BSonPosh » 2008

Archive for March, 2008

Get/Set-ADACL (ACL and SDDLs for Active Directory!)

A friend had a need to get/set Active Directory ACLs. So I wrote these.

They will use [System.DirectoryServices.ActiveDirectoryAccessRule] objects or SDDLs strings.

Note: I put the .NET classes and MS Spec for SDDLs at the bottom. Dont miss it!

Get-ADACL.ps1

# Get-ADACL.ps1
Param($DNPath,[switch]$SDDL,[switch]$help,[switch]$verbose)
function HelpMe{
Write-Host
Write-Host " Get-ADACL.ps1:" -fore Green
Write-Host " Gets ACL object or SDDL for AD Object"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -DNPath : Parameter: DN of Object"
Write-Host " -sddl : [SWITCH]: Output SDDL instead of ACL Object"
Write-Host " -Verbose : [SWITCH]: Enables Verbose Output"
Write-Host " -Help : [SWITCH]: Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Get ACL for ‘cn=users,dc=corp,dc=lab’" -fore White
Write-Host " .\Get-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’" -fore Yellow
Write-Host " Get SDDL for ‘cn=users,dc=corp,dc=lab’" -fore White
Write-Host " .\Get-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -sddl " -fore Yellow
Write-Host
}
if(!$DNPath -or $help){HelpMe;return}
Write-Host
if($verbose){$verbosepreference="continue"}
Write-Verbose " + Processing Object [$DNPath]"
$DE = [ADSI]"LDAP://$DNPath"
Write-Verbose " - Getting ACL"
$acl = $DE.psbase.ObjectSecurity
if($SDDL)
{
Write-Verbose " - Returning SDDL"
$acl.GetSecurityDescriptorSddlForm([System.Security.AccessControl.AccessControlSections]::All)
}
else
{
Write-Verbose " - Returning ACL Object [System.DirectoryServices.ActiveDirectoryAccessRule]"
$acl.GetAccessRules($true,$true,[System.Security.Principal.SecurityIdentifier])
}

Set-ADACL.ps1

# Set-ADACL.ps1
Param($DNPath,$acl,$sddl,[switch]$verbose,[switch]$help)
function HelpMe{
Write-Host
Write-Host " Set-ADACL.ps1:" -fore Green
Write-Host " Sets the AD Object ACL to ‘ACL Object’ or ‘SDDL’ String"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -DNPath : Parameter: DN of Object"
Write-Host " -ACL : Parameter: ACL Object"
Write-Host " -sddl : Parameter: SDDL String"
Write-Host " -Verbose : [SWITCH]: Enables Verbose Output"
Write-Host " -Help : [SWITCH]: Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Set ACL on ‘cn=users,dc=corp,dc=lab’ using ACL Object" -fore White
Write-Host " .\Set-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -ACL $acl" -fore Yellow
Write-Host " Set ACL on ‘cn=users,dc=corp,dc=lab’ using SDDL" -fore White
Write-Host " .\Set-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -sddl `$mysddl" -fore Yellow
Write-Host
}
if(!$DNPath -or (!$acl -and !$sddl) -or $help){HelpMe;Return}
Write-Host
if($verbose){$verbosepreference="continue"}
Write-Verbose " + Processing Object [$DNPath]"
$DE = [ADSI]"LDAP://$DNPath"
if($sddl)
{
Write-Verbose " - Setting ACL using SDDL [$sddl]"
$DE.psbase.ObjectSecurity.SetSecurityDescriptorSddlForm($sddl)
}
else
{
foreach($ace in $acl)
{
Write-Verbose " - Adding Permission [$($ace.ActiveDirectoryRights)] to [$($ace.IdentityReference)]"
$DE.psbase.ObjectSecurity.SetAccessRule($ace)
}
}
$DE.psbase.commitchanges()
Write-Host

More Info
I used the following .NET Classes
System.DirectoryServices.DirectoryEntry
http://msdn2.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx
System.DirectoryServices.ActiveDirectoryAccessRule
http://msdn2.microsoft.com/en-us/library/system.directoryservices.activedirectoryaccessrule.aspx
System.DirectoryServices.ActiveDirectorySecurity
http://msdn2.microsoft.com/en-us/library/system.directoryservices.activedirectorysecurity.aspx
System.Security.AccessControl.AccessControlSections
http://msdn2.microsoft.com/en-us/library/system.security.accesscontrol.accesscontrolsections(vs.80).aspx

SDDL Info
MS: http://msdn2.microsoft.com/en-us/library/aa379567.aspx

tshell :: Mar.30.2008 :: .NET, Active Directory, HowTo, Powershell, Scripting :: 2 Comments »

More userAccountControl Flag Fun (Convert-ToUACFlag.ps1)

A question on the NG made me think about this. While I personally prefer the decimal that comes from userAccountControl, others may prefer to actually see the FLAGS that are set.

