September 24, 2014

Office 365 - Shared mailbox read only

Providing read only access to shared or user mailbox is not simple workaround based on Microsoft forums. By default you have to grant Full Access delegation to another user to see additional mailbox in outlook. For read only there is another story where you have to add mailbox permissions. Then map it to user with full access, select folder and grant permission. Sounds good but if you have one hundred sub-folders there? Here is a way to avoid manual job and give read only access to shared or user mailbox in automated way.

1. If you have Shared mailbox convert it to User mailbox and reset a password.

2. Then connect to exchange online using credentials mentioned above:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

3. Grant ReadItems access to user (use samaccount name):
Get-MailboxFolder -Recurse | Add-MailboxFolderPermission -User user1 -AccessRights ReadItems

4. Map additional mailbox through account advanced settings of outlook.


By design administrators can't get-mailboxfolder for another user in Office 365. You have to be an owner of mailbox to perform this task. By the way do not forget to convert back to shared mailbox after all.

When user tries to remove any item in mapped mailbox following message appear:

September 22, 2014

PowerShell - Creating Active Directory account in multiple forests

Here is example how to provision Active Directory account in multiple forests using powershell. I will use variables and import-session. Before you can do anything in trusting AD forest you have to grant apropriate permissions through the Set-PSSessionConfiguration cmdlet. It needs to be done beacuse by default you have to be a member of local administrators group to run remote powershell.

Set-PSSessionConfiguration -Name Microsoft.PowerShell -showSecurityDescriptorUI 
To check use: Get-PSSessionConfiguration | fl Permission

# Start script here
# Provide credentials
$Cred = get-credential
# Enter user name, surname, department and other contact information
$UserName = Read-Host "Enter user name"
$UserLastName = Read-Host "Enter user last name"
$UserDisplayName = "$UserLastName, $UserName"
$UserSAN = $UserName.substring(0,1) + $UserLastName
$UserDepartment = Read-Host "Enter user department"
$UserTitle = Read-Host "Enter user title"
$UserOffice = Read-Host "Enter user office location"
$UserPhoneNumber = Read-Host "Enter user phone number"

# Here is location OU for local and remote Active Directory
$UserOU = "OU=Users,DC=example,DC=local"
$UserOURemote = "OU=Users,DC=example,DC=remote"
# Local and remote UPN's
$UserUPN = $UserSAN + "@example.local"
$UserUPNRemote = $UserSAN + "@example.remote"

# Import remote PowerShell session into current one
$AD = New-PSSession -ComputerName DC1.example.local -Credential $Cred
Invoke-Command -Session $AD -scriptblock {Import-module ActiveDirectory}
Import-PSSession -Session $AD -Module ActiveDirectory

# User creation process. In my example title is a description
New-AdUser -Name $UserDisplayName -DisplayName $UserDisplayName -Path $UserOU -GivenName $UserName -Surname $UserLastName -SamAccountName $UserSAN -UserPrincipalName $UserUPN -Department $UserDepartment -Title $UserTitle -Description $UserTitle -Office $UserOffice -Company "Company Name" -OtherAttributes @{telephoneNumber=$UserPhoneNumber}

# Remove current session
Get-PSSession | Remove-PSSession

# Import PowerShell session for remote forest
$ADRemote = New-PSSession -ComputerName DC1.example.remote -Credential $Cred
Invoke-Command -Session $ADRemote -scriptblock {Import-module ActiveDirectory}
Import-PSSession -Session $ADRemote -Module ActiveDirectory

# Create user in remote domain
New-AdUser -Name $UserDisplayName -DisplayName $UserDisplayName -Path $UserOURemote -GivenName $UserName -Surname $UserLastName -SamAccountName $UserSAN -UserPrincipalName $UserUPNRemote -Department $UserDepartment -Title $UserTitle -Description $UserTitle -Office $UserOffice -Company "Company Name" -OtherAttributes @{telephoneNumber=$UserPhoneNumber}

# End remote PowerShell Session
Get-PSSession | Remove-PSSession

September 15, 2014

System Center Operations Manager 2012SP1/R2 service names

Management server services (SCOM 2012 SP1 - SCOM 2012 R2):
System Center Data Access Service (OMSDK) - System Center Data Access Service (OMSDK)
System Center Management Configuration (cshost) - System Center Management Configuration (cshost)
System Center Management (HealthService) - Microsoft Monitoring Agent (HealthService)
System Center Management APM (System Center Management APM) - Microsoft Monitoring Agent APM (System Center Management APM)
System Center Audit Forwarding (AdtAgent) - Microsoft Monitoring Agent Audit Forwarding (AdtAgent)

Monitored client services (SCOM 2012 SP1 - SCOM 2012 R2):
System Center Management (HealthService) - Microsoft Monitoring Agent (HealthService)
System Center Management APM (System Center Management APM) - Microsoft Monitoring Agent APM (System Center Management APM)
System Center Audit Forwarding (AdtAgent) - Microsoft Monitoring Agent Audit Forwarding (AdtAgent)