Exchange Online and PowerShell: How to extend Max Sent Size for your users in bulk?

Hey Guys and girls hope you all are taking care of your health and staying safe during this Covid-19 situation.

So here is just a simple blog post that I’m going to write about, if you are going to do some big changes towards your user’s mailbox features, of course PowerShell is the right method to perform.

As you may know that Microsoft have extend the max size of send message to 150MB, this is not default size but is a allow size for your necessary.

Here is the code;

#First you got to connect to the Exchange Online PowerShell to get the commands

Connect-ExchangeOnline -UserPrincipalName <Global admin UPN> -ShowProgress $true

#You would want to get the primary ID which is the recipient type details because you are going to make changes on the user mailboxes, this code will gather all mailboxes that are UserMailbox type and the change will take in.

Get-Mailbox -RecipientTypeDetails UserMailbox | Set-Mailbox -MaxSendSize 50MB -Verbose

#Next to get confirmation that all users has apply the change, write out the result or you could export it to csv, using the Export-Csv command

Get-Mailbox -RecipientTypeDetails UserMailbox | Select Name,MaxSendSize

That is about it! Simple as that!

References:

  1. https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
  2. https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#message-limits

PowerShell: Unable to delete Stuck Data Leak Policy using “-ForceDeletion”

Hi Guys and girls, hope you all are doing well, and remember to stay safe. Just got the PowerShell check on the command “Remove-DlpCompliancePolicy“, it seems that Microsoft had made some changes to it and had removed the “-ForceDeletion” parameter from the “Remove-DlpCompliancePolicy” command.

Appreciated and thanks to the commenter that ping me on this at one of my older blog post https://sabrinaksy.com/2019/01/04/office-365-security-and-compliance-data-leak-protection-dlp-azure-information-protection-aip-integration-unable-to-delete-dlp-policy/ .

Just to announce that if you would like to remove or delete the stuck DLP policy in Security and Compliance, you would have to raise a ticket to Microsoft and inform them to perform the force deletion at their backend. There are users experience this and it is resolved through Microsoft Support.

 

References

  1. https://docs.microsoft.com/en-us/powershell/module/exchange/remove-dlpcompliancepolicy?view=exchange-ps
  2. https://answers.microsoft.com/en-us/msoffice/forum/all/dlp-policy-stuck-on-deleting/6b7bc384-e330-4ca8-bfdd-f84101f814c8

How to change Forest Functional Level and Domain Level?

Note:

Make sure you have Enterprise Admin account/permission to run this command and run the PowerShell as Admin. 

If you run into error that you can’t bring up a new Domain Controller due to Operating System is not in the suitable forest functional level, this solution could help you out. RODC is not accepted to run these commands.

I am not sure whether does this require FSMO roles to make the changes towards these functional levels. Hence, I run these commands on the Primary domain controller.

  1. Login to your existing domain controller using an enterprise admin account
  2. Run the Windows PowerShell as Admin
  3. Type in the following command to change the forest functional level
    • #Get Forest level Info
      Get-ADForest
      
      #To Set the forest level
      Set-ADForestMode -ForestMode <Operating System Name>
      
      #Example: Set-ADForestMode -ForestMode Windows2012R2Forest
  4. Type the following command to change the domain level
    • #Get Domain level Info
      Get-ADDomain
      
      #To Set the forest level
      Set-ADDomainMode -DomainMode <Operating System Name>
      
      #Example: Set-ADDomainMode -DomainMode Windows2012R2Forest

 

Would recommend that you study on the difference between Forest Functional Level and Domain level. I would write a blog post about it soon!

 

Troubleshoot Hard Matching Immutable ID, Failed with Error “Uniqueness Violation”

When you perform a hard matching via PowerShell and you notice that once you run the Set-MsolUser command on the correct account, it return an error “Uniqueness violation. Source anchor”. Hmm what could be the cause for this error???

Well the reason for the cause of this error is obvious that there is still existing duplicated account is still not fully removed from Active Users list and Recycle Bin.

 Note:

This post requires you to know the basic commands like Connect-MsolService, Set-MsolUser, Remove-MsolUser and Get-MsolUser.

So what you got to do is to run the remove command to remove the duplicated account. Once fully remove from the Active Users list and Recycle Bin, you could continue to set the immutable ID on the correct account.

Oh yea….if the account that you wish to set the new or correct immutable ID make sure it is empty or cleared before you set the new or correct ones.

Happy PowerShell!

 

PowerShell: WinForm GIF Player for Fun

 

I just notice I forgotten to blog about this experience. It may seem useless, but I had a fun Sunday spending on it.

Anyway, here is the code for it, you could improve it.

*Note: Highlighted in YELLOW needs you to change it!

#Create a form

Add-Type -AssemblyName System.Windows.Forms

$Form = New-Object System.Windows.Forms.Form

$Form.AutoSize = $true

$Form.StartPosition = "CenterScreen"

Write-Host "Running GIF Player ..."



#Adding some text

$Form.Text = "GIF Player"

$Label = New-Object System.Windows.Forms.Label

$Label.Location = New-Object System.Drawing.Size(0,0)

$Label.AutoSize = $true

$Label.Font = New-Object System.Drawing.Font ("Comic Sans MS",20, [System.Drawing.Fontstyle]::Bold)

$Label.Text = "Hello Sunday ~"

$Form.Controls.Add($Label)



#Get the local saved GIF

$gifBox = New-Object Windows.Forms.picturebox

$gifLink= (Get-Item -Path '<filepath>\cathello.gif')

$img = [System.Drawing.Image]::fromfile($gifLink)

$gifBox.AutoSize = $true

$gifBox.Image = $img

$Form.Controls.Add($gifbox)



#Execute the form

$Form.ShowDialog()

 

GIF.PNG

 

PowerShell: PowerShell with MFA

It seems that more users are heading to enabling MFA but when it comes to managing via PowerShell, it can’t seem to login with their credential on normal PowerShell module.