Here is the script I came up with. It will output and array by default, but -toString will output a “,” delimited string.

It has a great -help function with -verbose output that explains each UAC Flag

Convert-ToUACFlag.ps1

# Convert-ToUACFlag.ps1
Param([int]$uac,[switch]$ToString,[switch]$help,[switch]$verbose)
function HelpMe{
Write-Host
Write-Host " Convert-ToUACFlag.ps1:" -fore Green
Write-Host " Converts UAC from Decimal or Hex to User Account Control Flags (described verbose help)"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -UAC : Parameter User Account Control Value"
Write-Host " -toString : [SWITCH] Output to String instead of Array"
Write-Host " -Help : [SWITCH] Displays This"
Write-Host " -Verbose : [SWITCH] Displays This and User Account Control Definitions"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Convert to Flag getting back array" -fore White
Write-Host " .\Convert-ToUACFlag.ps1 69649" -fore Yellow
Write-Host " Convert to Flag getting back string" -fore White
Write-Host " .\Convert-ToUACFlag.ps1 69649 -toString" -fore Yellow
Write-Host
if($verbose)
{
Write-Host " User Account Control Flags and Definition" -fore Green
Write-Host " + SCRIPT" -fore Yellow
Write-Host " - The logon script will be run."
Write-Host
Write-Host " + ACCOUNTDISABLE" -fore Yellow
Write-Host " - The user account is disabled."
Write-Host
Write-Host " + HOMEDIR_REQUIRED" -fore Yellow
Write-Host " - The home folder is required."
Write-Host
Write-Host " + PASSWD_NOTREQD" -fore Yellow
Write-Host " - No password is required."
Write-Host
Write-Host " + PASSWD_CANT_CHANGE" -fore Yellow
Write-Host " - The user cannot change the password."
Write-Host " - This is a permission on the user’s object."
Write-Host
Write-Host " + ENCRYPTED_TEXT_PASSWORD_ALLOWED" -fore Yellow
Write-Host " - The user can send an encrypted password."
Write-Host
Write-Host " + TEMP_DUPLICATE_ACCOUNT" -fore Yellow
Write-Host " - This is an account for users whose primary account is in another domain."
Write-Host " - This account provides user access to this domain,"
Write-Host " but not to any domain that trusts this domain."
Write-Host " - This is sometimes referred to as a local user account."
Write-Host
Write-Host " + NORMAL_ACCOUNT" -fore Yellow
Write-Host " - This is a default account type that represents a typical user."
Write-Host
Write-Host " + INTERDOMAIN_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a permit to trust an account for a system domain that trusts other domains."
Write-Host
Write-Host " + WORKSTATION_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a computer account for a computer that is running"
Write-Host " - Microsoft Windows NT 4.0 and above and is a member of this domain."
Write-Host
Write-Host " + SERVER_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a computer account for a domain controller that is a member of this domain."
Write-Host
Write-Host " + DONT_EXPIRE_PASSWD" -fore Yellow
Write-Host " - Represents the password, which should never expire on the account."
Write-Host
Write-Host " + MNS_LOGON_ACCOUNT" -fore Yellow
Write-Host " - This is an MNS logon account."
Write-Host
Write-Host " + SMARTCARD_REQUIRED" -fore Yellow
Write-Host " - When this flag is set, it forces the user to log on by using a smart card."
Write-Host
Write-Host " + TRUSTED_FOR_DELEGATION" -fore Yellow
Write-Host " - When this flag is set, the service account (the user or computer account)"
Write-Host " under which a service runs is trusted for Kerberos delegation."
Write-Host " - Any such service can impersonate a client requesting the service."
Write-Host " - To enable a service for Kerberos delegation, you must set this flag on the"
Write-Host " userAccountControl property of the service account."
Write-Host
Write-Host " + NOT_DELEGATED" -fore Yellow
Write-Host " - When this flag is set, the security context of the user is not delegated to"
Write-Host " a service even if the service account is set as trusted for Kerberos delegation."
Write-Host
Write-Host " + USE_DES_KEY_ONLY" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) Restrict this principal to use only"
Write-Host " Data Encryption Standard (DES) encryption types for keys."
Write-Host
Write-Host " + DONT_REQUIRE_PREAUTH" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) This account does not require"
Write-Host " Kerberos pre+authentication for logging on."
Write-Host
Write-Host " + PASSWORD_EXPIRED" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) The user’s password has expired."
Write-Host
Write-Host " + TRUSTED_TO_AUTH_FOR_DELEGATION" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) The account is enabled for delegation."
Write-Host " - This is a security-sensitive setting."
Write-Host " - Accounts with this option enabled should be tightly controlled."
Write-Host " - This setting allows a service that runs under the account to assume a client’s"
Write-Host " identity and authenticate as that user to other remote servers on the network."
}
Write-Host
}
if(!$uac -or $help){HelpMe;Return}
$flags = @()
switch ($uac)
{
{($uac -bor 0×0002) -eq $uac} {$flags += "ACCOUNTDISABLE"}
{($uac -bor 0×0008) -eq $uac} {$flags += "HOMEDIR_REQUIRED"}
{($uac -bor 0×0010) -eq $uac} {$flags += "LOCKOUT"}
{($uac -bor 0×0020) -eq $uac} {$flags += "PASSWD_NOTREQD"}
{($uac -bor 0×0040) -eq $uac} {$flags += "PASSWD_CANT_CHANGE"}
{($uac -bor 0×0080) -eq $uac} {$flags += "ENCRYPTED_TEXT_PWD_ALLOWED"}
{($uac -bor 0×0100) -eq $uac} {$flags += "TEMP_DUPLICATE_ACCOUNT"}
{($uac -bor 0×0200) -eq $uac} {$flags += "NORMAL_ACCOUNT"}
{($uac -bor 0×0800) -eq $uac} {$flags += "INTERDOMAIN_TRUST_ACCOUNT"}
{($uac -bor 0×1000) -eq $uac} {$flags += "WORKSTATION_TRUST_ACCOUNT"}
{($uac -bor 0×2000) -eq $uac} {$flags += "SERVER_TRUST_ACCOUNT"}
{($uac -bor 0×10000) -eq $uac} {$flags += "DONT_EXPIRE_PASSWORD"}
{($uac -bor 0×20000) -eq $uac} {$flags += "MNS_LOGON_ACCOUNT"}
{($uac -bor 0×40000) -eq $uac} {$flags += "SMARTCARD_REQUIRED"}
{($uac -bor 0×80000) -eq $uac} {$flags += "TRUSTED_FOR_DELEGATION"}
{($uac -bor 0×100000) -eq $uac} {$flags += "NOT_DELEGATED"}
{($uac -bor 0×200000) -eq $uac} {$flags += "USE_DES_KEY_ONLY"}
{($uac -bor 0×400000) -eq $uac} {$flags += "DONT_REQ_PREAUTH"}
{($uac -bor 0×800000) -eq $uac} {$flags += "PASSWORD_EXPIRED"}
{($uac -bor 0×1000000) -eq $uac} {$flags += "TRUSTED_TO_AUTH_FOR_DELEGATION"}
}
if($toString){$flags | %{if($mystring){$mystring += ",$_"}else{$mystring = $_}};$mystring}else{$flags}

