Upload
lykhue
View
263
Download
1
Embed Size (px)
Citation preview
User Guide – PowerShell for Exchange
Online
Prepared by: Vodafone Shared Services Limited
This document is meant for Vodafone cloud customers only and is confidential & legally privileged.
Please do not reproduce copy or disclose this document or its contents with any third party/ies nor use it
for purposes other than this document has been shared for.
2 | P a g e
Table of Contents
INTRODUCTION ........................................................................................................................................... 4
CONNECT TO ONLINE EXCHANGE FROM POWERSHELL ..................................................................... 5
GET OFFICE365 DETAILS........................................................................................................................... 8
EXTRACT MAILBOX DETAILS ......................................................................................................................... 8
EXTRACT MOBILE DEVICE INFORMATION ..................................................................................................... 12
EXTRACT LAST LOGIN DETAILS ................................................................................................................... 13
EXTRACT ARCHIVE DETAILS ....................................................................................................................... 14
EXTRACT DISTRIBUTION GROUP DETAILS .................................................................................................... 15
MAILBOX ACCESS PERMISSIONS .......................................................................................................... 16
SEND AS PERMISSION ................................................................................................................................ 16
SEND ON BEHALF PERMISSION .................................................................................................................... 18
EMAIL FORWARDING PERMISSION ............................................................................................................... 19
FULL MAILBOX ACCESS PERMISSION ........................................................................................................... 21
ASSIGN PERMISSION ON DOMAIN ............................................................................................................... 26
CONFIGURE MAILBOX .............................................................................................................................. 27
ENABLE ARCHIVING TO ALL USERS.............................................................................................................. 27
MODIFY TIMEZONE SETTINGS ..................................................................................................................... 27
CONFIGURE AUTO-REPLY .......................................................................................................................... 28
SET UP SHARED MAILBOX .......................................................................................................................... 29
SET PRIMARY SMTP ADDRESS FOR A MAILBOX ........................................................................................... 29
EMAIL FORWARDING .................................................................................................................................. 30
CONFIGURE DISTRIBUTION GROUP ............................................................................................................. 34
CREATE BULK DISTRIBUTION GROUP .......................................................................................................... 38
CONFIGURE DYNAMIC DISTRIBUTION GROUP ............................................................................................... 39
CLIENT ACCESS SETTING ....................................................................................................................... 40
ACTIVESYNC ............................................................................................................................................. 41
OUTLOOK ACCESS (MAPI) .......................................................................................................................... 42
OWA ACCESS ........................................................................................................................................... 43
IMAP ACCESS .......................................................................................................................................... 44
3 | P a g e
POP3 ACCESS .......................................................................................................................................... 45
SECURITY .................................................................................................................................................. 46
ENABLE MAILBOX AUDITING ....................................................................................................................... 46
CONFIGURE CALENDAR PERMISSION .......................................................................................................... 46
HIDE A USER FROM GAL ............................................................................................................................ 48
INCREASE SINGLE ITEM RECOVERY TIMEFRAME .......................................................................................... 49
ENABLE KNOWN ATTACHMENT TYPES TO OWA ........................................................................................... 50
REFERENCE LINKS ................................................................................................................................... 51
4 | P a g e
Introduction
PowerShell (also known as Windows PowerShell) is a command-line environment
that's designed specifically for system administration. PowerShell helps IT professionals
and power users control and automate the administration of the Windows operating
system and applications, such as Office 365.
The most basic part of PowerShell is called a cmdlet (pronounced command-let).
Cmdlets allow you to do things in the Office 365 PowerShell environment like
adding users to your Office 365 organization, managing Office 365 license assignments
and know which mailboxes are inactive.
Windows PowerShell allows you to manage Office 365 using a single point of
administration by using automated and scripted actions and streamlines your daily work.
