Here is a Lync Server 2013 version of my DefaultCmdletsByRBACRole spreadsheet that I originally did for Lync Server 2010. It shows every cmdlet available to you in both Lync Server 2010 and Lync Server 2013, and which RBAC roles have rights to run them by default. You can see which cmdlets are 2010 only, and which are 2013 only. The TechNet descriptions and a version specific link are listed for each. The list is current through Lync Server 2013 with October 2013 Cumulative Update.

Download

v1.0 – DefaultCmdletsByRBACRole2013.v1.0.xlsm – (10-28-2013)

I like Exchange. And PowerShell. So, when Packt Publishing asked if I was interested in reviewing their latest book “Microsoft Exchange Server 2013 PowerShell Cookbook”, I jumped at the chance. I was even more excited when I realized that it was written by two heavy hitters, Jonas Andersson and Exchange MCM and Microsoftie Mike Pfeiffer. I’ve known Mike since his days as an Exchange MVP prior to joining Microsoft.

I had not read any books published by Packt previously, so I was interested to see how this one was put together. What a pleasant surprise. The book, now in its 2nd edition, wastes no time in dispensing some solid PowerShell knowledge with the first chapter, “PowerShell Key Concepts”. If you’re a complete newbie who has been reluctant to take the PowerShell plunge, this chapter has a substantial amount of information to help you get started. In fact, If you read the first chapter, you’ll have an excellent understanding of the basics of PowerShell. Not only is that a great building block for what comes later in the book, but it’s also a great PowerShell primer just by itself. If you’re an experienced coder, the first chapter will help fill in some gaps.

From there we go to common tasks in both PowerShell and Exchange. Some great info there, as well, as we look at many of the things that help tie scripts together including remote sessions, tasks, dealing with .csv files, etc.

From that point on, each subsequent chapter deals with a different area of Exchange, and how PowerShell can make life easier. These are including topics such as mailbox and database management, high availability, and more. Each area is broken down into a specific subject, and includes information broken into several different sections, including “How to do it..”, “How it works..”, “There’s more..”, etc. These start with a simple task, explain the basics, and build on them so that the reader can develop great PowerShell functions and scripts, and understand what’s happening “under the hood”. In reading this book, I can say I’ve learned several different approaches to things that I had not considered previously.

Some things often get left out of Exchange books just due to the complexity of the product. This is often things like compliance. But, oh no – Mike and Jonas dive into this as well, discussing archiving, retention and legal holds, auditing, and more. There’s also a chapter on using the EWS Managed API, which really opens the door to doing all kinds of things by connecting to Exchange via EWS. Just look at what Glenn Scales is doing with EWS.

Chapters break down as follows:
Chapter 1: PowerShell Key Concepts
Chapter 2: Exchange Management Shell Common Tasks
Chapter 3: Managing Recipients
Chapter 4: Managing Mailboxes
Chapter 5: Distribution Groups and Address Lists
Chapter 6: Mailbox Database Management
Chapter 7: Managing Client Access
Chapter 8: Managing Transport Service
Chapter 9: High Availability
Chapter 10: Exchange Security
Chapter 11: Compliance and Audit Logging
Chapter 12: Server Monitoring and Troubleshooting
Chapter 13: Scripting with the Exchange Web Services Managed API

The book also contains some great reference materials in the appendices. A common shell appendix is a great add-on to what’s in the book, especially chapter 1. I probably learned more from this part of the book than anything.

Appendix B delves into query syntaxes – something that can be frustrating if you don’t know the basics and pitfalls. From AND and NOT to date ranges and more. Solid info that should be kept within arms reach.

I have to say, it’s no surprise that I liked this book. Mike and Jonas did a fantastic job keeping the reader engaged. By taking a simple idea and building on it, each example and section helps solidify a solid PowerShell understanding and how it relates to Exchange. Installation, configuration, and administrative tasks are all made substantially easier by the information in this book. The book doesn’t talk over the reader’s head, and the code provided is solid and clean. I can’t recommend this book enough if you’re an Exchange person looking to get into PowerShell to increase your productivity and enhance your career.

The book is available from Packt Publishing in formats including print, ebook, and .pdf, and from Amazon as a printed book, or Kindle download. Buy it! Now!

As part of an Active Directory Health Check (think “ADRAP”), I needed to document the top errors and warnings in several event logs, including the System, Application, DNS, Directory Service, FRS, and others. This list also needed to include the source of the errors. Since there were a bunch of domain controllers, I didn’t want to spend all day manually looking through event logs, filtering, etc. PowerShell to the rescue.

