Collecting event logs

In the past month I had several times the need for collecting event logs across multiple servers or parsing exported ones from *.evtx files. Get-WinEvent is the perfect Cmdlet for doing this as you can use it for querying both with.

But of course the out-of-the-box experience, usage and output didn’t fit others and my own requirements. Therefore I ended-up in writing a new script.

Continue reading
Advertisements

Formatting output of Admin- and UnifiedAuditLog

I often have to perform searches in the Exchange AdminAuditLogs on-premises and in EXO or in the UnifiedAuditLogs, which are only in EXO available. Depending on the need I either analyse them using Out-GridView or export them to CSV file.

Challenge is always proper formatting. There are thousands way of doing, but here are my.

Continue reading

Why X500 addresses are so important

There are many posts and a few KB articles related to legacyExchangeDN and X500 addresses. Here some a few examples:

These are only a few examples. But there is even more: Calendar items and especially recurring meetings are highly depending on legacyExchangeDN.

In a recent M&A scenario the decision was made to perform a cleanup of X500 addresses, which definitely caused quiet a number of tickets.

Continue reading

EWS and OAuth

Since world is moving towards Cloud and away from Basic authentication, I also have to address this in my scripts. With the latest announcement on The Microsoft Exchange Team Blog about the Upcoming changes to Exchange Web Services (EWS) API for Office 365, I get a lot of questions from people about this.

First of all: This change is ONLY for Office 365!

Besides this I appreciate this change and believe it or not with the latest Exchange versions you can use OAuth already on your on-premises environment.

In this post I describe how get your tokens using ADAL, which can be used for accessing a mailbox via EWS. Most of you might already used a tool, which supports OAuth, but weren’t aware of: EWS Editor

Continue reading

Exchange Online migration and TooManyBadItemsPermanetException

I’m sure that a lot of people have seen this issue before when migrating to Exchange Online:

The BadItemLimit was exceeded and therefore the move request failed.

A while a go Ben Winzenz wrote an excellent post on the You Had Me At EHLO blog, where he mentioned that there was a change in Exchange Online and now failed mapping of SIDs will count towards the BadItemLimit.

So far so good, but how do we solve such issues when increasing of bad item limit is not an option and you have to migrate approx. 130.000 mailboxes?

Update 28.08.2018

Due to some issues while removing invalid permissions with Exchange Cmdlets, I enhanced the script. Read more about it here

Continue reading

Get-AutoDV2

In my previous post Troubleshooting Autodiscover I wrote about Autodiscover service and the difference between POX and SOAP requests. Over the last years Microsoft evolved Autodiscover and introduced a new Autodiscover service V2. The new version is based on JSON and the main difference is the fact you don’t need to be authenticated.

Continue reading