Some Benefits of PowerShell
1. Windows PowerShell Can Reveal "Hidden" Information Not Available in the
Admin Center
2. Office 365 has Features That You Can Only Configure by Using Windows
PowerShell
3. Windows PowerShell Excels at Carrying Out Bulk Operations
4. Windows PowerShell is Great at Filtering Data
5. Windows PowerShell Makes It Easy to Print or Save Data
6. Windows PowerShell Lets You Do "Cross-Product" Management
In this document we are going to see some basic commands which will help to
administrate Office 365
5 | P a g e
Connect to Online Exchange from PowerShell
1. Open windows powershell
2. Store your credentials in $livecred veriable.
$livecred = Get-credentials
6 | P a g e
3. Type Office 365 admin user credentials
4. Define PowerShell Session to connect Online Exchange in $Session variable
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -
ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -
Authentication Basic –AllowRedirection
7 | P a g e
5. Import Online exchange PowerShell session.
Import-PSSession $Session
Once Import part is done we can start working on PowerShell.
8 | P a g e
Get Office365 Details
Extract Mailbox details
1. Export All users First Name, Last Name and E-mail Address use this command
$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq
'UserMailbox')} Get-User | Select-Object FirstName, LastName,
WindowsEmailAddress | Export-Csv [ Location of the CSV file ]
2. Get list of users with licenses assigned use this command
Get-msoluser -all | ForEach-Object { "============="; $_.DisplayName;
$_.licenses[0].servicestatus }
9 | P a g e
3. To get all the attributes of a given mailbox use the following command.
Get-mailbox <mailbox ID> | fl
10 | P a g e
4. To find all mailboxes that is associated with specific domain use the following
command.
Get-Mailbox | where {$_.EmailAddresses -match "DOMAIN NAME”} | ft
Name, RecipientType, EmailAddresses
5. To Get UPNs for all the users in the organization use the folowing command.
Get-User | Where-Object {$_.UserPrincipalName -like "*" + $searchText +
"*"} | fl UserPrincipalName
11 | P a g e
6. To Retrieves auto-reply settings for a mailbox use the following command
Get-MailboxAutoReplyConfiguration <Mailbox Id>
12 | P a g e
Extract Mobile device information
1. To get complete mobile device information for a user use the following command.
Get-Mobiledevicestatics -mailbox<Mailbox ID>
13 | P a g e
Extract Last Login details
1. To check the last logon time for all the users in the domain use the following
command.
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Select
DisplayName, LastLogonTime | export-csv c:\FolderName\FileName.csv –
notypeinformation
14 | P a g e
Extract Archive details
1. To get archive statistics use this command
Get-MailboxStatistics <Mailbox Id> -Archive
2. To retrieve archive size and related details for multiple users and have the results
formatted as a table use following command
Get-Mailbox -Filter {ArchiveStatus -eq "active"} | Get-MailboxStatistics -
archive | ft DisplayName,ItemCount,TotalItemSize,StorageLimitStatus –auto
15 | P a g e
Extract Distribution group details
1. To identify all the Security Groups use the following command.
Get-DistributionGroup -Filter '(GroupType –eq
"Universal,SecurityEnabled")'
16 | P a g e
Mailbox access permissions
Send as Permission
1. To configure Send As permissions Run the following command.
Add-RecipientPermission <identity> -AccessRights SendAs -Trustee
<user>
Enter “Y” to confirm.
2. To Verify Send as permission Run the following command.
Get-RecipientPermission –identity username
17 | P a g e
3. To View all Send As permissions you've configured in your organization Run
the following command.
