VBScript to disable all users in specified OUs

Posted on 13 March, 2012 by Daniel

When staff members leave the organisation, we move their account to a sub-OU named “Leavers” under their office’s OU. This triggers their mailbox to be archived in Enterprise Vault.

I thought it was about time to put together a quick scheduled task to ensure that all these “leavers” were automatically disabled and hidden from the Exchange address lists without IT manually having to do it.

I came across this handy and concise example, and modified it to run through a group of OUs while doing what I needed it to do.

Here’s the code. As always, run at your own risk, and test it before putting it into production:

On Error Resume Next

Dim arrLeaverOrgUnits, objOU
arrLeaverOrgUnits = Array("LDAP://OU=Leavers,OU=Sydney,DC=contoso,DC=com",_
                          "LDAP://OU=Leavers,OU=Melbourne,DC=contoso,DC=com")

For Each strOU in arrLeaverOrgUnits
  Set objOU = GetObject(strOU)
    ' Let's be extra-paranoid here, and make sure we're only working on the leavers OU
    '  in case someone adds the wrong OU into the array above
    If objOU.Name <> "OU=Leavers" Then Exit For

    ' Loop through each object in the current OU
    For Each objObject In objOU
      ' If the current object is a user
      If objObject.class="user" then
        'Disable the account
        objObject.AccountDisabled = True
        ' Hide the account from the Exchange address lists
        objObject.Put "msExchHideFromAddressLists", True
        ' Write the information back to the user object in AD
        objObject.SetInfo

        'WScript.Echo objObject.Name & " disabled and hidden from Exchange address lists"
      End if
    Next
  Set objOU = Nothing
Next
Posted in Scripting, SysAdmin, Windows | Tagged , | Leave a comment

Microsoft Word: Multilevel lists: Removing number font styles

Posted on 12 March, 2012 by Daniel

I was recently working with a report template where a numbered Heading 1 had a colour and size assigned to the actual number style. This was then causing problems on the table of contents because the number’s style was showing up there too.

1

The problem is though, it’s impossible to remove the formatting on that number via the UI in Word. By default, the colour is set to “No Color”, but it’s impossible to go back to that setting once a colour has been chosen.

2

3

I didn’t want to re-create the entire document as it had macros embedded, and also had a lot of work done already. Luckily, all of this information is stored in XML format, so it’s not too hard to find.

To remove this style information from the number, do the following with a backup of your file.

  1. Rename the file extension to .zip (I usually just append .zip to the existing filename)
  2. Copy out the Word folder from within the zip file to somewhere temporary7
  3. Open numbering.xml from the unzipped word folder with something like XML Notepad
  4. Search for the name of your style. In my case, it was “Heading1” (note the lack of a space between “Heading” and “1”. The style is actually called “Heading 1” in Word:
    4
  5. Once you find that style, drill down to the w:rPr node. You can see here that a style and colour is defined for the numbering associated with Heading 1
    10
  6. Remove everything under w:rPr except for w:rFonts->w:hint (I’m sure you could remove this too, but it was there by default for other styles)
    11
  7. Save the XML file
  8. Copy the XML file back into the word folder in the zip file
    12
  9. Rename the file extension back to what it originally was. In my case, it was .docm
  10. Open the file in Word, and inspect the result. Hopefully, it succeeds for you as it did for me:
    13

Remember: Do this with a backup copy of your file in case you somehow manage to corrupt it.

Posted in SysAdmin | Tagged , | Leave a comment

ActiveSync woes–“Cannot get mail” and the case of the endless re-sync

Posted on 3 February, 2012 by Daniel

cannotgetmailWe recently experienced a really bizarre issue with our ActiveSync infrastructure. Users started complaining that their contacts were disappearing, and that their inboxes would re-synchronise constantly. All items in the inbox would disappear, and then reappear, starting with the oldest item. Some items were even dated at the Unix epoch. Users on iOS would get an error screen “Cannot get mail”, and downloading emails would time out or take a very long time.

