Monthly Archives: August 2012

Common PowerShell Commands for Office 365

Here are some commands that are handy to use for Office 365.

#Assign user credentials to variable “LiveCred”

$LiveCred = Get-Credential

#Connect to your Cloud-hosted Exchange using the credential stored in #LiveCred

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

#Import Cmdlets

Import-PSSession $Session

#Close your session

Remove-PSSession $Session

#Grant Bob Barker calendar (or any folder) rights to Adam Sandler’s. The field within ” ” can be either the user principal name or primary alias
#Possible   rights:  Ownder, Publishing Editor, Editor, Author, Contributor, Reviewer, Custom
#Note: practice-wise (for your own mental check), the account being given access is normally to the right of the account to which you are assigning the right.

Add-MailboxFolderPermission -Identity “The.Dude:\Calendar” -AccessRights PublishingEditor -User “Test Guy”

#View permissions on a folder

Get-MailboxFolderPermission -Identity “The Dude:\Calendar”

#View all accounts that have mailbox access beyond SELF

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false}

#The export to a file version of above

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv

#Grant user Send-as to identity

Add-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

#View all boxes that have Send-as attributes on them

Get-RecipientPermission | where {($_.Trustee -ne ‘nt authority\self’) -and ($_.Trustee -ne ‘null sid’)}

Powering off an unresponsive VM in ESXi

Today I had an issue with a VM not wanting to power off. I found an excellent article from http://markvansintfiet.wordpress.com/2010/07/28/forcefully-kill-a-virtual-machine-in-esxi/ that I am reposting in case the website ever goes down.

One day you’ll run into a  not responding virtual machine that won’t power off in the vSphere client. If you don’t want to reboot your ESXi host, here is how to forcefully kill the bastard leaving all other virtual machines peacefully running.

Method 1: Use the vmware-cmd command in the vSphere command-line interface (CLI)

  1. Download and install vSphere command-line interface(http://www.vmware.com/download/download.do?downloadGroup=VCLI40)
  2. CD to C:\Program Files (x86)\VMware\VMware vSphere CLI\bin>
  3. List Virtual Machines
    vmware-cmd.pl -H <ESXi host name> -l
  4. Get state:
    vmware-cmd.pl -H <ESXi hostname> “<vmx file path>” getstate
  5. Kill Virtual Machine:
  6. vmware-cmd.pl -H <ESXi hostname> ”<vmx file path>” stop hard

When method 1 fails move to method 2.

Method 2: Find the VM’s process identifier and forcibly terminate it (or use SSH if you are lazy and don’t mind opening security holes)

  1. List active virtual machines: vm-support -x
  2. On the ESXi console, press Alt-F1.
  3. Type the word unsupported and press ENTER
  4. Type root password and press ENTER
  5. Look up the VM process pgid: ps –g | grep
    (The number you are looking for is the one that is right before and after mks: and vcpu)
  6. Kill the process: kill -9 <pgid, the number you just found>
  7. Wait a minute and check if the machine is not running anymore: vm-support -x

Troubleshooting Enterprise Voice Calls in Lync

While setting up Lync, I found that I was unable to place any voice calls.  I fired up event viewer, and saw the following errors:

Response Data:
101  Progress Report
ms-diagnostics:  12006;reason=”Trying next hop”;source=”mycomputer.mydomain.local”;PhoneUsage=”Outoing”;PhoneRoute=”Outgoing”;Gateway=”123.234.1234.234″;appName=”OutboundRouting”

504  Server time-out
ms-diagnostics:  1038;reason=”Failed to connect to a peer server”;WinsockFailureCode=”10061(WSAECONNREFUSED)”;WinsockFailureDescription=”The peer actively refused the connection attempt”;Peer=”mycomputer.mydomain.local”;Port=”5070″;source=”mycomputer.mydomain.local”;OriginalPresenceState=”0″;CurrentPresenceState=”0″;MeInsideUser=”Yes”;ConversationInitiatedBy=”0″;SourceNetwork=”0″;RemotePartyCanDoIM=”No”

After doing some searching, I found that the reference to Port=”5070″ usually points to issues with the mediation server.  So I opened up services and it turns out I had never installed the mediation service role.  Once installing the mediation server role and starting the service, the errors vanished!