Get-EventLog is pretty self explanatory. We tell this command we want to look at the system event log, and we’re only interested in errors. We could look for other event types, too, such as Information, FailureAudit, SuccessAudit, and Warning. Get-EventLog can filter based on dates, usernames, etc.

We then take the output of that, and pipe it to Group-Object (or “Group” for short). We group based on source and eventID. This lumps all of the same events with the same eventID together as one object. This is important, because if there are errors with the same source, but different eventID, we want those listed separately.

Next, we use Sort-Object, or “sort”, to arrange the results into a usable list, with the highest numbers at the top. Since we only need the top 5 in the list for this exercise, Select-Object, or “select”, comes into play. This will return just the number of objects we specify. In this case, that’s 5. Since we pass the -first parameter to this cmdlet, we get the first 5 results that were piped from the previous command. Essentially, the highest 5 objects. And lastly, we display just the count and the name using Format-Table, or “ft”. Since we grouped the source and eventID together, the name will be the name of the source, and the corresponding eventID. The output looks like this:

Count Name
----- ----
  179 Microsoft-Windows-GroupPolicy, 1006
   30 Service Control Manager, 7031
   19 Microsoft-Windows-Hyper-V-Netvsc, 2
   15 Service Control Manager, 7034
   10 Microsoft-Windows-WindowsUpdateClient, 20

Exactly what I was after. The top 5 errors in the system event log, sorted by how many times the error appeared in the log, with the source name and eventID, sorted. The one-liner looks like this:

Get-EventLog -LogName system -EntryType error | Group-Object source,eventid | Sort-Object count -desc | Select-Object -first 5 | Format-Table count,name

We could also strip off the Format-Table stuff, and use Export-Csv to dump the results to a csv file.

Get-EventLog -LogName system -EntryType error | Group-Object source,eventid | Sort-Object count -desc | Select-Object -first 5 | Export-Csv c:\SystemErrors.csv -NoTypeInformation

Pretty straightforward, and fairly quick, as long as your event logs aren’t huge. We can even target remote computers by appending the -ComputerName parameter to the Get-EventLog cmdlet. For example:

Get-EventLog -LogName system -EntryType error -ComputerName mycomputer.contoso.local | Group-Object source,eventid | Sort-Object count -desc | Select-Object -first 5 | Export-Csv c:\SystemErrors.csv -NoTypeInformation

 

Description

If you need to make a list of the .pst files in a given path, this function should help. It will get all .pst files, their name, path, size (in MB), and owner. This should help if you’re looking at importing the files in Exchange Server. If you’d like to export the results to a file, use the -file switch, with a filename, and the function will save the info to a .csv file.

Syntax

Get-PstFiles [[-path] ] [[-filter] ] [[-file] ] [-WhatIf] [-Confirm] []

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.1 – 05-13-2013 Get-PstFiles.v1.1.zip

In a previous post, Exchange 2010 and Lync 2010 PowerShell syntax highlighting file for UltraEdit, I included the cmdlets for both Exchange 2010 and Lync 2010. In this new file, I’ve included Lync 2010, Lync 2013, Exchange 2010, Exchange 2013, and Active Directory cmdlets for highlighting. If you use UltraEdit, this wordfile may make life a little easier.

Download the file here: UltraEditPowerShellLyncExchangeAD.zip

Note: This functionality was added into PowerShell version 3.1.For more information, see https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.management/set-timezone

It’s easy to just double-click on the time in the system tray and set the time and time zone when building a new server. You may even have a GPO that does this for you. That’s all fine and dandy. But GPOs don’t work for member servers, and if you build a lot of servers, like I do, it’s a repetitive task – something perfectly suited for PowerShell.

With this function, we do nothing more than call tzutil.exe with the timezone name. Nothing fancy. I added some validation to make sure that the timezone specified is truly one of the 100 valid time zones that tzutile.exe should recognize and accept.

