Difference between revisions of "Powershell Commands"

Revision as of 21:24, 10 December 2015

There are three command lines now.

• The original command line DOS prompt
• Powershell
• Exchange Management Shell (EMS)

Most of these will be used in the EMS as part of Exchange 2013.

Change Execution Policy

You may have to change the Execution Policy to get a script to run. The following command will allow execution for the current process.

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process

Training

MS Script Center [1]

Office365

Connect to Exchange Online using remote PowerShell [2]

You can use the following versions of Windows:

• Windows 8 or Windows 8.1
• Windows Server 2012 or Windows Server 2012 R2
• Windows 7 Service Pack 1 (SP1)*
• Windows Server 2008 R2 SP1*
• You need to install the Microsoft .NET Framework 4.5 or 4.5.1 and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. For more information, see Installing the .NET Framework 4.5, 4.5.1 and Windows Management Framework 3.0 or Windows Management Framework 4.0.

To connect: $UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

To disconnect:

Remove-PSSession $Session

Manage inactive mailboxes in Exchange Online [3]

General guides

Server health, monitoring, and performance cmdlets [4]

Ask the Perf Guy: Sizing Exchange 2013 Deployments [5]

Exchange 2013 Performance Counters [6]

Basic Authentication

Retain needs Basic Authentication enabled across the system not just on one CAS.

EWS

This script shows if Basic Authentication was enabled for EWS.

Get-WebServicesVirtualDirectory | ft server,basicauthentication

To enable Basic Authentication you can use this script if you are a Domain or higher admin and you are using the default web site.

Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true

AutoDiscover

This script shows if Basic Authentication was enabled for AutoDiscover.

Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication

To enable Basic Authentication you can use this script if you are a Domain or higher admin and you are using the default web site.

Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -BasicAuthentication $true

ApplicationImpersonation user

How to check the status of the Exchange Impersonation User [7]

The [impersonationUserName] is the impersonation user Retain uses to access Exchange mailboxes.

To check the impersonation account, run this command in Exchange Management Shell:

Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user

If the command line returns without any output then the user does not have rights.

To get a list of all the rights the impersonation account has:

Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]"

To remove ApplicationImpersonation rights from a user you can use this command.

Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment

If you wish to create a new Impersonation Account user. Create a new user in Exchange and run the PowerShell script : Give the Role a name [ImpersonationAssignmentName]

New-ManagementRoleAssignment –Name [ImpersonationAssignmentName] –Role ApplicationImpersonation –User "[impersonationUserName]"

Note: The Impersonation User cannot have Administrator rights. That is a MS built-in security measure.

Throttling Policy

Exchange Throttling Policy and Bandwidth/Performance (2013) [8] How to remove throttling from the ApplicationImpersonation user. [9] [10]

New-ThrottlingPolicy [give it a policy name of your choosing]

Set-ThrottlingPolicy [policy name from step "a"] -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

Set-Mailbox [Retain impersonation user account] -ThrottlingPolicy [policy name from step "a"]

To check the policy run the command:

Get-ThrottlingPolicy -Identity [policy name from step "a"] | Format-List

IIS

To restart IIS from Powershell:

IISRESET

Server Health

You can get a quick overview of the server's health with Get-ServerHealth [11] to sort it so it is a little more useful you can use this script which puts the Unhealthy and Disabled items at the bottom.

Get-ServerHealth -Identity server1 | Sort-Object AlertValue | ft Name, AlertValue

Users and Mailbox Items

A quick overview of users and how many items they have in their mailbox, this is the same as if we piped through "| FT" to format as a table.

Get-Mailbox | Get-MailboxStatistics

For more detail you can format as a list by adding "| FL" but it would be best to pipe to a file because it will provide more information then the screen can hold.

Get-Mailbox | Get-MailboxStatistics | FL > c:\stats.txt

This script will get the size of the mailboxes of the first 30 users.

Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select-Object DisplayName,TotalItemSize -First 30

You can even restrict it to a single user once you know which one is the largest. [12]

Get-MailboxFolderStatistics [userName] | Select Name,FolderSize,ItemsinFolder

You can move items from one folder to another [13]

Creating a Mailbox Folder Growth Map with Powershell, EWS and eDiscovery [14]

Search-Mailbox for eDiscovery [15]

Mailbox size and quota data

Get-Mailbox | Get-MailboxStatistics | Select DisplayName,@{N="Total Item Size (MB)";E={$_.TotalItemSize.value.tomb()}},@{N="Total Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.value.tomb()}},@{N="IssueWarningQuota (MB)";E={(Get-Mailbox $_).IssueWarningQuota.Value.toMB()}},@{N="ProhibitSendQuota (MB)";E={(Get-Mailbox $_).prohibitsendquota.Value.ToMB()}} | export-csv "c:\export\exchangecsv.csv" -NoTypeInformation

Get user folder data [16]

Get-MailboxFolderStatistics -Identity [userName]

Remote powershell

How to connect to a remote Exchange server called ams-exch01.contoso.com [17]

$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://ams-exch01.contoso.com/PowerShell -Authentication Kerberos

Import-PSSession $Session

Queues

An Exchange server can become bogged down if the queues cannot clear. [18] You can see the queue status with:

Get-Queue

If there are thousands of messages (e.g. in \Unreachable) and they are not clearing then there is an issue. You can open Exchange Toolbox and in Queue Viewer delete messages. If that is not successful then you need to restart the Microsoft Exchange Edge Transport, Microsoft Exchange Mailbox Transport Delivery and/or SMTP services.

Global Catalog

Find the Global Catalog host [19]

Get-ADDomainController -Discover -Service "GlobalCatalog"

Retention

Set Retention of Deleted Items to 30 days (default 14).

Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30

Organizational Units

Get the names of all OUs in the domain.

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A 

Repair Mailbox

There are tools to repair Exchange mailboxes [20]

For a specific mailbox

New-MailboxRepairRequest -Mailbox [username] -CorruptionType FolderView

For all mailboxes in a mailbox database

New-MailboxRepairRequest -Database [MailboxDatabaseName] -CorruptionType AggregateCounts

Export eDiscovery search results to a PST file [21]

SCP

You can find your SCP record(s) in AD DS. However, you can also run the Get-ClientAccessServer cmdlet in an Exchange Management Shell by typing:

Get-ClientAccessServer | fl

See Connected Users

To see the number of Active users

Get-Counter "\MSExchange RpcClientAccess\User Count" -ComputerName [ServerName]

To see the number of Current Unique Users

Get-Counter "\MSExchange OWA\Current Unique Users" -ComputerName [ServerName]