Get-RecipientPermission | where {($_.trustee -ne 'nt authority\self') -and
($_.trustee -ne 'null sid')}
4. To remove Send As permission from a mailbox Run the following command.
Remove-RecipientPermission -Identity <Mailbox ID 1> -AccessRights
SendAs -Trustee <Mailbox ID 2>
18 | P a g e
Send on behalf permission
1. To configure Send On Behalf Of permissions Run the following command
Set-Mailbox -Identity <Mailbox ID 1> -GrantSendOnBehalfTo <Mailbox ID 2>
2. To verify the send on behalf of Permission Run the following command.
Get-Mailbox -Identity <Mailbox ID 1> | Select GrantSendOnBehalfTo
3. To remove send On Behalf Of permissions Run the following command.
Set-Mailbox -Identity <Mailbox ID 1> -GrantSendOnBehalfTo $NULL
19 | P a g e
Email forwarding permission
1. To configure email forwarding use the following command.
Set-Mailbox -Identity <Mailbox ID> -ForwardingSmtpAddress <Target SMTP
Address>
2. To verify E-mail Forwarding on a mailbox use the following command.
Get-Mailbox -Identity <Mailbox ID 1> | Select ForwardingSmtpAddress
20 | P a g e
3. To Remove email forwarding from a mailbox use the following command.
Set-Mailbox -Identity <Mailbox ID> -ForwardingSmtpAddress $NULL
4. To save a copy of the message to the local mailbox before the message is
forwarded to another SMTP address
Set-Mailbox -Identity <Mailbox ID> -ForwardingSmtpAddress <Target SMTP
Address> -DeliverToMailboxAndForward:$true
21 | P a g e
Full mailbox access permission
1. To grant full mailbox access permission to one user Run the following command.
Add-MailboxPermission -Identity <Mailbox ID 1> -User <Mailbox ID 2> -
AccessRights FullAccess -InheritanceType All -Automapping $False
2. To Grant Read only permissions to a user mailbox use the following command
Add-MailboxPermission -Identity <mailbox on which read permissions need
to be given> -User <mailbox to which read permissions needs to be
granted -AccessRights ReadPermission
22 | P a g e
3. To Remove Read only permissions to a user mailbox use the following
command
Remove-MailboxPermission -Identity <mailbox on which read permissions
need to be given> -User <mailbox to which read permissions needs to be
granted -AccessRights ReadPermission
23 | P a g e
4. To verify User Mailbox permissions use the following command.
Get-MailboxPermission -Identity <Mailbox ID 1> | Select User,
AccessRights, Deny
5. To Grant full access permission of shared mailbox use the following command
Add-MailboxPermission -Identity <Mailbox ID 1> -User <Mailbox ID 2> -
AccessRights FullAccess -InheritanceType All
24 | P a g e
6. To Grant a user access to a room mailbox where the administrator may want to
specify that user as the Owner
Add-MailboxPermission -Identity <Mailbox ID 1> -Owner <Mailbox ID 2>
7. To verify Mailbox Owner
Get-MailboxPermission -Identity Meetingroom1 -Owner
25 | P a g e
8. To assign permissions to one user to have full access on all the mailboxes use
the following command.
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq
'UserMailbox') -and (Alias -ne '<Mailbox ID 1>' )} | Add-MailboxPermission -
User <Mailbox ID 1> -AccessRights fullaccess -InheritanceType all -
Automapping $<true/false>
9. To remove permissions to one user to have full access on all the mailboxes use
the following command
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq
'UserMailbox') -and (Alias -ne '<Mailbox ID 1>' )} | Remove-
MailboxPermission -User <Mailbox ID 1> -AccessRights fullaccess -
InheritanceType all
26 | P a g e
Assign Permission on Domain
1. To assign Full access permission to one user to specific domain in the
organization use the following command.
Get-Mailbox | where-Object {$_.EmailAddresses -match "DOMAIN NAME"} |
Add-MailboxPermission -user <Mailbox ID 1> -AccessRights FullAccess -
Automapping $<true/false>
2. To Remove full access permission to on user to specific domain in the
organization use the following command.
Get-Mailbox | where-Object {$_.EmailAddresses -match "DOMAIN NAME"} |
Remove-MailboxPermission -user <Mailbox ID 1> -AccessRights
FullAccess
27 | P a g e
Configure Mailbox
Enable Archiving to all users
1. To Enable archive mailboxes for all users in your organization use the following
command.
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq
'UserMailbox')} | Enable-Mailbox -Archive
Modify TimeZone settings
1. To Modify Time Zone / Language / Date Format / Time Format for a user mailbox
use the following command
Set-MailboxRegionalConfiguration -identity <Mailbox Id> -TimeZone
"<TimeZone>" -Language <language> -DateFormat <format> -TimeFormat
<format>
28 | P a g e
Configure Auto-reply
1. To schedule internal and external Auto-replies for a mailbox use the following
command.