The trust relationship between this workstation and the primary domain failed — The legend of Netdom

So today, my Certificate Authority decided it was too good for my Sandbox Domain and wanted to do its own shindig.

Unfortunately, you cannot leave a domain and rejoin it back since it’s a CA.  However, before you start backing up your CA and wipping out your Windows Server 2008 R2 disk, give this a shot:

1. Login to the machine as local admin that is presenting the “The trust relationship between this workstation and the primary domain failed” error.

2. Open up a commmand prompt as Administrator

3. Execute the following command: netdom resetpwd /s:nameofyourdcserver /ud:domain\User /pd:*

Hurray!  You should be back in business now without even having to reboot! 🙂

 

You can find more info about how the tool works behind the scenes from here:http://support.microsoft.com/kb/325850

 

Force Directory Synchronization With Office 365

1. Go to the machine with Microsoft Online Directory Sync installed.
2. Navigate to %programfiles%\Microsoft Online Directory Sync
3. Double click on DirSyncConfigShell.psc1
4. Execute the following PowerShell command: Start-OnlineCoexistenceSync
5. Awww yeah, you just syncrhonized your AD environment with the cloud.

Error 5 when deploying Lync

Symptom: You receive an error on Step 1 when deploying Lync:

Upload C:\Program Files\Microsoft Lync Server 2010\Deployment\Setup\BackCompatSchema.ldf fails. The exit code is “5″.

Solution: This issued popped up when I added myself to the schema admins group and then ran the deployment wizard. To fix this, I simply logged out and logged back into the machine and reran the wizard.

Prerequisite installation failed: Wmf2008R2 – Lync 2010 Install

During the Setup Lync Server Components step of the Lync 2010 Server System installation, if the setup fails with the error: “Prerequisite installation failed: Wmf2008R2”.

Run the following in an elevated command prompt:
%systemroot%\system32\dism.exe /online /add-package /packagepath:%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum /ignorecheck

This command will install the Windows Media Format Runtime. All Front End Servers and Standard Edition servers with the conferencing feature deployed must have the Windows Media Format Runtime installed. WMF is required to run Windows Media Audio (.wma) files that the Call Park, Announcement, and Response Group applications play for announcements and music.

Here is another resource showing this issue: http://www.expta.com/2011/05/lync-server-2010-installation-fails.html

Error 8224 when deploying Lync

If you are receiving an error on Step 1 when deploying Lync:
Upload C:\Program Files\Microsoft Lync Server 2010\Deployment\Setup\BackCompatSchema.ldf fails. The exit code is “8224”.

Here are a few things to try/verify:
1. Make sure your DCs are running
2. Make sure your computer is joined to the domain
3. Make sure your account is part of the Enterprise Admins and Schema Admins groups.
4. Right click, Run as other user, and type in your credentials to the account you have added yourself to the groups above.

Right click, running the Configuration Wizard seemed to solve the problem for me. Not sure why it doesn’t work just logged in as the user, but what the hey, the installer ran successfully and extended the schema.

Office 365 – Change UPN on a user in the cloud

I ran accross some issues when moving to Office 365, particularily with my account that I created when creating our Office 365 site. In doing so, the account on Office 365 and my on-premise account had strange issues where even though the account was syncrhonized with our on-premise active directory environment, the Office 365 account was still the active address.

To fix this, follow the instructions as mentioned in this KB article: http://support.microsoft.com/kb/2523192

Putty Backspace Not Working

If the backspace is doing weird stuff in your Putty terminal, try the following:

1. Fire up Putty
2. Click on Terminal->Keyboard
3. Put a check in Control-H instead of Control-?