• Getting all vDirs urls in a one-liner

    Today I had to compare several environments internal and external url configurations. Of course you know the Cmdlets to find these setting, but you can always find them with the ‘Get-Command’ CmdLet:

    Get-Command Get-*virtualdirectory*

    CommandType Name
    ----------- ----
    Function Get-ActiveSyncVirtualDirectory
    Function Get-AutodiscoverVirtualDirectory
    Function Get-EcpVirtualDirectory
    Function Get-MapiVirtualDirectory
    Function Get-OabVirtualDirectory
    Function Get-OwaVirtualDirectory
    Function Get-PowerShellVirtualDirectory
    Function Get-WebServicesVirtualDirectory
    Cmdlet Get-WebVirtualDirectory

    Okay, now we know the CmdLets  and we can use the output to find the internal and external url settings:


    get-command get-*virtualdirectory*|
    Sort-Object name, Server|
    Format-Table Server, Name, InternalUrl, ExternalUrl –AutoSize
    In the command above first I ask the ‘Get-Command’ CmdLet to get all CmdLets that are available to find virtual directory information, Then each command is executed, do not forget the ampersand sign (&) to let PowerShell Interpret the next part as command. The output is sorted and formatted as auto sized table.

    Of course you maybe have to tweak the command line for your environment, for example you need to limit the servers if you have a large Exchange organization.

  • Exchange 2013 SP1 is available

    Just a short notice for anyone who missed this ( I wonder where you have been then).

    At the 25. Feb. Microsoft made available SP1 for Exchange 2013. You can download the SP at this location: http://www.microsoft.com/en-us/download/details.aspx?id=41994

    The Exchange team posted an article at their blog:  http://blogs.technet.com/b/exchange/archive/2014/02/25/exchange-server-2013-service-pack-1-available.aspx

    The full release notes are as normal on TechNet: http://technet.microsoft.com/en-us/library/jj907309(v=exchg.150).aspx.

    Some highlights in the update:


    In addition to Exchange 2013 SP1 Microsoft also released:

    Released: Update Rollup 5 for Exchange 2010 Service Pack 3 and Update Rollup 13 for Exchange 2007 Service Pack 3

  • Exchange 2010 SP3 is available but…

    Last night Microsoft made available Exchange 2010 SP3. As we al know this Service Pack is necessary to install Exchange 2013 in the same organization as Exchange 2010. You can find it on the Microsoft download site:


    But, do not be too fast, because Microsoft mentioned the need for Exchange 2013 CU1 (Cumulative Update 1) to be compatible in a coexistence environment (see also the Exchange Team blog). So, for all who are waiting to test scenarios for their upgrade: You have to be patient for a while, CU1 is announced for Q1 this year and could be available very soon.

    The same situation exist for Exchange 2007 SP3 RU10, for Exchange 2013 compatibility you have to wait for Exchange 2013 CU1.

    If you want more information, please consult the Microsoft Exchange Team Blog. You can also fid there the links to the release Notes, solved issues and new functionalities.

  • DNS and PowerShell v3

    A short PowerShell post for all of you who on regular base need to lookup some DNS records. Of course you can use the ‘Good old’ NSLookup tool to do the job, bud with PowerShell v3 now there is a native CmdLet that can do the job also. Assume, you as Exchange administrator, needs to lookup a MX record for a certain domain:


    Because this is PowerShell based it is now very simple to use all features we got with PowerShell. A simple way to check all MX records of your accepted domains:


    for more information about the Resolve-DNSName: Get-help Resolve-DNSName or online: http://technet.microsoft.com/en-us/library/jj590781.aspx

  • Exchange Admin Center (EAC) and RBAC.

    I will create a multi part overview of the Exchange Admin Center

    Starting with Exchange 2013 the Exchange management console is replaced by the new web based Exchange Admin Center. To get access to the Exchange admin Center you can open an Internet browser and go to the url of your Client Access server(s) (https://<CASServer>/ecp). Strange enough is the url still /ECP, like in Exchange 2010.

    As all administration permission are set and controlled by RBAC (Role Based Admin Control), of course the new Exchange Admin Center is also controlled by RBAC.