Oisin the “obsessive programmer” sent me this as another option

param
([int]$value)
$flags = @("","ACCOUNTDISABLE","", "HOMEDIR_REQUIRED",
"LOCKOUT", "PASSWD_NOTREQD","PASSWD_CANT_CHANGE", "ENCRYPTED_TEXT_PWD_ALLOWED",
"TEMP_DUPLICATE_ACCOUNT", "NORMAL_ACCOUNT", "","INTERDOMAIN_TRUST_ACCOUNT", "WORKSTATION_TRUST_ACCOUNT",
"SERVER_TRUST_ACCOUNT", "", "", "DONT_EXPIRE_PASSWORD", "MNS_LOGON_ACCOUNT", "SMARTCARD_REQUIRED",
"TRUSTED_FOR_DELEGATION", "NOT_DELEGATED","USE_DES_KEY_ONLY", "DONT_REQ_PREAUTH",
"PASSWORD_EXPIRED", "TRUSTED_TO_AUTH_FOR_DELEGATION")
1..($flags.length) | ? {$value -band [math]::Pow(2,$_)} | % { $flags[$_] }

tshell :: Mar.28.2008 :: Active Directory, HowTo, Powershell, Scripting :: No Comments »

A collection of LDAP Filter Info

I often find myself googling for LDAP filter info. This time I decided to post the resulting set of websites I hit for this info.

