Delete an email from ALL mailboxes in Exchange 2010/2013

Woke up this first thing this morning to see a little spam email from ‘St George Auto Motive Finance’ about a ‘Statement of Account’. Crap, I need to delete this email from all our mailboxes in our Exchange 2010 organisation. I’ve recently added a Exchange 2013 example as well.

2013-08-23 09_07_08-Inbox - - Microsoft Outlook

That isn’t good. So an email was sent to our ‘All Staff’ distribution list to aware them not to open it before I got into the office to remove it all.

Fired up Exchange Management shell and attempted to search for the message. However the results I received also included a few other legitimate emails that had been sent previously. I needed to narrow my search down! I came to the following result to get the only the results I expected.

Get-Mailbox -Server  "EXCHANGESERVER" | Search-Mailbox -SearchQuery '' -targetmailbox "Discovery Search Mailbox" -targetfolder "Inbox" -logonly -loglevel full

After logging onto the Discovery Search Mailbox I confirmed the results were correct, hoorah.. Now just for the delete command.

Get-Mailbox -Server  "EXCHANGESERVER" | Search-Mailbox -SearchQuery '' -deletecontent

But wait, it doesn’t work. It threw an error. I searched for an hour using different commands and approaching it different but it still didn’t work. I came across a post mentioning to use ‘Export Mailbox’ if you haven’t updated to SP1 but even this didn’t work. I even re-wrote it into a ‘for each $mailbox in $allmailboxes’ script.

However I came across this post which included a reference to this tutorial on how to add the Mailbox Import Export role to your account. I honestly thought permissions were fine as the log searching was working correctly but you DO need to be a member of this role for the -deletecontent switch to work. Make sure you restart your shell after joining the group.

Create a Universal Security Group – $USG
Then run this command:

New-ManagementRoleAssignment -Name "Mailbox Import Export Administrators" -SecurityGroup "$USG" -Role "Mailbox Import Export"

Then restart your EMS and run the Search-Mailbox -deletecontent command again.

I then re-run the previous command and was asked for confirmation to delete the messages, entered the ‘Yes to All’ and watched it go through each mailbox and delete the one item as required.

Success ūüôā


Exchange 2013 SearchQuery with Date Example:

Get-Mailbox | Search-Mailbox -SearchQuery { and sent:January-20-2017} -targetmailbox "" -targetfolder "Inbox" -logonly -loglevel full

Total Views: (4554)

Hide All Disabled Users from Global Address List

A few users had left recently and I was notified to disable their account and remove their access – this had me a little worried as I had already done this a few weeks prior.
This was prompted because their emails were still showing up in the Outlook Global Address List.

Honestly I thought being a ‘disabled user’ that Exchange 2010 would do this automatically for me, but I guess not. I set off to find a script to hide all the disabled users from the GAL.
A quick search brought up this. But no results were produced.

After a little more searching I found the command that suited us perfectly as all disabled users are removed access then moved to our ‘Disabled Users’ OU.

Get-Mailbox -OrganizationalUnit "Disabled Users" | Set-Mailbox -HiddenFromAddressListsEnabled $true

Confirmed by checking the properties of a user in the EMC to make sure the ‘Hide from Exchange Address Lists’ was now ticked.

Total Views: (4477)

Scanning your network for dropbox installations

I was recently asked if we could investigate the extent of the dropbox application on our network as it’s against company policy.
“Easy!” I thought, as we had Spiceworks monitoring this type of stuff. However I was wrong as dropbox doesn’t install like usual applications do, it puts the uninstall registry keys under HKEY_CURRENT_USER.

After a quick search around I found the solution to be LAN Search Pro.
It just required a quick couple of changes to the settings after downloading.