So, now, in your server provisioning script, merely call the function, Set-TimeZone, with the desired timezone. For example:

Set-TimeZone "Pacific Standard Time"

The script defaults to “Eastern Standard Time” if you don’t supply a timezone. That’s it. There is no screen output for this function. Here’s the function:

function Set-TimeZone {
  [CmdletBinding(SupportsShouldProcess = $True)]
  param( 
    [Parameter(ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $True, Mandatory = $False)]
    [ValidateSet("Dateline Standard Time","UTC-11","Hawaiian Standard Time","Alaskan Standard Time","Pacific Standard Time (Mexico)","Pacific Standard Time","US Mountain Standard Time","Mountain Standard Time (Mexico)","Mountain Standard Time","Central America Standard Time","Central Standard Time","Central Standard Time (Mexico)","Canada Central Standard Time","SA Pacific Standard Time","Eastern Standard Time","US Eastern Standard Time","Venezuela Standard Time","Paraguay Standard Time","Atlantic Standard Time","Central Brazilian Standard Time","SA Western Standard Time","Pacific SA Standard Time","Newfoundland Standard Time","E. South America Standard Time","Argentina Standard Time","SA Eastern Standard Time","Greenland Standard Time","Montevideo Standard Time","Bahia Standard Time","UTC-02","Mid-Atlantic Standard Time","Azores Standard Time","Cape Verde Standard Time","Morocco Standard Time","UTC","GMT Standard Time","Greenwich Standard Time","W. Europe Standard Time","Central Europe Standard Time","Romance Standard Time","Central European Standard Time","W. Central Africa Standard Time","Namibia Standard Time","Jordan Standard Time","GTB Standard Time","Middle East Standard Time","Egypt Standard Time","Syria Standard Time","E. Europe Standard Time","South Africa Standard Time","FLE Standard Time","Turkey Standard Time","Israel Standard Time","Arabic Standard Time","Kaliningrad Standard Time","Arab Standard Time","E. Africa Standard Time","Iran Standard Time","Arabian Standard Time","Azerbaijan Standard Time","Russian Standard Time","Mauritius Standard Time","Georgian Standard Time","Caucasus Standard Time","Afghanistan Standard Time","Pakistan Standard Time","West Asia Standard Time","India Standard Time","Sri Lanka Standard Time","Nepal Standard Time","Central Asia Standard Time","Bangladesh Standard Time","Ekaterinburg Standard Time","Myanmar Standard Time","SE Asia Standard Time","N. Central Asia Standard Time","China Standard Time","North Asia Standard Time","Singapore Standard Time","W. Australia Standard Time","Taipei Standard Time","Ulaanbaatar Standard Time","North Asia East Standard Time","Tokyo Standard Time","Korea Standard Time","Cen. Australia Standard Time","AUS Central Standard Time","E. Australia Standard Time","AUS Eastern Standard Time","West Pacific Standard Time","Tasmania Standard Time","Yakutsk Standard Time","Central Pacific Standard Time","Vladivostok Standard Time","New Zealand Standard Time","UTC+12","Fiji Standard Time","Magadan Standard Time","Tonga Standard Time","Samoa Standard Time")]
    [ValidateNotNullOrEmpty()]
    [string]$TimeZone = "Eastern Standard Time"
  ) 

  $process = New-Object System.Diagnostics.Process 
  $process.StartInfo.WindowStyle = "Hidden" 
  $process.StartInfo.FileName = "tzutil.exe" 
  $process.StartInfo.Arguments = "/s `"$TimeZone`"" 
  $process.Start() | Out-Null 
} # end function Set-TimeZone

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Probably not of much value to people unless you build a fair amount of servers and have it scripted, but…

One thing you want to do with servers running PowerShell v3.0, such as Windows Server 2012, is to regularly run Update-Help from a PowerShell session to update the help files PowerShell uses for various modules. But this is something that can be easily forgotten, and, who wants to manually do a recurring task, anyways?

Here is a function you can toss in your server build script to create a scheduled task that will automatically update PowerShell help every day at 7pm. The task runs as ‘system’, so we don’t have to worry about storing credentials. Here’s the function

function New-PSUpdateHelpScheduledTask {
	[CmdletBinding(SupportsShouldProcess = $true)]
	param()
	BEGIN{
		[string] $TaskArguments = '-NoProfile -Command "& {Update-Help -Force; Start-Sleep -Seconds 5; Get-ChildItem $env:temp -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.PSIsContainer -eq $True -and $_.GetFiles() -match ''.cab''} | Remove-Item -Recurse -Force}"'
		[string] $TaskProgram =  "$env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe"
	}
	PROCESS{	
		$TaskAction = New-ScheduledTaskAction -Execute $TaskProgram -Argument $TaskArguments
		$TaskTrigger = New-ScheduledTaskTrigger -Daily -At 19:00
		Register-ScheduledTask -TaskName "Update PowerShell Help" -Action $TaskAction -Trigger $TaskTrigger -RunLevel Highest -User "system" -Description "Automatically updates PowerShell help." | Out-Null
	}
	END {
		Remove-Variable TaskAction
		Remove-Variable TaskTrigger
	}
} # end function New-PSUpdateHelpTask

and merely call it using

New-PsUpdateHelpScheduledTask

You’ll notice a new scheduled task in Task Scheduler, and we see that it completed successfully.

