We Keep Coding

Send email with Outlook application with cutomized permissions (Using PowerShell)

I'm trying to create and send emails using the Outlook application with PowerShell applying Permissions for the email (Example: Encrypt-Only, Do Not Forward, etc.), is currently working on the outlook application (when creating the email manually), however, couldn't find a way to send emails using PowerShell applying this setting:
Permission templates in Outlook
I'm currently using the following code to create and send the emails (Working):
$Outlook = New-Object -ComObject Outlook.Application
$Mail = $Outlook.CreateItem("olMailItem")
$Mail.To = "test#test.com"
$Mail.Subject = "Test Email"
$Mail.Body = "Email sent using PowerShell"
$file = "C:\ExampleFolder\test.txt"
$Mail.Attachments.Add($file)
$Mail.Send()
Is there a way to apply this setting using PowerShell?

I founded the solution for this, this solution involve two properties: "$Outlook.CreateItem("olMailItem").Permission" and "$Outlook.CreateItem("olMailItem").PermissionTemplateGuid", and work as follow:
If $Outlook.CreateItem("olMailItem").Permission is set to "0": The email is sent as unrestricted message, no PermissionTemplateGuid is needed for this value.
If $Outlook.CreateItem("olMailItem").Permission is set to "1": The email is sent as olDoNotForward automatically, no PermissionTemplateGuid is needed for this value.
If $Outlook.CreateItem("olMailItem").Permission is set to "2": The email require a PermissionTemplateGuid, therefore, it's required to get the GUID of the template, since each organization have a different template according with the configuration, send an email with the encryption template to your inbox and read it using the following code:
$olFolderInbox = 6
$outlook = new-object -com outlook.application
$mapi = $outlook.GetNameSpace("MAPI")
$inbox = $mapi.GetDefaultFolder($olFolderInbox)
$items = $inbox.items
$items[1].PermissionTemplateGuid
This is going to provide the correct permissionTemplateGuid with the desired encryption.
Therefore, to send the email the following formula works:
$Outlook = New-Object -ComObject Outlook.Application
$Mail = $Outlook.CreateItem("olMailItem")
$Mail.To = "test#test.com"
$Mail.Subject = "Test Email"
$Mail.Body = "Email sent using PowerShell"
$file = "C:\ExampleFolder\test.txt"
$Mail.Attachments.Add($file)
$Mail.PermissionTemplateGuid = XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
$Mail.Permission = "2"
$Mail.Send()
For more information visit this website: http://jon.glass/blog/reads-e-mail-with-powershell/

How to filter e-mails by Flag status in EWS?

I'm using EWS and trying to find e-mail messages that are flagged for action (i.e. their Flag.FlagStatus property is "Flagged"). I have successfully filtered e-mails based on their subject and other properties, but I just can't wrap my head around how to filter them based on FlagStatus.
The problem arises when defining $searchFilter in the code below.
The line returns error
"Exception calling "FindItems" with "2" argument(s): "Validation
failed. Parameter name: searchFilter""
I've tried using other variants of SearchFilter, e.g. SearchFilter+IsEqualTo, but all return the same error.
Add-Type -Path "C:\Program Files\Microsoft\Exchange\Web Services\2.2\Microsoft.Exchange.WebServices.dll"
$ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP3
$service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)
$service.Credentials = New-Object System.Net.NetworkCredential("username","password")
$service.Url = "https://mail.server.net/EWS/Exchange.asmx"
$inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox)
$propertySet = New-Object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
$propertySet.RequestedBodyType = [Microsoft.Exchange.WebServices.Data.BodyType]::Text
$searchFilter = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.ItemSchema]::Flag.FlagStatus, "Flagged")
$view = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1,0)
$messages = $inbox.FindItems($searchFilter, $view)
foreach ($item in $messages.Items) {
$item.Load($propertySet)
write-host $item.Flag.FlagStatus
write-host $item.Body.Text
}
This one works:
$searchFilter = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.ItemSchema]::Categories, "Blue Category")
This one doesn't:
$searchFilter = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.ItemSchema]::Flag.FlagStatus, "Flagged")

I'd suggest you use the Extendedproperty instead of the strongly typed one (which is derived from the ep anyway) eg
ExtendedPropertyDefinition PidTagFlagStatus = new ExtendedPropertyDefinition(0x1090, MapiPropertyType.Integer);
SearchFilter.Exists sfExits = new SearchFilter.Exists(PidTagFlagStatus);
should work to give you any messages that are flagged (eg the property exists) or you could be more specific to get followupFlagged
SearchFilter.IsEqualTo sfEqualTo = new SearchFilter.IsEqualTo(PidTagFlagStatus, 0x00000002);
in Powershell you need
$PidTagFlagStatus = New-Object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x1090, [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::Integer);
$searchFilter = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+Exists($PidTagFlagStatus)
or
$searchFilter = New-Object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo($PidTagFlagStatus, 0x00000002)

