Dynamic distribution groups are distribution groups whose membership is based on specific recipient filters rather than a defined set of recipients. You can’t use the Exchange admin center (EAC) to view the members of a dynamic distribution group. You can only use the Exchange Management Shell.
Managing Local Admin accounts on multiple computers/servers is a tedious task, especially when you are you a hosting services provider and have multiple servers in multiple domain. Though, we should keep rotating local Admin account password and rename default Local Admin accounts. We can do this using PowerShell and below script will help you to rename and reset local admin password on multiple computers remotely.
The script will take below inputs.
-Path [Mandatory Input] – List of computers on which you want to reset password, one ComputerName in each line.
-AdminAccountName [Mandatory Input] – Name of current admin account to reset password, like if you want to reset password of default Administrator account, type Administrator.
-NewName [Optional Input] – You can use this parameter if you want to rename Local Admin account, if you don’t want, don’t use this parameter.
This example will reset the password of account Administrator on computer mentioned in ComputerList.txt
<#
.Synopsis
Script to reset password of local administrator on computer(s)
.DESCRIPTION
This script can be used to reset password of local user account in domain joined or workgroup computers.
It can also rename the Local administrator according to input provided. input list as txt file is mandatory.
. NOTES
Author Subodh Uniyal <TechCognizance@outlook.com>
. Disclaimer: Author holds no responsibility to damages caused due to incorrect use of this script.
It is recommended that you run this script in your lab before using in production.
.EXAMPLE
This example will reset the password of account Administrator on computer mentioned in ComputerList.txt
Reset-LocalAdminPassword -Path C:\ComputerList.txt -AdminAccountName Administrator
.EXAMPLE
This example will reset password of account Administrator and rename it as NewLocalAdmin
Reset-LocalAdminPassword -Path C:\ComputerList.txt -AdminAccountName Administrator -NewName NEWLocalAdmin
#>
Param (
[Parameter(Mandatory=$True)]
[String]$Path,
[Parameter(Mandatory =$True)]
[String]$AdminAccountName,
[String]$NewName
)
$List = Get-Content -Path $Path
$AdminAccountName = $AdminAccountName -replace '(^\s+|\s+$)','' -replace '\s+',' '
$NewName = $NewName -replace '(^\s+|\s+$)','' -replace '\s+',' '
$logFile = 'Not_Reachable_PCs.txt'
$AccessDeniedPCs = 'AccessDeniedPCs.txt'
#Getting NEW password
$NewPassword = Read-Host "Please Enter NEW Passowrd for Administrator" -AsSecureString
$NewPassword1 = Read-Host "Re-enter NEW Passowrd for Administrator" -AsSecureString
$pwd1_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword))
$pwd2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword1))
if ($pwd1_text -ceq $pwd2_text) {
Write-Host "Passwords matched"
} else {
Write-Host "Password does not match"
Exit
}
#Getting Current Local Admin Password
$AdminPassword = Read-Host "Please enter passowrd of current local Admin" -AsSecureString
$AdminPassword1 = Read-Host "Re-enter passowrd of current local Admin" -AsSecureString
$pwd11_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($AdminPassword))
$pwd12_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($AdminPassword1))
if ($pwd11_text -ceq $pwd12_text) {
Write-Host "Passwords matched"
} else {
Write-Host -ForegroundColor Red "Password does not match"
Exit
}
Foreach ($Computer in $List)
{
if (Test-Connection -ComputerName $Computer -Count 1 -ErrorAction 0 )
{
$AdminAccount = "$Computer\$AdminAccountName"
$User = New-Object System.DirectoryServices.DirectoryEntry("WinNT://$Computer/$AdminAccountName",$AdminAccount,$pwd11_text)
Try {
$User.psbase.Invoke('SetPassword', $pwd1_text)
Write-Verbose "Password of $AdminAccountName has been set on $Computer"
if ($NewName)
{$User.psbase.rename($NewName)
Write-Verbose "$AdminAccountName has renamed to $NewName on $Computer"
}
}
catch {
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
Out-File -FilePath $AccessDeniedPCs -InputObject $Computer -Append -Force
Out-File -FilePath $AccessDeniedPCs -InputObject $ErrorMessage -Append -Force
Out-File -FilePath $AccessDeniedPCs -InputObject $FailedItem -Append -Force }
}
else
{
Out-File -FilePath $logFile -InputObject $Computer -Append -Force
}
}
In the previous Article, we explained what is online Archive and how to enable it. In this article we will understand how to move data to Online Archive and how to check size of Online Archive.
Once you have Online Archive enabled, you can assign a retention policy to the mailbox to move data to Archive.
