Glo Networks Technical Blog (Glo Blog)

For those of us Exchange admins who aren’t fully up to date with Exchange 2010 service packs (for whatever reason – don’t berate us) and have slowly been getting annoyed with an ever increasing amount of mailboxes that get automapped in Outlook 2007 and 2010 can rejoice. One of our staff spent 10 minutes reearching, understanding and writing a bit of Powershell to resolve the issue en-bulk.

Just run the following under a Powershell instance with the Exchange modules loaded (i.e. the Exchange Management Shell).

foreach ($u in $(Get-User)) { Write-Host "Clearing the msExchDelegateListLink for $($u.distinguishedname)"; $ad = [adsi]"LDAP://$($u.originatingserver)/$($u.distinguishedname)"; $ad.msExchDelegateListLink.Clear(); $ad.SetInfo(); }

Be aware that if you do this, all auto mappings for all users will get removed. This may not have the desired behaviour as some users may be relying on an automapped account. It should be feasible to alter this as required, as it’s pretty damn simple!

As with all things, do this at your own risk, we accept no liability, yadda yadda yadda.

If you’re curious (and lets face it, if you’re modifying the Active Directory en bulk, you should be!), basically what this does is loop over all users, and clear all values against their Active Directory account msExchDelegateListLink attribute. This attribute is where the automapping gets written to.

As an example imagine 2 users, Bob and Alice. Bob is an Exchange admin and at some point was granted full access (with permission, naturally) to diagnose a problem with Alice’s mailbox without having to disturb her too much directly. Bob will now be added to Alice’s msExchDelegateListLink attribute. It’s this entry that needs to be removed.

Apparently in SP2 there is the facility to disable automapping, at the time of adding the relevant permission; the shiny new “-AutoMapping” argument to Add-MailboxPermission. As with many things Exchange 2007 and newer, it’s just a facility available at the Powershell console, for now. And you know what? We’re ok with that.

Posted by Karl in Applications, Cool Stuff, Scripting, Servers | No Comments »

In our experience changing between anti-virus software can be more hassle than it first seems. Even if the new antivirus vendor will claim to remove the previous software sometimes it just can’t, and often if a small part of the former remains the new software will not install correctly.

To this end some anti-virus providers offer their own tools for removing, but recently we found we were having difficulties in removing a deployment of E-Trust anti-virus from our customers machines, the customer was locked out of the admin consoles, and we couldn’t see any suitable tools. So rather than walk up to each machine and manually remove, we did what us IT geeks love best and created a script to fit our needs:

@echo off
REM Stopping Services
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"
REM ITM Server
msiexec.exe /qn /X{4A2635AD-91E0-4758-BD1E-CA57C9294F1F}
REM ITM Agent
msiexec.exe /qn /X{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}
REM iTechnology iGateway
msiexec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}

Bear in mind that this works for our customers specific version of E-Trust, and for different versions the Product Codes (those bits in parenthesis after “msiexec /qn /X”) may differ.

We ran this on all computers in the Active Directory using PSExec, DSQuery.

cmd.exe /v:on /c "for /F "delims=, tokens=1" %i in ('dsquery computer -limit 0') do set name=%i & set name=!name:~4! & psexec -u Administrator -p AdministratorPassword \\!name! \\server\share\path\to\script.bat"

Be aware that the result set for DSQuery is by default limited to 1000 rows. In the example above we’ve explicitly set it to 0, which is unlimited, and generally speaking a bad idea. We’ve included the limit argument just incase you try and use this verbatim and get confused.

This won’t be executed in parallel, so the more machines you have the longer it will take.

DSQuery is part of the RSAT (Remote Server Administration Tools), installed by default on Domain Controllers, and optionally on other machines. PSExec is available from Sysinternals.

We would recommend creating a one time special administrator account, or you could pass in the administrator password via an environment variable, or read in from a file. Not providing the account may result in funny results depending on the target.

We also found one at least one or two machines there was a problem with UAC, however there did not seem to be a pattern, and we didn’t take the time to investigate the cause.

Oh, and just one more thing. Alternatively you could assign the removal script as a start up script.

Posted by James in Cool Stuff, Desktops and Laptops, General, Scripting, Servers | No Comments »