Tag Archives: PowerShell

Multi-factor authentication for Exchange Online PowerShell

Everything at the Microsoft MVP Summit is automatically under NDA, so rather than talk about all the secret stuff, I thought I’d share something I learned there that isn’t under NDA because it was already public. Somehow I missed this announcement before, but: there’s a public preview of a new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA). If you have turned on MFA for administrators in Office 365, you’ve probably found that they can’t use PowerShell to manage Exchange objects. Now you can: download and install this module and you’re all set. Here’s what it looks like in action:

adal-ps

I found out about this when I complained publicly in Tim Heeney‘s session that this doesn’t work. Thankfully Tim set me straight posthaste; after I got the link to the preview, a little searching turned up fellow MVP Vasil Michev’s article describing it, which I either forgot about or never saw.

Advertisements

7 Comments

Filed under Office 365, UC&C

Creating Exchange dynamic distribution groups with custom attributes

You learn something new every day… I guess that means I’m ahead of schedule for the day.

A coworker asked if there was a way to use PowerShell to create a dynamic distribution group using one of the AD customAttributeX values. I didn’t know the answer offhand (since I create new distribution groups about every 5 years), but a little binging turned up the documentation for New-DynamicDistributionGroup. Turns out that the ConditionalCustomAttributeN parameters will do what he wanted:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -ConditionalCustomAttribute6 "PeopleToInclude"

It turns out that wasn’t what he really wanted– he wanted to create a dynamic DG to include objects where the custom attribute value was not set to a particular value. The ConditionalXXX switches can’t do that, so he had to use a RecipientFilter instead:

New-DynamicDistributionGroup -IncludedRecipients mailContacts -RecipientFilter {ExtensionCustomAttribute6 -ne "PeopleToExclude"}...

1 Comment

Filed under Office 365, UC&C

Loading PowerShell snap-ins from a script

So I wanted to launch an Exchange Management Shell (EMS) script to do some stuff for a project at work. Normally this would be straightforward, but because of the way our virtualized lab environment works, it took me some fiddling to get it working.

What I needed to do was something like this:

c:\windows\system32\powershell\v1.0\powershell.exe -command "someStuff"

That worked fine as long as all I wanted to do was run basic PowerShell cmdlets. Once I started trying to run EMS cmdlets, things got considerably more complex because I needed a full EMS environment. First I had to deal with the fact that EMS, when it starts, tries to perform a CRL check. On a non-Internet-connected system, it will take 5 minutes or so to time out. I had completely forgotten this, so I spent some time fooling around with various combinations of RAM and virtual CPUs trying to figure out what the holdup was. Luckily Jeff Guillet set me straight when he pointed me to this article, helpfully titled “Configuring Exchange Servers Without Internet Access.” That cut the startup time waaaaay down.

However, I was still having a problem: my scripts wouldn’t run. They were complaining that “No snap-ins have been registered for Windows PowerShell version 2”. What the heck? Off to Bing I went, whereupon I found that most of the people reporting similar problems were trying to launch PowerShell.exe and load snap-ins from web-based applications. That puzzled me, so I did some more digging. Running my script from the PowerShell session that appears when you click the icon in the quick launch bar seemed to work OK. Directly running the executable by its path (i.e. %windir%\system32\powershell\v1.0\powershell.exe) worked OK too… but it didn’t work when I did the same thing from my script launcher.

Back to Bing I went. On about the fifth page of results, I found this gem at StackExchange. The first answer got me pointed in the right direction. I had completely forgotten about file system virtualization, the Windows security feature that, as a side effect, helps erase the distinction between x64 and x86 binaries by automatically loading the proper executable even when you supply the “wrong” path. In my case, I wanted the x64 version of PowerShell, but that’s not always what I was getting because my script launcher is a 32-bit x86 process. When it launched PowerShell.exe from any path, I was getting the x86 version, which can’t load x64 snap-ins and thus couldn’t run EMS.

The solution? All I had to do was read a bit further down in the StackExchange article to see this MSDN article on developing applications for SharePoint Foundation, which points out that you must use %windir%\sysnative as the path when running PowerShell scripts after a Visual Studio build. Why? Because Visual Studio is a 32-bit application, but the SharePoint snap-in is x64 and must be run from an x64 PowerShell session… just like Exchange.

Armed with that knowledge, I modified my scripts to run PowerShell using sysnative vice the “real” path and poof! Problem solved. (Thanks also to Michael B. Smith for some bonus assistance.)

1 Comment

Filed under General Tech Stuff, UC&C

Exchange Connections Fall 2010 call for sessions

My co-chairs and I are working on assembling this year’s Exchange Connections content, which we’ll be presenting November 1-4 in Las Vegas at good ol’ Mandalay Bay. That’s why I’m posting this call for sessions!

Everything you should need to know is in this document.

The deadline for session proposals is May 6 – hurry, hurry, as usual! Although the deadline is May 6, the sooner you can send in session proposals, the better the odds are we’ll be able to choose your sessions. I’ll try and respond to your submissions on the same business day with any thoughts or requests or tweaks. The conference has a brochure to get out pretty much ASAP if we’re going to get people to show up, so time is – as always – of the essence.

Note that we’ll be co-located, as usual, with dedicated conferences for Visual Studio, ASP.NET, Windows, SharePoint, and goodness knows what else – so for these proposals, stick strictly with Exchange and OCS topics.

If you want to submit sessions, see the call for sessions. If you have questions, you can ask them here or via e-mail.

Comments Off on Exchange Connections Fall 2010 call for sessions

Filed under UC&C