08 May 2018

aka.ms shortcut url's

Know a cool one not listed here? Let me know.
https://aka.ms/HybridWizard
https://aka.ms/TAPHCW
http://aka.ms/HCWCheck

Shortcut url to bitlockerkeys
Office365/Azure MFA Setup page
Azure Portal
https://aka.ms/exchange2016
Microsoft Exchange Product Page
Microsoft Support
You Had Me At EHLO… blog
Exchange 2016 documentation
Exchange 2013 documentation
Exchange 2010 documentation
Exchange 2007 documentation
Exchange2003 documentation
Exchange Server Licensing
Exchange Deployment Assistant
Microsoft Remote Connectivity Analyzer
Sender ID Framework SPF Record Wizard
Exchange Server Tools
Exchange 2010 SP1
Latest Rollup Update for Exchange 2010 SP1
Exchange 2010 Visio Stencil
Exchange Wiki Portal
Exchange 2010 Wiki
Exchange 2007 Wiki
Exchange 2003 Wiki
Navigating Exchange Content Like A Pro Using Short URLs
Hybrid Key
Hybrid Free Busy Troubleshooter
Exchange Server Role Requirements Calculator
Office 365 Hybrid Configuration Wizard
Azure AZ Copy
Microsoft Remote Connectivity Analyzer
Monitor availability and responsiveness of any web site with Azure
https://aka.ms/exo
Exchange Online Pricing
http://aka.ms/powershell
PowerShell documentation
http://aka.ms/posh
Manoj Nair PowerShell Blog
Hackers tell all

17 April 2018

Enable Office365 MFA per User or all users - Search for users with MFA disabled

Enabling all users for MFA is relatively easy with PowerShell, and how to's are found all over the web.
But enabling MFA for one user is a bit more difficult.
Here's how to do it:

Enable MFA per user

$MFASetting = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement -Property @{            
    RelyingParty = "*"            
    State        = "Enabled"            
    }            
            
Set-MsolUser -UserPrincipalName 'user@domain.com' -StrongAuthenticationRequirements $MFASetting
Check the settings
$User = Get-msoluser -UserPrincipalName 'user@domain.com' |            
    Select-Object -ExpandProperty StrongAuthenticationRequirements            
$User.State

Find users with MFA enabled
Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName

Find users not MFA enabled (Not sure if this displays correct info)
Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName

Find users not MFA enabled (This is more accurate I believe)
Get-MsolUser -All | where {$_.StrongAuthenticationMethods -eq $null} | Select-Object -Property UserPrincipalName

Bulk enable for multiple users in csv file
Enable for multiple users
            
function Set-MFAUsers {            
    param (            
        [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]            
        [ValidateScript( {Test-Path $_})]              
        [Alias('FullName')]            
        [String] $Path,            
                    
        [ValidateSet('Enabled','Enforced')]            
        [String] $State = 'Enabled'            
    )            
            
    # Set MFA object            
    $MFASetting = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement -Property @{            
        RelyingParty = "*"            
        State        = $State            
    }            
                
    # Get user list            
    $Users = Get-Content -Path $Path -ReadCount -1            
            
    foreach ($user in $users)             
    {            
         $SetUser = @{            
            UserPrincipalName                = $user            
            StrongAuthenticationRequirements = $MFASetting             
            ErrorAction                      = 'Stop'              
        }            
            
        Try {            
            # Set MFA            
            Set-MsolUser @SetUser            
                        
            # Post Check            
            $ThisUser = Get-msoluser -UserPrincipalName $User |             
                Select-Object -ExpandProperty StrongAuthenticationRequirements            
            
            if ($ThisUser.State -eq $SetUser.StrongAuthenticationRequirements.State) {            
                Write-Host "[SUCCESS] UPN: $user" -ForegroundColor Green            
            }            
            else {            
                Write-Host "[FAILED ] UPN: $user" -ForegroundColor Red            
            }            
        }            
        Catch {            
             Write-Warning -Message $_.Exception.Message            
        }               
    }             
}            
            
Get-ChildItem C:\temp\MFA_Users.txt | Set-MFAUsers -State Enforced

10 April 2018

Install Exchange 2013 CU's from an elevated command prompt or elevated PowerShell

Most commonly used:

Prepare Schema:
.\Setup.exe /PrepareSschema /IAcceptExchangeServerLicenseTerms

Prepare All Domains:
.\Setup.exe /PrepareAllDdomains /IAcceptExchangeServerLicenseTerms

Prepare Domain:
.\Setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms

run setup /?