Just a couple of lines of code and we’ve removed the need to manually run Update-Help on a server.

Hope this helps!

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Note: This script is now deprecated. Please see the newer Script: Set-CsFeatures.ps1 – Easily Install Prerequisites and Tools for Lync Server 2013 and Skype for Business Server 2015 script for the latest version.

Description

This script will assist in getting servers ready for the installation of Microsoft Lync Server 2013 on Windows Server 2012 and Windows Server 2012 R2. This includes the operating system prerequisites, SQL Express (where necessary), Silverlight, and more. Some post installation options are also available, and include Microsoft tools such as the debugging tools, the Best Practices Analyzer (BPA), Connectivity Analyzer, and more. Where the script needs files available online, it will automatically download them. More options will be added as I have time, and can properly test. This includes Edge, Director, Front End, Office Web Apps, Persistent Chat, and Mediation server prerequisites, and more tools. If you have suggestions, please feel free to comment below.

In the event that the server needs to be rebooted before prereqs can continue, it will automatically restart the script and continue after you reboot and login again.

The current options are:

1. Director – Installs the OS prerequisites and SQL Express instances required to install this role.

2. Edge – Installs the OS prerequisites and SQL Express instances required for this role. It also verifies the server is not domain joined, then goes through the process of setting the primary DNS suffix (same as option 50-13). Also configures NICs to remove DNS and gateway from the internal NIC, remove dynamic registration in external NIC, and prompt to disable both lmhosts and NetBIOS over TCP/IP.

3. Front End – includes the Operating System prerequisites, Microsoft Silverlight, as well as the installation of SQL Express SP2 and creation of the various required instances. The SQL Express installs are done because Lync Server installs the RTM version by default. So installing the SP2 version saves a long update later. Note that each instance takes 3-5 minutes to install – longer on slower machines. Enterprise edition servers have two instances, RTCLocal and LyncLocal, and Standard edition servers also have the RTC instance. Choosing the Front End option will ask if it’s a Standard Edition server. This option will also prompt (if the firewall is enabled) if you’d like the required firewall exceptions created for my Get-CsConnections.ps1 script. This option will also prompt if the Lync Room System Admin Portal will be installed. If you select Yes, the ASP.NET MVC 4 for Visual Studio 2010 SP1 and Visual Web Developer 2010 SP1 prerequisite for that is installed.

4. Mediation – Installs the OS prerequisites required and the RTCLocal SQL instance.

5. Office Web App – Installs the OS prerequisites required, then installs the Office Web App binaries, and then prompts to install the English language pack, followed by the most recent cumulative update. Almost everything needed to deploy an Office Web Apps server. This option also verifies that Windows Update settings are NOT set to automatic, as that is not recommended.

6. Persistent Chat – Installs the OS prerequisites and SQL instance required for this role.

7. Lync Server 2013 Resource Kit – tools that make troubleshooting and administrating a Lync environment easier, such as Address Book config, etc.

8. Lync Server 2013 Persistent Chat Resource Kit – tools useful for Persistent Chat environments.

9. Lync Server 2013 Debugging Tools – includes the logging tools such as OCSLogger and Snooper. Helpful for troubleshooting.

10. Lync Server 2013 Stress and Performance Tool – prepare, define, and validate performance

11. Lync Server 2013 Best Practices Analyzer – this tool helps identify any issues from a best practices perspective

12. Lync Server Connectivity Analyzer – identifies any issues that may result in connectivity problems for mobility clients including the Lync Windows Store app

15. Launch Windows Update

16. SCOM Watcher Node prerequisites

17. Custom PortQryUI. PortQryUI is installed, along with a custom config file that adds Lync related options.

18. Install Microsoft Message Analyzer (formerly NetMon)

19. Add custom Scheduler simple URL – if you’d like to have a simple URL for the scheduler app, such as scheduler.contoso.com, this option will handle the configuration of that. Note that this option requires that the simple URL provided be in the Subject Alternative Names (SAN) list of the certificate on your Front End servers. See Understanding the Lync Web Scheduler for additional info.

20. Install SQL Server 2012 Management Studio

21. ARR (“Pirate Proxy”) prerequisites. This installs the Windows features, and downloads the Web installer. It also verifies the server is not domain joined, then goes through the process of setting the primary DNS suffix (same as option 50-13). Also configures NICs to remove DNS and gateway from the internal NIC, remove dynamic registration in external NIC, and prompt to disable both lmhosts and NetBIOS over TCP/IP.

