Microsoft keeps a list of problems: Current issues with Microsoft Exchange ActiveSync and third-party devices
After some problems at a customer i looked deeper at these problems.
Most problems come’s with iOS devices (iPhone and iPad)
Sow I made a list of al iOS versions (6,7 and 8) and there problems.
To keep this simple i created a powershell script: Block-IOS-Devices.ps1 or you can download it from the Technet Script Libary: Block iOS devices with Block-IOS-Devices.ps1 Script
Yesterday i was at customer who had problem dat transaction logs Rapid growl.
It was on a Exchange 2013 Server with CU5.
For Exchange 2010 there was released a KB http://support.microsoft.com/kb/2814847
This is still a issue for Exchange 2010, Exchange 2013 and Office 365.
Microsoft has al ready blocked IOS 6.1 – 6.1.1 devices at Office 365.
Server was OK…. But When i run Get-EASDeviceReport.ps1 i saw some IOS 6.1 devices. Sow we going to block this IOS versions.
Powershell:
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B141” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B142” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B143” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1 10B144” -characteristic DeviceOS -accesslevel block
New-ActiveSyncDeviceAccessRule -querystring “iOS 6.1.1 10B145” -characteristic DeviceOS -accesslevel block
When i visit a lot of company’s i see many times that the home folder directory have not the right rights. To fix this that’s al lot of work. Sow it time to write about it. I wrote a nice powershell script to fix it and save me and you a lot of time.
Three steps :
1. Set Share Permissions for the Everyone group to Full Control.
2. Use the following settings for NTFS Permissions (http://support.microsoft.com/kb/274443):
Pay attention when configuring the home directory or folder redirection policies. If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL 
3. Run the Following script Repair-HomeFolderPermissions.ps1
________________________________________________________________________
#########################################################################
# Script: Repair-HomeFolderPermissions.ps1
# Author: Ward Vissers http://www.wardvissers.nl
# Date: 20/11/2014
# Keywords:
# Comments:
# Pre-Requisites: Full Control over destination folder.
#
# +————+—–+———————————————————+
# | Date | Usr | Description |
# +————+—–+———————————————————+
# | 20/11/2014 | WV | Initial Script |
# | | | |
# +————+—–+———————————————————+
#
# 1. http://support.microsoft.com/kb/274443
#
# 2. Set Share Permissions for the Everyone group to Full Control.
#
# 3. Use the following settings for NTFS Permissions:
#
# CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
# System – Full Control (Apply onto: This Folder, Subfolders and Files)
# Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
# Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
# Everyone – List Folder/Read Data (Apply onto: This Folder Only)
# Everyone – Read Attributes (Apply onto: This Folder Only)
# Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
#
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################
$dirpath = “D:\Data\user”
# get list of all child directories, in the current directory
$directories = dir $dirpath | where {$_.PsIsContainer}
# iterate over the directories
foreach ($dir in $directories)
{
# echo out what the full directory is that we’re working on now
write-host Working on $dir.fullname using $dir.name
# setup the inheritance and propagation as we want it
$inheritance = [system.security.accesscontrol.InheritanceFlags]“ContainerInherit, ObjectInherit”
$propagation = [system.security.accesscontrol.PropagationFlags]“None”
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow
# get the existing ACLs for the directory
$acl = get-acl $dir.fullname
# add our user (with the same name as the directory) to have modify perms
$aclrule = new-object System.Security.AccessControl.FileSystemAccessRule($dir.name, “FullControl”, $inheritance, $propagation, “$allowdeny”)
# check if given user is Valid
$sid = $aclrule.IdentityReference.Translate([System.Security.Principal.securityidentifier])
# add the ACL to the ACL rules
$acl.AddAccessRule($aclrule)
# set the acls
set-acl -aclobject $acl -path $dir.fullname
}
__________________________________________________________________________
New Features in Microsoft Virtual Machine Converter 3.0
The 3.0 release of MVMC adds the ability to convert a physical computer running Windows Server 2008 or above server operating systems or Windows Vista or above client operating systems to a virtual machine running on Hyper-V host.
Standard stuff is:
Microsoft has recently updated the Microsoft Exchange 2013 Public Folders Directory Sync Support Scripts to version 15.00.1017.003.
Brief Description
Scripts to enable creation of public folder related objects in the O365 Active Directory and synchronization of public folder related Active Directory objects between on-premise and O365 directories.
Overview
Use this scripts if you need to do one of the following – – Initial creation of mail enabled public folder objects in the destination Active Directory for public folder migration from Exchange 2007 or 2010 to Exchange 2013 – Synchronization of mail enabled public folder objects from cloud to on-premise Active Directory – Synchronization of mail enabled public folder objects from on-premise to cloud Active Directory – Synchronization of public folder mailbox objects from cloud to on-premise Active Directory
Mark Scholman has been working on a new script project to configure Hyper-V hosts.