.\Setup.exe /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

The last Exchange setup files are always available in the following location:
C:\Program Files\Microsoft\Exchange Server\V15\Bin

From that location run: Setup.exe /?

Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


For detailed help, type one of the following options:

  Setup /help:Install         - Install Exchange server roles.
  Setup /help:Upgrade         - Upgrade an existing Exchange server.
  Setup /help:Uninstall       - Uninstall Exchange server roles.
  Setup /help:RecoverServer   - Recover an existing Exchange server.
  Setup /help:PrepareTopology - Prepare your topology for Exchange.
  Setup /help:Delegation      - Delegate server installations.
  Setup /help:UmLanguagePacks - Add or remove Unified Messaging
                                language packs.

To read the Exchange Server license terms,
see http://go.microsoft.com/fwlink/p/?LinkId=150127.

setup /help:install


C:\Program Files\Microsoft\Exchange Server\V15\Bin>Setup /help:Install

Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Exchange Server Installation Usage:

    Setup /Mode:Install /Roles:<roles to install> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Uninstall
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

--Exchange Server Installation Required Parameters--

/Mode:<installation mode>, /m:<installation mode>
    Specifies the operation to perform:
        . Install:    (Default)--Installs one or more server roles.
        . Uninstall:  Removes all installed server roles.
        . Upgrade:    Installs a service pack.

/Roles:<role 1, role 2>, /Role:<role>, /r:<role>
    The following are the valid server roles:
        . ClientAccess, ca
        . Mailbox, mb
        . EdgeTransport, et
        . ManagementTools, mt, t

    * This parameter can't be used when the /Mode parameter
    is set to Uninstall or Upgrade.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Exchange Server Installation Optional Parameters--

[/DisableAMFiltering]
    Disables Exchange Server anti-malware functionality.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS> or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/InstallWindowsComponents]
    Installs required Windows Server roles and features.

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%ProgramFiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Updates from the specified directory will be installed during
    setup.

[/?]
    Displays help for setup.

--Exchange Server Installation Advanced Optional Parameters--

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

[/AnswerFile:<path>, /af:<path>]
    Specifies the location of an answer file that contains advanced
    parameters for setup.
    For details, see http://go.microsoft.com/fwlink/p/?LinkId=254454.

[/CustomerFeedbackEnabled:<True | False>]
    Specify whether to participate in Customer Experience Improvement
    Program.
    The value can be True or False.

[/DbFilePath:<path>]
    Specify the full path to the mailbox database file when
    the Mailbox server role is installed.
    Role: Mailbox

[/DoNotStartTransport]
    Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

    Remarks: This parameter can only be specified during the first
    Exchange 2013 Mailbox server installation in an organization.

[/EnableErrorReporting]
    Enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose
    problems and provide solutions.

[/LogFolderPath:<path>]
    Specify the folder path to the directory where the mailbox database
    database logs should be placed when the Mailbox server role is
    installed.
    Role: Mailbox

[/MdbName:<MDB name>]
    Specify the default database name that is created when the
    Mailbox server role is installed.
    Role: Mailbox

[/TenantOrganizationConfig:<path>]
    Specifies the path to the file that contains the organization
    configuration of your Office 365 tenant. This file is created by
    running the Get-OrganizationConfig cmdlet in your Office 365
    tenant. For more information, see
    http://go.microsoft.com/fwlink/?LinkId=262888.