24. Microsoft Unified Communications Managed API 4.0, Runtime (UCMA 4.0) – this is required if you’re going to run sefautil.exe from the resource kit. It’s still recommended that sefautil.exe be used on a dedicated box.

28. Configure Skype Federation. This removes the MSN Public Provider and adds the Skype Public Provider, complete with icon. Download includes the Lync-Skype Provisioning Guide. See http://blogs.technet.com/b/lync/archive/2013/05/23/lync-skype-connectivity-available-today.aspx for more info.

30. Wireshark. This downloads the installer, and two compiled macro exe files and runs them. The first installs WireShark, and the second configures WireShark for optimized Lync tracing, including the steps recommended by Matt Landis (Getting Started With Lync and Wireshark: Tips & Quirks) and Jeff Schertz (Wireshark Capture Tips). That config includes:

1. adds Source Port (resolved) column
2. adds Destination Port (resolved) column
3. adds DSCP column
4. Configures RTP protocol “Try to decode RTP outside of conversations”
5. Configures SIP protocol for ports 5060-5068 (instead of WireShark’s default of 5060)
6. Sets the time format to human readable format

31. Enable Photo URL option. Enables the photo URL option in the client. See http://www.lynclog.com/2013/11/lync-2013-client-and-and-pictures-from.html for more info.

34. Lync Room System (LRS) Admin portal prerequisites.

36. Create Lync file share on local computer. This creates a file share on the local computer called “LyncShare”, and assigns the basic NTFS and share rights. This can then be added to the Lync Topology Builder.

50. Misc server config menu.

1. Install/Update Lync Server 2013 Documentation Help
2. Create scheduled task to automatically update PowerShell help files daily. I discuss this in Function: New-PSUpdateHelpScheduledTask – Auto Update PowerShell Help
3. Install telnet client
4. Disable automatic updates. The automatic updating of Lync servers isn’t recommended due to the additional manual steps that must take place. And it’s not supported at all on Office Web Apps servers.
5. Set recovery of Lync and/or OWAS services to “restart”. See Set recovery of Lync services to “restart” for more info.
6. Set fabric logging to circular. See Tom’s excellent article at Check your lync server windows fabric log size with PowerShell
7. Disable Server Manager on logon. For those of you who hate that it always pops up when logging in.
8. Upgrade to PowerShell v4.0. This is for Windows Server 2012 RTM (not R2) boxes that still have the default PowerShell v3.0 on them. Upgrading PowerShell both before and after Lync Server is installed is supported.
9. Fix Control Panel font. Reverts the font in the Control Panel back to the original Segoe UI. See Resetting the Font in Lync Server Control Panel – Goodbye Times New Roman!
10. Set server power plan to “High Performance”. See https://www.ucunleashed.com/2558
11. Open HOSTS file in notepad for editing. This is convenient on edge servers.
12. Configure edge static routing – adds the static routes for all private address ranges to use the internal NIC. The user is prompted with a list of NICs discovered, and asked to pick which will be used for the internal connection. Once picked, the script will determine if there is already a gateway defined. If so, it will use that IP address to create the static routes. If there is no default gateway assigned, the user is prompted to enter the gateway that the static routes should use. The DNS server config is removed from the internal NIC. The gateway on the internal NIC is removed. A prompt will appear, and if accepted, lmhosts lookup is disabled on all NICs. Another prompt will appear, and if accepted, NetBIOS over TCP/IP is disabled.
13. Configure primary DNS suffix. This prompts for a domain name, assigns it as the primary DNS suffix, then reboots. This configuration is required for edge and ARR (reverse proxy) servers.

60. Desktop shortcuts menu. This is basically an enhanced menu driven version of Create a Shutdown/Restart/Logoff Windows 8 Tile for the Start menu (PowerShell) that puts easy to reach tiles on the Start screen. The available tiles are:

1. Logoff
2. Restart
3. Shutdown
4. Windows Update
5. Lync Server Management Shell
6. Lync Server Deployment Wizard
7. Lync Server Control Panel
8. Exchange UM Integration Utility (OcsUmUtil)
9. Snooper
10. OCSLogger Logging Tool
11. Lync Server Topology Builder
12. Certificate Management (local machine)
13. Active Directory Users and Computers (ADUC)
14. Microsoft Message Analyzer
15. Notepad Desktop Shortcut for Edge servers to open the HOSTS file

