Friday, 25 November 2011

Reporting on Apple IOS ActiveSync Devices

UPDATE - I've posted a new, much faster, version of this script in a new post.  The original post is still below for reference.

 - Ben

Devices running Apple IOS make up the largest proportion of devices connecting to the Exchange ActiveSync service I run.  Unfortunately these devices - when running older versions of IOS - can cause problems for their users.

To combat this we regularly report on the versions of IOS users are using, and suggest that those running older versions upgrade.

There are several ways to get information about ActiveSync devices from Exchange.  One method is to use the Get-ActiveSyncDeviceStatistics cmdlet to retrieve information about all the devices, but unfortunately the device OS version this reports is the version that the device was running when it was initially set up, not the version it might be running today.  You could use the Export-ActiveSyncLog cmdlet to analyse the IIS log files from your Exchange Client Access servers, but while this will provide a list of user agent versions, it doesn't provide a way to cross reference them with user names.

To solve this problem I wrote a script which parses IIS log files, finds Apple ActiveSync devices, converts the user agent data to more meaningful IOS versions, and outputs the results to a CSV file.

Sunday, 13 November 2011

Auditing Exchange Inbox Rules

As part of a security review I needed to find out if any Exchange mailboxes had inbox rules configured to forward mail to external addresses, and highlight any rules which forwarded all e-mail to an external address (unconditional forwards).

Fortunately for me, the Exchange 2010 shell includes the Get-InboxRule cmdlet, which can be used to enumerate the inbox rules in a mailbox.

This is the script I wrote to report on the forwarding rules across all mailboxes in the organisation. It scans the inbox rules of all user mailboxes, compiles a report, and e-mails it to an administrator. The e-mail lists any unconditional forwarding rules with external recipients in the body (if there are any) and has an attachment listing all conditional and unconditional external forwarding rules. The report is also saved in a text file in the working directory.

Thursday, 3 November 2011

Scripting Backups of NET UX2000 Gateways

As part of the Lync Server 2010 deployment I'm working on we have deployed a number of NET UX2000 media gateways. These gateways are working well, and have an excellent user interface, but one feature that is missing from the interface is the ability to make scheduled backups of the configuration.

To work around this limitation I wrote a PowerShell script which uses cURL to interact with the UX2000 web interface to create a backup of the configuration - cURL is "a command line tool for transferring data with URL syntax".

In a nutshell, the script creates an authenticated session by submitting a username and password to the login form, gets the session ID from the returned header, uses the authenticated session ID to get the backup file, then logs out.

Once the backup file is downloaded the script uses MD5 hashes to compare the new backup with the next most recent, and discards the new file if they are the same - this way I only have to save backup files when something in the configuration has actually changed.

This entire backup process takes just a few seconds for each UX2000 in my deployment - a massive time saving compared to creating all the backups manually, and because backups are only retained when something changes, I can schedule the script to run as often as I like.

Wednesday, 2 November 2011

Listing Lync Server Roles, Versions and Updates

As a Lync Server 2010 administrator one of the things I need to do is make sure that the infrastructure is running a consistent set of updates.

One way to do this is to run the Lync Server Cumulative Update installer on each server in the deployment, but that means connecting to each server and manually running the installer, and it wouldn't give me a nice list of versions.

Instead, I wrote this script to enumerate all the Lync servers in the topology, and get a list of all the roles on each server and their versions. The script uses the Lync database to enumerate all the servers in the deployment, then uses remote registry calls to get a list of all the installed roles, and the updates installed for those roles.

Tuesday, 1 November 2011

Multi-node ping tests with PowerShell

While working on a Microsoft Lync 2010 project I was asked about network latency between points on our network - specifically what latency is like between offices, and where the worst latency occurs

To answer the question I could have made remote connections to a device in each office and pinged each other office, but with seventeen offices to test, that seemed laborious. Instead I turned to PowerShell, and created a script to do the work for me.

I decided that the easiest way to get the information I needed was to use every domain controller in my domain to ping every other DC - as we have a DC in every office this would give me a fairly good representation of ping times between sites.

The script uses the Test-Connection cmdlet to do the pinging, and utilises Start-Job to run all the ping tasks in parallel, saving a lot of time. The output is then stored in a CSV file which can easily be analysed.

Hello, world.

My name is Ben, and I have a confession to make: I'm a lazy sysadmin. 

Now, I don't mean lazy in a work-shy sense, I mean lazy in the sense that I like to be as efficient as possible, and find easy ways to do things.  My ethos is simple: if it can be automated, automate it - if I can write a script that will save me a few minutes of not having to do something boring or repetitive, then I'll write the script.

Some of the scripts I write are specific to a particular task, but most of them can also be adapted and re-used for other purposes.  I've written hundreds of scripts, ranging from a few lines to over a thousand lines, mostly in PowerShell, and mostly for Windows, Exchange, or Lync, but I have a few other languages in my arsenal, and quite a few other applications I've scripted for.

The purpose of this blog is to share the scripts that I write and tricks that I learn with others like me - people who need to get the job done quickly and efficiently so that they can move on to solving the next problem.  

I hope that you find them useful.

- Ben