Setup /help:Upgrade


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server Setup Parameter Help

Upgrade Exchange Server Usage:

    Setup /Mode:Upgrade [OptionalParameters]
      /IAcceptExchangeServerLicenseTerms

--Upgrade Exchange Server Required Parameters--

/Mode:Upgrade, /m:Upgrade
    Upgrades an existing Exchange server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Upgrade Exchange Server Optional Parameters--

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that setup will use to read
    and to write to Active Directory.

[/EnableErrorReporting]
    This enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose problems
    and provide solutions.

Setup /help:Uninstall


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Exchange Server Installation Usage:

    Setup /Mode:Install /Roles:<roles to install> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Uninstall
      /IAcceptExchangeServerLicenseTerms
    Setup /Mode:Upgrade /IAcceptExchangeServerLicenseTerms

--Exchange Server Installation Required Parameters--

/Mode:<installation mode>, /m:<installation mode>
    Specifies the operation to perform:
        . Install:    (Default)--Installs one or more server roles.
        . Uninstall:  Removes all installed server roles.
        . Upgrade:    Installs a service pack.

/Roles:<role 1, role 2>, /Role:<role>, /r:<role>
    The following are the valid server roles:
        . ClientAccess, ca
        . Mailbox, mb
        . EdgeTransport, et
        . ManagementTools, mt, t

    * This parameter can't be used when the /Mode parameter
    is set to Uninstall or Upgrade.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Exchange Server Installation Optional Parameters--

[/DisableAMFiltering]
    Disables Exchange Server anti-malware functionality.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS> or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/InstallWindowsComponents]
    Installs required Windows Server roles and features.

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%ProgramFiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Updates from the specified directory will be installed during
    setup.

[/?]
    Displays help for setup.

--Exchange Server Installation Advanced Optional Parameters--

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

[/AnswerFile:<path>, /af:<path>]
    Specifies the location of an answer file that contains advanced
    parameters for setup.
    For details, see http://go.microsoft.com/fwlink/p/?LinkId=254454.

[/CustomerFeedbackEnabled:<True | False>]
    Specify whether to participate in Customer Experience Improvement
    Program.
    The value can be True or False.

[/DbFilePath:<path>]
    Specify the full path to the mailbox database file when
    the Mailbox server role is installed.
    Role: Mailbox

[/DoNotStartTransport]
    Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

    Remarks: This parameter can only be specified during the first
    Exchange 2013 Mailbox server installation in an organization.

[/EnableErrorReporting]
    Enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose
    problems and provide solutions.

[/LogFolderPath:<path>]
    Specify the folder path to the directory where the mailbox database
    database logs should be placed when the Mailbox server role is
    installed.
    Role: Mailbox

[/MdbName:<MDB name>]
    Specify the default database name that is created when the
    Mailbox server role is installed.
    Role: Mailbox

[/TenantOrganizationConfig:<path>]
    Specifies the path to the file that contains the organization
    configuration of your Office 365 tenant. This file is created by
    running the Get-OrganizationConfig cmdlet in your Office 365
    tenant. For more information, see
    http://go.microsoft.com/fwlink/?LinkId=262888.

Setup /help:RecoverServer


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Recover Exchange Server Usage:

    Setup /Mode:RecoverServer [OptionalParameters]
      /IAcceptExchangeServerLicenseTerms

--Recover Exchange Server Required Parameters--

/Mode:RecoverServer, /m:RecoverServer
    Recovers an existing Exchange server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Recover Exchange Server Optional Parameters--

[/TargetDir:<path>, /t:<path>]
    Specifies the location to install Exchange Server 2013 files.
    Default: "%programfiles%\Microsoft\Exchange Server\V15"

[/UpdatesDir:<path>, /u:<path>]
    Specifies the location from which updates will be installed
    during setup.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that setup will use to read
    and to write to Active Directory.

[/EnableErrorReporting]
    This enables the Exchange server to automatically submit critical
    error reports. Microsoft uses this information to diagnose problems
    and provide solutions.