70. Taskbar shortcuts menu. These options create shortcuts on the taskbar for commonly used tools.

1. Lync Server Management Shell
2. Lync Server Deployment Wizard
3. Lync Server Control panel
4. Exchange UM Integration Utility (OcsUmUtil)
5. Snooper
6. OCSLogger Logging Tool
7. Lync Server Topology Builder
8. REMOVE shortcut for PowerShell
9. Certificate Management (local machine)
10. Active Directory Users and Computers (ADUC)
11. Microsoft Message Analyzer
12. REMOVE Windows App Store shortcut (Windows Server 2012 R2)

80. Downloads only menu. This menu shows options for download (only) of some key Lync related products.

1. 1. Download latest Lync Server 2013 Cumulative Update
2. Lync Server 2013 Watcher Node
3. Lync Server 2013 Management Pack & Documentation
4. Lync 2013 Rollout and Adoption Success Kit (RASK)
5. Lync Server SDN API 2.1 (includes the API installer, the management utility, the docs, and the .chm file)
6. Lync Online Admin components
7. Event Zero connector

90. Security menu. This menu has a few related security options

1. Disable SSL 2.0
2. Disable SSL 3.0
3. EnableSessionTicket: Event IDs 32402, 61045 are logged in Lync Server 2013 Front End servers that are installed on Windows Server 2012 R2 (KB 2901554)

Simply choose your desired option. When the script is finished, it will return to the menu.

Note: The installation of some Lync Server 2013 roles requires some .Net 3.5 components, which are not installed in Windows Server 2012 by default. So the script will need to know where your Server 2012 installation media is. The script defaults to the CD-ROM/DVD-ROM drive with the lowest drive letter (typically D: or E:), but can be configured for other locations.

The script will also create a log file that can be used for troubleshooting. The log file is created in a logs folder inside the $TargetFolder (by default, c:\_install). This log file should be included when reporting any bugs.

Syntax

C:\Set-Cs2013Features.ps1 [-TargetFolder ] [-Win2012Source ]
[-SQLPath ] [-InitialMenuOption ] [-IncludeSSMS] [-IncludeTelnet] [-IncludeFW] [-IncludeHighPower]
[-IncludeStandard] [-DownloadOnly] [-Tail] [-WhatIf] [-Confirm] [-IncludeTotalCount] [-ClearRunningStatus] []

Examples

Set-Cs2013Features.ps1

This will launch the script with the default options for Enterprise edition servers

Set-Cs2013Features.ps1 -Win2012Source e:

This will launch the script using the e: drive for the source of the Windows Server 2012 installation files

Set-Cs2013Features.ps1 -sqlpath "d:\sqlexpress"

This will install any related SQL Express instances to the specified path

Parameters

-TargetFolder

Defines the location for any downloaded files. Defaults to “c:\_install”. Additionally, log files generated by this script are located in a subfolder of TargetFolder called “logs”. TargetFolder does not support paths with spaces. UNC paths are acceptable provided they are not hidden, such as \\server\share$.

-Win2012Source <String>

Defines the location of the Windows Server 2012 installation files. This is needed to install .Net 3.5 since those files are not installed on the server by default. Defaults to first detected CD-ROM/DVD drive. UNC paths are acceptable provided they are not hidden, such as \\server\share$. Unmounted .ISO images are also supported.

-SQLPath

Defines the desired installation path for SQL Express. Defaults to “c:\Program Files\Microsoft SQL Server”

-InitialMenuOption

Allows you to start the script with the option you want, without first displaying the menu.

-IncludeSSMS []

If specified, will include SQL Server Management Studio automatically when prereqs for Front End servers are installed. If not specified, a prompt will appear.

-IncludeTelnet []

If specified, will include Telnet automatically when prereqs for Front End servers, Director servers, Mediation servers, Edge servers, and/or Persistent Chat servers are installed. If not specified, a prompt will appear.

-IncludeFW []

If specified, will include the firewall rules for Get-CsConnections automatically when prereqs for Front End servers are installed. If not specified, a prompt will appear.

-IncludeHighPower []

If specified, tells the script to automatically set the Power Config on the server to High Power. This is instead of the script prompting.

-IncludeStandard []

If specified, tells the script to include the extra SQL Express instance required for Standard Edition front end servers. This is instead of the script prompting.

-GetInfoFromRegistry []

This value is only used during mid-prereq reboots. It is automatically set and read by the script, and should not be manually specified.

-DownloadOnly []

Tells this script to not install or configure anything – just download the files for the option you select. This is useful if you’re going to be building servers that do not have Internet access and want to fetch the files beforehand.

