[PowerShell] Skype For Business Daily Configurations and Topology Change Report


The new script Compare-CsConfiguration.ps1 is now available on Technet Gallery 🙂

Compare-CsConfiguration.ps1 script will generate a daily reference file for Skype for Business server CsConfiguration, and compare it with the last day reference file.

First day you run the script, a reference file will be created, and from the next day you will get the Topology and CsConfiguration changes report.

he result is emailed to the addresses you defined in the User Variables section,   The Result also will be saved in the selected folder.

The configurations compared includes:

  • Skype for Business Server Topology.
  • Federated Partners.
  • BW Policies.
  • Access Numbers.
  • Dial Plans. ….etc.

Some Screenshots:

First day running the script, The first reference file will be prepared, and of course no comparison will happen:


Example of when there are no changes between current configurations and yesterday’s configurations:


Example when there are some changes:


The Script and some more details are available here: https://gallery.technet.microsoft.com/Skype-For-Business-Daily-b04dd3a5/

Update all of your Skype For Business Servers

DigitalBamboo's Blog


Good Morning Class, Today I just wanted to put into your hands a needed cheat sheet that puts together all of the update changes in SFB into one simple upgrade document for any set of SFB servers. So lets begin.

Pre-Requisite Install work for Skype for Business Updates

Updates should be done in the

To begin, If you have Skype for Business (SFB) Standard Edition, you will follow this process:

Standard Edition Updates for SFB Server Environment

  • 1 Stop-CsWindowsService
  • 2 net stop w3svc
  • 3 SkypeServerUpdateInstaller.exe
  • 4 Once this is complete move to step 5
  • 5 Open a new SFB Shell after closing the update window
  • 6 Stop-CsWindowsService
  • 7 net start w3svc
  • 8 Depending on your Database setup- you may…

View original post 400 more words

PowerShell: Test Domain User Account Credentials Test-UserCredentials.ps1

This script will check if the password for a given username is correct.
If the authentication failed using the provided Domain\Username and Password, The script will do some checks and provide clues why the authentication failed.
The checks are:

  • Domain is reachable.
  • User Name exists in the domain.
  • The account is Enabled.
  • The account is Unlocked.

You can run the script from powershell as .\Test-UserCredentials.ps1 or Right click the script and select “Run with PowerShell”,
The script will ask for the user credentials as Domain\Username, and Password in a friendly Windows authentication window, and report the status of the combination.

Get User Input:
11_02_00-Windows PowerShell

Example for correct username and password
2015-12-22 15_40_43-Windows PowerShell

Example for failed authentication due to: domain is not found/unreachable:
2015-12-22 15_43_15-Windows PowerShell

Example for failed authentication due to: User Name does not exist:
2015-12-22 15_45_40-Windows PowerShell

Example for failed authentication due to: User Account is disabled:
2015-12-22 15_47_29-Windows PowerShell

Example for failed authentication due to Locked out User account:
2015-12-31 10_13_51-Windows PowerShell

Example for failed authentication mostly due to wrong password:
2015-12-28 10_22_50-Windows PowerShell

Download from TechNet Gallery: https://gallery.technet.microsoft.com/PowerShell-Test-Domain-b71cc520

Remove UM DialPlan Associated with UM IP Gateway for Exchange UM and Lync Integration

Removing DialPlan that is associated with UM IP Gateway (after running ExchUCUtil.ps1 scrip …etc) is not a Next,Next, Finish task as deleting a standard DialPlans.