1. Click the Options icon, go to the Hidden Folders tab and then select Common and hidden folders.
2013-07-31 09_36_34-Spiceworks - Open Tickets

2. Click the Search Scope icon, click Refresh and then expand the Network until your domain is selected and press Ok.
2013-07-31 09_40_08-LAN Search Pro

3. Ensure you are logged on as a domain admin, this way you will be able to search all the computers on your network in their hidden C$ share.
Type dropbox.exe in the search field and press the green arrow to begin the search.
2013-07-31 09_37_20-LAN Search Pro

4. Your results should display in a list along with their location, this will show you the computer dropbox is installed on and which user has installed it.
2013-07-31 09_43_52-LAN Search Pro

Total Views: (1049)

Recover deleted items in Exchange 2010

How to recover deleted items in Exchange 2010 using the Exchange Management Shell.

Today one of our users accidentally deleted all of their sent items… Usually this wouldn’t be a problem as they are easily recovered in Outlook 2010 from the ‘Recover Deleted Items’ which is under Folder tab. However that is exactly where the user had deleted all these emails from!

After a quick refresh on some command syntax I was easily able to restore all of these items directly back to her mailbox.

The following command searches the “Gill” mailbox for anything matching the search query, which in this case is email sent from themselves and sends the logs to the Discovery Search Mailbox.

<br />Search-Mailbox -Identity "Gill" -SearchQuery -TargetMailbox "Discovery Search Mailbox" -TargetFolder Inbox -LogLevel Full<br />

After running that command the output looked like the following. Note that for me the Sucess flag was set to false, however the logs were still sent. I suspect this being due to the high count of items found by the search.

<br />RunspaceId       : 9a7ba099-9dc1-4384-9321-d25f97d5dc72<br />Identity         : contoso.local/SBSUsers/Gill<br />TargetMailbox    : contoso.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}<br />TargetPSTFile    :<br />Success          : False<br />TargetFolder     : \Inbox\Gill-24/07/2013 1:36:29 PM<br />ResultItemsCount : 2143<br />ResultItemsSize  : 644.1 MB (675,366,002 bytes)<br />

Now have a look at the Discovery Search Mailbox, I personally check this through OWA. You’ll need to have permission to view it. You should see an email with the log results in a zip file, verify the csv contained to ensure you are going to recover the correct items.


Once you’ve narrowed your search query to limit the results to the exact file(s) you want, run the following query to restore them.
Searches the ‘Discovery Search Mailbox’ as this is where the log is contained, for the ‘same query as before’, except now the targetmailbox and folder is set to the original user. In this case I restored the items underneath the Sent Items folder as that is where they were deleted from.

<br />Search-Mailbox "Discovery Search Mailbox" -SearchQuery -TargetMailbox Gill -TargetFolder "Sent Items"<br />

The output looked like the following.

<br />RunspaceId       : 9a7ba099-9dc1-4384-9321-d25f97d5dc72<br />Identity         : contoso.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}<br />TargetMailbox    : contoso.local/SBSUsers/Gill<br />TargetPSTFile    :<br />Success          : True<br />TargetFolder     : \Sent Items\Discovery Search Mailbox-24/07/2013 1:43:20 PM<br />ResultItemsCount : 3105<br />ResultItemsSize  : 886.9 MB (930,024,607 bytes)<br />

As you can see, 3105 items were restored! Hoorah! Crisis averted.
The folders should appear something like the following in the users mailbox.
2013-07-24 13_57_37-Gilll- Outlook Web App

Total Views: (5529)

Configuring VLAN’s between Cisco and Netgear switches

We recently acquired some new Cisco 2960-S (24-port Gigabit PoE) switches to add to our inventory to be used for a mix of workstations and phones. The switch was installed fine with a bunch of computers sitting on a temporary switch were moved to it immediately.  All was well for a few weeks.

The need to bridge a computer off a phone then into the switch arose due to minimal points available in an office. Our phones and computers run on different VLAN’s, and the new Cisco switch was connected to a Netgear GS748T.

Goal: Single Data Point -> Phone (VLAN 100) -> PC (VLAN 1)


Phone can be manually configured with a VLAN.