Retention Policies are made up of Retention Policy Tags, which defines how long to keep the email in your mailbox before moving it to Archive or Deleting the email.
There are some default “Retention Polices” available and you can also create one as per your need. To see the default retention policies Login – Exchange Admin Center -> Compliance Management – Retention Policies.
Default Retention Policies
You can also run below command on Exchange Online PowerShell to view Retention Policies and Tags.
Get-RetentionPolicy
Get-RetentionPolicyTag
If the default policy doesn’t suit your need, you can create a new one.
Create Retention Policy Tag –
New-RetentionPolicyTag "3 Year Move To Archive" -Type All -RetentionEnabled $true -AgeLimitForRetention 1095 -RetentionAction MoveToArchive
Create Retention Policy –
New-RetentionPolicy "3 Year Move To Archive - Policy" -RetentionPolicyTagLinks "3 Year Move To Archive"
Apply policy to a user –
Set-Mailbox -Identity User@domain.com -RetentionPolicy "3 Year Move To Archive - Policy"
Once the policy is applied to the user you can Start Managed Folder Assistant on the user’s mailbox to start Archive.
Once this is done, you can check the Archive size to see if the policy is working.
Get-MailboxStatistics User@domain.com -Archive
Exchange Online finds the archive mailbox using ArchiveGUID. Once Archive is enabled, you can see this GUID in mailbox properties.
The auto-expanding archive replaces the single GUID that connects the mailbox to the archive with a linked list of GUIDs. Each of the GUIDs points to a separate auxiliary archive of up to 50 GB.
Enterprise plans (E3 – E5) grant 100 GB primary mailbox quotas to users, If primary mailbox reaches its quota limit (100GB), archiving in Office 365 (also called In-Place Archiving) provides users with additional mailbox storage space. An archive mailbox can be defined as an online-only extension of the primary mailbox.
How to Enable Archive –
On the Exchange Admin Center -> Select the recipient -> Mailbox Features, you will see the option to enable Archive for mailbox.
The Archive mailbox Size is 50GB, and you should have AutoExpand enabled to increase the size of Archive automatically. Once, Archive is enabled, we will see the Archive mailbox under your primary mailbox (Left bottom of your mailbox).
You can also disable Archive, on EAC or Compliance portal, by just clicking Disable [same as we enabled.] Or using the below PowerShell command.
Although, disabling an archive prevents user access to the archive, it does not remove the content from the database where the archive data is stored. Instead, a 30-day retention period starts.
During this time, you can recover the archive and reconnect it to the primary mailbox by re-enabling the archive. Any content in the archive mailbox will be removed from the database once the 30-day deleted mailbox retention period expires.
Pros and Cons of Archive Mailbox –
Archive mailboxes can only be accessed online. Outlook does not synchronize any archive folder into the OST. So, your Archive mailbox will not be as fast as your Primary Mailbox.
Searches can find items stored in archives but only if the user specifies that Outlook should search “All Mailboxes”.
ActiveSync clients cannot access an archive mailbox because the protocol does not support this type of resource.
So, consider above points before you decide, which emails should go to Archive.
In the next Article, we will see how to create and apply retention policies and check Archive mailbox size.
Account lockout is one of the most common issues reported to a System Admin, the frequent account lockouts are annoying to users and hence for AD Admin also.
The most common cause for account lockout is when user changes the password and a stale session with cached old password keeps hitting the account.
There may be some bad actors also, like someone is trying to brute-force the password, or an SMTP/IMAP session is trying to authenticate.
In all cases we need to find out the device or session which may be sending bad password requests.
Using the below PowerShell command you can find out the Account Lockout and LastBadPassword Request.
You can also see Event 4776 (Audit Failure) in Security Logs of domain controller for bad password hit. IF the error code is C000006A, this means User name is correct but the password is wrong.
Once account is lockout, you will see Event 4740 in AD security logs.
Once you have this info, let’s find the source of bad password.
Replace AD-PDC-Server = Your PDC FSMO role holder and UserSAM = SAM of account you want to find lockout.
In the “Last Bad Pwd” column you will get the exact date/time and DC Name for last bad password hit.
Now, you can login that exact DC and find the event at exact time for source computer.
IF there is Exchange servers in Source Computer field, then you will have to parse the IIS Logs from your CAS server, check the exact date/time of badpassword/lockout and find the IIS logs on your Exchange CAS server.
If you see the Source Computer bank, you will have to start NETLOGON logs to find the source computer.
#Find Lockout source using PowerShell, #AD Account Lockout tool
TechCognizance 