BSonPoSH

Get/Set-ADACL (ACL and SDDLs for Active Directory!)

A friend had a need to get/set Active Directory ACLs. So I wrote these.

They will use [System.DirectoryServices.ActiveDirectoryAccessRule] objects or SDDLs strings.

Note: I put the .NET classes and MS Spec for SDDLs at the bottom. Dont miss it!

Get-ADACL.ps1

# Get-ADACL.ps1
Param($DNPath,[switch]$SDDL,[switch]$help,[switch]$verbose)
function HelpMe{
Write-Host
Write-Host " Get-ADACL.ps1:" -fore Green
Write-Host " Gets ACL object or SDDL for AD Object"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -DNPath : Parameter: DN of Object"
Write-Host " -sddl : [SWITCH]: Output SDDL instead of ACL Object"
Write-Host " -Verbose : [SWITCH]: Enables Verbose Output"
Write-Host " -Help : [SWITCH]: Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Get ACL for ‘cn=users,dc=corp,dc=lab’" -fore White
Write-Host " .\Get-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’" -fore Yellow
Write-Host " Get SDDL for ‘cn=users,dc=corp,dc=lab’" -fore White
Write-Host " .\Get-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -sddl " -fore Yellow
Write-Host
}

if(!$DNPath -or $help){HelpMe;return}

Write-Host
if($verbose){$verbosepreference="continue"}

Write-Verbose " + Processing Object [$DNPath]"
$DE = [ADSI]"LDAP://$DNPath"

Write-Verbose " – Getting ACL"
$acl = $DE.psbase.ObjectSecurity
if($SDDL)
{
Write-Verbose " – Returning SDDL"
$acl.GetSecurityDescriptorSddlForm([System.Security.AccessControl.AccessControlSections]::All)
}
else
{
Write-Verbose " – Returning ACL Object [System.DirectoryServices.ActiveDirectoryAccessRule]"
$acl.GetAccessRules($true,$true,[System.Security.Principal.SecurityIdentifier])
}

Set-ADACL.ps1

# Set-ADACL.ps1
Param($DNPath,$acl,$sddl,[switch]$verbose,[switch]$help)
function HelpMe{
Write-Host
Write-Host " Set-ADACL.ps1:" -fore Green
Write-Host " Sets the AD Object ACL to ‘ACL Object’ or ‘SDDL’ String"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -DNPath : Parameter: DN of Object"
Write-Host " -ACL : Parameter: ACL Object"
Write-Host " -sddl : Parameter: SDDL String"
Write-Host " -Verbose : [SWITCH]: Enables Verbose Output"
Write-Host " -Help : [SWITCH]: Displays This"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Set ACL on ‘cn=users,dc=corp,dc=lab’ using ACL Object" -fore White
Write-Host " .\Set-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -ACL $acl" -fore Yellow
Write-Host " Set ACL on ‘cn=users,dc=corp,dc=lab’ using SDDL" -fore White
Write-Host " .\Set-ADACL.ps1 ‘cn=users,dc=corp,dc=lab’ -sddl `$mysddl" -fore Yellow
Write-Host
}

if(!$DNPath -or (!$acl -and !$sddl) -or $help){HelpMe;Return}

Write-Host
if($verbose){$verbosepreference="continue"}
Write-Verbose " + Processing Object [$DNPath]"

$DE = [ADSI]"LDAP://$DNPath"
if($sddl)
{
Write-Verbose " – Setting ACL using SDDL [$sddl]"
$DE.psbase.ObjectSecurity.SetSecurityDescriptorSddlForm($sddl)
}
else
{
foreach($ace in $acl)
{
Write-Verbose " – Adding Permission [$($ace.ActiveDirectoryRights)] to [$($ace.IdentityReference)]"
$DE.psbase.ObjectSecurity.SetAccessRule($ace)
}
}
$DE.psbase.commitchanges()
Write-Host

More Info
I used the following .NET Classes
System.DirectoryServices.DirectoryEntry

http://msdn2.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx

System.DirectoryServices.ActiveDirectoryAccessRule

http://msdn2.microsoft.com/en-us/library/system.directoryservices.activedirectoryaccessrule.aspx

System.DirectoryServices.ActiveDirectorySecurity

http://msdn2.microsoft.com/en-us/library/system.directoryservices.activedirectorysecurity.aspx

System.Security.AccessControl.AccessControlSections

http://msdn2.microsoft.com/en-us/library/system.security.accesscontrol.accesscontrolsections(vs.80).aspx

SDDL Info
MS: http://msdn2.microsoft.com/en-us/library/aa379567.aspx

tshell :: Mar.30.2008 :: .NET, Active Directory, HowTo, Powershell, Scripting :: 4 Comments »

More userAccountControl Flag Fun (Convert-ToUACFlag.ps1)

A question on the NG made me think about this. While I personally prefer the decimal that comes from userAccountControl, others may prefer to actually see the FLAGS that are set.