    I have added a Windows 8 enterprise workstation to my environment, made it a domain member and logged on as <domain>\Administrator

    image_thumb6Next, I opened my mailbox within OWA and choose ‘Settings, Options’. The options page is opened, but different as it was in Exchange 2010 there is no possibility to manage the organization. Only the options for the mailbox of the administrator is shown. At this place you have the all the mailbox based options that you can change as mailbox user. Besides options for the new ‘Site mailboxes’ and ‘Outlook Apps’ no big differences here between Exchange 2010 and 2013.

    Doing the same in Exchange 2010 offers you a small image_thumb8dropdown box that lets you choose what to manage, this option is removed from this settings screen. When you need to access the Exchange Administration Center you must manual type the full path:


    Then login with your administrator account and the full ECP is opened. The first impression, when you look atimage_thumb11 this screen, is WOW I can do almost everything here. Of course you can also manage all what you see also through the Internet as long as the the url is published.

    For managing users you can edit here most of the user properties. when you a user the right action pane shows you several options including enable/disable options like ‘Unified Messaging, Mobile access (ActiveSync) and Web Access. You also can move the mailbox to another database. Editing user details by double click the user or image_thumb81choose ‘Edit’ from the menu show a pop-up window with a lot of user and mailbox related properties. In this pop-up you can not only change properties but you also can see some statistics of the mailbox. The last option to change user/image_thumb1mailbox related properties is to select ‘Another user… on the right top of the EAC main window. After selecting the user mailbox you want a different window is opened that gives you other options to manage. A part of the options where also available in the ‘Edit’ screen but some are not, especially you image_thumb9can manage mailbox rules,automatic replies, signatures, block/allow lists and outlook apps.

    One of the most wanted options image_thumb10is still missing: Password Reset. But as stated before, the EAC is fully RBAC integrated, and because the ‘Reset password’ role is not assigned to anyone by default this option is not available. If you have the ‘Reset password’ role assigned then this option is shown in the user ‘Edit’ window. I will create a separate post to explain in more detail the steps you need to take to assign this role to a specific group of users.

    This was the first part of the multipart post, stay in touch for feature post about the Exchange Admin Center.

  • Unassigned management roles.

    The Exchange team did a nice job to create management roles for every imaginable tasks. But, a few roles are not assigned to any group or user by default. So the role is there, The CmdLets are there with the necessary parameters, but no one can use the role simply because it is not assigned to anybody.

    We remember these unassigned roles from 2 or 3 years ago when Exchange 2010 became available. The Exchange Team bloggers wrote en nice article about it in march 2010 to explain how you can add the ‘Mailbox Import Export’ role to specific user, and why this role isn’t assigned to anyone.

    Now, with the availability of Exchange 2013, again some roles are not assigned by default. To get a list of the unassigned roles we can use a PowerShell one-liner:

    Get-ManagementRole |where{(!($_.IsEndUserRole))}| `
        where{(!(Get-ManagementRoleAssignment -Role $_.identity  -Delegating:$false))}| `
        select name, description|fl

    The result should be:image_thumb1

    If we want to allow Helpdesk people to do password resets we can this with the next PowerShell line (replace <ForestRoot> with the valid value for you environment :

    New-RoleGroup -Name "Reset Password" `
         -SamAccountName "ResetPassword" `
         -Roles "Reset Password" `
         -Description "Members of this group can reset user passwords in the whole organization" `
         -Members "<ForestRoot>/Microsoft Exchange Security Groups/Help Desk"

    After this, a member of the ‘Help Desk’ group can also reset the users password. Although the new permission is given through RBAC, it is still depended on group membership, so, the helpdesk employee needs to log-off/log-on before the reset passwords rights are active. One of the nice things is that you can see this in EAC (Exchange Admin Center) and also when you remotely administrate Exchange 2013 in PowerShell.

    To learn more about RBAC, please refer to the Microsoft TechNet website: http://technet.microsoft.com/en-us/library/dd298183.aspx.

  • Exchange 2013 PowerShell remoting.

    Windows 2012 and Windows 8 workstation are available from now. Because of my interest in the latest technics I decided to create a small post about remote PowerShell I use in my environment.  I have a simple setup with the following machines:

    • 1 DC, running Windows 2012, AD, DNS, CA.
    • 2 Exchange 2013 Servers with all roles
    • 1 Windows 8 workstation (Domain member)
    • 1 non-domain joined TMG for publishing purposes


    Now I want to manage my Exchange 2013 environment from the Windows 8 workstation, no Exchange tools are installed on the Windows 8 workstation. In a few simple steps you can open a remote PowerShell session to one of the Exchange Servers.

