Archive
[O365][PS] Exchange Online Powershell Module and connecting to Exchange Online
Example 1:
1 2 3 4 5 6 7 8 9 |
Import-Module (Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter '*ExoPowershellModule.dll' -Recurse | Foreach{(Get-ChildItem -Path $_.Directory -Filter CreateExoPSSession.ps1)} | Sort-Object LastWriteTime | Select-Object -Last 1).FullName $User = "epic@onmicrosoft.com" $PasswordFile = "c:\o365\Password.txt" $KeyFile = "c:\o365\AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig connect-exopssession -pssessionoption $proxysettings -credential $MyCredential |
Example 2:
1 2 3 4 5 6 7 8 9 |
$targetdir = (dir $env:LOCALAPPDATA”\Apps\2.0\” -Include CreateExoPSSession.ps1,Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse | Group Directory | ? {$_.Count -eq 2}).Values | sort LastWriteTime -Descending | select -First 1 | select -ExpandProperty FullName import-Module $targetdir\CreateExoPSSession.ps1 $User = "elau@onmicrosoft.com" $PasswordFile = "c:\o365\Password.txt" $KeyFile = "c:\o365\AES.key" $key = Get-Content $KeyFile $MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) $proxysettings = New-PSSessionOption -ProxyAccessType IEConfig connect-exopssession -pssessionoption $proxysettings -credential $MyCredential |
Troubleshooting Errors:
- New-ExoPSSession : user_realm_discovery_failed: User realm discovery failed
1 2 3 4 5 6 |
New-ExoPSSession : user_realm_discovery_failed: User realm discovery failed At C:\Users\adm_elau\AppData\Local\Apps\2.0\806D2EJM.EAP\C421GW28.ARQ\micr..tion_1975b8453054a2b5_0010.0000_b9d3168c8e461adc\CreateExoPSSession.ps1:301 char:30 + ... PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName.Va ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [New-ExoPSSession], AdalServiceException + FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession |
-
- Check proxy settings in IE
- New-ExoPSSession: The SSL certificate could not be checked for revocation.
1 2 3 4 5 6 7 |
New-ExoPSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following error message : The server certificate on the destination computer (outlook.office365.com:443) has the following errors: The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:12 + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri ht ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : 12175,PSSessionOpenFailed |
-
- Set winhttpbyusingsetproxycommand:
- Show: netsh winhttp show proxy
- Set Proxy: netsh winhttp set proxy <proxy url or ip>:<port>
- Reset Proxy: netsh winhttp reset proxy
- Set winhttpbyusingsetproxycommand:
[PS] Creating a Key File and Password File
Creating a Key File and Password File
With PowerShell, we can generate a 256-bit AES encryption key:
Creating the AES.key
1 2 3 4 |
$KeyFile = "C:\o365\AES.key" $Key = New-Object Byte[] 32 # You can use 16, 24, or 32 for AES [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key) $Key | out-file $KeyFile |
Creating the password file
1 2 3 4 5 |
$PasswordFile = "Password.txt" $KeyFile = "AES.key" $Key = Get-Content $KeyFile $Password = "P@ssword1" | ConvertTo-SecureString -AsPlainText -Force $Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile |
Using the key and password file
1 |
$User = "username"$PasswordFile = "c:\o365\Password.txt"$KeyFile = "c:\o365\AES.key"$key = Get-Content $KeyFile$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key) |
[PS] Write-host and tips
Write-host (Alias: write)
Example for foreground color and background color:
Write-host “text” -ForegroundColor red -Background Color white |
- Using foreground and background will break a variable writing stored
Powershell has a built in color scheme
Write-warning (yellow on black) |
Write-error (red on black) |
[PS] Working with Variables
Variables uses the $ (Dollar Sign). Takes text, integers, and store output from cmdlets.
Examples:
Storing strings
$Var=”Hello”
Storing integars
$Var=”5″
$Var=”1.0″
Storing output from cmdlets
$Var=Get-Services bits (Grabs a Service Controller Object)
– $Var.status would output status
– $Var.stop() would stop bits services
– $Var.refresh() refreshes the storage
Storing using user input
$Var=Read-host “Enter string to be stored”
[PS] List of Aliases Used in PowerShell
HelpUri | ResolvedCommandName | DisplayName | ReferencedCommand | ResolvedCommand | Definition | Options | Description | OutputType | Name | CommandType | Visibility | ModuleName | Module | RemotingCapability | Parameters | ParameterSets |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
http://go.microsoft.com/fwlink/?LinkID=113300 | ForEach-Object | % -> ForEach-Object | ForEach-Object | ForEach-Object | ForEach-Object | ReadOnly, AllScope | System.Collections.ObjectModel.ReadOnlyCollection1[System.Management.Automation.PSTypeName] |
% | Alias | Public | None | System.Collections.Generic.Dictionary2[System.String,System.Management.Automation.ParameterMetadata] | ||||
http://go.microsoft.com/fwlink/?LinkID=113423 | Where-Object | ? -> Where-Object | Where-Object | Where-Object | Where-Object | ReadOnly, AllScope | System.Collections.ObjectModel.ReadOnlyCollection1[System.Management.Automation.PSTypeName] |
? | Alias | Public | None | System.Collections.Generic.Dictionary2[System.String,System.Management.Automation.ParameterMetadata] |
[EXO] Manage mailbox auditing
Display the list of mailbox actions that are currently being for a mailbox for each logon type:
1 2 3 |
Get-Mailbox <username> | Select-Object -ExpandProperty AuditOwner Get-Mailbox <username> | Select-Object -ExpandProperty AuditAdmin Get-Mailbox <username> | Select-Object -ExpandProperty AuditDelegate |
Enable rest of the auditing actions
1 2 3 |
get-mailbox elau | set-mailbox -auditowner @{Add="create","softdelete","harddelete","update","move","movetodeleteditems","mailboxlogin","updatefolderpermissions"} get-mailbox elau | set-mailbox -auditadmin @{Add="create","folderbind","messagebind","sendas","sendonbehalf","softdelete","harddelete","update","move","copy","movetodeleteditems","updatefolderpermissions"} get-mailbox elau | set-mailbox -auditdelegate @{Add="create","folderbind","sendas","sendonbehalf","softdelete","harddelete","update","move","movetodeleteditems","updatefolderpermissions"} |
Full list:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
"update", "copy", "move", "movetodeleteditems", "softdelete", "harddelete", "folderbind", "sendas", "sendonbehalf", "messagebind", "create", "mailboxlogin", "updatefolderpermissions", "addfolderpermissions", "modifyfolderpermissions", "removefolderpermissions", "updateinboxrules", "updatecalendardelegation", "recorddelete", "applyrecord", "mailitemsaccessed", "updatecompliancetag" |
Restoring to default:
1 |
Set-Mailbox <username> -DefaultAuditSet Admin,Delegate,Owner |