PowerShell – script to reset user password in AAD and AD then force sign out from Office 365 services

The only purpose of this script is to act as fast as possible when dealing with a successful phishing attack where one of your users got compromised. You can perform all the steps below one by one using UI but it takes more time which must not be wasted in such a case. So, here are actions the script does: Creates a new random password (you can play with how your temp password should look like). Your user will be forced to change it. Resets a password in the cloud / Office 365. Optionally resets a password in your on-premise AD (if your accounts are synced with Active Directory) Terminates all active Office 365 sessions (Invalidates the refresh tokens issued to applications for a user per Microsoft). In order to reset passwords in AD the script must “Run As” an account that can edit AD. If you are remote, you…

Continue ReadingPowerShell – script to reset user password in AAD and AD then force sign out from Office 365 services

PowerShell – script to show all mailbox rules and disable selected ones

Ever needed to quickly find and disable mail rules in user mailboxes? Look no further as the script below does all of it. It’s a convenience by itself to not go into Exchange Admin Portal, but there might be cases where your user gets hacked, some bad person creates a rule or two. Then you need to disable those quickly. So this script does the following to a specified email: lists all mailbox rules and shows their most important info - its actions, description, and status; then you can select and disable any rule by typing its number until (if desired) all rules are disabled. Don’t forget to replace @contoso.com with your own domain. #---------------------------------------[Functions]--------------------------------------------------- Function List-Rules { param ( [Parameter(Mandatory=$True)]$email ) Begin{} Process{ $collection = @() $i = 0 $rules = Get-InboxRule -Mailbox $email ForEach ($rule in $rules) { $outObject = "" | Select Number,Status,"Rule Name","Applies to emails From","Delete…

Continue ReadingPowerShell – script to show all mailbox rules and disable selected ones

PowerShell – auxiliary script to populate CustomAttribute10 with a Purged Items FolderID

Originally this script ( New-ComplianceSearch script ) would search through Purged Items. That was the downside of it comparing to a "classic" Search-Mailbox you can find here ( Search-Mailbox script ). So imagine you run the script the 1st time, find target messages, and then delete them - the found results make sense. However, should you run the script the 2nd time with the same search criteria, it would find those already purged messages again. That creates some confusion. So it would be great to exclude Purged Items folders from the search. Now, it is possible to do so on the fly ( https://docs.microsoft.com/en-us/microsoft-365/compliance/use-content-search-for-targeted-collections ) but it is very time consuming and takes about 1-3 seconds for each mailbox which stacks up pretty fast. So I came up with a script to take care of this issue by storing a Purged Items FolderID in a CustomAttribute10 of each mailbox. So…

Continue ReadingPowerShell – auxiliary script to populate CustomAttribute10 with a Purged Items FolderID

PowerShell – New-ComplianceSearch script to go through all mailboxes, find a target message, and remove it

Here is another more advanced script that searches for messages of interest, then optionally exports and purges them. So, what makes this script more advanced? Unlike the other script that uses Search-Mailbox ( https://365basics.com/powershell-search-mailbox-script-to-go-through-all-mailboxes-find-a-target-message-and-remove-it/ ) this script below is based on New-ComplianceSearch cmdlet: Pros: Super fast, multi-threaded, takes about 1-2 minutes on average to complete the whole task. As Microsoft is trying to depreciate Search-Mailbox, they put more effort into New-ComplianceSearch, so we can expect new functionality to come in the future. Can create an export file that can be downloaded and investigated. Cons: Always searches through all folders including Purged Items which might create some confusion when showing results (if running the same search again) - see UPDATE 9/30/2019 Cannot copy messages to another mailbox for you to investigate. Of course there are quite a few scripts out there that use New-ComplianceSearch, everyone has their own approach. So let…

Continue ReadingPowerShell – New-ComplianceSearch script to go through all mailboxes, find a target message, and remove it

PowerShell – Search-Mailbox script to go through all mailboxes, find a target message, and remove it

When looking at the title of this post, one might notice I used a target word, and it is on purpose. This script below is useful when trying to remove all types of messages from users' mailboxes whether it's a spam, scam, virus or a an important message that needs to be "recalled". This script is based on Search-Mailbox cmdlet, works well but it has its own pros and cons, more on some of them below. Later I will have another post showing a different and more advanced script to do the same and even better. So stay tuned. Pros: Doesn't search through Purged Items (a bit more about the 3rd layer of Trash is here - https://365basics.com/script-to-search-through-recoverable-and-purged-items-and-restore-those/ ). Can copy messages to another mailbox (IT Help in that example). Cons: Per Microsoft Search-Mailbox will be depreciated, we don't know when it will happen though. Slow (if a target message…

