четверг, 14 июля 2016 г.

Exchange Server mailbox permissions with Powershell

Send on Behalf – This will grant testuser user send on behalf permissions for Accounting mailbox:

 Set-Mailbox accounting -GrantSendOnBehalfTo testuser


Send As – This will grant testuser user send as permissions for Accounting mailbox:

Add-ADPermission accounting -ExtendedRights Send-As -user testuser



Full Mailbox Access – This will grant testuser user, full access to Accountng's Mailbox:

Add-MailboxPermission -Identity accounting -User testuser -AccessRights FullAccess -InheritanceType All

среда, 13 июля 2016 г.

Allow Anonymous LDAP Binding to an AD LDS Instance




Step by step:


  1. Click Start, point to Administrative Tools, and then click ADSI Edit.
  2. Connect and bind to the configuration directory partition of the AD LDS instance on which you want to allow anonymous LDAP binding. For more information, see Manage an AD LDS Instance Using ADSI Edit.
  3. In the console tree, double-click the configuration directory partition (CN=Configuration,CN={GUID}), double-click the services container (CN=Services), double-click the Windows NT container (CN=Windows NT), right-click the directory service container (CN=Directory Service), and then click Properties.
  4. In Attributes, click dsHeuristics, and then click Edit.
  5. In Value, modify the value of the seventh character in the attribute (counting from the left) to 2, as follows:
    0000002001001
  6. Click OK twice.

вторник, 12 июля 2016 г.

Using ADSIedit to Add or Remove E-mail aliases on on-Premises Active Directory


If you are synchronising your Office 365 account with your on-premises exchange/Active Directory, you will know that you cannot edit exchange user properties using the Office 365 administrator portal.
If you try, you will come across this error or a similar one:
The operation on mailbox “employee-mailbox” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘employee-mailbox’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

In this article, you can know how to add e-mail aliases using the Active Directory Service Interfaces Editor (adsiedit).

Step-by-step guide

  1. Go to Start > Run and type adsiedit.msc
  2. Now, find the unit where your AD user’s reside (for example: Fabricam - Office-RU-SPB)
  3. Right click the user you want to edit and click Properties.
  4. Find the variable proxyAddresses – this is the one you want to edit. 
    When you add new e-mail aliases, you need to make sure that your primary e-mail address will start with upper-case SMTP. Your aliases -  secondary addresses should be lower-case smtp. For example: 
    In the proxyAddresses attribute, you need put:
    SMTP:firstnamelastname@domain.com - Primary address
    smtp:firstnamelastname@domain.com  - alias, aka secondary address 


 Convert pfx\p12 to crt and key with openssl

Step-by-step guide


  1. pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
  2. rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
  3. pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]