Exchange Exporting Mailboxes to PST Files

KB ID 0001360

Problem

Applicable To: This procedure works on all versions of Exchange Newer than Exchange 2010 SP1 (update rollup 8). If your Exchange server is OLDER than that you will need to use the following link;

Exchange 2007 / 2010 (Pre SP1)- Export Mailbox’s to PST files

The following procedure exports a user mailbox to a PST file on a network share.

Solution

Note: Not Even ‘Exchange Organisation Administrators” have the right to import / export mailboxes, you need to grant those rights to your user object, (or a better approach would be to create an admin account just for this purpose, then delete it when you are finished).

[box]

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User {username}

[/box]

Note: This grants import, and export rights.

Create a file share on a drive with plenty of space, ensure the Exchange Trusted Subsystem has read / write access. And ensure the SYSTEM account has full control.

To create the ‘Export Request’

[box]

New-MailboxExportRequest -Mailbox “mailbox-alias” -FilePath \\server-name\share\file-name.pst

[/box]

Note: Add “-IsArchive” to the end of the command for Archive Mailboxes.
Note2: If the export repeatedly fails, add -BadItemLimit 200 to the end and try again, you can also use the -AcceptLargeDataLoss in exceptional circumstances

To view progress;

[box]

Get-MailboxExportRequest
OR
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

 

[/box]

When complete, you need to remove the move request(s);

[box]Get-MailboxExportRequest | Remove-MailboxExportRequest
OR (If you still have movement requests running)
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest[/box]

Using Content Filters

You can specify a content filter to only export emails after a certain date all mail received after 01/01/17 e.g.

[box]New-MailboxExportRequest -Mailbox {mailbox-alias} -ContentFilter {(Received -lt ’01/01/2017’)} -FilePath \\{server-name}\{folder}\{file-name}.pst[/box]

Or to export emails between two dates;[box]New-MailboxExportRequest -ContentFilter {(Received -lt ’31/12/2018‘) -and (Received -gt ’31/12/2017′)} -Mailbox {mailbox-alias} -FilePath {server-name}\{folder}\{file-name}.pst[/box]

Using IncludeFolders (and Exclude Folders)

You can specify IncludeFolders (or ExcludeFolders) to only export emails from certain folders, e.g.

Only export Inbox (and sub-folders) and Sent Items;

New-MailboxExportRequest -IncludeFolders “#Inbox#/*”,”#SentItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Don’t Export Sent Items and Deleted Items;

New-MailboxExportRequest -ExcludeFolders “#SentItems#”,”#DeletedItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Export ALL Mailboxes to  PST

[box]foreach ($Mailbox in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $Mailbox -FilePath “\\{server-name}\{folder-name}\$($Mailbox.Alias).pst” }[/box]

Related Articles, References, Credits, or External Links

Exchange 2000 / 2003 – Exporting Mail to .pst files with ExMerge

Exchange (2010 Post SP1 and Newer) Bulk Importing Mail From PST Files

PowerShell: Find Computers Last Logon Date

KB ID 0001612

Problem

I had to find the last time a particular server had logged on for a client the other week, so we knew for sure it was dead!

Solution

The two commands you may need are;

Locate Servers Last Login Time

[box]

Get-ADComputer -Filter {OperatingSystem -Like '*SERVER'} -Properties lastlogondate,operatingsystem | Select name,laslogondate,operatingsystem

[/box]

Locate Clients Last Login Time

[box]

Get-ADComputer -Filter {OperatingSystem -notLike '*SERVER'} -Properties lastlogondate,operatingsystem | Select name,laslogondate,operatingsystem

[/box]

Short and sweet!

Related Articles, References, Credits, or External Links

NA

Cant Add Repository to a Scale Out Backup Repository?

KB ID 0001611

Problem

When adding repositories to a Veeam Scale Out Backup Repository you may see this error;

Unable to add extent {Repository-Name} because it serves as the target for one or more job types which are not supported by a scale-out backup repository

Selecting ‘Show jobs‘ shows;

Backup-Configuration-Job

Solution

If you didn’t already know, the Backup-Configuration-Job, is a backup of the Veeam database and job settings, it’s what you would use if you wanted to reinstall or migrate Veeam to another server. It gets created automatically, and gets put into your first created repository. Note: It’s considered good practice NOT to have this backup stored actually on the Veeam server, but if your only repositories are on the Veeam server, you don’t have much choice!

