Archive for the ‘Active Directory’ Category

Connect to Exchange Online through Windows PowerShell with administrator credentials (when it prompts for username and password, your username is your email address for office 365/EXO admins). You can make a PS script to connect to exchange online rather than running them individually).

 

Notes: PS needs to be able to run scripts, if you get an error trying to run a command, try running this command first to enable execution of commands from PS:

 

Set-ExecutionPolicy RemoteSigned


Then try connecting using below

 

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session


Get a users mailbox’s current permissions

Once a connection has been established run the following PowerShell command to check users mailbox permission settings:

Get-MailboxPermission -Identity examaple.user1@company.com

(You will see the something similar to below in your PS window showing access rights for users)

 

pic1

 

 

 

Adding access to a another users mailbox

 To add access to another users mailbox you would type the below command, the first email address in the command is the user that you’re granting access to the second users mailbox. So the first user will have access to and when the outlook client is opened next, user 1 would see user 2’s full mail box inside user 1’s outlook client.

Command:

Add-MailboxPermission -Identity example.user1@company.com -User example.user2@company.com -AccessRights FullAccess 

 

 

pic2

 

Once added run the get command again to and check for the username of the user you just granted access to in the list to ensure command completed ok. Once confirmed exit the PS session if you’re finished using EXO by running the following command to close your PS session, otherwise you may use up all your PS sessions and have to wait for them to time out.

 

Remove-PSSession $Session

 

Removing Mailbox access from a user

Occasionaly there may be a request to remove a users access to another mailbox, so for removing we do something similar to what we did above with remove at the start of the command

 

1)      Remove-MailboxPermission -Identity example.user1@company.com -User example.user2@company.com -AccessRights FullAccess

 

 

pic3

 

 

 

  Adding Active Directory tools to your workstation

Grab this update from the Microsoft website, the one above I use is for 64 bit OS’s (x64), download 32 bit if you’re running 32bit OS.

Windows6.1-KB958830-x64-RefreshPkg.msu

http://www.microsoft.com/en-au/download/details.aspx?id=7887

 

After it’s been successfully installed go to the Start Menu > Control Panel and select “Programs”;

1

 

 

“Turn Windows Features on or off” under “Programs and Features”

 
 
 
The “Windows Features” dialog box will be displayed, scroll down to “Role Administration Tools” (under “Remote Server Administration Tools”) and select the the following items;
 
2
 

Click “OK” to make the changes.

In order to make finding these under the Start Menu a little easier right-click the Start Button and select “Properties”;

 
 
3
 

Taskbar and Start Menu Properties

 
 
Select “Customize …” and then scroll down the list until you see “System administrative tools” and choose where you want the tools to display;
 
4
 

Under the Start Menu you will now see an “Administrative Tools” option, under this you’ll see the new AD Tools;

 

5

 

Use Active directory Users and Computers to check if computers are in the “Unmanaged” OU and move them if needed to Desktop/Laptop OU’s.

Common signs a machine is in an unmanaged OU:

  • build process doesn’t complete.
  • When elevating rights, it doesn’t accept your username/password.
  • Prompts for username, password, domain when making an SCCM RT connection
  • Iprint printers don’t add after adding them via interface 

*Note: there are some machines purposely left in unamanged OU due to being a NAS server or a specific purpose, or a vendor managed machine, please leave these in unmanaged.