Microsoft

Search O365 Exchange Forward Rules

Leave a comment

IT and the Legal team recently started working on correcting several key issues. One of those included the ability to keep company email from auto forwarding out to other non-company accounts/companies/etc.

Open a powershell prompt (run as administrator)
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> c:\text\Forward_Rule_list.txt }

If you receive an error “Files cannot be loaded because running scripts is disabled on this system”
Set-ExecutionPolicy RemoteSigned

Linux, Microsoft

Webserver CA SSL Request, Linux Windows

Leave a comment

I had a need to create a certificate for a new webserver. I have Linux machines available on my Windows dowmain that has a certificate authority advertised in active directory.

On your linux machine (that has openssl)
openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout webserver1.key -out webserver1.csr

Generating a 2048 bit RSA private key
……………………………………+++
…………………………………..+++
writing new private key to ‘webserver1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NO
Locality Name (eg, city) [Default City]:Town
Organization Name (eg, company) [Default Company Ltd]:Winks
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:webserver1.localdomain.local
Email Address []:support@localdomain.local

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Copy the CSR to your clipboard
nano webserver1.csr
Copy all of the text including the “–BEGIN” and “–END”

Create the certificate request on your CA

https://certificateauthority/certsrv
Create a new request – Advanced certificate request
Paste the copied text
Select webserver for the certificate template
Submit

I always download as a base64 encoded certificate. I then copied the .cer to my linux box to run the next steps.

On your linux machine create the PFX
openssl pkcs12 -inkey webserver1.key -in webserver1.cer -export -out webserver1.pfx

Enter Export Password:
Verifying – Enter Export Password:

Copy the PFX back to your window machine, double click, enter the passcode, and away you go.

Microsoft

Chrome Windows 10 Omnibox Slow

Leave a comment

I was having extremely slow response time to input in the google search bar (aka omnibox). I’d close out of Chrome and re-enter, same issue. Every new tab (ctrl + t) I’d start typing a URL or search term and it would take up to 12 seconds for the text to start showing up. And with my misspellings… yeah it was frustrating.

Closed and re-opened Chrome. Same problem.
I disabled all of the extensions. Same problem.
I cleared all of the cache (ctrl shift del). Same problem.
Rebooted the machine. The problem went away for about 2-3 hours and then came right back.
Installed 64bit instead of 32bit. Same problem.
Redid all steps above after upgrading to 64bit. Same problem.

http://www.robschmuecker.com/google-chrome-address-bar-omnibox-getting-slow/

This site had me check for compatibility mode. I wasn’t running in compat mode as this was native supported.

But the delete of cache caught my eye – why does chrome store cached omnibox crud in the default user’s directory?

C:\Users\%Username%\appdata\local\google\chrome\User Data\Default\Cache
Delete everything in there. Restart Chrome.

I had to run taskkill /f /im chrome.exe prior to deleting all of the cache.

Microsoft

Double Booking O365 Room Calendar

Leave a comment

I went through and made sure that the room was set to not allow conflicts. Unfortunately it was still accepting conflict meetings as “tentative” instead of outright saying “no”. This was conflicting with our room booking evoko units (exterior to the room) and showing the second meeting – the tentative in Exchange/Outlook – as the only meeting. Bad.

So, open up your powershell and connect to the O365-land (previous post).

List All Rooms (you’ll need the email address)
Get-Mailbox | Where-Object {$_.RecipientTypeDetails -eq "RoomMailbox"} | Format-Table DisplayName,Identity,PrimarySmtpAddress

List All Options On That Room
get-calendarprocessing roomname@domainname.tld | fl
Verify that the AllowConflicts is set to false. Verify that the forwardrequeststodelegates is also false. Verify that the AllRequestOutOfPolicy is set to false.

Change these settings (if the above is not false)
Set-CalendarProcessing roomname@domainname.tld -AllowConflicts $false
Set-CalendarProcessing roomname@domainname.tld -ForwardRequestsToDelegates $false
Set-CalendarProcessing roomname@domainname.tld -AllRequestOutOfPolicy $false

Microsoft

Calendar Permissions Office365 Powershell

Leave a comment

I needed to change permissions on who could access the CEO’s calendar as his personal assistant was going on a month-long vacation and the backup needed the same permissions.

Connect to your Office365 environment using Powershell
Open Powershell as an administrator
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Login with an O365 admin account

List access on a specific account
Get-MailboxFolderPermission -Identity user1@domain.com:\calendar

Add access to a specific user
Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor

Remove access to a specific user
Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com

Available Roles

Owner
PublishingEditor
Editor
PublishingAuthor
Author
NonEditingAuthor
Reviewer
Contributor
AvailabilityOnly
LimitedDetails

Linux

RSA host key for server has changed

Leave a comment

I had reformatted one of my hypervisor boxes (prox) and completely forgot about changing my SSH keys on other systems. I have a jumpbox that allows me to remotely access and admin the environment, but I couldn’t SSH into my prox system:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
2a:35:00:00:c7:e8:f3:fe:f7:6e:cf:00:00:db:e9:d8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:33
RSA host key for prox1 has changed and you have requested strict checking.
Host key verification failed.

Opening up my /root/.ssh/known_hosts file I see a bunch of giberish. Answer found from c0rp.

Fast and easy fix
sed -i '33d' ~/.ssh/known_hosts
Obviously change the ’33d’ to reflect your line number. e.g line 12 wouild be ’12d’
Then SSH to your machine again and you’ll be asked if you want to store the new RSA fingerprint.

Or you can use SSH Keygen
ssh-keygen -R yourmachinenamehere

Ramblings Of An IT Person