To Fix: Simply create a new repository just for the Configuration-Backup-Job, it can be on the same Storage/Array/Disk/Partition as an existing repository (as you can see below). I typically name the repository Config-Backup-Repository to avoid confusion in the future.

Now simply change the job to use the new repository, this is NOT done where all the other jobs are configured! Select Options > Configuration Backup > Change the Repository > (I manually run it, by clicking Backup-Now) at this point, just to make sure all is well.

You should now be able to create your Scale Out Backup Repository without an error.

Related Articles, References, Credits, or External Links

Veeam Backup and Recovery Download

Veeam Availability Suite Download

Veeam Backup For Office 365 Download

Veeam Backup For Azure Download

Veeam Backup for AWS Download

Moving From Photoshop to GIMP

KB ID 0001610

Problem

I upgraded to macOS Catalina last week, and post upgrade all was well, with the exception of Photoshop. I went to see if there was an update, I needed. No! If I want to use Photoshop I need to pay for PhotoShop CC, which costs £10 a month! The fact my friends stateside can get it for $10 a month annoys me even more.

I’ve spent years, shouting about how great Photoshop is, and when people were struggling with it I encouraged them to persevere, because when you got used to is it was second to none. Well as is usually the case as soon as a company/product gets to the top of the food chain, they just assume they can do and charge what the hell they like, and treat their customers pretty shabbily because ‘Hey who cares about one less customer’!

So I’m switching to GIMP (GNU Image Manipulation Program) Which is FREE and pretty awesome. This switch has been much the same as switching form Windows to macOS, it wasn’t as difficult as I thought it was going to be, and now I wish I’d done it a long time ago.

The point of this post is to, highlight all the things I used to do in Photoshop, that I needed to work out how to do in GIMP, so that with any luck this ‘one less customer’ can persuade many more to follow.

I’ll keep updating this with new things as I work them out.

GIMP Open New File the Same Dimensions as the Clipboard Image

I work with a lot of screen shots and desktop images, Photoshop automatically opened a new image with the correct dimensions that matched what I’d copied to the clipboard. GIMP Does this much better, Simply select Edit > Paste as > New Image.

This sets the correct canvas size, and puts the clipboard Images into it, which saves me pasting it in, which I’d have to do in Photoshop 🙂

GIMP Set ALL New File’s with Transparent Background

Out of the box GIMP sets the background colour (or fill with option) to background colour, as does Photoshop, but with Photoshop once you have changed it to transparent background it stops that way, GIMP does not. You need to set ‘Transparency’ as the default option. Preferences > Default Image > Fill with > Set to ‘Transparency’.

GIMP Drawing Arrows:Option 1 (Arrow Brush)

I need to do this a lot when doing walkthroughs and tutorials etc, out of the box GIMP does not do this at all! What you need to do is download arrow_slackermedia then extract it to the following folder you will need to create the Arrow Brushes Folder

\Applications\GIMP-2.10.app\Contents\Resources\share\gimp\2.0\brushes\Arrow Brushes

You can then use the Arrow Brush, change the direction by changing the ‘Angle’ in the brush tool, and set the size accordingly. 

GIMP Drawing Arrows:Option 2 (Arrow Tool

I need to do this a lot when doing walkthroughs and tutorials etc, out of the box GIMP does not do this at all! What you need to do is download this file, then extract it to;

[box]

\Applications\GIMP-2.10.app\Contents\Resources\share\gimp\2.0\scripts

[/box]

Restart GIMP, then you will have an ‘Arrow Tool’. To use it you use the paths tool, set a start point (where the arrow head will be) and an end point;

Then Tools > Arrow-set-size > OK.

I’ll keep updating this……

Related Articles, References, Credits, or External Links

NA

Deploy VMware Horizon View (Part 2)

KB ID 0001609

Back in part one we setup SQL and our Composer server, now we will deploy our VMware Horizon View Connection Server(s).

Install VMware Horizon View Connection Server

On a domain joined Windows server, download and launch the Connection Server installer.

Accept the EULA > Next > Acept or change the install location > Next > Select Horizon ‘Standard’  Server > Next > Set a data recovery password > Next.

