Archive for September, 2011

[Redirect] New-PasswordReminder.ps1 v2.2 – Target Specific OUs, Better Password Policy Info, Code Tweaks

September 30th, 2011 35 comments

Here’s the latest version of the script. For information on previous builds, including installation instructions, please see New-PasswordReminder.ps1 v2.1 – updated to include better formatting, preview, and installer!

Issues resolved:

  1. added some missing ‘alt’ tags for some images in email HTML code
  2. added $HelpDeskURL variable in param block. That resolves the problem of some links that weren’t clickable (whoops!)
  3. updated links to point to new blog. This includes the one in the event log message.

#2 is the only one that you need to worry about. Line 166 defines a URL for your Help Desk:

[parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory=$false)]
[string]$HelpDeskURL =,

New features/additions

  1. added code to determine global minimum password length & format message accordingly
  2. added code to determine global password complexity requirements & format message accordingly
  3. added some parameter validation
  4. added ability to target a single OU, and its children
  5. updated the Send-MailMessage line based on user feedback

#1 and #2 are quite similar. The script now looks at the default domain password policy and retrieves the minimum password length and complexity requirements. It then uses this info to formulate the text for the email. In previous versions of the script, the HTML code had to be set manually.

#3 is just to make sure valid info is passed to some of the parameters.

#4. This was a reader request. To target a specific OU, set the OU in the param block. Look at line 185

[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, Mandatory = $false, HelpMessage = "Please specify an Organizational Unit")]
[string] $ou

And set $ou to the full name of the OU, such as

[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $false, Mandatory = $false, HelpMessage = "Please specify an Organizational Unit")]
[string] $ou = "ou=myusers,dc=contoso,dc=com"

The script will only check user accounts in that OU, and ALL CHILD OUs.

#5 was done to improve performance, but also get around an issue that was reported by a reader. Two issues resolved at once!

Download the new version at and keep those comments coming!

Exchange and Lync Session Videos From Tech·Ed 2011

September 29th, 2011 No comments

My Travelling Tech Gear

September 25th, 2011 1 comment

While on a project, a bunch of us sat in the “war room” for more than 7 months. During the time, we often talked about various technologies, including what we carry with us from day-to-day. When someone would mention some cool gadget they had, of course, in short order, many others in the room would buy the same gadget. It gets contagious. So I thought I would list what I carry from day-to-day.

My backpack of choice is the Tumi Business Class Brief Pack. This is a durable Checkpoint Friendly backpack. If you’re not familiar with Checkpoint Friendly bags and backpacks, they are bags designed to help you breeze through airport security. They do this by keeping the laptop area completely separate from the rest of the bag. That area unzips partially from the rest of the bag so that while it’s going through the x-ray, it’s clearly visible.

I’m in airports about a hundred times a year, so not having to take out my laptop and put it into a bin by itself is quite convenient. The rest of the gear that gets crammed into the backpack includes:

  1. Lenovo X1 Carbon with an i7 processor and 8GB of RAM. This thing has a 256GB SSD. It’s MUCH lighter that my previous beast.
  2. Toshiba 14″ USB powered monitor. This is one of the best items I’ve purchased. This gives me a multi-screen solution while at customer sites.
  3. Bose QC20 noise cancelling earphones. These replaced my QC3 headphones just to conserve space and weight.
  4. Microsoft Touch Mouse. One, two, and three finger gestures.
  5. Satechi Portable Energy Station. Always convenient to recharge things like the iPad, Kindle, or cell phone when in an area that has no outlets, like smaller airport terminals.
  6. Griffin Technology USB mini-cable set
  7. 6′ stereo audio cable
  8. 6′ HDMI cable. Great for watching movies from the laptop on the hotel TV.
  9. Bose MIE2 earphones. Great for listening to hair metal, or taking the occasional call. These are very comfortable, and are my headset of choice for long cell calls.
  10. An audio “Y” cable
  11. A Square reader. This is perfect for when I need to perform a credit card transaction. Works great with the iPad. And it’s free.
  12. A pair of Oakley reading glasses
  13. 12′ CAT6 LAN cable (that rarely gets used)
  14. A small prescription bottle with meds and various medical remedies like Aleve and cold/sinus medication.
  15. CountyComm Compact Battery Holder with 4 AA batteries for my mouse.
  16. 2 Sandisk 32GB thumbdrives. One is bitlocker encrypted (just like my laptop drives). The other is a bootable Win 8.1 unit that also has all of my laptop software in case I need to reload on the road (which happened once when the primary SSD on my Dell laptop failed).
  17. A  compact Microsoft 3 port surge protector. It’s small and comes in handy in conference rooms where there are never enough outlets, as well as in areas where power can be unpredictable.
  18. 3x Startech 6″ USB Micro cables.
  19. 2x Startech 6″ USB Mini cables.
  20. 3′ USB extension cable
  21. Jabra Speak 410 Bluetooth speakerphone that also works great as a microphone into Microsoft OneNote.
  22. Platronics Voyager Legend Bluetooth headset. REALLY cool unit that even recharges in the case!
  23. 13″ Apple MacBook Pro w/ Retina Scan
  24. Apple Magic Mouse
  25. PlugBug World
  26. The Ethernet dongle for the X1
  27. Hardware tokens including RSA, and the one for my code signing certs
  28. A couple of small screwdrivers that fit the tiny screws on laptops
  29. An SD card reader
  30. A small card/organizer that has membership cards for all of my travel accounts, including air, hotel, rental car, etc. I also keep all of my courtesy coupons in there.
  31. A small micro-fiber cloth and small brush to keep the laptop screen and keyboard clean.

