Reset AD password force change for access denied issues

Reset AD password force change for access denied issues

When you encounter access denied issues for a user account change password both from ADUC and powershell then below command can force change password.

PS C:\Windows\system32$password = [email protected]*
PS C:\Windows\system32Set-adaccountpassword ‘samaccountname’ -reset -newpassword (ConvertTo-SecureString -AsPlainText $password -Force)
PS C:\Windows\system32… Read the rest

Add dLMemSubmitPerms powershell restrict users via AD Group to send emails to Email group

Add dLMemSubmitPerms powershell restrict users via AD Group to send emails to Email group

We set this attribute usign ADUC using attribute editor but sometimes we get dlmemsubmitperms there is no editor registered to handle this attribute type error which happens to first time when try to add this.

Import-module activedirectory

Set-ADObject “CN=TestEmailGroup,OU=DL,DC=Test,DC=com” -Add @{dLMemSubmitPerms=”CN=ADGroup,OU=Security Groups,DC=Test,DC=com”}

To get the distinguished name from Powershell we can use below command

(Get-ADGroup -Identity “Groupname”).DistinguishedName

Below are Attribute Names, Name in GUI, Explanation, names in Powershell (Set-DistributionGroup)

authOrig, Accept messages from , Only senders in the following list can … Read the rest

Add Authorig powershell restrict users to send emails to Email group

Add Authorig powershell restrict users to send emails to Email group

Import-module activedirectory

Set-ADGroup -Identity “Test Group” -Add @{[email protected](‘CN=Test User,OU=Department,OU=People,DC=CONTOSO,DC=EDU’)}

To get the distinguished name from Powershell we can use below command

(Get-ADUser -Identity “Testuser”).DistinguishedName

Below are Attribute Names, Name in GUI, Explanation, names in Powershell (Set-DistributionGroup)
authOrig, Accept messages from , Only senders in the following list can send emails to this group if set, -AcceptMessagesOnlyFrom

dLMemSubmitPerms, same as above, see above but this accepts group, -AcceptMessagesOnlyFromDLMembers
unauthOrig, Reject messages from, Senders in the following list are not allowed to send emails to this group, -RejectMessagesFrom

dLMemRejectPerms, same as … Read the rest

Making a Security Group using Distribution group members in Powershell

Making a Security Group using Distribution group members in Powershell

First lets get the list of users samaccountnames from Distribution list

$List=Get-ADGroupmember DistributionlistName

Now create a empty Security group from Active Directory Users and Computers

Now lets add each of above user into a security group which is created from ADUC(Active Directory Users and Computers).

ForEach ($User in $List){Add-ADGroupMember -Identity SecurityGroupName -Member $User.samaccountname}

We can also use add members to distribution group powershell by this method of Add-ADGroupmember

We can also use powershell to add members to distribution group powershell or a Security group.

We can also use powershell to

Read the rest

Restrict a Distribution List to internal users only

Restrict a Distribution List to internal users only

For restricting Distribution list to internal users only we need to set that attribute msExchRequireAuthToSendTo to TRUE in your on-premise AD environment and wait for DirSync to run.

This will make the DL in the Administration Center to untick the ‘allow external senders’ box on the DL’s and prevent any external senders from sending to those distribution lists.… Read the rest

Copy Group memebership using PowerShell from one user to another

Copy Group memebership using PowerShell from one user to another

Run Powershell as administrator (wasted 1 hr figuring this out. It does not work if not run as admin)

Import-module activedirectory

Then below command which accepts samaccount name of both users

Get-ADUser -Identity copyfrom -Properties memberof | Select-Object -ExpandProperty memberof | Add-ADGroupMember -Members Copyto
Read the rest

Add Calendar Permissions in Office 365 via Powershell using Add-MailboxFolderPermission

Add Calendar Permissions in Office 365 via Powershell using Add-MailboxFolderPermission

Step by Step Guide for setting calendar permissions in Office 365:

First step would be launch Powershell as Administrator.

Second would be to open a new PS Session on powershell to Exchange Online/Office 365 using below commands.

$GetCred = Get-Credential


$PSSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $GetCred -Authentication Basic -AllowRedirection


Import-PSSession $PSSession

Now the last step is to configure the permissions for the user2 permissions on user1 calendar using below Powershell:

Add-MailboxFolderPermission -Identity [email protected]:\calendar -user [email protected] -AccessRights Editor

These are the available permissions levels for above -AccessRights are

Read the rest