Here is the script I came up with. It will output and array by default, but -toString will output a “,” delimited string.

It has a great -help function with -verbose output that explains each UAC Flag

Convert-ToUACFlag.ps1

# Convert-ToUACFlag.ps1
Param([int]$uac,[switch]$ToString,[switch]$help,[switch]$verbose)
function HelpMe{
Write-Host
Write-Host " Convert-ToUACFlag.ps1:" -fore Green
Write-Host " Converts UAC from Decimal or Hex to User Account Control Flags (described verbose help)"
Write-Host
Write-Host " Parameters:" -fore Green
Write-Host " -UAC : Parameter User Account Control Value"
Write-Host " -toString : [SWITCH] Output to String instead of Array"
Write-Host " -Help : [SWITCH] Displays This"
Write-Host " -Verbose : [SWITCH] Displays This and User Account Control Definitions"
Write-Host
Write-Host " Examples:" -fore Green
Write-Host " Convert to Flag getting back array" -fore White
Write-Host " .\Convert-ToUACFlag.ps1 69649" -fore Yellow
Write-Host " Convert to Flag getting back string" -fore White
Write-Host " .\Convert-ToUACFlag.ps1 69649 -toString" -fore Yellow
Write-Host
if($verbose)
{
Write-Host " User Account Control Flags and Definition" -fore Green
Write-Host " + SCRIPT" -fore Yellow
Write-Host " - The logon script will be run."
Write-Host
Write-Host " + ACCOUNTDISABLE" -fore Yellow
Write-Host " - The user account is disabled."
Write-Host
Write-Host " + HOMEDIR_REQUIRED" -fore Yellow
Write-Host " - The home folder is required."
Write-Host
Write-Host " + PASSWD_NOTREQD" -fore Yellow
Write-Host " - No password is required."
Write-Host
Write-Host " + PASSWD_CANT_CHANGE" -fore Yellow
Write-Host " - The user cannot change the password."
Write-Host " - This is a permission on the user’s object."
Write-Host
Write-Host " + ENCRYPTED_TEXT_PASSWORD_ALLOWED" -fore Yellow
Write-Host " - The user can send an encrypted password."
Write-Host
Write-Host " + TEMP_DUPLICATE_ACCOUNT" -fore Yellow
Write-Host " - This is an account for users whose primary account is in another domain."
Write-Host " - This account provides user access to this domain,"
Write-Host " but not to any domain that trusts this domain."
Write-Host " - This is sometimes referred to as a local user account."
Write-Host
Write-Host " + NORMAL_ACCOUNT" -fore Yellow
Write-Host " - This is a default account type that represents a typical user."
Write-Host
Write-Host " + INTERDOMAIN_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a permit to trust an account for a system domain that trusts other domains."
Write-Host
Write-Host " + WORKSTATION_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a computer account for a computer that is running"
Write-Host " - Microsoft Windows NT 4.0 and above and is a member of this domain."
Write-Host
Write-Host " + SERVER_TRUST_ACCOUNT" -fore Yellow
Write-Host " - This is a computer account for a domain controller that is a member of this domain."
Write-Host
Write-Host " + DONT_EXPIRE_PASSWD" -fore Yellow
Write-Host " - Represents the password, which should never expire on the account."
Write-Host
Write-Host " + MNS_LOGON_ACCOUNT" -fore Yellow
Write-Host " - This is an MNS logon account."
Write-Host
Write-Host " + SMARTCARD_REQUIRED" -fore Yellow
Write-Host " - When this flag is set, it forces the user to log on by using a smart card."
Write-Host
Write-Host " + TRUSTED_FOR_DELEGATION" -fore Yellow
Write-Host " - When this flag is set, the service account (the user or computer account)"
Write-Host " under which a service runs is trusted for Kerberos delegation."
Write-Host " - Any such service can impersonate a client requesting the service."
Write-Host " - To enable a service for Kerberos delegation, you must set this flag on the"
Write-Host " userAccountControl property of the service account."
Write-Host
Write-Host " + NOT_DELEGATED" -fore Yellow
Write-Host " - When this flag is set, the security context of the user is not delegated to"
Write-Host " a service even if the service account is set as trusted for Kerberos delegation."
Write-Host
Write-Host " + USE_DES_KEY_ONLY" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) Restrict this principal to use only"
Write-Host " Data Encryption Standard (DES) encryption types for keys."
Write-Host
Write-Host " + DONT_REQUIRE_PREAUTH" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) This account does not require"
Write-Host " Kerberos pre+authentication for logging on."
Write-Host
Write-Host " + PASSWORD_EXPIRED" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) The user’s password has expired."
Write-Host
Write-Host " + TRUSTED_TO_AUTH_FOR_DELEGATION" -fore Yellow
Write-Host " - (Windows 2000/Windows Server 2003) The account is enabled for delegation."
Write-Host " - This is a security-sensitive setting."
Write-Host " - Accounts with this option enabled should be tightly controlled."
Write-Host " - This setting allows a service that runs under the account to assume a client’s"
Write-Host " identity and authenticate as that user to other remote servers on the network."
}
Write-Host
}