Andrew Morpeth explained how to do this with details in this very helpful article here: https://ucgeek.co/2014/04/removing-exchange-2013-um-dial-plan/

Below is my attempt to provide an alternate approach to the Powershell script provided in above article (You need to provide the DIalPlan Name in the first line):

$UMDialPlan = "<YourDialPlanName>"
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | FL Name, UMDialPlan
Get-UMMailboxPolicy | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMMailboxPolicy
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan}
Get-UMHuntGroup | where {$_.UMDialPlan -eq $UMDialPlan} | Remove-UMHuntGroup
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | FL Name, DialPlans
Get-UMService | where {$_.DialPlans -contains $UMDialPlan} | Set-UMService -DialPlans @{Remove="$UMDialPlan"}
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | FL Identity, DialPLans
Get-UMService | Get-UMCallRouterSettings | where {$_.DialPlans -contains $UMDialPlan} | Set-UMCallRouterSettings -DialPlans @{Remove=$UMDialPlan}
Remove-UMDialPlan -Identity $UMDialPlan 

OAuth certificate missing

“The same OAuthTokenIssuer certificate needs to be used by all of the Lync Server 2013 servers. In order to assure this, when you assign this certificate, it is replicated via the CMS and is assigned to all of the Lync Server 2013 servers that require OAuth. ” dodeitte

Troubleshooting UC

Whilst deploying Lync Enterprise Edition with 3 Front End Servers I cam across an interesting issue. FE 1 was fine but when I fired up FE 2 and got to the certificate wizard the OAuth Certificate was missing.

One thing you will notice if there is no OAuth certificate is that the Lync Front End Service wont start. OK so where is the cert???

Found a good blog explaining the purpose of OAuth here (thanks Doug)
So fist thing was to see if the Front End Servers were replicating, and indeed they were BUT no OAuth. 

Checking the Cert Manager through MMC shows that the cert isn’t in the personal store. Adding it there manually didn’t help me much either…

Seems that it needs to be put there by the replication process.

I decided to move along (against my best judgement and the clock) and add the default cert to FE 2 and…

View original post 134 more words

Test If AD User Name and Password Combination are Correct

Check my enhanced PowerShell script that do the same task as here, and more…: https://ibrahimsolimanblog.wordpress.com/2015/09/10/powershell-test-domain-user-account-credentials-test-usercredentials-ps1/

—Original Post—
This neat VBS script will test the active directory authentication for a given user name and password. and It will tell you if it succeeded or failed with which error.

I used to use Run-AS to test the authentication, but sometimes the user will not have the permissions to access the machine I’m testing on, and I will receive a non clear error.

Now, to the script:

Set objNetwork = CreateObject("WScript.Network")
strDomain = objNetwork.UserDomain
strUsername=InputBox("Enter Username:")
strPassword=InputBox("Enter Password:")
Set objDS = GetObject("LDAP:")
On Error Resume Next
Set objDomain = objDS.OpenDSObject("LDAP://" & strDomain, strUsername, strPassword, ADS_SECURE_AUTHENTICATION)
If Err.Number Then
    WScript.Echo _
    "For user:" & vbCrLf & _
    "   " & strDomain & "\" & strUsername & vbCrLf & _ 
    "Error Number:" & vbCrLf & _
    "   " & Err.Number & vbCrLf & _
    "Error Description:" & vbCrLf & _
    "   " & Err.Description
    WScript.Echo _
    "Valid password entered for user" & vbCrLf & _
    "   " & strDomain & "\" & strUsername
End If
On Error Goto 0

Run it, Provide the user name (Without providing the domain name), then provide the password, and get the result.

Source: http://stackoverflow.com/questions/3856479/testing-username-password-against-active-directory-domain-in-vbscript

[Powershell] Know your Variable Type

You can define variables in your Powershell script by various means, it’s a good idea to check if the parameter type is defined as expected,

in one of the scripts I came across, one command was failing with this error:

Cannot process argument transformation on parameter <Variable Name>. Cannot convert value to type System.String.

Displaying the parameter alone, I found it looks as an array, also I did query the variable type, and of course it was not System.String which is required by the command to complete:


the result can be one of the following, weather it’s correct or no, it depends on how you plan to use this variable in your script:

Alias Type
[int] 32-bit signed integer
[long] 64-bit signed integer
[string] Fixed length string of Unicode characters
[char] A Unicode 16-bit character
[bool] True/False value
[byte] An 8-bit unsigned integer
[double] Double-precision 64-bit floating point number
[decimal] A 128-bit decimal value
[single] Single precision 32-bit floating point number
[array] An array of values
[xml] XML objects
[hashtable] A hashtable object (similar to a dictionaryobject)