We’re set up with TMG in our DMZ, which then sends traffic to a pair of CAS servers internally. We’ve been running Exchange 2010 SP2 and 2003 in co-existence for some time now, as some of our national offices are still in the process of migrating users across.

Our troubleshooting covered all areas, from looking at ActiveSync logs from IIS, running the Test-ExchangeConnectivity scripts, to testing on the devices themselves – you name it, we tried it. Here’s a quick way to turn up the logging level on ActiveSync using PowerShell:

Get-EventLogLevel | Where-Object {$_.Identity -like "MSExchange ActiveSync*"} | Set-EventLogLevel -Level High

The usual suggestions of permissions on the user account in AD and various other settings were not relevant. We even investigated the possibility that the problem could be caused by users still on iOS 4.0, which was known to cause issues and unusually high server load.

We then noticed that the TMG box would experience timeouts when requesting DNS resolution from our internal DNS servers. There were also errors from the TMG connectivity verifiers for AD that the LDAP servers were unreachable. This pointed to some sort of connectivity issue between TMG and and the CAS servers. Circumventing the TMG box by VPN’ing in or connecting via our corporate WiFi seemed to resolve the issue.

Upon inspection of our Netscreen 25 firewall, we noticed a lot of error messages about the source IP session limit being exceeded:juniperlog

This is by design. It turned out that our DMZ had previously had IP based session limits set to a threshold of 128 sessions. This limit was being exceeded by the large number of ActiveSync users we now have. We bumped up that number to 512, and our problems are now resolved.
juniper-settings

Funnily enough, while I was troubleshooting this issue, two ActiveSync troubleshooting-related articles appeared in my RSS reader of choice, Google Reader:

  1. The Exchange Team Blog: A script to troubleshoot issues with Exchange ActiveSync
  2. MSExchangeGuru.com: Troubleshooting Exchange ActiveSync and reading IIS logs

They’re both certainly worth reading, and are a great starting point if you’re experiencing ActiveSync issues.

Posted in Exchange Server | Tagged , , , | Leave a comment

Send a HTML email with PowerShell

Posted on 1 February, 2012 by Daniel

There’s a simple one-liner (expanded onto multiple lines for clarity) in PowerShell that allows you to send an email with HTML content derived from a HTML file:

Send-MailMessage  -Subject "Test email"
                  -To "recipient@contoso.com"
                  -From "me@contoso.com"
                  -SmtpServer mail.contoso.com
                  -BodyAsHtml (Get-Content "d:\templates\invite-template.htm" | Out-String)
Posted in PowerShell | Leave a comment

Adding style and Google Analytics to an Apache directory index (mod_autoindex)

Posted on 16 January, 2012 by Daniel

I recently had to spruce up a password-protected Apache directory index site that is being used to host some files for download.

In addition to making it look more presentable, I also discovered that you can inject code into the <head> of the index page. This allowed me to achieve what I’d wanted to do for a while on that site – track visitors using Google Analytics.

To do so you already need to be using indexes and FancyIndexing. Then, simply add the following to your .htaccess file:

IndexHeadInsert "<script type=\"text/javascript\">var _gaq = _gaq || [];_gaq.push(['_setAccount', '{INSERT TRACKING CODE HERE}']);_gaq.push(['_trackPageview']);(function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})();</script>"

Here’s the rest of my .htaccess file, excluding the security section:

Options +Indexes

IndexOptions +FancyIndexing
IndexOptions +FoldersFirst
IndexOptions +XHTML
IndexOptions +HTMLTable
IndexOptions +SuppressRules
IndexOptions +NameWidth=*
IndexOptions +SuppressDescription

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t /resources /cgi-bin

IndexStyleSheet "/resources/style.css"

IndexHeadInsert "<script type=\"text/javascript\">var _gaq = _gaq || [];_gaq.push(['_setAccount', '{INSERT TRACKING CODE HERE}']);_gaq.push(['_trackPageview']);(function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})();</script>"
Posted in Linux/Unix | Leave a comment