if(!$uac -or $help){HelpMe;Return}
$flags = @()
switch ($uac)
{
{($uac -bor 0×0002) -eq $uac} {$flags += "ACCOUNTDISABLE"}
{($uac -bor 0×0008) -eq $uac} {$flags += "HOMEDIR_REQUIRED"}
{($uac -bor 0×0010) -eq $uac} {$flags += "LOCKOUT"}
{($uac -bor 0×0020) -eq $uac} {$flags += "PASSWD_NOTREQD"}
{($uac -bor 0×0040) -eq $uac} {$flags += "PASSWD_CANT_CHANGE"}
{($uac -bor 0×0080) -eq $uac} {$flags += "ENCRYPTED_TEXT_PWD_ALLOWED"}
{($uac -bor 0×0100) -eq $uac} {$flags += "TEMP_DUPLICATE_ACCOUNT"}
{($uac -bor 0×0200) -eq $uac} {$flags += "NORMAL_ACCOUNT"}
{($uac -bor 0×0800) -eq $uac} {$flags += "INTERDOMAIN_TRUST_ACCOUNT"}
{($uac -bor 0×1000) -eq $uac} {$flags += "WORKSTATION_TRUST_ACCOUNT"}
{($uac -bor 0×2000) -eq $uac} {$flags += "SERVER_TRUST_ACCOUNT"}
{($uac -bor 0×10000) -eq $uac} {$flags += "DONT_EXPIRE_PASSWORD"}
{($uac -bor 0×20000) -eq $uac} {$flags += "MNS_LOGON_ACCOUNT"}
{($uac -bor 0×40000) -eq $uac} {$flags += "SMARTCARD_REQUIRED"}
{($uac -bor 0×80000) -eq $uac} {$flags += "TRUSTED_FOR_DELEGATION"}
{($uac -bor 0×100000) -eq $uac} {$flags += "NOT_DELEGATED"}
{($uac -bor 0×200000) -eq $uac} {$flags += "USE_DES_KEY_ONLY"}
{($uac -bor 0×400000) -eq $uac} {$flags += "DONT_REQ_PREAUTH"}
{($uac -bor 0×800000) -eq $uac} {$flags += "PASSWORD_EXPIRED"}
{($uac -bor 0×1000000) -eq $uac} {$flags += "TRUSTED_TO_AUTH_FOR_DELEGATION"}
}
if($toString){$flags | %{if($mystring){$mystring += ",$_"}else{$mystring = $_}};$mystring}else{$flags}

Oisin the “obsessive programmer” sent me this as another option

param
([int]$value)
$flags = @("","ACCOUNTDISABLE","", "HOMEDIR_REQUIRED",
"LOCKOUT", "PASSWD_NOTREQD","PASSWD_CANT_CHANGE", "ENCRYPTED_TEXT_PWD_ALLOWED",
"TEMP_DUPLICATE_ACCOUNT", "NORMAL_ACCOUNT", "","INTERDOMAIN_TRUST_ACCOUNT", "WORKSTATION_TRUST_ACCOUNT",
"SERVER_TRUST_ACCOUNT", "", "", "DONT_EXPIRE_PASSWORD", "MNS_LOGON_ACCOUNT", "SMARTCARD_REQUIRED",
"TRUSTED_FOR_DELEGATION", "NOT_DELEGATED","USE_DES_KEY_ONLY", "DONT_REQ_PREAUTH",
"PASSWORD_EXPIRED", "TRUSTED_TO_AUTH_FOR_DELEGATION")
1..($flags.length) | ? {$value -band [math]::Pow(2,$_)} | % { $flags[$_] }

tshell :: Mar.28.2008 :: Active Directory, HowTo, Powershell, Scripting :: 1 Comment »

A collection of LDAP Filter Info

I often find myself googling for LDAP filter info. This time I decided to post the resulting set of websites I hit for this info.

