PowerShell Script for implement Mail Signature

At the beginning, we have to create a docx file. This is a normal file, containing a signature design as you want to appear and all variables from the script that you want to change (look at the end of the post for more information). This file has also to be saved on a share, where all the effected users have a read permission.
The script is written to create an Outlook signature and it is working if you have installed MS Word 2013 and MS Outlook 2013. It has been developed from a basic script on the Technet, but with additional checks and conditions as variables:

  • $SignatureVer – A version of signature – Change it when you have to deploy a new signature;
  • $UseSignOnNew – Use this signature when you send a new mail;
  • $UseSignOnReply – Use this signature when you send a mail as reply;
  • $ForceSignatureNew – Force this signature on a new mail. The user will not be able to change it (it will also force it on reply);
  • $ForceSignatureReply – Force signature on reply to mails.

Be careful because using forcing signature, will create registry values. Cancelling these settings means that you have to delete manually the registry values.

Two new registry values used by the script are introduced:

  • In the Path HKCU:’\Software\Microsoft\Office\15.0\Common\MailSettings, in the value VersionSignature, it is written a current version of the installed signature.
  • In the Path HKCU:’\Software\Microsoft\Office\15.0\Common\MailSettings, in the value ADChangeDate, it is written the date when the signature was applied.

We need both values to determinate if the company changed the version of signature and the new one has to be deployed in addition if something changed in AD user object, since the last deployment of the signature. If the AD user was changed, the user can choose if deploying the changes or not (reason / example: AD User will also change if the user changes the password and we do not deploy the new signature).
The script should be run as a logon script and it is divided into two blocks:

  1. The purpose of the first block is to determinate if the signature has to be deployed to user. Here we can see if the user already has a signature deployed and if something has changed from the last deployment. This block query AD User object and compare data from AD with local data.
  2. The second block effectually deploys the signature and for the optimization of the speed and load it run only when the script has to be deployed. It copies the docx template to local machine, changes the variables with real data and generates the signature in Outlook. To do this, the Outlook will be closed if it is open. At the end, the script writes the two registry values and delete the signature template from the local machine.

The script does not delete or effect in any other way none of the signatures that are present in Outlook. The only effect will be that, if you select, it will change the default signature on new and / or reply mails. Of course all data of the AD User object can be retrieved; you just need to found a field name in AD and associate it with variable in the script. It is pretty easy.

In my script, there are some variables that have to be present in a docx template:

  • DisplayName – Will be changed to Display value from AD
  • E-Mail – Will be changed to E-Mail value form AD
  • Title – Will be changed to Title value from AD
  • AllAddress – Will be changed to complete address from AD (street, city, CAP)
  • MobileN – Will be changed to Mobile number value from AD
  • WorkingOffice – Will be changed to Office value from AD

Of course is up to you to change these values to any other value as you wish, but be careful that values defined in script, are presented the Word template document. Only in this case the script will be able to change them.

You can download script here: Mail_Sign script.

Many free tools for administrators

For any administrator, who want to use any kind of free tools to have better access or monitor some functionalities in Windows environments, here we have a list of many free tools. Just look which is usable for you and use it:
https://4sysops.com/best-free-windows-admin-tools/
And please, test it in test environment prior you use it in production. Many times tolls are not exactly the same as you expect..

Problems with spam on Gmail or Hotmail

Do you have problems to deliver mails to Gmail or Hotmail?
I had some issues in last few months and at the beginning I was not able to solve the problem, because all the setting appears to be correct and I was not blacklisted (yes, I know that Google and Hotmail use their blacklist).
The question was how to reach the administrators on the destination side. To do this, just follow this links:
For Gmail: http://www.rackaid.com/resources/gmail-blacklist-removal/
For Hotmail: http://www.rackaid.com/resources/hotmail-blacklist-removal/
Here you will find a lot of information and the ticket to request the support.
PS: Maybe it is not a bad idea to check your status before you send the ticket. You can do it here: https://www.senderscore.org .

Tool to manage Microsoft Exchange ActiveSync

Microsoft published a new tool for managing Exchange Activesync functionalities. The tool is dedicated to administrators who wants to manage the process of remotely erasing mobile devices, list all devices for all users and many other functionalities. It is work on Office 365, Exchange 2010 and Exchange 2013
You can download it form here..

Migrate from SBS 2008 or 2011 (Part 6)

Move the FSMO Roles from SBS Server

At this point the SBS Server holds all five FSMO. In order to demote the SBS Server, these roles must first be moved to another domain controller. They can be safely moved to any Domain Controller in the domain.