    Logon to the Windows 8 Workstation and start the ‘Windows PowerShell ISE”, this is not available you probably have switch on the administrative tools (from the Metro interface bring-up the ‘Charm menu’ (Window-C), choose settings, tiles and switch on the Administrative tools).

    Inside the “windows PowerShell ISE’ window select View, switch off ‘Show Command Add-on’ and Switch on ‘Show Script Pane’. Save the Untitled1.PS1 file as ‘Remote Exchange 2013.PS1.

    Now copy the following two line in your script pane (do not forget to change the ‘<Exchange2013MailboxServer>’ to a valid name).

    $RemoteEx2013Session = New-PSSession -ConfigurationName Microsoft.Exchange `
                                         -ConnectionUri http://<Exchange2013MailboxServer>/PowerShell/ `
                                         -Authentication Kerberos #-Credential (Get-credential)
    Import-PSSession $RemoteEx2013Session


    Save the file and run it. While opening the remote session, all allowed CmdLets (as specified with RBAC) are imported and you can use them all.


    If you need to specify another credential; remove the hash before ‘-Credential’, a dialog will open so you can type your username and password.

    Remember, by default only Kerberos authentication is enable on the Exchange 2013 PowerShell virtual directory, that’s why this only works on a domain joined machine.

    If you need to run remote PowerShell from computer that is not a member of the domain (or forest), you need to configure the PowerShell virtual directory for the authentication method you need, keep in mind to enable SSL on the PowerShell website, to encrypt your credentials.

  • Second Exchange 2013 installation Experience (Unattended mode)

    After the first Exchange 2013 installation (see: http://www.ex2013.com/first-exchange-2013-rtm-installation-experience) I did a few weeks ago it is time to add a second server to my Exchange environment so I can start playing with the Database availability group and multiple databases. After the first installation I moved my mailboxes from Exchange 2010 to the new Exchange 2013 organization. I had to create a new organization because to add an Exchange 2013 server to an Exchange 2010 organization we need Exchange 2010 Service Pack 3. This Service Pack  is not released yet. (Nov 7. 2012).

    I will installed this server using the Unattended method, this should be a lot faster then the installation through the wizard as I did with the first server. My lab environment is running on Windows Server 2012 Hyper-V, a new virtual server is added with the Windows 2012 Datacenter Operating System. A few default steps are done to make this machine part of my test domain:

    • Configure Network setting, Internet access, Domain membership
    • Add the server to my internal domain.
    • Be sure all available updates where installed.


    Before You can Install the Exchange 2013 roles you have to install the prerequisites for Windows 2012. First open a PowerShell window and run the next command this will install all Windows 2012 components needed by a combined (Mailbox and Client Access role) Exchange 2013 server.

      Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

    After the components are installed you need to restart the server, the most simple way is the run the Shutdown.exe command: Shutdown –r –t 0. After the first restart, a second (automatically) restart is necessary.

    Because UM is not a separate role any more you need to install the UC Managed API, you can download it from: Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

    To support the indexing of the default MS Office documents Exchange setup that you install the Office 2010 filter pack including SP1 before you start the setup. you can find both on the Microsoft web site:


    Because we installed a lot of components it is a good idea to check Windows update again for updates. In my case the only available update is for the Internet explorer flash player.

    Now we can in install Exchange 2013. I used the following command line:

    Setup.exe /role:ClientAccess,Mailbox /IAcceptExchangeServerLicenseTerms

    New for this is the /IAcceptExchangeServerLicenseTerms parameter, you need to add this otherwise the installation stops with a message for you that need to accept the license. The installation starts and you can see the progress during the setup process.


    If every thing is correct you will get an overview like above.

    Do not ask me why Microsoft decided to keep the role names ‘Mailbox role’ and ‘Client Access role’, my opinion it was better to name it something like  ‘Front-End’ and ‘Back-end’ especially because names of the installed services.

    A final reboot is needed, and our second Exchange server is ready for use.

  • Outlook Web Access Offline

    A very nice article is posted by the Exchange team about the new Offline Access possibilities in Exchange 2013 OWA. In short:

    • You get access to your mailbox through your web browser even when you do not have a network connection.
    • It is supported only with the latest browsers (IE10,Safari 5, Chrome)
    • Exchange Admins can enable or disable this per mailbox.
    • Supported offline actions are synchronized with the mailbox as soon as the connection is available.
    • Not all OWA functions are available.
    • The local data is NOT encrypted, use something like Bitlocker to protect the data.