-DownloadAll []

Tells this script to not install or configure anything – just download ALL of the files. This is useful if you’re going to be building servers that do not have Internet access and want to fetch the files beforehand. Note that a complete set of files is currently around 3.8GB.

-Tail

 Shows a tail of the log file as it’s written. It automatically restarts if the script reboots the server, too. Really only beneficial for troubleshooting.

-ClearRunningStatus

Resets the warning flag if the script didn’t close gracefully and you get the “The script is already running” error.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Frequently Asked Questions

Question: Why doesn’t this script support Windows Server 2008 R2?

Answer: I get asked this all the time. There are several reasons. The first is that out of the box, Server 2008 R2 has PowerShell 2.0 installed, and this script is written in PowerShell 3.0. Requiring you to upgrade to PowerShell 3.0 first, before running a script that installs prerequisites, seems counter-intuitive. And converting the script to just use PowerShell 2.0 is taking a step backwards, especially considering that the current version of PowerShell is 4.0, and even as this is written, 5.0 is in preview.

Next is sheer time. I test changes I make. And then I test them again. And then I choose different options and combinations and test them. Testing on just Server 2012 and Server 2012 is exhausting. Adding Server 2008 R2 would mean even more testing, plus I’d have to add those resources in my already overtaxed test labs. That would slow down my ability to add new features and test fixes.

Third is that Server 2008 R2 is two versions back. Get with the times already!

---

Question: Can you add feature x?

Answer: I LOVE getting feature requests. Seriously! Best method to suggest features is to send me an email. My email address is in the comment section at the top of every script I release. Please be detailed in what you’d like to see, as well as any scenarios you’d use the option (so I can try to duplicate testing).

---

Question: How do I submit bug reports?

Answer: Email is best. Grab my email address from the comment section at the top of the script. Please be VERY detailed. Please include screen shots if possible, and ALWAYS include the log file (by default, it’s in c:\_install\logs). If you’re not using the latest version of the script, please download it and see if you can duplicate the problem before reporting it.

---

Question: What if my server doesn’t have Internet access?

Answer: Fear not. Download the required files using either the -DownloadOnly or -DownloadAll options from another machine and place them in the TargetFolder, which is c:\_install by default. The script looks to see if the file is available locally before attempting to download.

---

Question: When I run the script again, I get “Script already running”

Answer: This is because the script didn’t exit gracefully. Many reasons this can happen, such as rebooting the server while it’s still running. If you’re positive it’s not running anywhere else (including by other users logged into the same server), run the script with the -ClearRunningStatus switch to clear that flag. Then run it as normal.

Download

v3.8 – 03-25-2015 – Set-Cs2013Features.v3.8.zip

v3.7 – 02-27-2015 – Set-Cs2013Features.v3.7.zip

v3.6 – 02-12-2015 – Set-Cs2013Features.v3.6.zip

v3.5 – 02-02-2015 – Set-Cs2013Features.v3.5.zip

v3.4 – 01-26-2015 – Set-Cs2013Features.v3.4.zip

v3.3 – 01-07-2015 – Set-Cs2013Features.v3.3.zip

v3.2 – 12-22-2014 – Set-Cs2013Features.v3.2.zip

v3.1 – 10-24-2014 – Set-Cs2013Features.v3.1.zip

v3.0 – 10-06-2014 – Set-Cs2013Features.v3.0.zip

v2.9 – 09-22-2014 – Set-Cs2013Features.v2.9.zip

v2.8 – 08-13-2014 – Set-Cs2013Features.v2.8.zip

v2.7 – 06-26-2014 – Set-Cs2013Features.v2.7.zip

v2.6 – 06-10-2014 – Set-Cs2013Features.v2.6.zip

v2.5 – 05-24-2014 – Set-Cs2013Features.v2.5.zip

v2.4 – 04-29-2014 – Set-Cs2013Features.v2.4.zip

v2.3 – 02-08-2014 – Set-Cs2013Features.v2.3.zip

v2.2 – 01-20-2014 – Set-Cs2013Features.v2.2.zip

v2.1 – 12-17-2013 – Set-Cs2013Features.v2.1.zip

v2.0 – 11-26-2013 – Set-Cs2013Features.v2.0.zip

v1.9 – 10-28-2013 – Set-Cs2013Features.v1.9.zip

v1.8 – 08-01-2013 – Set-Cs2013Features.v1.8.zip

v1.7 – 05-31-2013 – Set-Cs2013Features.v1.7.zip

v1.6 – 05-24-2013 – Set-Cs2013Features.v1.6.z1p

v1.5 – 05-10-2013 – Set-Cs2013Features.v1.5.zip

v1.4 – 05-03-2013 – Set-CsLync2013Prerequisites.v1.4.zip

v1.3 – 04-29-2013 – Set-CsLync2013Prerequisites.v1.3.zip

v1.2 – 04-01-2013 – Set-CsLync2013Prerequisites.v1.2.zip

v1.1 – 02-28-2013 – Set-CsLync2013Prerequisites.v1.1.zip

v1.0 – 02-08-2013 – Set-CsLync2013Prerequisites.v1.0.zip

Changelog

See the changelog for information on what’s changed/included in each version.