 
To transfer the FSMO roles, follow this steps:

  1. Click Start, click Administrative Tools and then click Active Directory Users and Computers.
  2.  If you are logged on SBS Server, right-click Active Directory Users and Computers and then click Change Domain Controller. If you are logged on the destination DC, you can go directly to step 4.
  3. In the Enter the name of another domain controller box, type the name of the server you want to transfer the roles to and then click OK.
  4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks and then click Operations Master.
  5. Click the PDC tab and then click Change.
  6. Click OK to confirm that you want to transfer the role.
  7. Repeat steps 5 and 6 on the Infrastructure and RID tabs.
  8. Click Close to exit the dialog.
  9. Click Start, click Administrative Tools and then click Active Directory Domains and Trusts.
  10. In the console tree, right-click Active Domains and Trusts, point to All Tasks and then click Operations Master.
  11. To change the Domain naming operations master click Change and then click Close.
  12. Next, open an elevated command prompt and type the following command: Regsvr32 %systemroot%system32schmmgmt.dll
  13. Click on Start, click on Run and type MMC.
  14. In the MMC window click on File and then click on Add/Remove Snap-in…
  15. In the Add or Remove Snap-ins dialog click on Active Directory Schema, click Add and then click OK.
  16. Click Change Active Directory Domain Controller…
  17. Click to choose another DC in your forest and then click OK. Click OK to dismiss the warning dialog.
  18. Right-click on the Active Directory Schema and click Operations Master…
  19. Click the Change button. Click the Yes button when prompted to change the Operations Master.
  20. At the command prompt, type netdom query fsmo to verify that all the roles are now held by domain controllers, other than the SBS Server.

 

Uninstalling the Exchange Server
 

Now is time to uninstall the Exchange server from the SBS Server. Be careful, if you have installed ForeFront for Exchange Server. In this case you must first uninstall this product:
 

  1. Logon to SBS Server as Administrator.
  2. Click Start, click Run, then type Services.msc.
  3. Stop all the Exchange services.
  4. Click Start, click Control Panel, then select Programs and Features.
  5. Found Microsoft ForeFront Security for Exchange Server (if it is installed). Click Uninstall.
  6. Uninstall Microsoft ForeFront for Exchange Server.
  7. Restart the SBS Server.

The second thing that you must do is to create the registry key that enables you to remove the Exchange Server management tools:

  1. Click Start, click Run and then, in the Open text box, type regedit.
  2. Browse to HKEY_LOCAL_MACHINESoftwareMicrosoftExchangeV8.0AdminTools.
  3. From the Edit menu, click New and then click String Value.
  4. Type Type the name ConfiguredVersion.
  5. DoubleClick ConfiguredVersion and then, in the Value Data field, type the same value as the data value for the UnpackedVersion registry key, which is located in HKEY_LOCAL_MACHINESoftwareMicrosoftExchangeV8.0AdminTools.
  6. Close the registry Editor.

 

It could happen that you will also have to change manually the responsible server for OAB generation, remove public folders and change the source server for send connectors. This are the steps to control (change) this settings:

  1. To Change the source server for Send connectors:
    1. Click Start and then click Exchange Management Console.
    2. In tree view, on the left side, expand Organization Configuration, Hub Transport.
    3. In the result pane click Send Connector, then right-click on Windows SBS Internet Send connector and select Properties.
    4. Go to Source server tab and click Add…
    5. Select new Exchage server and click OK.
    6. Remove the SBS server from the list.
    7. Repeat the procedure for all the send connectors.
  2. Move the Offline Book generation to a new Exchange server (in case, that you don’t want to use public folders anymore, you must delete and create a new OAB).
    1. Open the Exchange Management Console.
    2. Expand Microsoft Exchange, expand Organization Configuration and then select Mailbox.
    3. In the results pane, click the Offline Address Book tab.
    4. On the Offline Address Book tab, select the offline address book you want to move. In the action pane, click Move.
    5. After the Move Offline Address Book Wizard appears, select the new server to host the offline address book generation by using the Browse button and then click Move.
    6. To close the wizard click Finish.
  3. Remove or move public folders. This steps are very clear explained on Microsoft Technet:
    1. For moving: http://technet.microsoft.com/en-us/library/bb331970(EXCHG.80).aspx
    2. For removing: http://technet.microsoft.com/en-us/library/bb201664(EXCHG.140).aspx

After this step, it is time to uninstall the Exchange server:

  1. Open Control Panel and then, in Programs, click Uninstall a program.
  2. On the Uninstall or change a program page, select Microsoft Exchange Server 2007 and then click Uninstall.
  3. In the Exchange Server 2007 Setup Wizard, on the Exchange Maintenance Mode page, click Next.
  4. On the Server Role Selection page, clear all of the server role check boxes and clear the Management Tools check box. Then click Next.
  5. On the Readiness Checks page, after the checks are finished, click Uninstall.
  6. On the Completion page, click Finish.

 
Demote the SBS Server and remove it from the domain

Log on to the Management Server as an administrator and follow this steps to remove the machine from the domain:

  1. Click Start, click Run and then type dcpromo.
  2. Click Next on the welcome screen.
  3. Click OK to dismiss the global catalog server warning.
  4. Click Next on the delete the domain screen.  Do not select the delete the domain because this server is the last domain controller in the domain check box.
  5. On the Remove DNS Delegation page, verify that the Delete the DNS delegations pointing to this server check box is selected and then click Next.
  6. When prompted, type a password for the local administrator account. Click Next.
  7. Click Next on the review screen to begin the demotion.
  8. Click the Reboot on completion check box.

 

After the machine has finished rebooting, remove it from the domain following this steps:

  1. Log on to the SBS Server as an administrator.
  2. Click on Start, right-click on Computer, then click on Properties.
  3. Click on Change settings.
  4. Select the Computer Name tab and click Change…
  5. Select Workgroup under Member of and enter a unique value for the workgroup name.
  6. Click OK and reboot when prompted.

Log on to the DC Server and verify that the DNS A record and computer account for the SBS Server have been successfully removed.

Migrate from SBS 2008 or 2011 (Part 5).