NOTE: MS release the Specs for Active Directory’s LDAP Compliance here. GREAT DOC!

http://download.microsoft.com/download/d/c/8/dc83e0b8-fc2c-4af4-bd27-45b5963ad98d/AD%20LDAP%20Compliance.doc

Blog Entry on LDAP Filters
————————-

http://bsonposh.com/modules/wordpress/?p=78

LDAP Filter Articles
——————-
query Active Directory by using a bitwise filter

http://support.microsoft.com/kb/269181

Search Filter Syntax

http://msdn2.microsoft.com/en-us/library/aa746475.aspx

Mastering the LDAP search filter

http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1191071,00.html

userAccountControl
——————-
UserAccountControl flags

http://support.microsoft.com/kb/305144

User-Account-Control Attribute (Windows)

http://msdn2.microsoft.com/en-us/library/ms680832.aspx

tshell :: Mar.27.2008 :: Active Directory, HowTo, Powershell :: 1 Comment »

Citrix Policies and Powershell (Double the Pleasure!)

I notice there was entry on Brian Madden forums about creating Citrix Policies. http://www.brianmadden.com/Forum/Topic/97139

I decided to spend a little time looking at this from a script perspective and here are some examples of dealing with Citrix Policies that I came up with.

Just a FYI
I hear tell there will be some Citrix CMDLets coming very soon that will make working with Citrix amazingly simple (which will include an import/export Citrix policy cmdlets.) I cannot tell you how revolutionary this will be for your typical Citrix Admin.

You can find the Citrix Enums here

http://bsonposh.com/modules/wordpress/?p=62

Script To Get Citrix Policy

# Get-CitrixPolicy.ps1
Param($Server,$PolicyName = ".*")

# Enums in Use
$MetaFrameUnknownObject = 0
$MetaFrameWinFarmObject = 1

# Getting Farm Object
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize($MetaFrameWinFarmObject)

# Getting Policies that Match Name and Loading Data
$pol = $mfarm.policies($MetaFrameUnknownObject) | ?{$_.Name -match $PolicyName}
$pol | %{$_.LoadData($true)}
$pol

Script To Create a New Citrix Policy

# New-CitrixPolicy.ps1
Param($Server,$PolicyName,$PolicyDescription)
if(!$PolicyDescription){$PolicyDescription=$PolicyName)
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize(1)
$NewPolicy = $mfarm.CreatePolicy(19,$PolicyName,$PolicyDescription)

Script To Remove a Citrix Policy

# Remove-CitrixPolicy.ps1
Param($Server,$PolicyName = $(throw ‘$PolicyName is Required’),[switch]$whatif)

# Enums in Use
$MetaFrameUnknownObject = 0
$MetaFrameWinFarmObject = 1

# Getting Farm Object
$type = [System.Type]::GetTypeFromProgID("MetaframeCOM.MetaframeFarm",$Server)
$mfarm = [system.Activator]::CreateInstance($type)
$mfarm.Initialize($MetaFrameWinFarmObject)

# Getting Policies that Match Name and Loading Data
$policies = $mfarm.policies($MetaFrameUnknownObject) | ?{$_.Name -eq $PolicyName}
foreach($pol in $policies)
{
if($whatif){Write-Host " What if: Performing operation `"Delete`" on Target `"$($pol.Name)`". " -foreground yellow}
else{Write-Host " – Deleting $($pol.Name)";$pol.Delete()}
}

tshell :: Mar.25.2008 :: Citrix, HowTo, Powershell, Scripting :: 2 Comments »

Exchange: Get-LogonStatistics (Return Info)

TypeName: Microsoft.Exchange.Data.Mapi.LogonStatistics

Name MemberType Definition
—- ———- ———-
AdapterSpeed Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ClientIPAddress Property System.String ClientIPAddress {get;}
ClientMode Property Microsoft.Exchange.Data.Mapi.ClientMode ClientMode {get;}
ClientName Property System.String ClientName {get;}
ClientVersion Property System.String ClientVersion {get;}
CodePage Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenAttachments Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenFolders Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
CurrentOpenMessages Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
DatabaseName Property System.String DatabaseName {get;}
FolderOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
FullMailboxDirectoryName Property System.String FullMailboxDirectoryName {get;}
FullUserDirectoryName Property System.String FullUserDirectoryName {get;}
HostAddress Property System.String HostAddress {get;}
Identity Property Microsoft.Exchange.Data.Mapi.MailboxId Identity {get;}
IsValid Property System.Boolean IsValid {get;}
LastAccessTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, …
Latency Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
LocaleID Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
LogonTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, …
MACAddress Property System.String MACAddress {get;}
MessagingOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
OriginatingServer Property Microsoft.Exchange.Data.Fqdn OriginatingServer {get;}
OtherOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ProgressOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
RPCCallsSucceeded Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
ServerName Property System.String ServerName {get;}
StorageGroupName Property System.String StorageGroupName {get;}
StreamOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TableOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TotalOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
TransferOperationCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
UserName Property System.String UserName {get;}
Windows2000Account Property System.String Windows2000Account {get;}

tshell :: Mar.21.2008 :: All, Exchange, Powershell :: No Comments »