  1. ipconfig /all on the workstation to find its MAC address.
  2. Connected to the Cisco switch via telnet (after enabling it) and ran show mac address-table. Match the MAC address to the port name (Gi1/0/9) of the workstation.
  3. While there I noticed a port (Gi1/0/22) with a large number of MAC addresses, this will be the up-link to the Netgear switch.
  4. Logged onto the Netgear switch web ui, Switching -> Address Table. Here you can search for the original workstations MAC address, this port (36) will be the up-link to the Cisco switch.

So, the details thus far:

Phone VLAN: 100
Workstation MAC: ends with f8:ae
Workstation port on Cisco switch: Gi1/0/9
Cisco port up-link to Netgear switch: Gi/1/0/22
Netgear port up-link to Cisco switch: 36

Now we have all the required details, we just need to actually configure everything!


  1. Log onto the Netgear Web UI
  2. Switching -> VLAN -> VLAN Membership
  3. Change the VLAN Identifier to the 100 (Phone VLAN)
  4. Expand the Unit 1, and click on port 36 until it says T (Tagged)


  1. Connect to the Cisco switch (telnet if enabled)
  2. en РEnable privileged mode
  3. config t – Enable configuration for the Terminal
  4. vlan 100  РCreates VLAN 100
  5. name Phones РSets the name of VLAN 100 to Phones
  6. end¬†–¬†ends the configuration mode
  7. config t
  8. interface Gi1/0/22 РEnter configuration for the uplink to Netgear switch
  9. description UplinkToNetGear – Sets the description so the port is easier to find in the future.
  10. switchport trunk allowed vlan 1,100 – Allows the VLAN’s 1 and 100 on the port
  11. switchport mode trunk  Рenables trunk mode for the port
  12. end 
  13. config t
  14. interface Gi1/0/9
  15. switchport voice vlan 100 РSets the VLAN for Phone data to run off vlan 100
  16. end
  17. copy run start¬†– The most important part, saving your configuration to the startup-config! So you don’t have to do this all over again ūüôā

Finished! Wasn’t that easy. There are a few steps I may have missed out as the Netgear switch already had the required VLAN’s created and assigned. Other people have also mentioned you may need to changed the PVID on the Netgear, but for myself this wasn’t necessary.

Total Views: (4174)

Deploying Java 7 Update 17 through Group Policy

Deploying Java 7 Update 17 through Group Policy
1.       Download the Windows Offline Installer
a.       32-bit & 64-bit is for the Browser version not OS.
2.       Run the .exe, don’t click Install>
3.       Browse to C:\Users\username\AppData\LocalLow\Sun\Java
4.       Copy the correct folder (jre1.7.0_17) to another folder
5.       Use Orca to create the transform (mst) file.
a.       Orca is available in the Windows SDK
b. Once installed it can be found in C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin as Orca.msi
6.       Run Orca then open the jre1.7.0_17.msi file you copied previously
7.¬†¬†¬†¬†¬†¬†¬†Select¬†Transform¬†then ‚ÄėNew Transform‚Äô from the toolbar
8.       Change the Property table values for JAVAUPDATE, AUTOUPDATECHECK and IEXPLORER to 0.
9.¬†¬†¬†¬†¬†¬†¬†On the toolbar select¬†Transform¬†then ¬†‚ÄėGenerate Transform‚Äô, save the .mst file in the same location as the .msi
Alternatively you can use the previously created transform file located here
It’s best now to check the msi and mst file’s install correctly, you can do this by running the following command from command prompt once you have navigating to the same directory:
msiexec /i jre1.7.0_17.msi /qn TRANSFORMS=JavaTransform.mst
Then check Programs and Features to see if installed or visit
Now you can deploy the file through Group Policy.
1.       Ensure the .msi, .mst and .cab files are in a user available network share
2.       Edit the existing Application Installation group policy or create a new one.
3.       Computer Configuration -> Software Settings -> Software Installation
4.       Right-click -> New -> Package, choose the .msi file
5.       Select Advanced then Ok
6.       Select the Modifications tab then Add…
7.       Choose the .mst file and select Ok

Total Views: (5032)

Outlook prompts for SharePoint user credentials

Outlook prompts for SharePoint credentials user credentials on every start up.

