February 2009 - Posts
I am working on a request to create ~800 user's Exchange 2007 SP1 mailboxes from an excel file.
The file with the following headers filled with user's information.
Name, FirstName, MI, LastName, Email, OU
The Alias will be in firstname.mi.lastname if there is a MI or otherwise in firstname.lastname format.
I come up the following script:
$Password=Read-Host "Enter Password" -AsSecureString
Import-CSV c:\users.csv | foreach {new-ma
ilbox -firstname $_.firstname -initials $_.MI -Lastname $_.lastname -alias ($_.f
irstname + "." + $_.MI + "." + $_.lastname) -name $_.name -userPrincipalName $_.
email -database "server1\storage group" -org $_.OU -Password $Password -Reset
PasswordOnNextLogon $True}
If the MI column is blank, just removed $_.MI part from the script because Exchange doesn't understand the firstname..lastname!
I thought that would be it, right? Not quite!
It turns out we have a default policy in place which will automatically change the email address format to first initial + lastname (yli instead ying.li)
So I modified the script as follows:
Import-CSV c:\users.csv | foreach {new-ma
ilbox -firstname $_.firstname -initials $_.MI -Lastname $_.lastname -alias ($_.f
irstname + "." + $_.MI + "." + $_.lastname) -name $_.name -userPrincipalName $_.
email -database "server1\storage group" -org $_.OU -Password $Password -Reset
PasswordOnNextLogon $True}|set-mailbox -emailaddresspolicyenabled $false
which will check off the "Automatically update e-mail addresses based on e-mail address policy" box in user's mailbox property (email address page), this will prevent the newly created user from inherit the default policy.
I checked the results - the email address already re-formated to yli instead ying.li before the check off policy taking place!
I end up have to run the below script against the excel sheet to reset the user's primary smtp address to ying.li@whatever.com
Import-CSV c:\users.csv | foreach {$user
= get-mailbox -id ($_.firstname + "." + $_.MI + "." + $_.lastname);$user.emailad
dresses.add($_.email);set-mailbox -instance $user -primarysmtpaddress $_.email}
Now it is all happy!
Quite often I receive requests to launch a website with multiple domain names and they will need to work with or with out www such as whatever.com and www.whatever.com. The site need to be launched on NLB cluster nodes. I got the contents from developers and copy them over to the production web servers and make necessary configurations – routine stuff.
But if the request is multiple domain names to point to the same site, the task is daunting! 30-50 domains, I have to create DNS zones one by one. Our external DNS is hosted on Windows 2000 and I am hesitate to install PowerShell on it! So for now, I create the dns zones manually (expect to upgrade the DNS server to Windows 2008 soon)!
How about Host Headers, 30 domains multiple by 2 for the www and set them up on two nodes NLB cluster, the picture is not pretty if you do them manually!
Let’s say I got the domain names from business in below format:
whatever.com
whatever1.com
whatever2.com
whatever3.com
whatever4.com
All point to whatever.com and people on the internet should hit them with or without www. Here is my solution:
Save the above domain name in DNSZones.txt
run the little script -
foreach ($zone in (gc .\DNSZones.txt))
{$www = "www." +$Zone;add-content ".\DNSZones.txt" $www}
Now the DNSZones.txt looks like this:
whatever.com
whatever1.com
whatever2.com
whatever3.com
whatever4.com
www.whatever.com
www.whatever1.com
www.whatever2.com
www.whatever3.com
www.whatever4.com
Next run the below script -
New-Item "C:\Users\yl\Documents\PS\Hostheader.txt" -Type file
foreach ($zone in (gc .\DNSZones.txt))
{$IPBinding = "192.168.1.23:80:" +$Zone;add-content ".\Hostheader.txt" $IPBinding}
Now the file will be look like below – 192.168.30.23 is the NLB cluster VIP
192.168.30.23:80:whatever.com
192.168.30.23:80:whatever1.com
192.168.30.23:80:whatever2.com
192.168.30.23:80:whatever3.com
192.168.30.23:80:whatever4.com
192.168.30.23:80:www.whatever.com
192.168.30.23:80:www.whatever1.com
192.168.30.23:80:www.whatever2.com
192.168.30.23:80:www.whatever3.com
192.168.30.23:80:www.whatever4.com
Why I go through all these trouble and have a file format like that? That’s the Metabase.xml serverbinding format:
I have direct metabase edit enabled on my web servers, I make a BACKUP copy of the metabase.xml file and then open the live one in notepad and search for whatever.com and underneath that, I look for ServerBindings=" “ and paste the above text file inside the quote and save the file. Open the website property and verify all the host headers are in place! Repeat the same thing for the other NLB nodes. Isn’t that cool!
Wait, I am not out of the woods yet, with that many domain names, everyone involved could easily make a mistake somewhere and we don’t want the business or customer find that out first – how you verify all the domain names resolve and point to the same site? Again, PowerShell!
Remember the DNSZones.txt? I save the below script as CheckWebs.ps1 and run it.
foreach ($domain in gc .\DomainZones.txt)
{
$ie = new-object -comobject "InternetExplorer.Application"
#$ie.visible = $true
$ie.navigate("http://" + $domain + ".com")
}
I could easily find out which domain or site is not working, so I can double check!
Only then I feel a little bit love for my job. Most the time, I hate it! :)
Here is a query to create a collection based on 64 bit add/remove program
select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System as sys inner join SMS_G_System_ADD_REMOVE_PROGRAMS_64 on SMS_G_System_ADD_REMOVE_PROGRAMS_64.ResourceID = sys.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS_64.DisplayName like "%Microsoft Windows Server Update Services 3.0 SP1" order by sys.Name
Searching on the net, this is a frequently asked question and it was a great concern to me too!
I used Evaluation copy of the media to set up our ConfigMgr 2007 environment and the other day, when I try to expand the Collections or Software Updates, I got an error “ you do not have security right to perform this operation”. All the users I created under Security Rights include myself are gone! Before I go panic, I remember that it’s about time for the Evaluation copy to expire! Rule number one - Think Simple!
But as we know for ConfigMgr there is no way we can upgrade to production version from evaluation copy by just update the product key somewhere. We have to get the media with product key and re-run the install which concerns me – can I keep the settings?
The answer is Yes, We Can! We could just use the production media and run the setup and it will discover the primary site and do an upgrade! It INDEED keep all the settings except I do lose the users which I created under Security Rights! Which is not really a big deal!
Another thing puzzles me is that why Microsoft don’t give us an “Evaluation copy expired” error message and instead give us the above error which can get people lost sometime!