Many of the cables and small items are attached to a Cocoon GridIt to keep them organized, as well as keeping them somewhat flattened out to make it easier for TSA to see things on the x-ray. The GridIt comes in a ton of various sizes.

Some things that are usually in my roll-aboard (summer) or Scottevest Fleece 5.0 (24 pockets – spring/fall) or Scottevest Revolution jacket (26 pockets – winter) include

  1. Sony Cyber-shot DSC-H55 digital camera

The only reason these last items aren’t in my backpack isn’t because of space. It’s TSA. Too much gear crammed into the compartments of the backpack makes it hard for the TSA folks to get a clear view via X-ray, and results in having to remove some items and have the backpack rescanned. That’s of course, counter-productive to having this particular backpack. I don’t use either of these too often, but keep them handy just in case. The items in my backpack are carefully placed in specific locations to avoid TSA issues. I have, however, been asked by TSA several times about the Toshiba monitor. It folds pretty flat, and some agents are just intrigued by it.

And items that are always in my roll-aboard:

  1. 2nd power supply for the laptop
  2. power supply for the Surface Pro

These are generally used in my hotel room. If I’m on a long-term project and have a dedicated seat or cube, I often bring a Dell docking station to leave at the site with a power supply. This makes things more convenient.

Yes. The backpack is heavy. But that really doesn’t bother me, and I sometimes walk 1/2 mile or more from a hotel to a client site.

Some things that have previously been in my backpack, but have been replaced by other gear:

  1. Dell Precision M4500 laptop. It has an i7 processor, 16GB of RAM, and two SSD drives. The 15.6″ screen works great. A 3M privacy screen helps when using the laptop in an airport or on a plane.
  2. iPad 64GB 3G. This will likely be replaced soon with a Samsung Series 7 slate running Windows 8.
  3. Kindle DX. This is the larger screen model which is great for reading tech books with screenshots.
  4. Polycom CX100 USB speakerphone. I use this for Lync calls occasionally.
  5. Jawbone Jambox (Black Diamond). This is relatively new to the backpack. Great sound and much more convenient when on conference calls, or when calling PSS.
  6. Plantronics Voyager Pro+  wireless headset.
  7. Kindle cable and AC adapter
  8. FitBit base station
  9. A super small microphone. This plugs into the laptop, and is used by OneNote when I’m at conferences to capture the presenter’s voice while I take notes.
  10. Garmin nuvi 680 GPS and car mount
  11. Bose Bluetooth headset
  12. Bose QuietComfort 3 noise cancelling headphones
  13. 6′ VGA cable.
  14. A Verizon 4G/LTE MiFi that gets used heavily. I use this at conferences (where WiFi can be sporadic at best), in hotel rooms (for connectivity for laptop and tablet), and client locations where the MiFi might provide quick, unfiltered Internet access.
  15. Plantronics .Audio 470 USB headset. Perfect for long calls. Long cable, audio in both ears, comfy….
  16. Microsoft Surface Pro w/ 64GB microSD card and type cover

So, what am I missing? If you have a piece of gear that you simply can’t live without when traveling, comment below.