Select configure the Windows Firewall > Next > Type in a domain account, (I typically use the domain administrator, you may wish to use another account > Next > Untick the  UEIP > Next  > Next > Finish.

Deploying Additional Horizon Connection Servers

Repeat the install on any additional connection servers BUT this time choose Horizon Replica Server, and specify your first connection server as the ‘Source Server’.

Note: I don’t Deploy Horizon Security Servers any more, it’s much easier to deploy a UAG.

VMware Unified Access Gateway: Horizon Deployment

To access the Horizon Administrator console you will need Flash, this is not normally enabled on Windows Server. To enable it follow this article.

You can now login to Horizon Administrator.

Configuring VMware Horizon Connection Server(s)

First you need to enter your Horizon Licence > View Configuration > Product Licensing and Usage > Edit Licence > Paste yours in > OK.

Vire Configuration > Servers. >vCenter Servers > Add > Type in your vCenter details > Next.

If using Horizon Composer, enter the server details > Next.

Add in your domain details > OK > Next.

Accept the defaults > Next.

Finish.

Horizon Connection Server Certificates

Over on the main dashboard at this point you may see some certificate errors. You can either import certificates from your own CA. But Im going to use a wildcard certificate published by a public CA.

I have my wildcard certificate in PFX format, so I can simply double click it and import it like so. (Note: Remember to I port if to local machine).

Finish the import wizard.

On the connection server settings you will need to change the URLs to match your certificate. (Note: You will disable this later, if you are also deploying UAG appliances).

Now to swap to the newly imported certificate> Start > mmc.exe > Add/Remove  Snap-In > Certificates > Add.

Computer account > Local computer > OK.

Navigate to Certificates > Personal > Certificates > Locate the certificate that has the friendly name vdm and change its friendly name to vdm-backup.

Now locate your publicly signed certificate and change its friendly name to vdm.

Restart the VMware Horizon View Connection Server service to make the swap.

Configure Horizon Event Database

Back in part one we created the database for this, now we just need to enter the details.

View Configuration > Event Configuration > Edit > Enter you SQL Event Database details,  as shown below, if you have a Named SQL instance it will be on a different port number.

That is your infrastructure setup. Now you simply need to create an image, and deploy that image with a pool, and grant a user entitlement to that pool. Creating an Image is quite a lengthy process, and there is always a much better and up to date guide on doing that on VMWare’s website, so I’m not going to cover it here.

Just remember to make sure you put your image in Audit mode, and always install an agent that is the same version as the connection server, and get the latest version of VMWare Tools on there as well! 

Related Articles, References, Credits, or External Links

NA

Deploy VMware Horizon View (Part 1)

KB ID 0001608

Note: You don’t need VMware Composer, or SQL, to use Horizon, but if you want to deploy ‘Composed’ pools then you will, (also if you want to maintain an events database), so I’ll cover this first.

Below I’m going to create a database for Horizon Composer, and Horizon Events. Then I’ll install Horizon Composer.

Horizon View SQL Installation

Installing SQL is straight forward enough, just remember to enable ‘Mixed Mode Authentication’ when you install it, you will also need to install SQL Management studio which is now a separate download. Start by double checking the authentication > {Server-Name} > Properties > Security > Ensure ‘SQL server and Windows Server Authentication’ > OK.

Horizon Composer Database

Database > New Database > Database name VMwareHorizonComposer > Under options set the recovery option to Full > OK.

Security > Logins > New Login > Login name VMwareHorizon > set a password > untick ‘enforce password history’ > User mapping > Select the new user > and select db_owner > OK.

Horizon Events Database

Database > New Database > Database name VMwareHorizonEvents.

Deploy VMware Horizon Composer

On a domain joined Windows server, that you wish to install VMware Composer on, download the Microsoft SQL Server 2012 Native Client Setup. (Yes it will work with newer version of SQL).

Accept the EULA and then accept all the defaults, (there’s no need to install the SQL Server Native Client SDK).

Finish.

Open the ODBC (64 Bit) management console > System DSN > Add > SQL Server Native Client > Next.

Give the connection a name > Enter the name of you SQL Server, (and optionally an instance name) > Next.

Select ‘With SQL Authentication..’ > Enter the username and password you created above, (from within SQL Management Studio) > Next.

Change the default database to ‘VMWareHorizonDatabase‘ > Next.

