POWERSHELL: LIST ALL MAILBOX FOLDER DELEGATE ACCESS FOR A MAILBOX

$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path C:\users\__amariouribe\desktop\output.txt -append

$mbx = "sgoldschmid"
$permissions = @()
$Folders = Get-MailboxFolderStatistics $mbx | % {$_.folderpath} | % {$_.replace(“/”,”\”)}
$list = ForEach ($F in $Folders)
   {
    $FolderKey = $mbx + ":" + $F
    $Permissions += Get-MailboxFolderPermission -identity $FolderKey -ErrorAction SilentlyContinue | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None”}
   }
$permissions

# Do some stuff
Stop-Transcript

Exchange CU11 Install Issue

TLDR: SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}

Error:
The following error was generated when “$error.Clear();
$auditLogMbxName = “SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}”;
$auditLogMbxLastName = “SystemMailbox 8cc370d3-822a-4ab8-a926-bb94bd0641a9”;
Write-ExchangeSetupLog -Info (“Retrieving users with LastName=$auditLogMbxLastName.”);
$auditLogUser = @(Get-User -Filter {LastName -eq $auditLogMbxLastName} -IgnoreDefaultScope -ResultSize 1);
if ($auditLogUser.Length -eq 0)
{
Write-ExchangeSetupLog -Info (“Retrieving audit log users with LastName=$auditLogMbxLastName.”);
$auditLogUser = @(Get-User -AuditLog -Filter {LastName -eq $auditLogMbxLastName} -IgnoreDefaultScope -ResultSize 1);
}

if ($auditLogUser.Length -eq 0)
{
Write-ExchangeSetupLog -Info (“Installing user account with Name=$auditLogMbxName and LastName=$auditLogMbxLastName.”);
Install-UserAccount -Name $auditLogMbxName -LastName $auditLogMbxLastName;
}
else
{
Write-ExchangeSetupLog -Info (“Audit log user $auditLogMbxName already exists.”);
}
” was run: “Microsoft.Exchange.Data.Directory.ADConstraintViolationException: An Active Directory Constraint Violation error occurred on NCGADC2.ncga.state.nc.us. Additional information: The operation failed because UPN value provided for addition/modification is not unique forest-wide.
Active directory response: 000021C8: AtrErr: DSID-03200BD2, #1:
0: 000021C8: DSID-03200BD2, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90290 (userPrincipalName)
—> System.DirectoryServices.Protocols.DirectoryOperationException: A value in the request is invalid.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.GuardedDirectoryExecution.Execute[T](String bucketName, Func`1 action, Int64& concurrency)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.GuardedSendRequest(String forestName, GuardedDirectoryExecution guardedDirectoryExecution, DirectoryRequest request, TimeSpan timeout, Func`3 sendRequestDelegate, Int64& concurrency)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IADLogContext logContext, Boolean shouldLogLastFilter)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
— End of inner exception stack trace —
at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer, String callerFilePath, Int32 callerFileLine, String memberName)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientObjectSession.Save(ADRecipient instanceToSave, String callerFilePath, Int32 callerFileLine, String memberName)
at Microsoft.Exchange.Management.Deployment.InstallUserAccount.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.

Exchange 2016 CU12 Install Issues

Microsoft recently released Exchange Cumulative Update 12, which included a patch for a zero day vulnerability  that was discovered a couple of weeks prior. This post has nothing to do with the exploit but the upgrade process. I've installed all of the CU updates without any major issues. This time around the installation process barfed an error on step 5 of 17, I clicked OK to continue and I was back at the Windows Screen, with a non functional DAG Member. 

I panicked for a bit, like I always do. Long story short I restarted the installer and everything ran fine the second time around. I wish that I had a screenshot of the error but I did not think to take one at the time. 

HAM Radio Technician

Operating System Hardening

I've been asked this question at a couple of interviews and I figured that I would post some information that I have found in my travels on how to answer this question.

In short hardening is making a system or an application more secure that it's starting or default configuration.