Our site consists of the following:

  • Internet Explorer 9
  • SharePoint 2010
  • Outlook 2010
  • Outlook Anywhere

Having connected SharePoint calendars to Outlook 2010 a prompt for user credentials to the SharePoint server would appear each time Outlook is started.
This would sometimes prompt multiple times depending how many connections to the SharePoint server were necessary.

Easy fix:
Add the address to Internet Explorers Trusted Sites.

For myself, the giveaway was the server requesting the information was the FQDN of the server; this was not currently in the Trusted Sites for our Local Intranet in IE.

I had previously created a Group Policy to modify the Trusted Sites settings for our computers, these can be set under:
User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> Security -> Security Zones and Content Ratings

I press ‘Continue‘ to the prompt, then under the ‘Security Zones and Privacy‘ block I selected ‘Modify Settings‘. From there I went to ‘Local Intranet‘, ‘Sites‘, ‘Advanced‘ and added the FQDN for the SharePoint server (http://servername.domain.local).

To test, closed all IE on my local workstation, ran gpupdate and then checked the IE settings to make sure the site was added – restarted Outlook and no more prompts!

Total Views: (6185)

Outlook prompting credentials after server restart

After rebooting our SBS 2011 box, all users were constantly prompted for credentials. If you clicked cancel and then double-clicked the ‘Need password’, it would go away for roughly ~30 seconds before re-appearing.

After checking all the required exchange services were running, and restarting the RPC Client Access service (all our clients connect via RPC/Outlook Anywhere) and still not seeing any changes, the next step was to test the autodiscover.

Hold Control and Right-Click on the Outlook icon in the taskbar near the clock. Then choose ‘Test E-Mail AutoConfiguration’. Untick the two Guesssmart settings and press Test.

After doing so I was continuously asked for  credentials, except this time entering them did nothing.

So now I knew AutoDiscover was broken.

Checked the DNS entries – all fine, checked the ClientAccess settings through the EMS – all fine.

After a quick google search I found the issue could be resolved through the IIS Manager.

1. Open up IIS Manager.

2. Expand your Servername, Sites, and Default Web Site.

3. Click on Autodiscover, then on the right-hand side double-click Authentication .


4. Right-click Windows Authentication and choose Advanced Settings.

5. Un-tick Enable Kernal-mode authentication and press Ok.


6. Repeat this for the EWS and OAB directories in IIS as well.

Although this fixed the initial problem of Outlook credentials continuously prompting, the EWS service had completely stopped working. This showed sings like “Mail Tips could not be retrieved” and emails not sending from the SBS console when a new user is created. This was fixed by running¬†iisreset /noforce from an administrative command prompt. Unfortunately the service failed to start and would not start from the IIS manager, but starting it manually had everything working 100%.

Total Views: (3924)

Room Mailbox Delegate Not Working – Exchange 2010

Microsoft Exchange 2010 – Delegating a room mailbox to a user for approving meeting requests.

Here are the settings I needed to get this to work as intended.

Resource Booking Attendant
Mailbox Delegates
Resource Out-of-Policy Requests
Resource In-Policy Requests

Total Views: (25815)

DemonBuddy Cracked #291 – Updated 14th December 2012

DemonBuddy Cracked for build #291

Please support and buy the software from if you find it useful.

Download here

1. Extract it

2. Copy over previous Plugins, Routines and Settings folders

3. ???

4. Profit.



SHA256: 6b086b54c681545690ebaf6bdaf078028001cb7446437fd6dff159e0aadac57e
File name: DemonBuddy.291.Cracked.rar
Detection ratio: 0 / 46
Analysis date: 2012-12-14 12:20:06 UTC

Total Views: (2689)