Exchange: Get-MailboxCalendarConfiguration(Return Info)

TypeName: Microsoft.Exchange.InfoWorker.CalendarSettings.CalendarConfiguration

Name MemberType Definition
—- ———- ———-
AddAdditionalResponse Property System.Boolean AddAdditionalResponse {get;set;}
AdditionalResponse Property System.String AdditionalResponse {get;set;}
AddNewRequestsTentatively Property System.Boolean AddNewRequestsTentatively {get;set;}
AddOrganizerToSubject Property System.Boolean AddOrganizerToSubject {get;set;}
AllBookInPolicy Property System.Boolean AllBookInPolicy {get;set;}
AllowConflicts Property System.Boolean AllowConflicts {get;set;}
AllowRecurringMeetings Property System.Boolean AllowRecurringMeetings {get;set;}
AllRequestInPolicy Property System.Boolean AllRequestInPolicy {get;set;}
AllRequestOutOfPolicy Property System.Boolean AllRequestOutOfPolicy {get;set;}
AutomateProcessing Property Microsoft.Exchange.Data.Storage.CalendarProcessingFlags AutomateProce…
BookingWindowInDays Property System.Int32 BookingWindowInDays {get;set;}
BookInPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ConflictPercentageAllowed Property System.Int32 ConflictPercentageAllowed {get;set;}
DefaultReminderTime Property System.Int32 DefaultReminderTime {get;set;}
DeleteAttachments Property System.Boolean DeleteAttachments {get;set;}
DeleteComments Property System.Boolean DeleteComments {get;set;}
DeleteNonCalendarItems Property System.Boolean DeleteNonCalendarItems {get;set;}
DeleteSubject Property System.Boolean DeleteSubject {get;set;}
DisableReminders Property System.Boolean DisableReminders {get;set;}
EnableResponseDetails Property System.Boolean EnableResponseDetails {get;set;}
EnforceSchedulingHorizon Property System.Boolean EnforceSchedulingHorizon {get;set;}
ForwardRequestsToDelegates Property System.Boolean ForwardRequestsToDelegates {get;set;}
Identity Property Microsoft.Exchange.Data.ObjectId Identity {get;set;}
MaximumConflictInstances Property System.Int32 MaximumConflictInstances {get;set;}
MaximumDurationInMinutes Property System.Int32 MaximumDurationInMinutes {get;set;}
OrganizerInfo Property System.Boolean OrganizerInfo {get;set;}
ProcessExternalMeetingMessages Property System.Boolean ProcessExternalMeetingMessages {get;set;}
RemoveForwardedMeetingNotifications Property System.Boolean RemoveForwardedMeetingNotifications {get;set;}
RemoveOldMeetingMessages Property System.Boolean RemoveOldMeetingMessages {get;set;}
RemovePrivateProperty Property System.Boolean RemovePrivateProperty {get;set;}
RequestInPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
RequestOutOfPolicy Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ResourceDelegates Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Dat…
ScheduleOnlyDuringWorkHours Property System.Boolean ScheduleOnlyDuringWorkHours {get;set;}
TentativePendingApproval Property System.Boolean TentativePendingApproval {get;set;}

tshell :: Mar.21.2008 :: All, Exchange, Powershell :: No Comments »

Exchange: Get-MailUser(Return Info)