Categories: Personal Tags:

Office Speaker Setup

September 25th, 2011 No comments

I was getting pretty tired of using the basement for my home office. The white noise from my server rack, as well as the noise from the washer and dryer, furnace, and other random things got old. And the cement floor was quite cold in the winter. So, I decided to hijack an unused bedroom and turn it into the dream office.

I figured if I was moving so that external noises weren’t an issue, I’d have to be able to create some of my own. With a ~5TB iTunes library, it’s obvious I like to listen to music. So premium sound was an absolute requirement.

I needed speakers that sounded great, but were not in the way. With a 4 monitor setup for my primary workstation, I didn’t want even more clutter. My monitors are mounted to two Ergotron DS100 dual monitor stands. One uses the grommet mount base through one of the holes in the desk. I knew there had to be a way to utilize the monitor stands for my speakers.

I spent some time at the local Bose store, and concocted a plan around the Companion 5 multimedia speaker system. The Companion 5’s main speakers are mounted to a small stand by a single screw on the back. I removed the screw and stand. Next, I took some normal hose clamps and drilled a single hole through them big enough for the screw. Then I took the original screw, threaded it through the hole in the clamp, and back onto the speaker.

Next, I took some normal foam tubing, like that used to insulate home water pipes, and cut two 2″ pieces. I took one piece, wrapped it around the vertical base of the monitor stand, then put the hose clamp connected to the speaker around that. Essentially, I was putting some padding between the hose clamp and monitor stand. This was for two reasons. The first is that the monitor stands aren’t cheap, and I didn’t want to scratch them up if my genius idea didn’t work. The second was that I like to listed to my hair metal LOUD. I didn’t want any rattling or things loosening up.

After some tweaking and adjusting, the idea worked perfectly. I used some Velcro cable straps to keep the cables at bay. Other than the speakers, I spent about 5 bucks on the foam tubing, Velcro, and hose clamps.

Left speaker, as seen from just above desktop level

Left speaker, as seen from the side. Note hose clamp and foam tubing

Right speaker. This uses the normal base since there was no hole in the desk. Note iPod and iPhone cradles, and speaker pod.

Full view of both speakers, and all four monitors.

Categories: Personal Tags:

The Case of the Disappearing ‘Publish To GAL’ Button

September 24th, 2011 21 comments

While planning a rebranding effort for a client as part of a massive divestiture, we looked at how the end-user S/MIME certs would get handled once their workstations were migrated to a new forest/domain. Outlook has a nice feature built-in to publish existing certificates to the GAL. This makes it easy for users to send encrypted messages to coworkers without having to first send a digitally signed message back and forth. This is quite important to this particular client due to trade secrets and regulatory compliance.

To see the button, open Outlook, go to the Backstage, then Options>Trust Center>Trust Center Settings>E-mail Security. You can see the Publish to GAL button:

The button is visible regardless of whether the user actually has a certificate installed.

However, some users were not seeing the button, as seen below:

It turns out that in Outlook 2010, if a user has multiple MAPI accounts configured in the same Outlook profile, the button erroneously disappears. Multiple MAPI accounts is a key feature in Outlook 2010, and is real handy for people who want access to different accounts, say for administrative use, or for work and private email accounts. Outlook even supports having dedicated S/MIME certificates for each account.

I reported the issue to Microsoft, and a bug report has been created. Hopefully, this will be resolved with a hotfix soon. This isn’t the only issue I’ve found with multiple email accounts in Outlook 2010. The archiving feature takes messages from ALL of the accounts, and puts them in the SAME archive .pst file. Not good.

Update Rollup 5 (UR5) for Exchange Server 2007 SP3 Released

September 22nd, 2011 No comments

Microsoft has released the following update rollup for Exchange Server 2007:

  • Update Rollup 5 for Exchange Server 2007 SP3 (2582113)

If you’re running Exchange Server 2007 SP3, you need to apply Update Rollup 5 for Exchange 2007 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 5:

