Author Archives: Munkhtuvshin Baatar

how properly enter into maintenance mode on Exchange2016/2013 DAG

Let’s assume that we have

ex01.itforce.local and ex02.itforce.local Exchange 2016 servers in DAG cluster. We need to install new CU on this cluster without downtime. (assumed that all CAS, smtp protocols are properly loadbalanced). So we need:

  1. at first disable all workloads/switch to maintenance mode on the node ex01,
  2. install CU on ex01,
  3. reboot ex01
  4. exit from maintenance mode on ex01
  5. enter into maintenance mode on ex02
  6. install CU on ex02,
  7. reboot ex02
  8. exit from maintenance mode on ex02
  9. equally spread workload on both nodes again
#goto ex01
#run in elevated mode powershell for exchange

#prepare smtp transport:
Set-ServerComponentState ex01 
Read the rest

How to report all hidden mailboxes with related AD user Enable status

# find all hidden mailboxes for whole AD  and show AD user’s Enabled/Disabled status, plus with location (in what OU)

get-mailbox -resultsize unlimited | where {($_.IsMailboxEnabled -eq "True") -and ($_.HiddenFromAddressListsEnabled -eq "True" )} | select-object name, samaccountname, @{N="ADAccount-Is-Enabled"; E={(get-aduser -Identity $_.samaccountname).enabled}}, PrimarySmtpAddress, IsMailboxEnabled , HiddenFromAddressListsEnabled, OrganizationalUnit| export-csv -path c:\temp\hidden.csv -NoTypeInformation
Read the rest

How in bulk disable “Protect from accidental deletion” in AD

sample, how to untick/disable attiribute “Protect from accidental deletion” in bulk/batch for whole OU

It can be useful to be able to move, delete ADobjects using powershell, ADManager

$searchb02 = "OU=Disabled Users,DC=itforce,DC=local"
Get-ADObject -Filter * -SearchBase $searchb02 |ForEach-Object -Process {Set-ADObject -ProtectedFromAccidentalDeletion $false -Identity $_}
Read the rest

How to report in Active Directory all protected users

If you use ManageEngine ADmanager Plus then some your manual operations or automations can fail due to the “Protect from accidental deletion”. In this case it’s very useful to determine who has already this attribute enabled:

Get-ADuser -Filter * -Properties * | select-object name, samaccountname,enabled, ProtectedFromAccidentalDeletion | export-csv -path c:\temp\protection-status.csv -NoTypeInformation

if you need to disable this attribute pls visit my other post

 … Read the rest

How to configure safe vpn for free and easy

Coronavirus forced many people, companies to move to teleworking. The banks and large corporations surely have enough budget to buy enterprise vpn boxes and solutions. My post is only for small companies which need free/cheap solution to access own small office infrastructure during coronavirus pandemia from home, remote offices and at the same time to avoid directly openning RDP access from the internet (which is not safe at all even with DUO 2fa and so on)

It’s assumed that the small company has at least

  1. router which can port forward (even tplink and dlink can do it;  if you have
Read the rest

How to check that ntp server is configured properly for all esxi

#To get time and ntp info for  all esxi :

Get-VMHost | Sort Name | Select Name,  @{N="NTPServer";E={$_ |Get-VMHostNtpServer}},   Timezone,  @{N="CurrentTime";E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}},  @{N="ServiceRunning";E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq "ntpd"}).Running}} ` | Format-Table -AutoSize

or 

Get-VMHost | Get-VMHostService | Where-Object {$_.key -eq "ntpd"} | select vmhost, label, Key, Policy, Running, Required |format-table -autosize

# Remove wrong NTP Server and Add correct NTP server

Get-VMHost | Remove-VMHostNtpServer -NtpServer ntp.mn Confirm:$false
Get-VMHost | Add-VMHostNtpServer -NtpServer 0.asia.pool.ntp.org

# Start NTP Service and set to Automatic

Get-VMHost | Get-VMHostService | Where-Object {$_.key -eq "ntpd" } | Start-VMHostService
Get-VMHost | Get-VMHostService | Where-Object {$_.key 
Read the rest

How to get detailed info for all esxi

The advantage of below powerCLI is that oneliner shows as well SerialNumber (for example Dell/HP tags – very useful to find your esxi server in Datacenter physically )

Get-VMHost |Select-Object Name,NetworkInfo,Manufacturer,Model,ProcessorType, ConnectionState, PowerState, NumCpu, MemoryTotalGB, Version, Build, MaxEVCMode, @{N="SerialNumber";E={(Get-VMHostHardware -vmhost $_).SerialNumber}} | Export-Csv -notypeinformation -Path c:\temp\all-vmhosts.csv 
Read the rest