[/DoNotStartTransport]
    The Microsoft Exchange Transport service will not be started during
    setup when this parameter is specified.
    Role: Mailbox

Setup /help:PrepareTopology


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Prepare Topology Usage:

    Setup /PrepareAD [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareSchema [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareDomain [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareDomain:<domainA, domainB> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /PrepareAllDomains [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms

--Prepare Topology Required Parameters--

/PrepareAD, /p
    Prepares the Active Directory forest for the Exchange
    installation.

/PrepareSchema, /ps
    Prepares the Active Directory schema for the Exchange installation.

/PrepareDomain, /pd
    Prepares the local domain for the Exchange installation.

/PrepareDomain:<domain FQDN>, /pd:<domain FQDN>
    Prepares the specified domain(s) for the Exchange installation.

/PrepareAllDomains, /pad
    Prepares all domains in the forest for the Exchange
    installation.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Prepare Topology Optional Parameters--

[/OrganizationName:<organization name>, /on:<organization name>]
    Specifies the name of the Exchange organization. The name can't be
    longer than 64 characters. If the name has spaces, enclose it in
    quotes.
    Valid characters: A-Z, a-z, 0-9, space (not leading or trailing),
    hyphen, dash.

    * This parameter is required if you're installing the first
    Exchange server in an organization.

[/DomainController:<NetBIOS or FQDN>, /dc:<NetBIOS or FQDN>]
    Specifies the domain controller that Setup will use to read
    and write to Active Directory.

[/ActiveDirectorySplitPermissions:<True | False>]
    Enable Active Directory split permissions mode when preparing
    the Exchange organization.
    The value can be true or false.

Setup /help:Delegation


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Server Setup Delegation Usage:

    Setup /NewProvisionedServer:<server name>
      /IAcceptExchangeServerLicenseTerms
    Setup /RemoveProvisionedServer:<server name>
      /IAcceptExchangeServerLicenseTerms

--Server Setup Delegation Required Parameters--

/NewProvisionedServer:<server name>, /nprs:<server name>
    Creates a placeholder server object so that a
    delegated server administrator can run Exchange installation.

/RemoveProvisionedServer:<server name>, /rprs:<server name>
    Removes the provisioned server object.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

Setup /help:UmLanguagePacks


Microsoft Exchange Server 2013 Cumulative Update 19 Unattended Setup


Microsoft Exchange Server 2013 Setup Parameter Help

Unified Messaging Language Pack Usage:

    Setup /AddUmLanguagePack:<cultures> [<OptionalParameters>]
      /IAcceptExchangeServerLicenseTerms
    Setup /RemoveUmLanguagePack:<cultures>
      /IAcceptExchangeServerLicenseTerms

--Unified Messaging Language Pack Required Parameters--

/AddUmLanguagePack:<cultures>
    Adds the language packs for the specified cultures.

/RemoveUmLanguagePack:<cultures>
    Removes the installed language packs.

/IAcceptExchangeServerLicenseTerms
    This parameter is required to accept Exchange Server license terms
    and must be included every time the setup command is run.

--Unified Messaging Language Pack Optional Parameters--

[/SourceDir:<path>, /s:<path>]
    Location for the Unified Messaging language pack
    for the cultures specified. Valid with /AddUmLanguagePack
    parameter only.

[/UpdatesDir:<path>, /u:<path>]
    Updates from the directory specified will be installed
    during setup.

Usage Examples:
    Setup /AddUmLanguagePack:de-DE /s:d:\Downloads\UmLanguagePacks
    Setup /AddUmLanguagePack:de-DE,fr-FR,ja-JP /s:\\myshare\langpacks
    Setup /RemoveUmLanguagePack:de-DE,fr-FR
    Setup /AddUmLanguagePack:de-DE /s:d:\Downloads /u:d:\Patches

Remarks:
    The en-US Unified Messaging language pack can't be added or removed.
    It will be installed and uninstalled with the Mailbox role.
    These operations are only valid when the Mailbox role is already
    installed on the server.



