Control - R = search command history
Control - Space = after typing a - to see all available parameters in a list

Azure

Connect to Office 365

Import-Module MSOnline
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Connect-MsolService ­Credential $LiveCred

List last password change and age

Get-MsolUser -userprincipalname user@domain.org | select DisplayName, LastPasswordChangeTimeStamp,@{Name="PasswordAge";Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}}

List Tenant licenses:

Get-MsolAccountSku
Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "O365_BUSINESS_PREMIUM"}
Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "EXCHANGESTANDARD "}
etc.

List user mailbox rules for a specific user

Get-InboxRule -Mailbox someone@foo.com
then based on rule names listed
Get-InboxRule -Mailbox someone@foo.com -Identity "%name%" | Select Name, Description | fl
Disable-Inboxrule with the above will delete a malicious rule

List all OneDrive URLs

Create OneDriveSites.ps1 with the following text:
$TenantUrl = Read-Host "Enter the SharePoint Online Tenant Admin Url"
$LogFile = [Environment]::GetFolderPath("Desktop") + "\OneDriveSites.log"
Connect-SPOService -Url $TenantUrl
Get-SPOSite -IncludePersonalSite $true -Limit all -Filter "Url -like '-my.sharepoint.com/personal/'" | Select -ExpandProperty Url | Out-File $LogFile -Force
Write-Host "Done! File saved as $($LogFile)."
Run .\OneDriveSites.ps1

Active Directory

Add-in modules

Import-Module GroupPolicy

Connect to remote system

Enter-PSSession -ComputerName IP/UNC

AD User creation date

Being modified for wildcard - Get-aduser $User -properties whencreated "(&(objectClass=user)) "(&(objectCategory=person)(objectClass=user)(Sn=*$lastname*))"

AD User last login date

Get-ADUser -Identity “username” -Properties “LastLogonDate” (individual account)

AD all Users creation & last login date

Import-Module activedirectory (May be needed in older servers) Get-ADUser -Filter * -Properties * | select DisplayName,createtimestamp,LastlogonDate | Export-Csv C:\YourFolder\Report.csv

List users groups

Get-ADPrincipalGroupMembership %username% (Get-ACL "AD:$((Get-ADUser lawrence.jen).distinguishedname)").access\

List account lockouts (run elevated)

Get-EventLog -LogName Security -InstanceId 4740 -Newest 10 |fl
Import-Module activedirectory
Search-ADAccount –LockedOut
Unlock-ADAccount -Identity %user%

List all GPOs and settings

Get-GPOReport -All -ReportType HTML -Path c:\temp\GPOAll.html Get-GPO -All | select DisplayName, ID, Description, CreationTime, ModificationTime | Export-Csv c:\temp\GPOs.csv -NoTypeInformation

Exchange

Find owner of a specific email address

Get-Recipient | Select DisplayName, RecipientType, EmailAddresses |FL
Get-Mailbox -Identity * | Where-Object {$_.EmailAddresses -like 'smtp:emailaddress@domain.com'} | Format-List Identity, EmailAddresses

List all users and email addresses

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName,PrimarySmtpAddress | Export-Csv C:\2017mailboxes.csv

List all SMTP addresses in exchange

Get-Recipient | Select Name -Expandproperty EmailAddresses | Select Name, SmtpAddress | Export-Csv C:\SMTP.csv

Find mailbox last Logon time

Get-MailboxStatistics -Identity

List group membership

Get-DistributionGroupMember -Identity "Group Name"

Message trace for one recipient

Get-MessageTrace -Recipient %UserEMail% | Select-Object Received, SenderAddress, RecipientAddress, Subject, Status, ToIP, FromIP, Size, MessageID, MessageTraceID | Export-Csv "path\here"
Alternative is Out-GridView for a quick check

Add/ monitor calendar delegate access

Get-MailboxFolderPermission -Identity jeffs@cyberstreams.com:\calendar |fl Get-MailboxPermission Add-MailboxFolderPermission %user%:\calendar -User %user% -AccessRights Editor -SharingPermissionFlags Delegate (remove SharingPermissionFlags for Exch 2013)

Exch (2013?) Message tracking logs

Get-MessageTrackingLog -ResultSize Unlimited -Start "February 5 2019" | Select EventID,Source,Sender,Recipients,timestamp,messagesubject | Out-GridView