Continue ReadingPowerShell – Search-Mailbox script to go through all mailboxes, find a target message, and remove it

PowerShell – show and adjust resource booking configuration according to 4 scenarios

There is an amazing article (https://itpro.outsidesys.com/2017/11/06/exchange-configuring-the-resource-booking-attendant-with-powershell/) published by John Dougherty on how to adjust resource booking configuration having 4 different scenarios. Those 4 scenarios are: Anyone can book the resource. No delegate approval required. Anyone can book the resource. Delegate approval required for all requests. Only a list of people can book the resource without delegate approval. All others require delegate approval. Only a list of people can book the resource. All others are denied. There are no delegates. Not everything can be done through an Admin portal, that's why having such a PowerShell script is crucial. I decided to do several things to improve that process: Added code to check an existing configuration for every single Room and Resource. If the configuration is any different than these 4 above, then the script notifies you about it. Combined scripts into a single one. Added more user input to not adjust the…

Continue ReadingPowerShell – show and adjust resource booking configuration according to 4 scenarios

Script to search through Recoverable and Purged items and restore those

The purpose of this script is to find deleted messages in a specified user's mailbox. There are 3 levels (when configured) of Trash in a mailbox: Level 1 - Deleted Items (e.g. 30 days) Level 2 - Recoverable items (e.g. 15 days) Level 3 - Purged items (e.g. 15 days) Users usually know about the first two. Moreover, they can only work with the first two from both Outlook and OWA. Only admins have access to Purged items. It makes sense to use this script in at least 2 cases: A user is being terminated on bad terms, decided to permanently delete everything from both Deleted and Recoverable items. A user deleted an email at some point, missed the first 30-day period, then missed the second 15-day period, and then wants to recover that email. If it's less than 60 days (30+15+15) overall then that email can be restored. The script…

Continue ReadingScript to search through Recoverable and Purged items and restore those

Script to add or replace distribution groups of a target user with groups a source user has

This PowerShell script has two use cases combined in it - ADD and REPLACE. Before any change is made the script also shows a group membership for both a target and a source users. Note, the script only processes those distribution groups that are managed in the cloud. If you have some groups synced with Active Directory, those should be processed separately. USE CASE #1 - ADD When Add is chosen, the scripts only adds distribution groups of the source user to the target user's list. Use this part of the script when a target user assumes new responsibilities that another user has but keeps the old responsibilities as well. In other words, the target user needs to have a combination of new and old distribution groups to perform job tasks. USE CASE #2 - REPLACE Essentially, the 2nd part of the script is a combination of the 1st part…

Continue ReadingScript to add or replace distribution groups of a target user with groups a source user has

Script to remove a user from all distribution groups managed in the cloud

The purpose of this PowerShell script is to remove a user from all distribution groups. The script is interactive, it will show the list of groups first, then you have an option to process your request. While the same can be done using Exchange Admin or Microsoft 365 Admin Center, it is much faster using PowerShell. Note, the script only processes those distribution groups that are managed in the cloud. If you have some groups synced with Active Directory, those should be processed separately. $email = Read-Host "Please provide a user's email address to remove from all distribution groups" $mailbox = Get-Mailbox -Identity $email $DN=$mailbox.DistinguishedName $Filter = "Members -like ""$DN""" $DistributionGroupsList = Get-DistributionGroup -ResultSize Unlimited -Filter $Filter Write-host `n Write-host "Listing all Distribution Groups:" Write-host `n $DistributionGroupsList | ft $answer = Read-Host "Would you like to proceed and remove $email from all distribution groups ( y / n )?" While…

Continue ReadingScript to remove a user from all distribution groups managed in the cloud

Script to get mailbox size and number of items info for all users or a single one

This script has two parts in it and depending on the selection it will either run it against a single specified mailbox or all of them at once. Note, running this script against a few hundred mailboxes takes several minutes. So if your company is large with thousands of mailboxes, expect it to take much longer. As part of the output it lists the following parameters - a user name, number of items in the mailbox, its current size, and a maximum allowed size. There is a downside of using this script when running it against all mailboxes. Because Get-MailboxStatistics outputs TotalItemSize as a string only, it makes it harder to search through and sort by. I wish Microsoft could change that and provide data in a number type format. $answer = Read-Host "Would you like to get statistics for all users ( y / n )?" While ("y","n" -notcontains $answer)…

Continue ReadingScript to get mailbox size and number of items info for all users or a single one