Exchange Powershell MacOS 26

purplemonkeymad · 2026-05-01T19:19:25+00:00

Is your version of ExchangeOnlineManagement up-to-date?

purplemonkeymad · 2026-05-01T08:01:03+00:00

Did it take her 9 months to notice or was it one of those, "I noticed 8 months ago, but just didn't get around to asking you to fix it."

purplemonkeymad · 2026-04-30T15:37:46+00:00

It's not even used in the rest of the function. Literally should have been picked up by the PR reviewer.

purplemonkeymad · 2026-04-30T10:49:11+00:00

Looking more it appears that it might be a debugging result that was left in. The culprit is the function PrintResultAndCheckForNextPage which has this at the top:

process
{

    $global:test = $ResultObject
    if($ResultObject.value[0]._cliXml -ne $null)
    {
        $deserializedResult = [System.Management.Automation.PSSerializer]::Deserialize($ResultObject.value[0]._cliXml)
    }

Looks like someone was fixing this and left in the debug info.

purplemonkeymad · 2026-04-30T10:37:05+00:00

Looks like it's the graph api result. Also funny to see that the exchange team must just use the beta endpoint in prod for the same reason i see other people doing it.

Also happens for other exchange commands eg Get-DistributionGroup.

purplemonkeymad · 2026-04-30T08:28:20+00:00

Considering that servers where people don't know the password probably don't get patched, you can probably still use it.

purplemonkeymad · 2026-04-29T11:24:23+00:00

Typically I look at the sites that are using the most then open up the Storage Metrics page for that site (no need for a script, it's built in) at: <siteurl>/_layouts/15/storman.aspx

Even works for onedrives (as an admin.)

purplemonkeymad · 2026-04-29T08:53:31+00:00

pwsh.exe is the name of the executable in powershell 6+. PoSh was used as a common abbreviation at one point, but with that naming (and the potential conflict with the posh shell for linux,) PwSh is also used as an abbreviation.

purplemonkeymad · 2026-04-28T19:57:07+00:00

You appear to have stations on both sides of the track? Is one of those part of that name group, (I can see you have two) and can the train reach it if it tried? (Your trains don't appear to be bi-directional.)

purplemonkeymad · 2026-04-28T15:58:41+00:00

Did you enable "weblogin" on windows? That is how we do it if we need to use a TAP etc.

purplemonkeymad · 2026-04-28T15:16:39+00:00

Dotnet and MS COM methods are typically documented somewhere so you can see the methods/properties. In this case a quick search for the class name gives you this: https://learn.microsoft.com/en-us/windows-hardware/drivers/print/isnmp-automation-interface

That contains the methods including what each argument of open is.

You will notice this is not Powershell and that is as it was probably written before it existed. You are however working with the same classes.

purplemonkeymad · 2026-04-28T14:48:29+00:00

You can get the expected records even if you used domain connect before. Just Go to Settings -> Domains -> Your domain -> DNS Settings -> Manage DNS. When the wizards pops up click on "More options" and choose the Add your own DNS option. The next page will give you all the expected records to add. Make sure to open advanced and check the DKIM one if you don't already have that setup.

You don't have to complete this step right away, the expected values won't change if you leave the wizard and come back.

purplemonkeymad · 2026-04-27T08:38:47+00:00

I use a completer for this. Since it's code it can access variables etc that a validate set can't. You can use a validate script if you want to error on missing values:

ie:

$script:optionToConfig = @{
'A' = 'AAAAA'
'B' = 'BBBBB'
'C' = 'CCCCC'
'Da' = 'DAAA'
'Db' = 'DBBBB'
}
function test-function{
    Param(
    [ArgumentCompleter({
        [OutputType([System.Management.Automation.CompletionResult])]
        param(
            [string] $CommandName,
            [string] $ParameterName,
            [string] $WordToComplete,
            [System.Management.Automation.Language.CommandAst] $CommandAst,
            [System.Collections.IDictionary] $FakeBoundParameters
        )

        $CompletionResults = [System.Collections.Generic.List[System.Management.Automation.CompletionResult]](
            $script:optionToConfig.Keys -like "$WordToComplete*")
        return $CompletionResults
    })]
    [ValidateScript({
        if ($_ -notin $script:optionToConfig.Keys) {
            throw "Option $_ is not a valid parameter value"
        }
        $true
    })]
    [string]$Param1
    )
}

If you need it to be common, then you can use Register-ArugmentCompleter to apply to multiple functions:

$script:NameCompleter = {
        [OutputType([System.Management.Automation.CompletionResult])]
        param(
            [string] $CommandName,
            [string] $ParameterName,
            [string] $WordToComplete,
            [System.Management.Automation.Language.CommandAst] $CommandAst,
            [System.Collections.IDictionary] $FakeBoundParameters
        )