This tool allows you to configure hyper-v hosts. It is using the converged network setup as described in this blog post. What it does is the following:
On the to-do list is the following and will be added with upcoming releases:
How to use the tool:
On the newly provisioned Hyper-V Server start the Deploy-HyperVHost.ps1. On the Configure Nic’s tab select the adapters you want to use for Management (MGT / LM / CSV) and click “Set Management Adapters”:
Notice the list box will refresh with the new names for the adapters. Next select the adapters you want to use for VM Network and click “Set VMNet Adapters”
Finally configure Storage adapters:
Result is that we have configured all adapters now with a logical name we can use in the rest of the deployment:
Side note: I used 2 adapters for each team configuration, but you can use for example 3 adapters or 4 adapters for Management and 2 or 3 for the VMNet. The script is intelligent on using the logical names and reusing them in the Team setup.
Next part is to setup the host parameters and start the deployment of the host. Go to the tab “Configure host”
We need to specify the next parameters:
Host Name
The name of the server.
Domain Name
The domain to join the server to.
Management IP
The ip address for the management interface.
Management VLAN
If you’re using vlans specify the vlan id. Untagged is vlan 1.
Management gateway
The gateway for the management network.
Live Migration IP
The ip address for live migration (LM) communication
Live Migration VLAN
The VLAN id used for the LM network.
CSV IP
Cluster IP Address.
CSV VLAN
Cluster VLAN ID.
Primary DNS
The Primary DNS server to use for management network.
Secondary DNS (optional)
If applicable: The second DNS server for the management network.
Domain Controller Name
The Name of a Domain Controller. (needs remote Powershell enabled)
Local Admin Group Name (optional)
Name of a Domain group what is configured to be Local Administrator on the host
Group OU Path (optional)
The OU DN where the group needs to be created.
LAB: Build HyperV on HyperV
Used for demo purposes when you want to run this tool in a Hyper-V Virtual Machine. (Team settings and Hyper-V Role modification in the VM)
Next click on the “Deploy Host” button and enter domain admin credentials
Now wait until the server automatically reboots. While server is rebooting you can verify that the computer is in the domain and the local group is created:
When the server is rebooted login as the domain admin and start the Deployment tool again.
The last tab is for Configure the Cluster. You can create a new cluster:
Or add the node to an existing cluster:
Download the script http://gallery.technet.microsoft.com/Hyper-V-Deployment-Tool-419679d3
The Troubleshoot-DatabaseSpace.ps1 script is used by Microsoft System Center Operations Manager 2007 to detect and correct any excess log growth or Microsoft Exchange database (.edb) file growth that, if unchecked, may cause database downtime. By default, System Center Operations Manager 2007 runs the script every 15 minutes. However, you can use Task Scheduler to configure and run this script to monitor database log and file growth.
The Troubleshoot-DatabaseSpace.ps1 script performs the following actions:
Note:
To avoid critical issues, make sure the value for the HourThreshold parameter is large enough to give you time to react during normal business hours while enough free space is available. If drives are filling up faster than the value specified, immediate action must be taken to protect the disk.
$true against the specified database. You may need to move mailboxes to a new server to rebalance space.
The default settings used in the Troubleshoot-DatabaseSpace.ps1 script are defined in the StoreTSConstants.ps1 script.
Command: .\Troubleshoot-databasespace.ps1 -server MBX01 -PercentLogFreeSpace 10 -PercentEDBFreeSpace 10 -HourThreshold 5 -Quarantine
Taskscheduler: powershell.exe -PSConsoleFile “C:\Program Files\Microsoft\Exchange Server\V14\bin\exshell.psc1” -command “. ‘C:\Program Files\Microsoft\Exchange Server\V14\Scripts\Troubleshoot-databasespace.ps1’ –server EX01 -PercentLogFreeSpace 10 -PercentEDBFreeSpace 10 -HourThreshold 1 -Quarantine”
Here I’ll share some free tools that can help simplify Microsoft Exchange deployment, troubleshooting, and administration. Some of the tools are simple—but still convenient—whereas others provide some powerful functionality.
There are some tools you can use during deployment to ease the process and reduce issues in the future, tools you can use for troubleshooting to reduce down-times, and tools you can use during day-to-day administration to monitor server health and perform tasks.
Microsoft’s Exchange Server Deployment Assistant is an online tool that produces a custom step-by-step checklist you can utilize during a server installation or upgrade. It first asks you questions about your current and desired deployment environment, such as the deployment type (on-premise, cloud, or hybrid), migration questions, desired features/functionality, and other miscellaneous caveats that impact the installation or upgrade.