    Please read the full article at the Exchange Team Blog: http://blogs.technet.com/b/exchange/archive/2012/11/06/offline-access-in-outlook-web-app-2013.aspx

  • First Exchange 2013 RTM installation Experience


    Last evening (European time) I upgraded my single server Exchange Organization to RTM. The server is running as a Hyper-V virtual machine on a Windows 2012 Hyper-V Server. The operating system of the virtual machine is also Windows 2012. I started the setup from a mounted ISO file, below the screens I got during the setup. I started with a nice and clean virtual machine.

    OK, it’s recommended to download (if possible) the updates during the setup. This will also update the setup procedure if necessary.

    Not surprising, no updates available yet.

    Initializing the setup process.


    Of course license acceptance is needed.

    For now I accepted the recommended settings

    Because I want to run my small (very small) environment on a single server, both Mailbox and Client Access roles are selected. As in the later releases of Exchange 2010 you can automatically install the required Windows components.

    It is OK to leave the binaries on the default location, databases and log files can be move after the initial installation.

    Fill in the organization name

    Leave Malware Protection on if you do not have an other solution.

    All settings are done, the setup process starts checking the environment for readiness.

    Hmm, some problems found… a reboot is needed  (properly caused by the installation of updates) and two components have to be installed:

    Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit and Microsoft Office 2010 Filter Packs - Version 2.0 + Service Pack 1.

    After rebooting the server and installing the two components, the only warning is about the extension of the schema and the fact that installing Exchange 2010 is not longer supported in this forest.

    OK, Installation is started, time for a drink.


    After while the installation is ready.


    I rebooted the server once and open the Exchange Management Shell to check the version:


    So far, so good. A nice setup experience without any problems.

  • Yes! Exchange 2013 available for download

    Just a moment ago Microsoft made the RTM version of Exchange 2013 available for download on TechNet. It is announced on the  TechNet Subscriber Downloads  page.

    It is posted together with a complete 'wave-15' list of products:

    Lync Server 2013 (x64) - DVD (English)

    Exchange Server 2013 (x64) - DVD (Multilanguage)

    Office Web Apps 2013 (x64) - DVD (English)

    Office Professional Plus 2013 (x64) - DVD (English)

    Office Professional Plus 2013 (x86) - DVD (English)

    SharePoint Server 2013 (x64) - DVD (English)

    Visio Professional 2013 (x64) - (English)

    Visio Professional 2013 (x86) - (English)

    Project Professional 2013 (x64) - (English)

    Project Professional 2013 (x86) - (English)

    This is sooner then expected, my last post talked about the coming weeks, but sometimes you are wrong. Until now the missing part is Exchange 2010 SP3, what is required to make it possible to install the first Exchange 2013 server in the Exchange 2010 organization.

  • Some Exchange 2013 downloads available

    For those who are waiting for the general availability of Exchange 2013 and can not wait read information about it, a may be interesting download is there since last night:

    Microsoft Exchange Server 2013 Help

    This download contains the Help content for Microsoft Exchange Server 2013 Hybrid Deployments and the Release to Manufacturing (RTM) version of Microsoft Exchange Server 2013.

    Last week another download was set online, but without the RTM bits of Exchange 2013 you can not do anything with it:

    Exchange Server 2013 UM Language Packs

    These downloads contain pre-recorded prompts, grammar files, text to speech data, Automatic Speech Recognition (ASR) files, and Voice Mail Preview capabilities for a specific language that is supported by Exchange 2013 Unified Messaging (UM). Warning: This UM language pack must only be installed as an add-in to Exchange Server 2013 Unified Messaging on an Exchange 2013 Mailbox server

    I expect the availability of Exchange 2013 and Office 2013 for Volume License holder and subscribers of MSDN and TechNet within a 2 weeks from now.

    Edited: Exchange 2013 RTM and Office 2013 is available for download at the TechNet Subscriber Downloads site starting at October 24. 2012.