Set-MailboxAutoReplyConfiguration <Mailbox Id> –AutoReplyState
Scheduled –StartTime “Start Date” –EndTime “End Date” –
ExternalMessage “External OOF message” –InternalMessage “Internal OOF
message”
2. To Disable auto-reply configured for a mailbox use the following command.
Set-MailboxAutoReplyConfiguration <Mailbox Id> –AutoReplyState
Disabled –ExternalMessage $null –InternalMessage $null
29 | P a g e
Set up Shared mailbox
1. To set up a new shared mailbox use the following command.
New-Mailbox -Name "Name of the mailbox" -Alias alias name for that
mailbox -Shared
Set primary SMTP address for a mailbox
1. To set the primary smtp address for a mailbox use the following command.
Set-Mailbox <mailbox name> -WindowsEmailAddress <primary smtp
address that you want to set>
30 | P a g e
Email Forwarding
1. To Find all users with Forwarding Address is set to Internal Recipient use
following command
Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name,
ForwardingAddress, DeliverToMailboxAndForward
2. Find all users with Forwarding Address is set to External Recipient use this
command
Get-Mailbox | Where {$_.ForwardingsmtpAddress -ne $null} | Select
Name, ForwardingAddress,ForwardingsmtpAddress,
DeliverToMailboxAndForward
31 | P a g e
3. To set Email Forwarding to ALL Users to internal Recipient & save local copy
use following command
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-DeliverToMailboxAndForward $true
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-ForwardingAddress <Office 365 User Email Address>
4. To turn off Forwarding rule for ALL Users to internal Recipient
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-ForwardingAddress $null
32 | P a g e
5. To set Email Forwarding to ALL Users to External Recipient & save local copy
use following command
New-MailContact -Name “User name” -ExternalEmailAddress
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-DeliverToMailboxAndForward $true
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-ForwardingSmtpAddress <Office 365 User Email Address>
33 | P a g e
6. To turn off Forwarding rule for ALL Users to external Recipient
Get-Mailbox | Where {$_.RecipientType -eq "UserMailbox"}| Set-Mailbox
-ForwardingSmtpAddress $null
34 | P a g e
Configure Distribution Group
1. To create new distribution group use the following command
New-DistributionGroup -Name "ITDepartment" -Members
[email protected],[email protected],[email protected],julia@con
toso.com
2. To become an owner of a Distribution Group use the following command
Set-DistributionGroup -identity <Distirbution Group ID> -ManagedBy
<Mailbox Id> –BypassSecurityGroupManagerCheck
35 | P a g e
3. To become an owner of all the Distribution Groups in your domain run the
following command
Get-DistributionGroup | Set-DistributionGroup -ManagedBy <Mailbox ID> –
BypassSecurityGroupManagerCheck
4. To add Member into distribution group use the following command
Add-DistributionGroupMember –Identity “Distribution Group Name” –
Member [email protected]
5. To view all the members of a distribution group use the following command.
Get- DistributionGroupMember –Identity “Distribution Group Name”
36 | P a g e
6. To find all distribution groups that is associated with specific domain use the
following command
Get-DistributionGroup | where {$_.EmailAddresses -match "DOMAIN
NAME"} | fl Name, EmailAddresses
7. To Add e-mail aliases to a Distribution Group use the following command
Set-DistributionGroup "Distribution Group Name Here" -EmailAddresses
37 | P a g e
8. Import Distribution Group members from a CSV File
Import-Csv <Path>| foreach {Add-DistributionGroupMember -Identity
<Distribution Group Name> -Member $_.identity}
Users CSV should be in following format
38 | P a g e
Create Bulk Distribution group
1. Create bulk Distribution Groups from a CSV File
Import-CSV <Path>| foreach {New-DistributionGroup -Name $_.name -Type
$_.Type}
Distribution groups CSV should be in following format
39 | P a g e
Configure Dynamic Distribution group
1. To create a new dynamic distribution group by using a customized filter use the
following command
New-DynamicDistributionGroup -Name "India Management Team" -
RecipientFilter {(RecipientType -eq 'UserMailbox') -and (Title -like 'Director*'
-or Title -like 'Manager*') -and (Department -eq 'IT')}
2. To view the members of the dynamic distribution group use the following
command.
$members = Get-DynamicDistributionGroup -Identity “Name of the
distribution group”Get-Recipient –RecipientPreviewFilter
$members.RecipientFilter
40 | P a g e
Client Access Setting
1. To View the protocols enabled for client connections for one or all mailboxes use
the following command.