Microsoft’s Remote Connectivity Analyzer is a website with many tools to help test and troubleshoot connectively of Exchange servers, Outlook, Lync, OCS, Office 365, and POP, IMAP, and STMP email. Plus it offers downloadable Connectivity Analyzer Tools for local testing and a message header analyzer.
PFDAVAdmin and ExFolders
These are tools that enable you to perform tasks on Exchange public folders and mailboxes, such as checking or changing permissions. It can also connect to mailboxes, check the contents, and generate reports. PFDAVAdmin is for Exchange 2000, 2003, and 2007 and ExFolders is the updated version for Exchange 2007 and 2010 SP1 and later.
The Jetstress tool simulates disk I/O load on your server, allowing you to specify the amount of simulated Exchange users and profiles. This can help you verify the performance and stability of your server before installing Exchange and putting it into production-use.
These are calculator tools that give sizing recommendations for your particular Exchange server roles for both client access and mailbox. The 2010 version is focused on mailbox calculations while the 2013 version includes recommendations on sizing Client Access servers too.
This Exchange Environment Report tool is from Steve Goodman and is a PowerShell script that generates an automatic overview of your Exchange environment. It supports Exchange 2003, 2007, 2010 and 2013 servers and database availability groups. It reports the number of and details about the servers, mailboxes, roles, and versions. It also gives you useful status on the Database Availability Groups (DAG) and non-DAG databases.
Exchange Reports offers reports on overall information about your Exchange Environment, supporting Exchange 2010 & Exchange 2013. You can keep an eye on configuration changes and status with Group Reports, Single Group Information, Mailbox Report, Single Mailbox Information, Message Tracking, and Environment Report.
The program doesn’t require any installation, but requires .Net 4.0, Powershell 2.0, and Remote Powershell access to the Exchange Server. Reports can be saved in history and also exported to Excel.
Microsoft’s Microsoft Exchange Server MAPI Editor (MFCMAPI) tool provides access to MAPI stores, useful when troubleshooting Exchange and Outlook issues, which can serve as a replacement to the old Microsoft Exchange Server Information Store Viewer. You can open and navigate through the message stores that are exposed through MAPI.
The Free Exchange Monitor from SolarWinds supports Microsoft Exchange Server 2000 and 2003. It keeps tabs on the Exchange server stats, services, mail queue sizes, and host server health. In addition to notifying you of outages it can be useful in troubleshooting Exchange server problems and even help with pro-active monitoring, for instance detecting growing mail queues that can indicate bigger issues like transport failures, Internet connection failures, and virus activity.
This is another monitoring application, but from ManageEngine and supports Exchange Server 2003, 2007, 2010, and 2013. It gives stats on server health and Exchange services. It also provides details on the client access server, transport, Active Sync counters, and delivery aspects. You can generate real-time performance reports to be downloaded or emailed in PDF format.
Exclaimer Outlook Photos can help you import staff photos into the Active Directory so they’ll show up in the Outlook People Pane, SharePoint profile, and on Microsoft Lync. It can auto-match pictures from a batch to names or other data in Active Directory, and even automatically crop and center the photos as well.
Exchange 2007 enables SSL within IIS by default, but creating and managing SSL certificates via PowerShell commands can be confusing. However, the Certificate Manager for Exchange 2007 from U-BTech eases the process with a GUI.
You can generate an Exchange 2007 Certificate Signing Request and process the Certificate Authority and enable certificates for Exchange 2007 Services (POP, IMAP, SMTP, IIS, UM). Plus you can include additional subject names in a single certificate. It supports import and exporting as well.
Exchange PST Capture from Microsoft will search your network for PST files and then import those files to mailboxes in your organization. It supports both on-premises Exchange Server 2010 and 2013 and Exchange Online. This tool can help, for instance, during the initial deployment of an Exchange Server, to move local Outlook data files into the Exchange Server.
After you install Microsoft Exchange Server 2013 Cumulative Update 5, your monitoring solution indicates that the Microsoft Exchange Shared Cache Service restarts frequently.
This problem occurs because the managed availability probes that monitor this service have a time-out value that is too sensitive for standard operation. This causes the managed availability process to restart the service.
As of Exchange Server 2013 Cumulative Update 5, this notice and the frequent restarts of the managed availability process are considered not to be a concern.
Therefore, you can safely ignore the problem.
Microsoft has published a Windows PowerShell script that you can use to disable the probes to prevent the Exchange Shared Cache service from restarting.
The Following Powershell scripts that every Exchange Admin must have 
Test-ExchangeServerHealth
Get-DagHealth
PelNet.ps1
ADinfo.ps1
Get-VirDirInfo.ps1
CertificateReport.ps1
Get-EASdevicereport.ps1
Get-MailboxReport.ps1
Get-DailyBackupAlerts.ps1
Install-Exchange2013.ps1