  • MEC 2012 Highlights

    Last week I was at MEC 2012 in very warm Orlando. I was good conference with a lot of technical information. I summarized the most remarkable information:

    • You should all deploy on 7200RPM disks to get capacity-- 10K/15K not needed.
    • Backups should not be used to recover deleted items. Data should exist in the application!
    • Large mailbox for Exchange 2013 is a 100GB mailbox!
    • Each DB on a MBX server runs in its own process. A crashing DB doesn't necessarily affect other health DBs.
    • Exchange 2013 provides 99% reduced IOPS requirements compared to Exchange 2003. Knowing this, probably the next Exchange will give IOPS back Winking smile
    • An Exchange Online Archiving user receives unlimited storage in the archive.
    • The new Client Access role only proxies client request to the mailbox server, data rendering for mailbox access and transport is done on the mailbox server.
    • The new Client Access role is not involved with internal message delivery, but is responsible for the message flow to external recipients, and external is everything outside your Exchange 2013 organization.
    • No access to Public Folders in OWA at Exchange 2013 RTM.Sad smile
    • All client access is now through the Client Access Server, also public folder connections, with one exception: UM.
    • Exchange 2013 does NOT support Outlook RPC/TCP (MAPI), so, always Outlook Anywhere (OA) and only support for Outlook 2007 and up.
    • Best practice is to use the same FQDN for internal and external URLs, and use split DNS.
    • Each virtual directory has a Healthcheck vDir used for health checks. Probes check these vDirs to test service health.
    • You can have an external and a *different* internal namespace for Outlook Anywhere for those who don’t have split DNS.
    • Exchange 2010 Sp3 (needed to cooperate with Exchange 2013) is announced in the first half of calendar year 2013. See also: http://blogs.technet.com/b/exchange/archive/2012/09/25/announcing-exchange-2010-service-pack-3.aspx.
    • New portal for the Microsoft Exchange Community: www.IamMec.com. Check it out, it should become THE Exchange Information site from Microsoft.


    This was it for now, may I add some later.

  • Visiting MEC 2012

    Next week Microsoft is organizing the, what they called, the lost conference “MEC 2012”.image6 I am happy that I can go there and of course let you all know all the news about Exchange 2013 I can find there. 

    If you are there, have fun and go home with as much as information you can handle. I you are not one of the lucky guys or girls, do not forget to check my site and keep informed at the conference website.

  • Create a HTML enable AdminAuditLog Report

    In the previous post I used the Search-AdminAuditlog CmdLet to find the PowerShell command that was used by the ‘Exchange Admin Center’ to create a new user. Sometimes you want to know changed configuration setting on a certain object or what did a particular admin yesterday to make things work (or, to break some).

    I started with a small PowerShell line to find the log entries of the last 24 hours:

    Search-AdminAuditLog -Startdate ((get-date).AddDays(-1)) -EndDate (get-date)


    Depending on your environment it will show you a number of log entries. If there is no response, try to track the last 5 days:

    Search-AdminAuditLog -Startdate ((get-date).AddDays(-5)) -EndDate (get-date)


    To filter, make the CmdLet property more readable and group the output you can add the following code:

    Search-AdminAuditLog -Startdate ((get-date).AddDays(-5)) -EndDate (get-date) `
        |where{$_.caller -ne "NT AUTHORITY\SYSTEM (MSExchangeHMWorker)"} `
        |select Caller, Rundate, ObjectModified, CmdLetName, @{n="Parameters"; e={$e=$null;$_.CmdLetParameters|%{$e += ( " -" + $_.name.tostring() + " '" + $_.value + "'")};$e}} `
        |Group caller


    Now we can make it more flexible by setting some variables so we can decide the timeframe of the report and how it is sorted:

    $NumberOfDays = 2
    $SortBy ="Caller"

    Search-AdminAuditLog -Startdate ((get-date).AddDays(-$NumberOfDays)) -EndDate (get-date) `
        |where{$_.caller -ne "NT AUTHORITY\SYSTEM (MSExchangeHMWorker)"} `
        |select Caller, Rundate, ObjectModified, CmdLetName, @{n="Parameters"; e={$e=$null;$_.CmdLetParameters|%{$e += ( " -" + $_.name.tostring() + " '" + $_.value + "'")};$e}} `
        |sort $SortBy


    This begins to look like a script, so we save it as a .PS1 file and move the variable to the ‘Param’ label so we can specify the if the script started. The output is saved in a variable and returned at the end of the script.

