Retrieve user friendly list of users who have full access to a particular mailbox in Office365

We had a request to provide a list of users who have Full access to a mailbox in Office 365. The get-mailboxpermission is pretty straightforward, but the results show the Windows username as opposed to the descriptive name for the user. The following script should provide the information needed. Note that the first 3 lines connect to Microsoft Online (you will be prompted for username and password) – the last two are the magic ones. Replace “User name” with the users first and last name ie “Andy Helsby” in my case

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

$userlist = Get-Mailbox "user name" | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "Fullaccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authorityself*") }
$userlist | foreach {get-mailbox $_.user}

If I can work it out, I’ll update the script later to provide a report for all mailboxes – in the meantime this works for 1 mailbox at a time.

Funnily enough, this report didn’t actually help the reason we were asked for the report – that was because the user had issues connecting to someone else’s mailbox. It turns out that the Microsoft Online password had been changed and outlook was using the cached credentials. By removing the stored passwords in the control panel, Outlook prompted for the password and everything started working.

Fixed:Corrupt contacts in outlook but they appear ok on phone.

Had a weird problem this morning with a user that had issues with incorrect data appearing in their outlook contacts. When you looked at the contacts in Outlook 2007, the Full Name was typically somebody else, yet the email address and name displayed in Outlook would be correct. Occasionally things like company name would appear incorrect. Looking at the phone, the data looked correct however the phone typically does not seem to use all of the fields that outlook2007 displays.
When I looked at the contacts within OWA the data looked ok. In OWA I changed the middle name on one of the corrupted contacts (although it looked correct in OWA) and then switched back to Outlook – the contact was now showing the middle name as expected, but the rest of the data was also coming across correctly. I took out the middle name within OWA and sure enough Outlook removed the middle name too and the contact was now correct.
The next stage was just to open the contact in OWA and hit save and close. This fixed the contact in Outlook too. I have no idea why this issue occured, and thankfully there are not *too* many contacts to open (only 170 in total) but just opening and then doing a Save and Close fixes the issue.
It will be interesting to see if this issue reoccurs.

Fixed:MDOP download on Technet

One of the advantages of a Technet subscription is access to the (MDOP Microsoft Desktop Optimization Pack) software including the Diagnostics And Repair Toolkit (DART). Unfortunately it took me a while to find it under the downloads today as MDOP does not appear under the list of downloads. However searching for Desktop Optimization Pack finds it. (You need to log into the Subscriber Downloads for this link to work). You’d be surprised how inaccurate the Google results for MDOP download on Technet results are.

Fixed: Connectwise and roaming profile permissions issues

A while back we started using Connectwise for our Helpdesk system and we use roaming profiles for our techs. Unfortunately Connectwise has to write to the appdata directory and the permissions were not set for Connectwise to write the files correctly and it also assumed that your appdata directory was going to be on c:\ rather than \\server…..
It took some digging and trial and error before we were able to get this working – the solution is to do the following from a command prompt –
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol -machine -addgroup LocalIntranet_Zone -url “file://server/user$/%username%/appdata/*” FullTrust -name Andy-PsaIntranet

I think the name parameter can be anything but we set it to firstname-PsaIntranet. Also note the appdata has the path to appdata but with forward slashes instead of back slashes.

Connectwise is a great tool but whatever you don’t do, don’t use the hosted version – the performance and the lack of options and features that are crippled in the hosted product makes a very frustrating end user experience. Last night we switched over to an inhouse version and I found that I had to create a new data directory in the connectwise directory. Note this was after doing the incredibly annoying “clear cache” function in Connectwise. Create %appdata%AppData\connectwise\psa\cache\companyurl.com\companyname\connectwiseuserid\data

Onenote Calendar and clipping tool

I use Onenote extensively at work and love the ability to take freeform notes in meetings and organize stuff into the separate folders. One of the things I use it with are the various projects that I’m running in the office and these notebooks are shared amongst the project participants so we all are working off of one realtime document. This has the advantage that most of the data is in one place and we have a historical record but it is hard to tell what documents have been changed recently and with the proliferation of notebooks, it’s hard to remember which notebook contains a particular document that I worked on last Tuesday for example.
Previously I was using a toolbar icon that shows me the notebooks changed in the last 7 and last 14 days of use. This was really useful, but recently I stumbled across Omer Atay’s Onetastic addin. As the name suggests, this is really good addin (should have been in the shipped product) that enables you to tidy up the print to onenote output AND also has a built in calendar display option that shows you the documents that have been changed on the day, week or month that you select. The Calendar option is also available as a standalone application, but you might as well have the web clipping (which also contains a cropping tool too) add in too.
Highly recommended – especially if you share your OneNotes with other people or you are not that organized in filing your documents 😉
Note this does require OneNote2010 – but you are on that already right?

Fixed – Archive options missing in Outlook 2007 and send/receive issues

We had a weird issue this morning where the Archive options were missing in Outlook 2007. This is apparently a known issue with the kb2412171 December 14, 2010 outlook update which allegedly improves stability. It is hard to see how removing functionality, breaking send and receive and reducing performance when you switch folders comes under the category of improving stability and increasing performance.
Thankfully the solution is simple, just remove 2412171 from add/remove programs and everything should go back to normal.
Further details on the patch are also available which includes the known issues when installing 2412171.
Needless to say, we have unapproved this patch on our WSUS servers.

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Quick way to get BIOS information without rebooting

If you want to get the BIOS version of a pc without rebooting or the Dell service tag then use the following useful command(s)
wmic bios >c:\temp\1.txt
notepad c:\temp\1.txt

The reason I pipe to 1.txt and then display in notepad is that the formatting looks all messed up in a dos prompt due to line wrapping but looks ok in notepad. The BIOS version and service tag will be displayed (among other things).
This beats my previous preferred method when doing remote support of going to Dell’s support site, going to warranty information and then loading their activex component to detect the hardware information.
Update: You do need to have admin rights to run this command.