BinaryTree will be comming on site at our next user group meeting. We will be discussing migration planning as well as their new E2E migration tool. We are planning on having some exciting givaways for this meeting so be sure to signup on the meeting event. 

Looking fordward to seeing everyone there.

Since I no longer keep a personal blog I may as well share my inner thoughts here on PhillyExUG.  Things have been crazy busy at work which has really pulled me away from the things I love; my wife; home improvement projects; and music. Tonight I took some time to myself to finish off something I had been working on for a while now. I have off-and-on toyed with actually selling music under the band name "8 Guys From Naples" where I am the sole member. While I'm a fair ways from finishing a complete album I wanted to share the latest song which i still dont have a name for, I am calling it "test" or "sound check" on the debut album I am planning on titling "Reunion."  Enjoy!

 If you have multiple servers on different platforms that need to use the same SSL certificate, such as in a load-balancer environment or UC SSL certificates, you can export the certificate from the Windows certificate store to .pfx file and then convert the file to individual certificate and private key files and use it on an Apache server or anything else which requires the public and private keys in plain text in separate files.    You should take care to prevent unauthorized access to the private key, since with this file a rogue server could be set up to perform a man-in-the-middle attack or client traffic could be routed to this rogue server via a dns exploit or social engineering.

If you are looking for a good windows port of OpenSSL, I typically use Win32 OpenSSL v1.0.0d Light version from: http://www.slproweb.com/products/Win32OpenSSL.html

Exporting to a PFX file:

Click on the Start menu and click   Run.

Type in   mmc   and click   OK.

Click on the File menu and click Add/Remove Snap-in...

Click on the Add button. Double-click on Certificates.

Click on Computer Account and click Next.

Leave Local Computer selected and click Finish.

Click the Close button. Click OK.

Click the plus sign next to Certificates in the left pane.

Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export...

In the Certificate Export Wizard click Next

Choose "Yes, export the private key" and click Next.

Click the checkbox next to "Include all certificates in the certification path if possible" and click,   Next.

Enter and confirm a password. This password will be needed whenever the certificate is imported to another server. (you will also need this password when processing this file with OpenSSL in a few more steps)

Click Browse and find a location to save the .pfx file to. Type in a name such as "myEncryptedCert.pfx" and then click Next.

Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.

Converting the PFX using OpenSSL:

Run the openssl command from where it was installed to from a command prompt:

openssl pkcs12 -in myEncryptedCert.pfx -out myPlaintextCert.txt –nodes

In the “myPlainTestCert.txt” file will be the public and private key. These can be copied into their own files if the public and private keys need to be in seperate files.

Private key will starts with “-----BEGIN RSA PRIVATE KEY-----“

Public key starts with “-----BEGIN CERTIFICATE-----“

 Like any normal Friday at 4:30pm I received a critical request from Human Resources (HR).  Someone had sent out salary data to a large group of users which shouldn't have received that data. They were requesting that we pull the message out of everyone's mailboxes. After obtaining the proper CYA documentation showing that HR was requesting me to remove email from 500+ mailboxes I set to figuring out how to do this. Exchange 2010 makes this pretty simple, I put all the Exchange 2010 users that received the message in a text file called users.txt. After a few minutes of testing I came up with the following:

Get-Content users.txt| %{Search-Mailbox -Identity $_ -SearchQuery "from:Sender@domain.com Subject:'Sending out salary data to the wrong people'" -DeleteContent -Force}

As per the documentation on Search-Mailbox http://technet.microsoft.com/en-us/library/dd298173.aspx  you could have removed the messages from the mailboxes and created a copy at another location by specifying  -TargetMailbox "Mailbox Name" -TargetFolder "Messages" This would will copy the messages found to the mailbox, in this example "Mailbox Name", into a new folder called Messages.  This is useful incase you remove the wrong messages, this way you can get the data back to the user if needed or needed to collect the results for a Legal Discovery or other reasons. 

The search ran quick since Exchange already has content indexes on the mailboxes and you could run it against the entire org by using get-mailbox and piping that to the command but you may want to break it up by server and dispatch the command as a job.  I am planning on covering PowerShell jobs in detail in a later post.

These last few weeks have been a bit busy, but after much demand I have posted up the last 2 months presentations to the meeting pages. Please let me know if you have any questions or would like to discuss any previous topics in greater depth, or if you have any future topics you would like to see.

Lastly the 2011 scripting games are almost here.  Everything kicks off April 4th and runs untill April 15th but you can get your prerequisite reading in at http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/19/2011-scripting-games-all-links-on-one-page.aspx Scripters of all skill levels are welcome to compete.

Good luck!

I don't really want to get in a habit of reposting links to other blogs, but after trying to explain offline address book (OAB) 'stuff' to several people over the last few days I feel it is a good idea to link to an article that explains many of the misconceptions and possible issues with the OAB 

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/offline-address-book-part1.html 

It is a 3 part series on the OAB a very good read for anyone interested.