14 March 2018

Enable MFA for all Office365 users at once with PowerShell

Now that Multi Factor Authentication is widely supported through all the different PowerShell modules within Office365 and Azure it's a good idea and a best practice to enable MFA for all accounts. Especially admin accounts.

So how do we do this?
After connecting to the MSOnline service with PowerShell run:

$auth = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement            
            
$auth.RelyingParty = "*"            
            
$auth.State = "Enabled"            
            
$auth.RememberDevicesNotIssuedBefore = (Get-Date)            
            
Get-MsolUser –All | Foreach{ Set-MsolUser -UserPrincipalName $_.UserPrincipalName -StrongAuthenticationRequirements $auth}

All users are now "enabled" for MFA.
This should give you a lot of extra brownie points on your secure score rating :-)

13 March 2018

Install Office365 requirements with PowerShell - SkypeOnline - ExchangeOnline - AzureAD - SharepointOnline PowerShell modules

I came across a script by Chris Goosen to connect to all of the Office 365 services via PowerShell.
When I tried to run it errors were flying everywhere.
All of the requirements were missing on my system.

So that's what I came up with, a one stop way to get all of those requirements in one single go.

<# 
.SYNOPSIS 
Install Office365 PowerShell Prerequisites
 
.DESCRIPTION  
Downloads and installs the AzureAD, Sharepoint Online, Skype Online for Windows PowerShell
#>             
            
Function InstallSharepointOnlinePowerShellModule() {             
             
$SharepointOnlinePowerShellModuleSourceURL = 
"https://download.microsoft.com/download/0/2/E/02E7E5BA-2190-44A8-B407-BC73CA0D6B87/SharePointOnlineManagementShell_7414-1200_x64_en-us.msi"
$DestinationFolder = "$ENV:homedrive\$env:homepath\Downloads" If (!(Test-Path $DestinationFolder)) { New-Item $DestinationFolder -ItemType Directory -Force } Write-Host "Downloading Sharepoint Online PowerShell Module from $SharepointOnlinePowerShellModuleSourceURL" try { Invoke-WebRequest -Uri $SharepointOnlinePowerShellModuleSourceURL
-OutFile
"$DestinationFolder\SharePointOnlineManagementShell_7414-1200_x64_en-us.msi" -ErrorAction STOP $msifile = "$DestinationFolder\SharePointOnlineManagementShell_7414-1200_x64_en-us.msi" $arguments = @( "/i" "`"$msiFile`"" "/passive" ) Write-Host "Attempting to install $msifile" $process = Start-Process -FilePath msiexec.exe -Wait -PassThru -ArgumentList $arguments if ($process.ExitCode -eq 0) { Write-Host "$msiFile has been successfully installed" } else { Write-Host "installer exit code $($process.ExitCode) for file $($msifile)" } } catch { Write-Host $_.Exception.Message } } InstallSharepointOnlinePowerShellModule # Download and Install Visual Studio C++ 2017 $VisualStudio2017x64URL = "https://download.visualstudio.microsoft.com/download/pr/11687625/2cd2dba5748dc95950a5c42c2d2d78e4/VC_redist.x64.exe" Write-Host "Downloading VisualStudio 2017 C++ from $VisualStudio2017x64" $DestinationFolder = "$ENV:homedrive\$env:homepath\Downloads" Invoke-WebRequest -Uri $VisualStudio2017x64URL -OutFile "$DestinationFolder\VC_redist.x64.exe" -ErrorAction STOP Write-Host "Attempting to install VisualStudio 2017 C++, a reboot is required!" Start-Process "$DestinationFolder\VC_redist.x64.exe" -ArgumentList "/passive /norestart" -Wait Write-Host "Attempting to install VisualStudio 2017 C++" # Download and Install Skype Online PowerShell module $SkypeOnlinePowerShellModuleSourceURL = "https://download.microsoft.com/download/2/0/5/2050B39B-4DA5-48E0-B768-583533B42C3B/SkypeOnlinePowerShell.Exe" $DestinationFolder = "$ENV:homedrive\$env:homepath\Downloads" If (!(Test-Path $DestinationFolder)) { New-Item $DestinationFolder -ItemType Directory -Force } Write-Host "Downloading Skype Online PowerShell Module from $SkypeOnlinePowerShellModuleSourceURL" Invoke-WebRequest -Uri $SkypeOnlinePowerShellModuleSourceURL -OutFile "$DestinationFolder\SkypeOnlinePowerShell.Exe" -ErrorAction STOP Start-Process "$ENV:homedrive\$env:homepath\Downloads\SkypeOnlinePowerShell.Exe" -ArgumentList "/quiet" -Wait $DestinationFolder = "$ENV:homedrive\$env:homepath\Downloads" # Register PSGallery PSprovider and set as Trusted source Register-PSRepository -Name PSGallery -SourceLocation https://www.powershellgallery.com/api/v2/
-PublishLocation
https://www.powershellgallery.com/api/v2/package/ -ScriptSourceLocation https://www.powershellgallery.com/api/v2/items/psscript/
-ScriptPublishLocation
https://www.powershellgallery.com/api/v2/package/ -InstallationPolicy Trusted -PackageManagementProvider NuGet Set-PSRepository -Name psgallery -InstallationPolicy trusted # Install modules from PSGallery Save-Module -Name AzureAD -Path $DestinationFolder\ Install-Module -Name AzureAD Save-Module -Name MSOnline -Path $DestinationFolder Install-Module -Name MSOnline # Manually install Exchange Online with MFA authentication support from the Exchange Online ECP Write-Host "Login, go to Hybrid and download the Exchange Online Powershell module" Start-Process https://outlook.office365.com/ecp/

