Deleting Message from Exchange Mailboxes with Powershell

From time to time it may become necessary to search a users mailbox for a message or delete a specific message from a mailbox. Below are a few powershell commands you can use with Exchange 2010 to search a mailbox for a particular email message.



Delete All Messages with a specific subject
get-mailbox -identity "SOURCEMAILBOX" -resultsize unlimited | search-mailbox -SearchQuery "Subject:"SUBJECTSTRING"" -DeleteContent

Delete All messages with a specific attachment
get-mailbox -identity "SOURCEMAILBOX" -resultsize unlimited | search-mailbox -SearchQuery "attachment:FILENAME.DOCX" -DeleteContent

Search Mailbox by subject and date and copy the message out of the source mailbox into the targetmailbox
get-mailbox -identity "SOURCEMAILBOX" -resultsize unlimited |  search-mailbox -SearchQuery "subject:""SUBJECTSTRING"" Sent:"MMDDYYYY" -TargetMailbox DESTINATIONMAILBOX -TargetFolder TARGETFOLDER –LogOnly -LogLevel Full

Search Mailbox by subject and date and copy the message out of the source mailbox into the targetmailbox and then delete the email from source mailbox
get-mailbox -identity "SOURCEMAILBOX" -resultsize unlimited |  search-mailbox -SearchQuery "subject:"SUBJECTSTRING" Sent:"MMDDYYYY" -TargetMailbox DESTINATIONMAILBOX -TargetFolder TARGETFOLDER –LogOnly -LogLevel Full -deletecontent

Customizing the AD FS Sign-In Page

If you are not happy with the default design of the AD FS Sign-In page you can use the commands below to update the page. Below are a few of the commands that i have used to customize the page but other options are available.

Default Sign-in Page:

Change Company Name

You can change the company name with the following powershell command:

Set-AdfsGlobalWebContent -CompanyName "New Company Name"

Change Company Logo

When changing the company logo Microsoft recommends the dimensions for the logo to be 260x35 @96 dpi with a file size no larger than 10KB.

Set-AdfsWebTheme -TargetName default -Logo @{path"c:\images\logo.png"}


Change Graphic on the left

To change the image on the left you can use the following powershell cmdlet. Microsoft recommends that the illustration be 1420x1080 @96 dpi and no larger than 200KB.

Set-AdfsWebTheme -TargetName default -Illustration @{path="c:\images\illustration.png"}

Add a description to sign-in page

You can use the following powershell command to change the description on the sign in page. The text for "signInPageDescriptionText" paramter supports html tags.

Set-AdfsGlobalWebContent -SignInPageDescriptionText "For assistance please visit our support site here.
"

Additional Resources:
https://technet.microsoft.com/en-us/library/dn280950.aspx

Embedding Encrypted Passwords in Powershell Scripts

Description: Use the following steps to convert a password into an encrypted string that can be embeded in a powershell script.

1. Use the following commands to create the encrypted string. Note: the encrypted string output is based on the user that is logged in so you will have to run these commands as the service account you are using if the service account is going to be running your script.

• $password = ""
• $secure = ConvertTo-SecureString $password -force -asPlainText
• $encrypted = ConvertFrom-SecureString $secure
• write-host $encrypted

2. Copy the encrypted string above into your powershell script. 

• $encrypted = "01000000d08c9ddf0115d1118c7a00c04fc2......................................"

3. Now convert that string to a secure string in your powershell script

• $password = ConvertTo-SecureString -String $encrypted

4. Create a new credential object

• $cred = New-Object System.Management.Automation.PSCredential $username, $password

5. Now you can use the new credential object in your script.

example:  Invoke-Command -credential $cred -computername "" -scriptblock {get-host}

Multi-Hop Authentication with Powershell

Data Flow:
A -> B -> C

Using the example above....If you try to execute a remote command from computer A against Computer B, if the command requires authentication it will try to communicate with a Domain Controller (Computer C). This authentication attempt will fail because Computer B is not trusted as a delegate to pass credentials by default. To resolve this problem we can enable the Credential Security Service Provider (CredSSP) Authentication.

Steps:
Make sure windows remote administration has already been enabled on computer.
On Computer A, enable this feature as a client:
     - Enable-wsmancredssp -role client -delegatecomputer "*.domain.com"
On Computer B, enable this feature as a server
     - enable-wsmancredssp -role server

Example Code Snippet:
Invoke-Command -authentication credssp -credential "domain\username" -computer "ComputerB" -scriptblock {try
                {import-module lync;
                    Enable-CsUser -Identity <username> -RegistrarPool "lync.domain.com" -SipAddressType EmailAddress  -SipDomain cpex.com}
                    catch{write-host $_.exception}
                }

A command like this(above) will fail without enabling CredSSP. This solution of course requires you to interactively type in the password.

PowerShell Tips & Tricks (Select-String)

Are you familiar with grep in the Linux & Unix world and are looking for an equivalent Command in PowerShell to accomplish the same task? Well look no further than the Select-String Command-Let.

Select-String can be used to search files for folders for a particular string or regular expression.

Example:
To search all text files in the current directory to find the pattern Dog.
Select-string -path *.txt -pattern "Dog"

The output of this command will contain "FileName.txt:LineNumber:Pattern"

Now Lets say you would like to just return the file name that the pattern was found in so you can pipe that to another command. Use the following command:

Select-string -path *.txt -pattern "Dog" |  Format-list name