Get-CASMailbox <Mailbox ID>
41 | P a g e
ActiveSync
1. To Disable ActiveSync Use the following command. Set-CASMailbox -Identity <Mailbox ID> -ActiveSyncIntegrationEnabled
$false
2. To Enable ActiveSync Use the following command. Set-CASMailbox -Identity <Mailbox ID> -ActiveSyncIntegrationEnabled
$true
42 | P a g e
Outlook Access (Mapi)
1. To Disable Outlook Access Use the following command.
Set-CASmailbox <Identity> –mapienabled $false
2. To Enable the Outlook Access Use the following command.
Set-CASmailbox <Identity> –mapienabled $true
43 | P a g e
OWA Access
1. To Disable OWA use the following command
Set-CASMailbox -Identity <Mailbox ID> -OWAEnabled $false
2. To Enable OWA use the following command
Set-CASMailbox -Identity <Mailbox ID> -OWAEnabled $true
44 | P a g e
IMAP Access
1. To Enable IMAP for a specific user, run the following command
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $True
2. To Disable IMAP for a specific user, run the following command
Set-CASMailbox <Alias, Primary SMTP, or UPN> -ImapEnabled $False
45 | P a g e
POP3 Access
1. To Enable POP3 for a specific user, run the following command Set-CASMailbox <Alias,Primary SMTP, or UPN> -PopEnabled $True
2. To Disable POP3 for a specific user, run the following command Set-CASMailbox <Alias,Primary SMTP, or UPN> -PopEnabled $False
46 | P a g e
Security
Enable Mailbox Auditing
1. To Enable mailbox auditing for all user mailboxes in your organization use the
following command.
$UserMailboxes = Get-mailbox -Filter {(RecipientTypeDetails -eq
'UserMailbox')}$UserMailboxes | ForEach {Set-Mailbox $_.Identity -
AuditEnabled $true}
Configure Calendar Permission
1. To assign Bulk Calendar Permission to a user use the following command.
$users = Get-mailbox $users | ForEach-Object {Add-
MailboxFolderPermission $_":\Calendar" –User
<User_who_need_permission> -AccessRights <Permission Level>}
47 | P a g e
2. To set a user's calendar to show „limited details‟ by default use the following
command.
Set-MailboxFolderPermission –AccessRights LimitedDetails –Identity
user:\calendar –user default
3. To Set the Room calendar to show the „Organiser‟ and „Subject‟ of the meeting
use the following command.
Set-CalendarProcessing -Identity <Room Mailbox Id> -
AddOrganizerToSubject $true -DeleteComments $false -DeleteSubject
$false
48 | P a g e
Hide a user from GAL
1. To hide user from gal (Global Address List), use the following command.
Set-Mailbox -Identity <Mailbox Id> -HiddenFromAddressListsEnabled $true
2. To unhide hidden user from gal (Global Address List), use the following
command.
Set-Mailbox -Identity <Mailbox Id> -HiddenFromAddressListsEnabled $false
3. Hide all the users from GAL use the following command.
Get-mailbox | Set-mailbox -HiddenFromAddressListsEnabled $true
4. Unhide all the users from GAL use the following command.
Get-mailbox | Set-mailbox -HiddenFromAddressListsEnabled $false
49 | P a g e
5. To hide mail contact from GAL use the following command
Set-mailContact –Identity ContactEmailaddress –
HiddenFromAddressListsEnabled $True
Increase Single Item Recovery timeframe
1. To increase Single Item Recovery timeframe to 30 days
Set-Mailbox -identity "Display Name" -SingleItemRecoveryEnabled
$True -RetainDeletedItemsFor 30
2. To verify time frame use this command
Get-Mailbox -identity "Peter Parker" | fl RetainDeletedItemsFor
50 | P a g e
Enable known attachment types to OWA
1. To Enable OWA to access all known file types that come as attachments use the
following command.
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -
AllowedFileTypes
'.rpmsg','.xlsx','.xlsm','.xlsb','.tiff','.pptx','.pptm','.ppsx','.ppsm','.docx','.docm
','.zip','.xls','.wmv','.wma','.wav','.vsd','.txt','.tif','.rtf','.pub','.ppt','.png','.pdf','.o
ne','.mp3','.jpg','.gif','.doc','.bmp','.avi','.xml'
51 | P a g e
Reference links
1. Exchange Online cmdlets
https://technet.microsoft.com/library/jj200780(v=exchg.160).aspx