Finish.

Test Data Source > Assuming it completes successfully > OK.

Run the VMware Composer Installer.

Accept the EULA > Next > Accept or change the install location > Next > Select the ODBC connection you configured above > Enter the username/password you created in the SQL Management Studio > Next. 

Accept the default port > Next > Next > Finish > ‘Yes’ to reboot.

Note: The remainder of the Horizon Composer configuration is done in ‘Horizon Administrator‘, which will be installed on your Horizon Connection Servers (see Part 2)

Related Articles, References, Credits, or External Links

NA

Windows – Stop the Welcome to Internet Explorer from launching via GPO

KB ID 0000459

Problem

If your’e logging on as a new user and Internet Explorer has not yet been ran, then it wants to run the “Setup Windows Internet Explorer Wizard”.

On just one machine with one user that’s fine, but if you are logging in all over the place, with multiple credentials, this can get quite annoying. Also you might not want your domain users having to do this at all, for security reasons.

Solution

On a Single (stand alone) machine.

1. Click start and in the run/search box type gpedit.msc{enter}

2. Navigate to > Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Prevent Running First Run wizard.

Note: In older versions of Windows its called, ‘Prevent Performance of First Run Customize settings

3. If you enable the policy you can set it to either:

a. Go directly to home page.
b. Go to the “Welcome to Internet Explorer” Web page.

4. Reboot the PC or Force a Group Policy Refresh.

In a Windows Domain Environment

1. On one of your domain controllers > Start > Administrative Tools > Group Policy Management Console > Either select and existing policy or create and link one to the COMPUTERS you want this policy to affect. Then edit the policy.

2. Navigate to > Computer Configuration Policies > Administrative Templates > Windows Components > Internet Explorer > Prevent Running First Run wizard.

Note: On older Windows Platforms this is called ‘Prevent Performance of First Run Customize settings.

3. If you enable the policy you can set it to either:

a. Go directly to home page.
b. Go to the “Welcome to Internet Explorer” Web page.

4. Reboot the PC or Force a Group Policy Refresh.

Related Articles, References, Credits, or External Links

Group Policy Preferences and Client Side Extensions

Hybrid Exchange: ‘Mailbox Delegation’ Missing?

KB ID 0001607

Problem

This was asked on EE this morning, if you are on a Hybrid Exchange environment then you cannot allocate Mailbox Delegation to an Office365 mailbox;

However you can add ‘Mailbox Delegation’ to a ‘local mailbox’.

This is completely normal behaviour, to allocate mailbox delegation permissions to your Office 365 mailboxes, you need to use PowerShell.

Managing Mailbox Delegation Permissions in Office 396

I’ve covered elsewhere how to do this, but first connect to Office 365;

View Office 365 Mailbox Delegation Permissions

[box]

Get-MailboxPermission -Identity "Alias or email" | Format-Table

[/box]

Add Office 365 Mailbox Delegation Permissions

[box]

Add-MailboxPermission -Identity "Alias or Email of account granting rights TO" -User "Alias or Email of account granting rights FROM" -AccessRights FullAccess -InheritanceType All

[/box]

To check it worked simply use the Get-Mailboxpermission again;

Remove Office 365 Mailbox Delegation Permissions

[box]

Temove-MailboxPermission -Identity "Alias or Email of account removing rights TO" -User "Alias or Email of account removing rights FROM" -AccessRights FullAccess -InheritanceType All

[/box]

Related Articles, References, Credits, or External Links

NA

VMware: Install PowerCLI

KB ID 0001606

Problem

There was a time you had to go to VMware and download PowerCLI then install it, that’s no longer the case, any machine with a, (reasonably new) version of PowerShell can simply pull the commandlets down from a repository and you are ready to go.

Solution

Firstly if you have the ‘old version’ of PowerCLI you can uninstall it from Add/Remove programs (appwiz.exe).

Before installing, you need to be running Powershell version 5 or above, so issue the following command;

[box]

$psversiontable

[/box]

Below, you will see this is version 4, if yours is the same, you need to upgrade to version 5.

You can upgrade the PowerShell version by installing Windows Management Framework 5.1, like so;

Install PowerCLI with the following command;

[box]

Install-Module -Name VMware.PowerCLI -AllowClobber

[/box]

Why AllowClobber? Well if you have any old commandlets hanging around, they will be updated and if you are installing on a Hyper-V server you can see some errors.