    Take the next code and save it as ‘AdminAuditReport.ps1’

    Param ($NumberOfDays = 2,
        $SortBy ="Caller",
        $outputhFilepath =([System.Environment]::GetFolderPath("MyDocuments")  + "\AdminAuditReport_" + (get-date).tostring("yyyy_MM_dd-HH_mm") + ".txt"))

    [Array]$FoundAdminAuditLogEntries = Search-AdminAuditLog -Startdate ((get-date).AddDays(-$NumberOfDays)) -EndDate (get-date) `
        |where{$_.caller -ne "NT AUTHORITY\SYSTEM (MSExchangeHMWorker)"} `
        |select Caller, Rundate, ObjectModified, CmdLetName, @{n="Parameters"; e={$e=$null;$_.CmdLetParameters|%{$e += ( " -" + $_.name.tostring() + " '" + $_.value + "'")};$e}} `
        |sort $SortBy

    $FoundAdminAuditLogEntries|out-file -filepath $outputhFilepath -force

    You can run it like: .\AdminAuditReport.ps1 –numberofdays 3 –Sortby <sortkey>

    The output is nice, not something you like to send to non-technical people. It is now time to convert it to a HTML report, then we can add some formatting:

    Param ($NumberOfDays = 2,
        $SortBy ="Caller",
        $outputhFilepath =([System.Environment]::GetFolderPath("MyDocuments")  + "\AdminAuditReport_" + (get-date).tostring("yyyy_MM_dd-HH_mm") + ".html"))

    [Array]$FoundAdminAuditLogEntries = Search-AdminAuditLog -Startdate ((get-date).AddDays(-$NumberOfDays)) -EndDate (get-date) `
        |where{$_.caller -ne "NT AUTHORITY\SYSTEM (MSExchangeHMWorker)"} `
        |select Caller, Rundate, ObjectModified, CmdLetName, @{n="Parameters"; e={$e=$null;$_.CmdLetParameters|%{$e += ( " -" + $_.name.tostring() + " '" + $_.value + "'")};$e}} `
        |Group $SortBy

    $body= "<table><tr><th><H1>AdminAuditLog report</H1></th></tr>"
    $body+= "<tr><td > Time frame: $Startdate - $EndDate </td></tr></table>"
    [System.Collections.ArrayList]$propertylist = "caller","rundate","objectModified","cmdLetname","parameters"

    foreach($group in $FoundAdminAuditLogEntries)
        $body += "<table><tr><td><H3>" + $Group.name + "</H3></td></table>"
        $body += $Group.Group| select $propertylist|convertto-html -Fragment -as table

    Convertto-html -Body $body |out-file -filepath $outputhFilepath -force
    Invoke-item -Path $outputhFilepath


    Yes, it is HTML now, a simple ‘Invoke-Item’ line opens the report, but still the formatting need some attention, You could add a part of CSS style sheet of your company’s website to make the output more readable.  the complete script looks then something like this:

    Param ($NumberOfDays = 1,
        $SortBy ="Caller",
        $outputhFilepath =([System.Environment]::GetFolderPath("MyDocuments")  + "\AdminAuditReport_" + (get-date).tostring("yyyy_MM_dd-HH_mm") + ".html"))

    [Array]$FoundAdminAuditLogEntries = Search-AdminAuditLog -Startdate ((get-date).AddDays(-$NumberOfDays)) -EndDate (get-date) `
        |where{$_.caller -ne "NT AUTHORITY\SYSTEM (MSExchangeHMWorker)"} `
        |select Caller, Rundate, ObjectModified, CmdLetName, @{n="Parameters"; e={$e=$null;$_.CmdLetParameters|%{$e += ( " -" + $_.name.tostring() + " '" + $_.value + "'")};$e}} `
        |Group $SortBy

    $Style = "<style><!--"
    $Style += "body{background:lightgrey;Color:#0072c6;width:90%;font-family:'Segoe UI';margin: 0 auto;}"
    $Style += "table{margin:0;padding: 0;border: 0;outline: 0;border-spacing: 0;width:100%;background-color:#f6f6f6;}"
    $Style += "th {background-color:#fdfdfd; text-align: left;}"
    $Style += "#HeaderPage{ background-color:#0072c6;Color:White; font-size:1em ; text-align: left}"
    $Style += "#HeaderPage th { background-color:#0072c6;Color:White;font-size:2em ; text-align: center}"
    $Style += "#HeaderGroup{ background-color:#0a0a0a; color:White; font-size:1.2em ; text-align: Left; margin-top: 8px;}"
    $Style += "#FooterPage{ background-color:#0072c6;Color:White; font-size:0.8em ; text-align: left; margin-top: 8px;}"
    $Style += "#FooterPage a{ Color:White}"
    $Style += "--></style>"

