Archive for the ‘ PowerShell ’ Category

Adventures with Windows 8.1

I’ve run into what appears to be a genuine bug!  On my domain-joined Windows 8 RTM machine with the Win 8/Server 2012 RSAT package installed, I can run the following command:

get-aduser kbaker -properties *

…and get the following results:

Win8

But on my domain-joined Windows 8.1 Preview machine with the Win 2012 R2 RSAT installed, the same command returns this:

Win81

If I specify the Properties by name, the command works normally — it’s only the wildcard that throws an error.  I get the same behavior with the Get-AdComputer cmdlet.  Not a huge thing, but not great either — I use the wildcard in these cmdlets pretty frequently.  I’ve posted to the TechNet forums, and at least one other person has run unto the same issue.  I’ll update as I learn more.

Advertisements

Speaking of PowerShell…

The Lazy Admin has series of excellent brief introductions to administrative functions in PowerShell:

Part 1, Part 2, Part 3

Exchange Online’s absurd lack of administrative tools (plus a little PowerShell goodness)

Here’s what I have learned from our horrific experience migrating to Exchange Online: it’s great once you get there, but Microsoft clearly intends the migration process to be a gravy-train for consultants and “channel partners”.  The migration tools provided by Microsoft itself are hilariously weak and simplistic, but third party firms like MessageOps have all these bad-ass utilities for getting past the many (mostly undocumented) pain-points.

Which, you know, is awesome for firms like MessageOps (about which firm I cannot say enough good things, incidentally — Chad Mosman will answer your calls and emails like you’re his old buddy, and the guy has real answers instead of the call center scripts you get when calling MS).  But this also tells me that Microsoft created all the APIs and whatnot necessary to administer your Online Services subscription, and then just decided not to provide any tools that work against those interfaces, and that right there is some seriously weak sauce.  I have done greenfield deployments of Exchange 2003 and 2007, and migrations from 2003 to 2007 and 2007 to 2010, but NOTHING has been as fraught with difficulty as this move from on-premises Exchange 2003 to Microsoft’s Exchange Online.

Anyway, as is usually the case with Microsoft products these days, PowerShell turns out to be the solution to most of my troubles.  Example: there is no clear way in the Administration Center (or anywhere else) to grant one user permissions on another user’s mailbox, something Exchange administrators have been doing since the dawn of time.  And since MAYBE your existing permissions will be migrated by the “Migration Tools” and maybe they won’t, you’ll need to know how to do this:

First, you need to be doing this in PowerShell on a machine that has Microsoft’s sucky BPOS migration tools installed.  Also, you might need to launch PS as an administrator — I always do, anyway.  Add ye olde required snap-ins thusly:

Add-PsSnapIn Microsoft.Exchange.Transporter

Now define some variables to put together a credential that you can securely transmit to gain access to Microsoft Online:

$powerUser = "admin@mycompany.microsoftonline.com"
$powerPass = "YourWeakP@ssword"
$password = ConvertTo-SecureString $powerPass -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $powerUser,$password

Now the $cred variable is populated with an automation object suitable to log you in securely.  Finally, the good stuff:

Add-MsOnlineMailPermission -Identity sharedmailbox@mycompany.com -Credential $cred -TrustedUser guywhowantsaccess@mycompany.com -GrantFullAccess True -GrantSendAs True