NOTE: MS release the Specs for Active Directory’s LDAP Compliance here. GREAT DOC!
http://download.microsoft.com/download/d/c/8/dc83e0b8-fc2c-4af4-bd27-45b5963ad98d/AD%20LDAP%20Compliance.doc

Blog Entry on LDAP Filters
————————-
http://bsonposh.com/modules/wordpress/?p=78

LDAP Filter Articles
——————-
query Active Directory by using a bitwise filter
http://support.microsoft.com/kb/269181

Search Filter Syntax
http://msdn2.microsoft.com/en-us/library/aa746475.aspx

Mastering the LDAP search filter
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1191071,00.html

userAccountControl
——————-
UserAccountControl flags
http://support.microsoft.com/kb/305144

User-Account-Control Attribute (Windows)
http://msdn2.microsoft.com/en-us/library/ms680832.aspx

tshell :: Mar.27.2008 :: Active Directory, HowTo, Powershell :: 1 Comment »

Citrix Policies and Powershell (Double the Pleasure!)

I notice there was entry on Brian Madden forums about creating Citrix Policies. http://www.brianmadden.com/Forum/Topic/97139

I decided to spend a little time looking at this from a script perspective and here are some examples of dealing with Citrix Policies that I came up with.

Just a FYI
I hear tell there will be some Citrix CMDLets coming very soon that will make working with Citrix amazingly simple (which will include an import/export Citrix policy cmdlets.) I cannot tell you how revolutionary this will be for your typical Citrix Admin.

You can find the Citrix Enums here
http://bsonposh.com/modules/wordpress/?p=62

Script To Get Citrix Policy

# Get-CitrixPolicy.ps1
Param($Server,$PolicyName = ".*")
# Enums in Use
$MetaFrameUnknownObject = 0
$MetaFrameWinFarmObject = 1
# Getting Farm Object
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize($MetaFrameWinFarmObject)
# Getting Policies that Match Name and Loading Data
$pol = $mfarm.policies($MetaFrameUnknownObject) | ?{$_.Name -match $PolicyName}
$pol | %{$_.LoadData($true)}
$pol

Script To Create a New Citrix Policy

# New-CitrixPolicy.ps1
Param($Server,$PolicyName,$PolicyDescription)
if(!$PolicyDescription){$PolicyDescription=$PolicyName)
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize(1)
$NewPolicy = $mfarm.CreatePolicy(19,$PolicyName,$PolicyDescription)

Script To Remove a Citrix Policy

# Remove-CitrixPolicy.ps1
Param($Server,$PolicyName = $(throw ‘$PolicyName is Required’),[switch]$whatif)
# Enums in Use
$MetaFrameUnknownObject = 0
$MetaFrameWinFarmObject = 1
# Getting Farm Object
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize($MetaFrameWinFarmObject)
# Getting Policies that Match Name and Loading Data
$policies = $mfarm.policies($MetaFrameUnknownObject) | ?{$_.Name -eq $PolicyName}
foreach($pol in $policies)
{
if($whatif){Write-Host " What if: Performing operation `"Delete`" on Target `"$($pol.Name)`". " -foreground yellow}
else{Write-Host " - Deleting $($pol.Name)";$pol.Delete()}
}

tshell :: Mar.25.2008 :: Citrix, HowTo, Powershell, Scripting :: 2 Comments »

Exchange: Get-LogonStatistics (Return Info)