For my case, We redefined the variable so it only hold the correct single value, and hence $MyVariable.GetType().FullName returned: System.String

[Powershell] Remove Spaces from User Input if you will Build an Array

In one of the scripts I came across, The users have  to input IP addresses in the form of: IP1,IP2,IP3,…etc. The Powershell script will take this input and build an array to be passed to NETSH and other network commands. The problem is, the users will for different reasons enter the IPs in the form of: IP1, IP2, IP3, … adding an extra space after “,” sometimes there’s a leading or trailing spaces from copy and paste from other places. The result is ==> the network commands was failing to process these extra spaces. Anyway, to solve this, and to avoid similar situations, When you are getting a variable from users, it’s a good practice to do some cleanup, because you will never know what users will enter. One good example, is to utilize –replace parameter with \s to remove all spaces, tabs So:

$Param = "            ,           ,    "

#You clean it up by:
$Param = $Param -replace '\s',''

#This will make:


It also worth mentioning that, If you only want to remove the leading and trailing spaces from the users input, Use the Trim() method. So:

$Param = "   First Name Last Name    "

#You clean it up by:
$Param = $Param.trim()

#This will make:

First Name Last Name

Exchange 2013 Preferred Architecture

Here’s a cut-to-the-chase summary of The Preferred Architecture blog by Ross Smith IV, you will find a link for the original article at the end of this blog.

Here’s the summary (with el touch beta3y):

  • Simplicity, Simplicity, Simplicity.
  • For each exchange service (OWA, SMTP,…) Use one name that balances the connections between the 2 datacenters (If you have 2 Datacenter with “fast” network connection).
  • Each datacenter is a separate AD site.
  • All Exchange servers are multi-role servers (Each Server have Mailbox and CAS roles).
  • All Exchange servers are Physical servers!!!
  • 2 Disks in a RAID 1 to host the OS, Exchange binaries, protocol/client logs, and transport database.
  • JBOD SAS 7.2K disks with large capacity for Databases files and logs.
  • AutoReseed is enabled, and at least 1 disk is reserved for it.
  • DAG is stretched across the 2 Datacenters, and active copies distributed equally across all servers in the DAG.
  • Each Datacenter have the same number of Servers in the DAG.
  • The DAG have even numbers of servers, and a witness server is used for for quorum arbitration.
  • DAG’s witness server is placed in a third reliable Datacenter.
  • Use a single network card that will carry both MAPI and Replication traffic (Assuming you network infrastructure can provides 10 Gb end-to-end).
  • Each database has four copies, with two copies in each datacenter
  • ReplayLagTime is 7 days for the lagged database copy (Set-MailboxDatabaseCopy -Identity DatabaseName\MailboxServerName -ReplayLagTime 7.0:0:0)
  • Backup, Backup, backup.


The Preferred Architecture

Configure AutoReseed for a database availability group

Exchange 2013 (low on log volume space) Alert: The Reason and How To Override

If you are monitoring Exchange 2013 Servers, you may receive this alert from your Mailbox Servers:

Database ‘DATABASE’ is low on log volume space. ‘DATABASE’ is low on log volume space. Current=xx GB, Threshold=195.31 GB

You can check the status also by issuing this command in the Exchange Management Shell:

Get-ExchangeServer | Get-Serverhealth -HealthSet Diskspace | ? AlertValue -ne Healthy | ft –autosize

The reason is because Exchange expects that there will be at least 200 GB (or 195.31 GB) free disk space on the disk hosting the database log files. which might not be the case for your deployment, probably because you don’t need all that much of space.

The solution is simple (It will work for Exchange 2013 With SP1 (CU4) or later):

1- Open Powershell on your Mailbox Server(s).

2- Run this command (Replace 10240 by your desired value of Free Disk Space threshold in MB):

New-ItemProperty "HKLM:Software\Microsoft\ExchangeServer\v15\ActiveMonitoring\Parameters\" -Name "SpaceMonitorLowSpaceThresholdInMB" -Value 10240 -PropertyType "DWord"