When you have MFA enabled, you got to install the module  that’s support MFA. Pretty extra right? haha yea I know. Administrators tends to prefer GUI to manage but on other occasion we still need PowerShell to manage our cloud services.

To search for the PowerShell module tends to be a little tricky but hey I’m here to help you.

So enough of chit chat….let’s get it on!

First of all you got to open up your Exchange Online Portal > hybrid > Select the second option; Not the first option!

Capture

Note:

*Make sure your laptop or computer has the latest .Net Framework to support this module and supported Windows Operating System.

Once you got it install it will create a shortcut for you;

Capture

Anyway, do expect the Connect command will be the same as the usual PowerShell module.

Connect-EXOPSSession – Exchange Online

Capture.PNG

Connect-IPPSSession – Security and Compliance

Capture

References:

  1. https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps

PowerShell: Goodbye old Azure Rights Management module

Today I decided to say goodbye to a PowerShell command module, its name is Azure Rights Management, for short AADRM. Why? If you remember or read my old blog post about Rights Management in Azure then you know why I am saying Goodbye to it. Remember the old Azure Portal? https://manage.windowsazure.com

Before saying Goodbye, I was glad to experience this generation of Azure Rights Management, in 2017 and seeing the improvement and growth of it makes me happy. Now I am moving forward to the AIP Service module, where the new Rights Management named “Azure Information Protection”. AADRM End-of-life is on July 2020. During my first experience with AADRM, it was quite complicated to understand and manage it, because of its commands different from what I usually do.

Alright to install AIP Service module, what you should do first? When you already have AADRM installed, you have to uninstall it via PowerShell Run as Administrator. If you try to install the AIP Service module before uninstalling AADRM, it will give you an error saying “You already have the following commands ‘Get-AADRM and etc…’“.

This new AIP Service Module contains the new commands which are the AIP Service commands, don’t worry this new module still has the AADRM commands.

aip01.PNG If you happen to have MFA enabled, AADRM module and the new AIP service module does support.

 

 

PowerShell: Understading the use of Format-Table and Select

Just past a few days one of my colleagues was having trouble exporting the result that he wants. So I help him out to clarify what he must do and what must not do.

His PowerShell command was;

Get-Team | Format-Table DisplayName, MailNickName
  • Format-Table or ft command is used for formatting the selected properties into table form.
  • Gives you a nice view of the table form of the properties in the PowerShell console only.
  • If you were to export the Format-Table into a CSV, it will look like one whole chunk together in a column.

09.PNG

To export the result into CSV you got to use the “Select” command and then pipe with the Export-Csv command.

  •  “Select” or “Select-Object” command it serves the purpose of selects specified properties of an object or set of objects.
Get-Team | Select DisplayName, MailNickName | Export-Csv "<filename.csv>"

OR

Get-Team | Select DisplayName, MailNickName > "<filename.csv>"

 

PowerShell to detect Packet Loss

A friend of mine has been asking assistance from me to clarify with him on his PowerShell coding, he said he only knows one person does PowerShell and that is why he came to me. Anyway, thanks and I am feeling a little shy, HAHAHA! Glad to help out a good friend.

He has been trying to code out packet loss detection via PowerShell, and yes I do agree that sometimes it is tricky when comes to understanding the variables, example how is this reading and the outputting is a different thing?

So back and forth of clarification, he finally did it! Congratulations! You could check it out his program he has written and posted up on GitHub;

Cheah Eng Soon – Packet Loss Detection

PowerShell for Packet Loss Detection

Today I receive a message from a good friend in Singapore, asking for help on PowerShell. Well, is glad that someone comes to me asking for help on PowerShell. Sorry I could get a little bit excited whenever question on PowerShell. There are many ways to achieve this though, so don’t limit yourself. It is kind of an experimental situation with him on this packet loss detection too. This post is kind of to give you a hint of how you could create your own packet loss detection.

So this is mine but you can modify it,

  1. This is a constant IP address value (you can include hostname)
    • Try{
          #Stop progress if failure to achieve a successful return
          Test-Connection <IP address> -ErrorAction Stop
      }
      
      Catch{
          #Return an error message
          $ErrorMessage = $_.Exception.Message
          Write-Host $ErrorMessage
      }
  2. You can have it in data entry form too
    • #Data Entry of IP address that you wish to test connection, 
      #if connection successful there will be test conenction result 4 times (by default)
      $IPAddress=Read-Host "IP address"
      
      Try{
          #Stop progress if failure to achieve a successful return
          Test-Connection $IPAddress -ErrorAction Stop
      }
      
      Catch{
          #Return an error message
          $ErrorMessage = $_.Exception.Message
          Write-Host $ErrorMessage
      }
    • Testing how are the result and behavior is. I disconnected from the Internet and an error message return instantly.
    • ps01_LI (3).jpg
  3. For repetitive capability or 24×7, you got to be careful the resource exhaustion. Please check your task manager what is the performance when the PowerShell is running.
  4. You can even have it to return to send an email using the Send-MailMessage command, you can use default SMTP or your organization SMTP Server (this is a bit tricky)
    • Send-MailMessage -From 'User01 <user01@fabrikam.com>' -To 'User02 <user02@fabrikam.com>', 'User03 <user03@fabrikam.com>' -Subject 'Sending the Attachment' -Body "Forgot to send the attachment. Sending now." -Attachments .\data.csv -Priority High -DeliveryNotificationOption OnSuccess, OnFailure -SmtpServer 'smtp.fabrikam.com'

Good luck with your testing! 

References:

  1. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage?view=powershell-6