TypeName: Microsoft.Exchange.Data.Mapi.LogonStatistics
Name MemberType Definition
—- ———- ———-
AdapterSpeed Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ClientIPAddress Property System.String ClientIPAddress {get;}
ClientMode Property Microsoft.Exchange.Data.Mapi.ClientMode ClientMode {get;}
ClientName Property System.String ClientName {get;}
ClientVersion Property System.String ClientVersion {get;}
CodePage Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenAttachments Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenFolders Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenMessages Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
DatabaseName Property System.String DatabaseName {get;}
FolderOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
FullMailboxDirectoryName Property System.String FullMailboxDirectoryName {get;}
FullUserDirectoryName Property System.String FullUserDirectoryName {get;}
HostAddress Property System.String HostAddress {get;}
Identity Property Microsoft.Exchange.Data.Mapi.MailboxId Identity {get;}
IsValid Property System.Boolean IsValid {get;}
LastAccessTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, …
Latency Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
LocaleID Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
LogonTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, …
MACAddress Property System.String MACAddress {get;}
MessagingOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
OriginatingServer Property Microsoft.Exchange.Data.Fqdn OriginatingServer {get;}
OtherOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ProgressOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
RPCCallsSucceeded Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ServerName Property System.String ServerName {get;}
StorageGroupName Property System.String StorageGroupName {get;}
StreamOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TableOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TotalOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TransferOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
UserName Property System.String UserName {get;}
Windows2000Account Property System.String Windows2000Account {get;}

tshell :: Mar.21.2008 :: All, Exchange, Powershell :: No Comments »

Exchange: Get-MailboxCalendarConfiguration(Return Info)

TypeName: Microsoft.Exchange.InfoWorker.CalendarSettings.CalendarConfiguration
Name MemberType Definition
—- ———- ———-
AddAdditionalResponse Property System.Boolean AddAdditionalResponse {get;set;}
AdditionalResponse Property System.String AdditionalResponse {get;set;}
AddNewRequestsTentatively Property System.Boolean AddNewRequestsTentatively {get;set;}
AddOrganizerToSubject Property System.Boolean AddOrganizerToSubject {get;set;}
AllBookInPolicy Property System.Boolean AllBookInPolicy {get;set;}
AllowConflicts Property System.Boolean AllowConflicts {get;set;}
AllowRecurringMeetings Property System.Boolean AllowRecurringMeetings {get;set;}
AllRequestInPolicy Property System.Boolean AllRequestInPolicy {get;set;}
AllRequestOutOfPolicy Property System.Boolean AllRequestOutOfPolicy {get;set;}
AutomateProcessing Property Microsoft.Exchange.Data.Storage.CalendarProcessingFlags AutomateProce…
BookingWindowInDays Property System.Int32 BookingWindowInDays {get;set;}
BookInPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ConflictPercentageAllowed Property System.Int32 ConflictPercentageAllowed {get;set;}
DefaultReminderTime Property System.Int32 DefaultReminderTime {get;set;}
DeleteAttachments Property System.Boolean DeleteAttachments {get;set;}
DeleteComments Property System.Boolean DeleteComments {get;set;}
DeleteNonCalendarItems Property System.Boolean DeleteNonCalendarItems {get;set;}
DeleteSubject Property System.Boolean DeleteSubject {get;set;}
DisableReminders Property System.Boolean DisableReminders {get;set;}
EnableResponseDetails Property System.Boolean EnableResponseDetails {get;set;}
EnforceSchedulingHorizon Property System.Boolean EnforceSchedulingHorizon {get;set;}
ForwardRequestsToDelegates Property System.Boolean ForwardRequestsToDelegates {get;set;}
Identity Property Microsoft.Exchange.Data.ObjectId Identity {get;set;}
MaximumConflictInstances Property System.Int32 MaximumConflictInstances {get;set;}
MaximumDurationInMinutes Property System.Int32 MaximumDurationInMinutes {get;set;}
OrganizerInfo Property System.Boolean OrganizerInfo {get;set;}
ProcessExternalMeetingMessages Property System.Boolean ProcessExternalMeetingMessages {get;set;}
RemoveForwardedMeetingNotifications Property System.Boolean RemoveForwardedMeetingNotifications {get;set;}
RemoveOldMeetingMessages Property System.Boolean RemoveOldMeetingMessages {get;set;}
RemovePrivateProperty Property System.Boolean RemovePrivateProperty {get;set;}
RequestInPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
RequestOutOfPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ResourceDelegates Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ScheduleOnlyDuringWorkHours Property System.Boolean ScheduleOnlyDuringWorkHours {get;set;}
TentativePendingApproval Property System.Boolean TentativePendingApproval {get;set;}

tshell :: Mar.21.2008 :: All, Exchange, Powershell :: No Comments »

Exchange: Get-MailUser(Return Info)

TypeName: Microsoft.Exchange.Data.Directory.Management.MailUser
Name MemberType Definition
—- ———- ———-
AcceptMessagesOnlyFrom Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
AcceptMessagesOnlyFromDLMembers Property

The “Power” of SHELL

Archive for March, 2008