 I recently ran into an internal virus outbreak at my place of work. We were receiving a lot of virus/worm messages during the outbreak many, many, times the normal message volume, lucky enough all the virus messages had a subject line of “Here you have”.  As soon as we realized what was going on a transport rule was put into place to block the messages on the Hub Transport servers. After several days we were still seeing infected end point on our network sending these messages. We needed a way to identify the infected users, here comes the simple PowerShell one-liner for the day:

Get-TransportServer | % { get-messagetrackinglog -Server "$_" -EventID "FAIL" -MessageSubject "Here you have" -Start "9/12/2010 12:00:01 AM" -ResultSize Unlimited } | Select Sender, Timestamp, MessageSubject | Export-Csv C:\09122010-current.csv

It gets all the Hub Transport Servers then on each HT servers gets the message tracking logs for any messages with match the EventID FAIL. This EvenID is used when a messages matches a transport rule and is dropped. Since we only need the senders Select is used to limit the output to only the senders SMTP address, time and messages subject then send it all to a CSV file.  This CSV file can be opened in Excel and you can see how many messages have been dropped and who your top senders are. Once you have that it’s time to go look at their workstations, scan and clean or reimage.

The other day my boss came over and asked me how many users are using Exchange Active Sync (EAS) for mobile email. Since we are in the process of moving to Exchange 2010 I tried to see if he could wait a few months since Get-ActiveSyncDevice or Get-ActiveSyncDeviceStatistics would have the info I was looking for, but he wanted it by the end of the week, so I got to work. 

2010-06-25 00:00:00 W3SVC1 OWAServerName x.x.x.x POST /Microsoft-Server-ActiveSync User=UserSAMAccountName&DeviceId=ApplXXXXXXXXXX&DeviceType=iPad&Cmd=MoveItems&Log=V4TNASNC:0A0C0D0FS:0A0C0D0SP:1C7I18230S462834R0S0L0H0P 443 domain\samaccountname x.x.x.x HTTP/1.1 Apple-iPad/702.367 - - ourwebmailaddress m 200 0 0 436 542 156

$searchdir = "\\Server1\c$\WINDOWS\system32\LogFiles\W3SVC1\", "\\Server2\c$\WINDOWS\system32\LogFiles\W3SVC1\"

############################################################################# 
# Filename: CollectEASInfo.ps1 
# Searches Exchange 2003 IIS log files for EAS user and Device info and 
#  writes it to a CSV
# 
# Created by Chad Manzer
#   phillyexug.org
#
# Version 1.0 
#           (7/15/2009) - CM Inital relase
#
# DISCLAIMER 
# ========== 
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE  
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. 
#############################################################################  

$startTime = Get-Date
$outfile = "e:\APPL.csv" #Where to save the results
$searchdir = "e:\OWAIIS\" #Directories to search for Exchange 2003 IIS logs
$Files = get-childitem $searchdir |%{$_.FullName}
[Hashtable]$Hash = @{} #defining the Hash table for use later

#Write-Progress -activity "Processing" -status "Getting content of the files..."
Get-Content $Files|%{
	if ($_ -match " User=(.+)&DeviceID=(.+)&DeviceType=(.+)&Cmd")
	{
		$User = $Matches[1]
		$DeviceID = $Matches[2]
		$DeviceType = $Matches[3]
		
		#if the item is already in the hash table do not try to add it again
		if ($Hash.ContainsKey("$DeviceID,") -eq $False)
			# adding commas between items so we can export as a CSV later on
			{$Hash.Add("$DeviceID,", "$User, $DeviceType")}
		
		#Show some type of progress, it drives me nuts staring at a blinking cursor
		if ($i -lt 100) 
			{$i++
			Write-Progress -activity "Reading in Files" -status "User: $User DeviceType $DeviceType DeviceID $DeviceID" -percentcomplete $i
			}
		else {$i=0}
	}
}

#Write the hash file to out output file
Write-Progress -activity "Processing" -status "Writing to $outfile "
$Hash | out-file $outfile -Encoding ascii

#Clean up the output file since the hash table add's extra spaces in the csv we don't need 
Write-Progress -activity "Processing" -status "Cleaning up output file $outfile "
(Get-Content $outfile) -replace ' ','' | Set-Content $outfile

#All done.
Write-Progress -Activity "Processing" -Completed -Status "All done."
Write-Host "Output file is located at: $outfile"
$Endtime = Get-Date
$RunTime = $Endtime - $startTime
Write-Host "Run time: "
$RunTime

We would all like to thank Ed Wilson (The Scripting Guy) for sharing PowerShell best practices with all of us.  We have the video of the presentation up for anyone who may have missed it or would like to refer back to it. Enjoy.

If you would like to view this on your mobile device, for watching on the go, you can go to the viemo page at http://vimeo.com/13395119