TypeName: Microsoft.Exchange.Data.Directory.Management.MailUser

Name MemberType Definition
—- ———- ———-
AcceptMessagesOnlyFrom Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
AcceptMessagesOnlyFromDLMembers Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
AddressListMembership Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
Alias Property System.String Alias {get;set;}
CustomAttribute1 Property System.String CustomAttribute1 {get;set;}
CustomAttribute10 Property System.String CustomAttribute10 {get;set;}
CustomAttribute11 Property System.String CustomAttribute11 {get;set;}
CustomAttribute12 Property System.String CustomAttribute12 {get;set;}
CustomAttribute13 Property System.String CustomAttribute13 {get;set;}
CustomAttribute14 Property System.String CustomAttribute14 {get;set;}
CustomAttribute15 Property System.String CustomAttribute15 {get;set;}
CustomAttribute2 Property System.String CustomAttribute2 {get;set;}
CustomAttribute3 Property System.String CustomAttribute3 {get;set;}
CustomAttribute4 Property System.String CustomAttribute4 {get;set;}
CustomAttribute5 Property System.String CustomAttribute5 {get;set;}
CustomAttribute6 Property System.String CustomAttribute6 {get;set;}
CustomAttribute7 Property System.String CustomAttribute7 {get;set;}
CustomAttribute8 Property System.String CustomAttribute8 {get;set;}
CustomAttribute9 Property System.String CustomAttribute9 {get;set;}
DisplayName Property System.String DisplayName {get;set;}
DistinguishedName Property System.String DistinguishedName {get;}
EmailAddresses Property Microsoft.Exchange.Data.ProxyAddressCollection EmailAddresses {get;set;}
EmailAddressPolicyEnabled Property System.Boolean EmailAddressPolicyEnabled {get;set;}
ExchangeUserAccountControl Property Microsoft.Exchange.Data.Directory.Recipient.UserAccountControlFlags Ex…
ExchangeVersion Property Microsoft.Exchange.Data.ExchangeObjectVersion ExchangeVersion {get;}
Extensions Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
ExternalEmailAddress Property Microsoft.Exchange.Data.ProxyAddress ExternalEmailAddress {get;set;}
GrantSendOnBehalfTo Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
Guid Property System.Guid Guid {get;}
HiddenFromAddressListsEnabled Property System.Boolean HiddenFromAddressListsEnabled {get;set;}
Identity Property Microsoft.Exchange.Data.ObjectId Identity {get;}
IsValid Property System.Boolean IsValid {get;}
LegacyExchangeDN Property System.String LegacyExchangeDN {get;}
MacAttachmentFormat Property Microsoft.Exchange.Data.Directory.Recipient.MacAttachmentFormat MacAtt…
MaxReceiveSize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuant…
MaxSendSize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuant…
MessageBodyFormat Property Microsoft.Exchange.Data.Directory.Recipient.MessageBodyFormat MessageB…
MessageFormat Property Microsoft.Exchange.Data.Directory.Recipient.MessageFormat MessageForma…
Name Property System.String Name {get;set;}
ObjectCategory Property Microsoft.Exchange.Data.Directory.ADObjectId ObjectCategory {get;}
ObjectClass Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
OrganizationalUnit Property System.String OrganizationalUnit {get;}
OriginatingServer Property System.String OriginatingServer {get;}
PoliciesExcluded Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
PoliciesIncluded Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
PrimarySmtpAddress Property Microsoft.Exchange.Data.SmtpAddress PrimarySmtpAddress {get;set;}
ProtocolSettings Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
RecipientLimits Property Microsoft.Exchange.Data.Unlimited`1[[System.Int32, mscorlib, Version=2…
RecipientType Property Microsoft.Exchange.Data.Directory.Recipient.RecipientType RecipientTyp…
RecipientTypeDetails Property Microsoft.Exchange.Data.Directory.Recipient.RecipientTypeDetails Recip…
RejectMessagesFrom Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
RejectMessagesFromDLMembers Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange.Data…
RequireSenderAuthenticationEnabled Property System.Boolean RequireSenderAuthenticationEnabled {get;set;}
SamAccountName Property System.String SamAccountName {get;set;}
SimpleDisplayName Property System.String SimpleDisplayName {get;set;}
UMDtmfMap Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib…
UseMapiRichTextFormat Property Microsoft.Exchange.Data.Directory.Recipient.UseMapiRichTextFormat UseM…
UsePreferMessageFormat Property System.Boolean UsePreferMessageFormat {get;set;}
UserPrincipalName Property System.String UserPrincipalName {get;set;}
WhenChanged Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture…
WhenCreated Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture…
WindowsEmailAddress Property Microsoft.Exchange.Data.SmtpAddress WindowsEmailAddress {get;set;}

tshell :: Mar.21.2008 :: All, Exchange, Powershell :: No Comments »

Exchange: Get-MailboxDatabase(Return Info)