Audit server Content Filter configuration:

get-ContentFilterConfig

list a user’s trusted and blocked senders

(Get-MailboxJunkEmailConfiguration user.account).TrustedSendersAndDomains
(Get-MailboxJunkEmailConfiguration user.account).BlockedSendersAndDomains To add a user’s blocked senders
Set-MailboxJunkEmailConfiguration -Identity “user.account” –TrustedSendersandDomains @{Add=”test2@test.com”}
Set-MailboxJunkEmailConfiguration -Identity “user.account” –BlockedSendersandDomains @{Add=”test2@test.com”}
To remove a user’s blocked senders
Set-MailboxJunkEmailConfiguration -Identity “suser.account” –TrustedSendersandDomains @{Remove=”test2@test.com”}
Set-MailboxJunkEmailConfiguration -Identity “user.account” –BlockedSendersandDomains @{Remove=”test2@test.com”}

Miscellaneous/uncatagoriezed

Remote Service administration examples

sc \\boldiq_qa2 query > C:\temp\qa2Services.txt
sc \\boldiq_qa2 query "netlogon"
sc \\boldiq_qa2 stop ekrn
sc \\boldiq_qa2 start ekrn

Group Policy

Import-Module GroupPolicy

Exchange 2013 DAG Maintenance

1.To begin the process of draining the transport queues, run
Set-ServerComponentState ER-Exch-01 -Component HubTransport -State Draining -Requester Maintenance
2.To initiate the draining of the transport queues, run
Restart-Service MSExchangeTransport
3.To begin the process of draining all Unified Messaging calls, run
Set-ServerComponentState ER-Exch-01 -Component UMCallRouter -State Draining -Requester Maintenance
4.To redirect messages pending delivery in the local queues to the Mailbox server specified by the Target parameter, run
Redirect-Message -Server ER-Exch-01 -Target ER-Exch-02.eriv.local
5.To pause the cluster node, which prevents the node from being and becoming the PAM, run
Suspend-ClusterNode ER-Exch-01
6.To move all active databases currently hosted on the DAG member to other DAG members, run
Set-MailboxServer ER-Exch-02 -DatabaseCopyActivationDisabledAndMoveNow $True
7.To prevent the server from hosting active database copies, run
Set-MailboxServer ER-Exch-02 -DatabaseCopyAutoActivationPolicy Blocked
8.To place the server into maintenance mode, run
Set-ServerComponentState ER-Exch-01 -Component ServerWideOffline -State Inactive -Requester Maintenance
To verify that a server is ready for maintenance, perform the following tasks: 1.To verify the server has been placed into maintenance mode, run Get-ServerComponentState ER-Exch-01 | ft Component,State -Autosize 2.To verify the server is not hosting any active database copies, run Get-MailboxServer ER-Exch-01 | ft DatabaseCopy* -Autosize 3.To verify that the node is paused, run Get-ClusterNode ER-Exch-01 | fl 4.To verify that all transport queues have been drained, run Get-Queue ======================================================================================== 1. To designate that the server is out of maintenance mode, run Set-ServerComponentState ER-Exch-01 -Component ServerWideOffline -State Active -Requester Maintenance 2. To allow the server to accept Unified Messaging calls, run Set-ServerComponentState ER-Exch-01 -Component UMCallRouter -State Active -Requester Maintenance 3. To resume the node in the cluster and enable full cluster functionality for the server, run Resume-ClusterNode ER-Exch-01 4. To allow databases to become active on the server, run Set-MailboxServer ER-Exch-01 -DatabaseCopyActivationDisabledAndMoveNow $False 5. To remove the automatic activation blocks, run Set-MailboxServer ER-Exch-01 -DatabaseCopyAutoActivationPolicy Unrestricted 6. To enable the transport queues and allow the server to accept and process messages, run Set-ServerComponentState ER-Exch-01 -Component HubTransport -State Active -Requester Maintenance 7. To resume transport activity, run Restart-Service MSExchangeTransport To verify that a server is ready for production use, perform the following tasks: 1.To verify the server is not maintenance mode, run Get-ServerComponentState ER-Exch-01 | ft Component,State -Autosize If you are installing an Exchange update, and the update process fails, it can leave some server components in an inactive state, which will be displayed in the output of the above Get-ServerComponentState cmdlet. To resolve this, run the following commands: •Set-ServerComponentState ER-Exch-01 -Component ServerWideOffline -State Active -Requester Functional •Set-ServerComponentState ER-Exch-01 -Component Monitoring -State Active -Requester Functional •Set-ServerComponentState ER-Exch-01 -Component RecoveryActionsEnabled -State Active -Requester Functional