  1. 981820 New X-headers of a message item do not appear when the message item is retrieved by IMAP4 or by POP3 in an Exchange Server 2007 SP2 environment
  2. 2292150 A deleted hyperlink remains in the HTML source of an email message if you create the email message by using OWA in an Exchange Server 2007 environment
  3. 2411423 The Msftefd.exe process constantly consumes up to 100 percent of CPU resources when your mailbox language is set to German on an Exchange Server 2007 server
  4. 2450078 The sent time in an email message body is incorrect when you reply or forward the email message by using an EWS application in an Exchange Server 2007 environment
  5. 2451415 “There was a problem logging onto your mail server” error message when you use a POP3 client to access a mailbox in an Exchange Server 2007 SP3 environment
  6. 2536652 EdgeTransport.exe randomly stops responding on a Hub Transport server after you configure public folder replication in Exchange Server 2007
  7. 2536695 “Some items cannot be deleted” error message when you try to delete or modify an email message in a public folder in an Exchange Server 2007 environment
  8. 2536697 DBCS characters in a rule name are converted to question marks after you move a mailbox from Exchange Server 2003 to Exchange Server 2007
  9. 2537783 The EdgeTransport.exe process crashes occasionally after you install Update Rollup 2 for Exchange Server 2007 SP3
  10. 2538958 Extended Protection Warning Displayed in Exchange Management Console and Exchange Management Shell After Installing RU2 for Exchange 2007 SP3
  11. 2554575 Items accumulate in the MRM submission folder when managed folder assistant journal items in an Exchange Server 2007 environment
  12. 2556751 The EdgeTransport.exe process crashes when processing certain email messages on an Exchange Server 2007 Hub Transport server
  13. 2557304 The Store.exe process may consume excessive CPU resources and memory resources intermittently when a user opens a calendar item by using OWA in an Exchange Server 2007 SP3 environment

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Also, the installer and Add/Remove Programs text is only in English – even when being installed on non-English systems.

Note to Forefront users:

If you don’t disable Forefront before installing a rollup or service pack, and enable afterwards, you run the risk of Exchange related services not starting. You can disable Forefront by going to a command prompt and navigating to the Forefront directory and running FSCUtility /disable. To enable Forefront after installation of a UR or SP, run FSCUtility /enable.

[Redirect] New-PasswordReminder.ps1 v2.1 – updated to include better formatting, preview, and installer!

September 18th, 2011 10 comments

Update 09-30-2011: An updated version is available at New-PasswordReminder.ps1 v2.2 – target specific OUs, better password policy info, code tweaks.

I wrote in New-PasswordReminder.ps1 – email users when their password will soon expire about how to set up a scheduled task to send users a polite reminder email when their password will soon expire. It’s been a fairly popular post, but there has been some areas where it could be improved. Well, consider it done.

One of the hardest parts was getting a decently formatted email that looked good. This could take some trial and error, and the original script didn’t really have a way built in to preview what the end user would see. As a result, some hapless users would be flooded with your “test” messages. I fixed that by creating a preview mode. Manually run the script with the preview switch, and a user to send the email to. For example

.\New-PasswordReminder.ps1 -Preview -PreviewUser bgates

This will send an email to the user, bgates. The email is formatted for a password that expires in one day, so the user gets the additional banner near the top as well.

Next up was creating a scheduled task. Not really terribly difficult to do manually, but I could see where it might take some trial and error. So, I added the install switch, which will create a scheduled task for the script, configuring it to run at 6am each day. Of course, that time can be manually adjusted by opening the scheduled task once it’s created. The install mode will ask for credentials to run the scheduled task under. Install it as so:

.\New-PasswordReminder.ps1 -Install

Note: The scheduled task is configured to point to where the script is when you run the install switch. So don’t move it later!

Next up was a little tweaking to the HTML code. In the original version, I tossed in some very basic formatting, but the person installing it had to tweak some HTML code to point to the location of some images. The new version has more images, but I defined a variable in the param block for the root folder where the images are stored. Just edit that line, and all other HTML code for the images will be fine. Look for these lines in the param block:

[parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory=$false)] [string] $ImagePath = ""

Update accordingly with a URL to the directory holding the images, but don’t include a trailing slash. Of course, you’re free to rip out all of the formatting and substitute your own. I merely included something so that it would work “out of the box”. The new zip file includes all image files required for the new formatting.

Next up, I added some simple logging to the application event log. The script will write a single entry when it starts, and a single entry when it finishes, noting how many users were processed (sent an email). I would love to hear how this script works in large environments. If you’re willing, please let me know (via comments below) how long it’s taking to run in your environment, and the number of users in AD.

I fixed a couple of minor bugs, and included some code to install the RSAT-AD-PowerShell feature if it’s not installed. The comment based help was enhanced, and some of the code was cleaned up so it’s easier to read.

The rest of the setup requirements remain. See the original post for additional info. Download the latest version New-PasswordReminder2.1

I’m very interested in hearing how you customize this, and any suggestions you may have. I’m always looking for ideas.