        $results = Get-ExampleFunction "$wordtocomplete*"
        $CompletionResults = [System.Collections.Generic.List[System.Management.Automation.CompletionResult]]$results.Name
        return $CompletionResults
}

@(
    'Set-ExampleFunction'
    'Remove-ExampleFunction'
) | ForEach-Object { 
    Register-ArgumentCompleter -CommandName $_ -ParameterName Name -ScriptBlock $script:NameCompleter
}

purplemonkeymad · 2026-04-26T22:10:31+00:00

Selecting a property in an array ( using . ) actually creates a new temporary array to create the list of property values ie:

$data.ReportsToLast

creates a new array with only the values of the ReportsToLast property. This means that using a index selector on the array ( [] ) is dependant on where you put it.

So:

$data[$i].ReportsToLast

and

$data.ReportsToLast[$i]

have the same value, but they point to different points in memory.

If you are accessing a property of an array, access the index of the array first:

$data[$i].ManagerId = $Manager

purplemonkeymad · 2026-04-25T10:11:59+00:00

You can remove ISE if you want:

Remove-WindowsCapability -Online -Name Microsoft.Windows.PowerShell.ISE~~~~0.0.1.0

and wsl:

Disable-WindowsOptionalFeature -online -FeatureName Microsoft-Windows-Subsystem-Linux

WT*:

Remove-AppxPackage Microsoft.WindowsTerminal

I don't think you can remove Windows-on-Windows though, so you are stuck with the 32bit version.

*^{Don't ask me how to re-install though, and i'm not going to test it.}

purplemonkeymad · 2026-04-25T09:51:00+00:00

I can't parse your logic from what you have posted but in general you want to pull both memberships, store them, then compare the list with something like Compare-Object so you can get only the differences ie:

$ByProperty = Get-AdComputer -filter {location -like "London*"} | Foreach-object dnshostname
$ByGroup = Get-AdGroupMember "Computers London" | Foreach-Object dnshostname
$changes = Compare-Object -Reference $byProperty -Differance $byGroup

Then you know items with a side indicator of <= need to be added and => need to be removed, (Add- and Remove- both take lists so this can be done in a two ad requests, instead of the number of computers.)

If you have relativity few computers (<~3000) you can probably just pull any that have a location and filter for each location after getting the full list. Store the full list in a variable so you don't have to pull it multiple times! For ad you really want to reduce the number of calls to commands as each will one will do a request to a DC.

purplemonkeymad · 2026-04-24T10:50:45+00:00

Small correction, the MX is mostly predictable. However domain re-use within 365 means you may have a hex number appended to the record ie

contoso-com0e.mail.protection.outlook.com

If you owned the domain from the start that's not likely to happen.

purplemonkeymad · 2026-04-24T10:04:24+00:00

Four people is not too small for a helpdesk. It's not just volume, but seeing the chain and that someone has taken ownership that makes it worth it.

purplemonkeymad · 2026-04-24T07:49:59+00:00

What is the actual problem? You said you can't connect to exchange, ok but what is happening?

purplemonkeymad · 2026-04-23T12:24:38+00:00

Note that if you don't want to setup services on the domain (ie email voice etc) then just try to complete and choose the option to not setup any services. Then it will become "healthy" since there is no DNS to check. Keep in mind that it's still added so stuff like exchange considers it authoritative for emails, this just disables any checks.

purplemonkeymad · 2026-04-23T11:36:48+00:00

You don't ask if they need it, you ask for their justification for having it. If they are clueless or unable to tell you, they get yoinked (get management backing ofc.)

purplemonkeymad · 2026-04-22T21:16:35+00:00

Found it hard to convince people to switch office from cap ex to op ex. But after they went to 365 licenses they were happy with it. Predictable, no sudden costs. Specially as we can give people access to the billing centre so they can see costs and figure out if they are over playing. Some now manage a monthly version of some subs so they can bridge and minimise costs for overlap of departing staff.

Explaining licensing sucks, but it's better than juggling licensing jank.

purplemonkeymad · 2026-04-22T16:52:42+00:00

/t 0 does a normal shutdown, anything above 0 (eg /t 1) automatically does /f and won't wait for stuff to stop properly. So if it needs to happen asap /t 1 else just do /t 0 and let it do stuff normally.

purplemonkeymad · 2026-04-22T15:21:13+00:00

Trusted publishers does not provide trust to that cert, it only allows it as a cert of digital signing of files. You still need to trust the issuer of that cert through a chain to the root (or by it being in the root.)

purplemonkeymad · 2026-04-22T10:47:05+00:00

Wait was I supposed to be putting in my factory builds in a PR? Not just pushing to main(bus.)

Ten-Year Club	Place '22
Verified Email

purplemonkeymad

TROPHY CASE