12 March 2018

How to restore a private key in IIS 7.0 or IIS 8.0

The following instructions apply to Windows Server 2008 (IIS 7.0) & Windows Server 2012 (IIS 8.0). Perform the following steps to restore the private key.

Import SSL certificate into the Personal > Certificates folder
Create a Certificates snap-in in a MMC console, refer to solution SO9999.
From the top left-hand pane, expand the Certificates tree, expand the Personal folder
Right-click the Certificates sub folder and select All Tasks > Import
The Certificate Import Wizard opens. Click Next
Click Browse and then navigate to the SSL certificate file.
Click Open > Next
Ensure "Place all certificates in the following store" is selected, ensure that "Personal" is listed for the certificate store.
Click Next > Finish

Import the Intermediate Certificate into the Intermediate Certification Authorities > Certificates folder
Download the correct Intermediate CA certificate, refer to article INFO1421.
From the left pane, expand the Intermediate Certification Authorities folder
Right-click on the Certificates sub folder
Select All Tasks > Import - A Certificate Import Wizard will open.
Click Next
Click Browse and then navigate to the Intermediate CA Certificate file
Click Next
Select Place all certificates in the following store: Intermediate Certification Authorities
Click Next
Click Finish 

Restore Private Key
With the MMC console still open, select the Certificates folder inside the Personal folder in the left-hand pane.
Double-click the newly imported SSL certificate in the right-hand pane, then select the Details tab.
Scroll down and select the Thumbprint field, then select and copy the entire thumbprint (in the bottom box) to the clipboard.
Open a command prompt, then enter the following command:
certutil -repairstore my "<thumbprint>"
Example:
certutil -repairstore my "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f"
If successful, the response will be "CertUtil: -repairstore command completed successfully"
Assign SSL certificate in IIS
Go to > Start > Administrative Tools > Internet Information Services (IIS) Manager.
From the Connections pane on the left, expand the local server, expand the Sites folder and select the web site to be secured with SSL.
From the Actions pane on the right, select the Bindings option under Edit Site.
In the Site Bindings window, select an existing https binding and click Edit. If there are no existing https bindings, click Add.
Ensure the type is set to 'https', then select the new SSL certificate from the drop down menu.
Click the View button to confirm details of the certificate.
Click OK > Close