TypeName: Microsoft.Exchange.Data.Directory.SystemConfiguration.MailboxDatabase

Name MemberType Definition
—- ———- ———-
AdminDisplayName Property System.String AdminDisplayName {get;}
AdministrativeGroup Property Microsoft.Exchange.Data.Directory.ADObjectId AdministrativeGroup {get;}
AllowFileRestore Property System.Boolean AllowFileRestore {get;set;}
BackupInProgress Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
CopyEdbFilePath Property Microsoft.Exchange.Data.EdbFilePath CopyEdbFilePath {get;}
DatabaseCreated Property System.Boolean DatabaseCreated {get;}
DeletedItemRetention Property Microsoft.Exchange.Data.EnhancedTimeSpan DeletedItemRetention {get;set;}
Description Property System.String Description {get;}
DistinguishedName Property System.String DistinguishedName {get;}
EdbFilePath Property Microsoft.Exchange.Data.EdbFilePath EdbFilePath {get;}
EventHistoryRetentionPeriod Property Microsoft.Exchange.Data.EnhancedTimeSpan EventHistoryRetentionPeriod {get;…
ExchangeLegacyDN Property System.String ExchangeLegacyDN {get;}
ExchangeVersion Property Microsoft.Exchange.Data.ExchangeObjectVersion ExchangeVersion {get;}
Guid Property System.Guid Guid {get;}
HasLocalCopy Property System.Boolean HasLocalCopy {get;}
Identity Property Microsoft.Exchange.Data.ObjectId Identity {get;}
IndexEnabled Property System.Boolean IndexEnabled {get;set;}
IssueWarningQuota Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuantifie…
IsValid Property System.Boolean IsValid {get;}
JournalRecipient Property Microsoft.Exchange.Data.Directory.ADObjectId JournalRecipient {get;set;}
LastCopyBackup Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…
LastDifferentialBackup Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…
LastFullBackup Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…
LastIncrementalBackup Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…
MailboxRetention Property Microsoft.Exchange.Data.EnhancedTimeSpan MailboxRetention {get;set;}
MaintenanceSchedule Property Microsoft.Exchange.Data.Schedule MaintenanceSchedule {get;set;}
MountAtStartup Property System.Boolean MountAtStartup {get;set;}
Mounted Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
Name Property System.String Name {get;set;}
ObjectCategory Property Microsoft.Exchange.Data.Directory.ADObjectId ObjectCategory {get;}
ObjectClass Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib, Ve…
OfflineAddressBook Property Microsoft.Exchange.Data.Directory.ADObjectId OfflineAddressBook {get;set;}
Organization Property Microsoft.Exchange.Data.Directory.ADObjectId Organization {get;}
OriginalDatabase Property Microsoft.Exchange.Data.Directory.ADObjectId OriginalDatabase {get;}
OriginatingServer Property System.String OriginatingServer {get;}
ProhibitSendQuota Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuantifie…
ProhibitSendReceiveQuota Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuantifie…
PublicFolderDatabase Property Microsoft.Exchange.Data.Directory.ADObjectId PublicFolderDatabase {get;set;}
QuotaNotificationSchedule Property Microsoft.Exchange.Data.Schedule QuotaNotificationSchedule {get;set;}
Recovery Property System.Boolean Recovery {get;}
RetainDeletedItemsUntilBackup Property System.Boolean RetainDeletedItemsUntilBackup {get;set;}
Server Property Microsoft.Exchange.Data.Directory.ADObjectId Server {get;}
ServerName Property System.String ServerName {get;}
SnapshotLastCopyBackup Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
SnapshotLastDifferentialBackup Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
SnapshotLastFullBackup Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
SnapshotLastIncrementalBackup Property System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neut…
StorageGroup Property Microsoft.Exchange.Data.Directory.ADObjectId StorageGroup {get;}
StorageGroupName Property System.String StorageGroupName {get;}
WhenChanged Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…
WhenCreated Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neu…

tshell :: Mar.17.2008 :: All, Exchange, Powershell, Scripting :: No Comments »

Exchange: Get-MailboxServer(Return Info)

