returns that $Session variable which you can import using Import-PSSession.

What about that New-PSSessionOption bit? Well, did you know the default time out for establising a session is 3 minutes? If you’re like me, you don’t want to wait that long. As a result, I setup my own PSSessionOption and set the time out to 30 seconds (30,000 miliseconds). I also set the culture. I don’t need to download the russian or chinese version of the commands, I don’t speak those languages. Using Get-UICulture I get the culture settings on the systems. The other two options probably don’t speed things up very much, but I like to think I’m sucking the marrow out of PowerShell with them. If you’re curious, check them out with

Next Time…
Next time I’ll show you how to make this even easier with an additional PowerShell functions that does ALL the work in setting up a remote PowerShell session

Jan 26

RBAC Helper #4 Who What Where for Role Groups

So, This is a drill down of information from a RoleGroup. With this script, you will be able to see Who is a member of the RoleGroup, What Commands The RoleGroup can run, and Where they can run them.

Jan 20

Current issues with Microsoft Exchange ActiveSync and Third Party Devices

New (Nov 2011) support doc from Microsoft on known issues with Exchange (2010 sp1 & 2007 sp3) and third party ActiveSync devices. The short version: update iOS to 4.3.3 and for Android “the latest version.”

Current issues with Microsoft Exchange ActiveSync and Third Party Devices

Jan 18

Get a count of mailboxes by Exchange 2010 database


Dec 23

RBAC Helper #2

So, we got the role entries for the management role, let’s now find out what management roles have a specific role entry. Basically, this is the revers of RBAC Helper #1.

Update 03/22/2012: I’ve updated this script due to changes in the way the Role Entries are presented.