Related Articles, References, Credits, or External Links

NA

VMware Unified Access Gateway: Horizon Deployment

KB ID 0001605

Problem

With older versions of Horizon View, we simply deployed another Connection server and called it a Security Server. The drawback of that is, it requires another Windows licence. You can now deploy  VMware UAG (Unified Access Gateway), try to think of it as a ‘Netscaler for VMware’, and like other VMware solutions it’s a small appliance built on VMware’s ‘Photon’ Linux.

Below is a typical deployment and shows you the ports you will be required to open on your firewall to make this work;

You can deploy multiple UAGs and have them behind a load balancer, or point individual UAGs to separate Horizon Connection servers. Her I’m simply deploying one internal Horizon Connection Server, and one VMware UAG in my DMZ.

Step 1: Deploy the UAG Appliance

I’ve covered deploying OVA files before, but essentially download the OVA, and within your vSphere client select deploy OVF template. Navigate to, and select the OVA file you have downloaded from VMware > Next.

Select your Datacenter and optionally folder > Next.

Pick where you want to deploy the appliance (Cluster etc.) > Next.

Review your settings > Next.

I’m deploying into a DMZ so there will be no shortcutting the firewall! > Single NIC > Next.

Select the storage you want to deploy the appliance to > Next.

Confusingly, (as we have picked single NIC?) set them all to the correct port group > Next.

Specify the IP address > Scroll down.

Complete the DNS and IP settings > Give the appliance a name > scroll down.

Untick CEIP > Set the admin, (needed for the web front end), and root (needed for console login) passwords.

Select the edition to deploy (based on your licence) > Next.

Review the settings > Finish.

Step 2: UAG Pre Configuration Tasks

To allow users to access Horizon machines externally, you need to ensure you have granted Remote Access Rights in Horizon Administrator, Note: This is in addition to any Entitlements you have already setup for the machine pools.

Take a copy of the Thumbprint, from the Horizon Connection Server you will be pointing the UAG at, keep it handy you will need it in a minute.

Optionally

If your UAGs are going into a DMZ there’s a chance that they wont be able to resolve internal domain names, (you can specify internal IP addresses of course). I prefer to enter the names/FQDNs of my connections servers, in the appliances hosts file, so it can be resolved. Log into the console as root;

[box]

vi /etc/hosts

[/box]

If you’re unsure how to use vi, (i.e you don’t wear sandals, or have a ginger pony tail.) Press I (insert) make your changes > Press Esc > Type :wq {Enter}.

Step 3: Configure UAG for Horizon

Connect to the UAG with a web browser (https{ip-address}:9443) > Login with the admin account > ‘Configure Manually’.

Optional: Add Certificate

If you have a publicly signed certificate, the easiest way to import it is with a PFX file and a password, (use the search box above, I’ve covered creating PFX files many times). You need to go to Advanced Settings > TLS Server Certificate Settings > Select admin and internet interfaces, (as required) > Browse to the PFX file and enter the password you set, (for the pfx file!) > Save.

General Settings > Edge Service Settings > SHOW > Horizon Settings > Enable Horizon > Save.

Enter the URL of the internal connection Server, and the Thumbprint you took note of, (above) > Enable PCOIP.

Set the external PCIOP URL to the external IP of the UAG, (or load balancer if using one) and add :4172 to the end, Enable Blast > Set the public URL of the UAG, (or load balancer if using one) and add :443 to the end. Enable Tunnel, and set the same URL again with :443 on the end. If you want to, open the ‘more options’ section and take a look at the optional settings, though I’m leaving everything else on the default settings > Save.

Have a cup of coffee, refresh the page a few times > Log off and back on again, and hopefully all the options should ‘go green‘. If not, check the firewall ports, and make sure the UAG can resolve the name of the connection server.

Over in Horizon Administrator > Select each internal connection server and remove ‘Secure Tunnel‘, PCOIP Secure Gateway, and select ‘Do not use Blast Secure Gateway‘ > OK.

You can register the UAGs, in the Gateway section, but you wont see anything change until they have been used ‘in anger’.

You can now test externally by trying to connect with a Horizon Client.

Related Articles, References, Credits, or External Links

NA