    $body= "<table id='HeaderPage'><tr><th>AdminAuditLog report</th></tr>"
    $body+= "<tr><td > Time frame: $Startdate - $EndDate </td></tr></table>"
    [System.Collections.ArrayList]$propertylist = "caller","rundate","objectModified","cmdLetname","parameters"

    foreach($group in $FoundAdminAuditLogEntries)
        $body += "<table id='HeaderGroup'><tr><td>" + $Group.name + " </td></table>"
        $body += $Group.Group| select $propertylist|convertto-html -Fragment -as table
    $body+= "<table id='FooterPage'><tr><td>" + "Run Timestmp: " + (get-date).tostring('MMMM dd, yyyy - HH:mm:ss') + "</td><td style='float:right;'>" + "<a href='http://www.ex2013.com' target='_blank'>Ex2013.com</a>" + "</td></tr></table>"

    Convertto-html -Body $body -head $style|out-file -filepath $outputhFilepath -force
    Invoke-item -Path $outputhFilepath


    I added some styles, some branding and removed the ‘SortBy’ value from the table.

    I hope you have enjoyed reading this, let me know if you have any questions about it.

    The complete script is downloadable from the download page.

  • The Exchange Admin Center

    My Last post was about the availability of the Exchange 2013 Preview bits.

    I want now to introduce the new Exchange Admin Center. This is the replacement of the MMC based Exchange management Console, full web based and complete newly written.

    You can access the Exchange Admin Center by opening a Web browser and go to https://<your.casserver.url>/ecpThe logon page is displayed as follows:


    Type your (admin) credentials to sign in, after a while you see the Exchange Admin Center


    You now have a web interface with most of the options the Exchange 2010 EMC had. I will not walk through all options you got, I think it is better to check it out for your self.

    As Exchange consultant you should know the importance the PowerShell EMS (Exchange Management shell). The Exchange 2010 management console has a nice feature that shows you the exact PowerShell command that was executed after you did an action, this option is missing in the new Exchange Admin Center. Let us try to get an good replacement of this option for if you need it:

    First, create a new mailbox using the web interface

    • Select 'Recipients' on the left side.

    Click the + sign

    Fill in the 'New user mailbox' form.


    After you click save, the user is created with a mailbox in one of the available Mailboxdatabases. If you need to specify more properties you can select the new created user end click the Edit button.

    As you properly know all administrative actions are logged by default. You can search this action with the 'Search-AdminAuditlog' CmdLet. Following row gives the action we did within the Exchange Admin Center:

    Search-AdminAuditLog -ObjectIds jhond -Startdate ((get-date).ToShortDateString())|%{$_.cmdletname;$_.cmdletparameters|ft}

    Name Value
    Name John Doe
    FirstName John
    LastName Doe
    UserPrincipalName JhonD@ex2013.com
    Database Mailbox Database 1930930649
    Password <Secure Information Omitted>
    ResetPasswordOnNextLogon False
    Alias JohnD
    DisplayName John Doe


    You can see the 'New-Mailbox' CmdLet is used to create a new mailbox and the parameters involved are also shown.

    I think this is a good alternative if you are looking for the CmdLet that is used for a particular action. In a feature post I will use this CmdLet to get an administrative log per day.

  • Exchange 2013 preview available for download.

    Starting this week the download of the preview version of Exchange Server 2013 previewversion is available for everyone. Like many of you, I was for this a long time. Of course I could get my hands on the beta bits through the 'unofficial ways', mostly good friends in the field that are Exchange consultants or MVP's. But now we can download an official preview release of the new coming Exchange version.

    You can find a download link on de Downloads tab: Microsoft-exchange-server-2013-preview

    If you want to play with it, start reading at 'Microsoft Exchange Server 2013 Preview Evaluation Resources' Page on the Microsoft website. I will do that for sure, but it will take some time because I just left my country for a holiday of a few weeks.

  • My first post

    Hi all,

    This is the first post at this blog. I planned to post technical information about the new version of the Microsoft Exchange server, Exchange 2013

    We will try to post interesting technical information, scripts, concepts and ideas about Exchange 2013.

    If you want information about specific subjects please let me know at blogger@ex2013.com

    Tags: News