In Exchange Management Shell and Lync Server Management Shell, you can target many cmdlets at specific domain controllers. This is crucial, especially in larger environments, if you need to make sure AD replication delays aren’t going to cause issues. An example is enabling a user for Lync using Enable-CsUser, then trying to use Set-CsUser or Grant-CsExternalAccessPolicy. The second will fail if it sends it to a different domain controller than the first, and replication hasn’t completed. So, the -DomainController switch can be used. Just send each command to the same DC, and even in rapid succession, you’ll succeed.

However, if you’re reusing your scripts or functions, especially in different environments, you have to find a valid DC in same AD site, put that into the script/function, and go. What a waste of time!

We can streamline the process with just a couple lines of code. First, we use Get-WMIObject to retrieve info on the local computer.

[object]$ComputerInfo = (Get-WMIobject -class "Win32_NTDomain" -namespace "root\CIMV2")

Next, we assign a variable, $ADSite, to the site name returned from the first line

[string]$ADSite = $ComputerInfo[1].ClientSiteName

Then we get a list of DCs in that same site

$DCsInSite = (Get-ADDomainController -Filter {Site -eq "$ADSite"})

And lastly, we randomly pick a DC from that list

[string]$QueryDC = ($DCsInSite | Get-Random).name

$QueryDC can now be used in your code, such as

Enable-CsUser [user] -RegistrarFQDN [fqdn] -SipAddressType [SIP address type] -DomainController $QueryDC

And that’s it. The only real requirement here is that the ActiveDirectory module be loaded, so that the Get-ADDomainController cmdlet works. This is easy:

Import-Module ActiveDirectory

In its entirety, here is the code:

Import-Module ActiveDirectory
[object]$ComputerInfo = (Get-WMIobject -class "Win32_NTDomain" -namespace "root\CIMV2") 
[string]$ADSite = $ComputerInfo[1].ClientSiteName
$DCsInSite = (Get-ADDomainController -Filter {Site -eq "$ADSite"}) 
[string]$QueryDC = ($DCsInSite | Get-Random).name

 

Signs a PowerShell script with a code signing certificate.

Syntax

New-SignedScript [[-path] ] [-Verbose] [-Debug] [-ErrorAction ] [-WarningAction ] [-ErrorVariable ] [-WarningVariable ] [-OutVariable ] [-OutBuffer ] [-WhatIf] [-Confirm]

Detailed Description

One of the concerns about using a PowerShell script is that it often requires the user to change the Execution Policy on the machine the script is running on. This can cause security concerns, because when the Execution Policy is lowered, any script can run, including those with malicious intent. For more information on setting the Execution Policy, see Set-ExecutionPolicy.

Of course, you need a code signing certificate in order to sign scripts. Fellow Exchange MVP Mike Pfeiffer wrote an informative article, Obtaining a Code Signing Certificate and Signing PowerShell Scripts that covers using an internal Certificate Authority. Third party Certificate Authorities (CAs) such as Digicert also provide code signing certificates. I can’t recommend Digicert enough. I have both a standard code signing certificate and an Extended Validation code signing certificate.

But signing scripts manually can be a little cumbersome. This function gets the current code signing certificate, verifies it’s not expired, and then signs the script. The script will only sign .ps1 files, and will not attempt to sign a script that’s already signed.

Example

New-SignedScript -path [path to script]

such as

New-SignedScript -path .\myscript.ps1

You can also pipeline files to this function, for example:

Get-Item *.ps1 | New-SignedScript

Installation

Nothing special here. Once you have a valid code signing certificate installed, the function should work as designed.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.4 – 09-08-2017 – New-SignedScript.v1.4.zip

v1.3 – 09-18-2016 – New-SignedScript.v1.3.zip

v1.1 – 06-10-2014 – New-SignedScript.v1.1.zip

v1.0 – 09-20-2012 – New-SignedScript.v1.0.zip

Changelog

See changelog for info on latest versions, including bug fixes, code tweaks, etc.