TypeName: Microsoft.Exchange.Data.Directory.Management.MailboxServer

Name MemberType Definition
—- ———- ———-
AutoDatabaseMountDial Property Microsoft.Exchange.Data.Directory.SystemConfiguration.AutoDatabas…
ClusteredStorageType Property Microsoft.Exchange.Data.Directory.SystemConfiguration.ClusteredSt…
DistinguishedName Property System.String DistinguishedName {get;}
ExchangeVersion Property Microsoft.Exchange.Data.ExchangeObjectVersion ExchangeVersion {get;}
FolderLogForManagedFoldersEnabled Property System.Boolean FolderLogForManagedFoldersEnabled {get;set;}
ForcedDatabaseMountAfter Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.Enha…
Guid Property System.Guid Guid {get;}
Identity Property Microsoft.Exchange.Data.ObjectId Identity {get;}
IsPhoneticSupportEnabled Property System.Boolean IsPhoneticSupportEnabled {get;}
IsValid Property System.Boolean IsValid {get;}
JournalingLogForManagedFoldersEnabled Property System.Boolean JournalingLogForManagedFoldersEnabled {get;set;}
Locale Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.Globalizati…
LogDirectorySizeLimitForManagedFolders Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.Byte…
LogFileAgeLimitForManagedFolders Property Microsoft.Exchange.Data.EnhancedTimeSpan LogFileAgeLimitForManage…
LogFileSizeLimitForManagedFolders Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.Byte…
LogPathForManagedFolders Property Microsoft.Exchange.Data.LocalLongFullPath LogPathForManagedFolder…
ManagedFolderAssistantSchedule Property Microsoft.Exchange.Common.ScheduleInterval[] ManagedFolderAssista…
MAPIEncryptionRequired Property System.Boolean MAPIEncryptionRequired {get;set;}
MessageTrackingLogEnabled Property System.Boolean MessageTrackingLogEnabled {get;set;}
MessageTrackingLogMaxAge Property Microsoft.Exchange.Data.EnhancedTimeSpan MessageTrackingLogMaxAge…
MessageTrackingLogMaxDirectorySize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.Byte…
MessageTrackingLogMaxFileSize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.Byte…
MessageTrackingLogPath Property Microsoft.Exchange.Data.LocalLongFullPath MessageTrackingLogPath …
MessageTrackingLogSubjectLoggingEnabled Property System.Boolean MessageTrackingLogSubjectLoggingEnabled {get;set;}
Name Property System.String Name {get;}
ObjectCategory Property Microsoft.Exchange.Data.Directory.ADObjectId ObjectCategory {get;}
ObjectClass Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, msc…
OriginatingServer Property System.String OriginatingServer {get;}
RedundantMachines Property Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, msc…
ReplicationNetworks Property Microsoft.Exchange.Data.Directory.SystemConfiguration.Replication…
RetentionLogForManagedFoldersEnabled Property System.Boolean RetentionLogForManagedFoldersEnabled {get;set;}
SubjectLogForManagedFoldersEnabled Property System.Boolean SubjectLogForManagedFoldersEnabled {get;set;}
SubmissionServerOverrideList Property Microsoft.Exchange.Data.MultiValuedProperty`1[[Microsoft.Exchange…
WhenChanged Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Cu…
WhenCreated Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Cu…

tshell :: Mar.17.2008 :: All, Exchange, Powershell, Scripting :: No Comments »

Exchange: Get-MailboxStatistics (Return Info)

TypeName: Microsoft.Exchange.Data.Mapi.MailboxStatistics

Name MemberType Definition
—- ———- ———-
AssociatedItemCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pub…
Database Property Microsoft.Exchange.Data.ObjectId Database {get;}
DatabaseName Property System.String DatabaseName {get;}
DeletedItemCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pub…
DisconnectDate Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, P…
DisplayName Property System.String DisplayName {get;}
Identity Property Microsoft.Exchange.Data.Mapi.MailboxId Identity {get;}
IsValid Property System.Boolean IsValid {get;}
ItemCount Property System.Nullable`1[[System.UInt32, mscorlib, Version=2.0.0.0, Culture=neutral, Pub…
LastLoggedOnUserAccount Property System.String LastLoggedOnUserAccount {get;}
LastLogoffTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, P…
LastLogonTime Property System.Nullable`1[[System.DateTime, mscorlib, Version=2.0.0.0, Culture=neutral, P…
LegacyDN Property System.String LegacyDN {get;}
MailboxGuid Property System.Guid MailboxGuid {get;}
ObjectClass Property Microsoft.Exchange.Data.Mapi.ObjectClass ObjectClass {get;}
OriginatingServer Property Microsoft.Exchange.Data.Fqdn OriginatingServer {get;}
ServerName Property System.String ServerName {get;}
StorageGroupName Property System.String StorageGroupName {get;}
StorageLimitStatus Property System.Nullable`1[[Microsoft.Exchange.Data.Mapi.StorageLimitStatus, Microsoft.Exc…
TotalDeletedItemSize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuantifiedSize, …
TotalItemSize Property Microsoft.Exchange.Data.Unlimited`1[[Microsoft.Exchange.Data.ByteQuantifiedSize, …

tshell :: Mar.17.2008 :: All, Exchange, Powershell, Scripting :: No Comments »

The “Power” of SHELL

Archive for March, 2008

Get/Set-ADACL (ACL and SDDLs for Active Directory!)

More userAccountControl Flag Fun (Convert-ToUACFlag.ps1)

A collection of LDAP Filter Info

Citrix Policies and Powershell (Double the Pleasure!)

Exchange: Get-LogonStatistics (Return Info)

Exchange: Get-MailboxCalendarConfiguration(Return Info)

Exchange: Get-MailUser(Return Info)

Exchange: Get-MailboxDatabase(Return Info)

Exchange: Get-MailboxServer(Return Info)

Exchange: Get-MailboxStatistics (Return Info)

Awards

Non-Posh Blogs

Recent Posts

Meta

The “Power” of SHELL

Archive for March, 2008

Awards

Non-Posh Blogs

Recent Posts

Tags

Meta