Powershell popup to list of usernames

I wish to have a powershell script that provides a popup message to a specific list of users. I need to use a list of relevant users in a spreadsheet with their network username and not use Active Directory. I have the powershell script to display a suitable message with a Warning icon and found to format the popup in a certain way I had to use a "FORM" and not a default popup messagebox. Although the following two lines for the Warning icon would not work in the form so had to use a picture box
$WarningIcon = New-Object ([System.Windows.MessageBoxImage]::Warning)
$Form.Controls.Add($WarningIcon)
The script for the form is as follows. There is probably a cleaner way of creating a form like this but I am quite new to Powershell!
Add-Type -AssemblyName System.Windows.Forms
$Form = New-Object system.Windows.Forms.Form
$Form.Width = 700
$Form.Height = 400
$Form.BackColor = "#DCDCDC"
$Form.Text = "System Restart Alert"
$Font = New-Object System.Drawing.Font("Ariel",30,
[System.Drawing.FontStyle]::Bold::Underline)
$FontB = New-Object System.Drawing.Font("Ariel",14,
[System.Drawing.FontStyle]::Bold)
$Picture = (get-item ("C:\FA_Files\Windows_Warning_Exclamation9.jpg"))
$img = [System.Drawing.Image]::Fromfile($Picture)
$pictureBox = new-object Windows.Forms.PictureBox
$pictureBox.Location = New-object System.Drawing.Size(160,30)
$pictureBox.Height = "100"
$pictureBox.Image = $img
$Form.controls.add($pictureBox)
$Label = New-Object System.Windows.Forms.Label
$Label.Location = "260,30"
$Label.Font = $Font
$Label.ForeColor = "Red"
$Label.Text = "WARNING!"
$Label.AutoSize = $True
$Form.Controls.Add($Label)
$LabelB = New-Object System.Windows.Forms.Label
$LabelB.Location = "100,130"
$LabelB.Font = $FontB
$LabelB.Text = "Due to essential maintenance system requires rebooting"
$LabelB.AutoSize = $True
$Form.Controls.Add($LabelB)
$LabelC = New-Object System.Windows.Forms.Label
$LabelC.Location = "100,160"
$LabelC.Font = $FontB
$LabelC.Text = "Please save all work immediately"
$LabelC.AutoSize = $True
$Form.Controls.Add($LabelC)
$okButton = New-Object System.Windows.Forms.Button
$okButton.Location = "300,280"
$okButton.Font = "$FontB"
$okButton.Size = "85,28"
$okButton.Text = "Okay"
$Form.Controls.Add($okButton)
$okButton.Add_Click = ({$Form.Close()})
$Form.ShowDialog()
I can retrieve a list of network usernames from the spreadsheet okay. Below is an image of the csv content
But I have googled a lot and cannot find a way of sending the popup to the list of usernames retrieved from the spreadsheet. So far I have tried the following where I have the form above set to the $msg varaiable and also tried having the form in another file and referencing that file in the $msg variable but it doesn't work
$csv = Import-csv "C:\FA_Files\NetNames.csv"
foreach($line in $csv)
{
$name = $line.("Name")
$netName = $line.("NetworkName")
#Echo "Name is $name and Network Name is $netName"
msg $netName $msg
}
It also has to be on the username and not the machine name.
How do I correct this please?

FWIW, msg.exe has replaced net /send in Windows, and is meant for sending messages to users, so I would begin by looking at the syntax for message.exe here. .
It has a /server: switch you can use to send a message to a remote host. So, take your user and computer name list and put them in a CSV file like this:
//MyInputFile.csv
ComputerName,UserName
Laptop01,BillG
Laptop02,StephenO
PC03,WayneH
Desktop04,JimA
You could use a short script like this to achieve your goal (or get you mostly there, at least 😁)
$Msg = "Put your message here"
$SpreadSheet = Import-CSV .\PathTo\MyInputFile.csv
ForEach ($row in $SpreadSheet){
"Sending message to \\$($row.ComputerName)\$($row.UserName) : $msg"
msg /server:$($row.ComputerName) $($row.UserName) $msg
}
You'll see an output like this in the console:
Sending message to \\Laptop01\BillG : Put your message here
Sending message to \\Laptop02\StephenO : Put your message here
Sending message to \\PC03\WayneH : Put your message here
Sending message to \\Desktop04\JimA : Put your message here
Sending message to \\localhost\* : Put your message here
Then your lucky user will see the following on their workstation.
If a computer can't be reached, the process will time out after five seconds or so and move on to the next one in the list.

All users that are a member of Active Directory by default receive read rights, this is by design as Active Directory is exactly the kind of system that should be relied on for the kind of functionality you desire... not sure why your ICT manager is so against the idea.
You cannot send a message to a user (with only the username), you must know the machine the user is logged into as well.
The only way I can think to achieve this is to iterate through every computer and query who is logged on and if the user matches your list then send a message to that computer. This would require reading a list of computers from AD or iterating through every available IP address on your local network(s).

How to search for emails in a non standard exchange folder using EWS and powershell

I want use powershell and EWS (see https://msdn.microsoft.com/en-us/library/office/dd633710(v=exchg.80).aspx) to search for emails that contain a particular string in the subject line.
My problem is that the emails reside in a user-defined folder in the inbox, rather than in one of the folders listed in the WellKnownFolderName enumeration (see https://msdn.microsoft.com/en-us/library/microsoft.exchange.webservices.data.wellknownfoldername(v=exchg.80).aspx)
The example code that I have found to search for emails all wants to search in one of these well-known folder names rather than in an arbitrary user-specified folder.
does anyone have some example code that i can use as a reference to figure out how to do this [or does EWS limit you to searching for emails using a well-known folder name only].
My code so far is thus:
$email = "myemail#someplace.com"
$username = "myusername"
$password = "*****"
$domain = "mydomain"
$USER_DEFINED_FOLDER_IN_MAILBOX = "myRandomFolder"
$EXCHANGE_WEB_SERVICE_DLL = "C:\Program Files (x86)\Microsoft\Exchange\Web Services\1.2\Microsoft.Exchange.WebServices.dll"
# load the assembly
[void] [Reflection.Assembly]::LoadFile($EXCHANGE_WEB_SERVICE_DLL)
# set ref to exchange
$s = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService
# use first option if you want to impersonate, otherwise, grab your own credentials
$s.Credentials = New-Object Net.NetworkCredential($username, $password, $domain)
# discover the url from your email address
$s.AutodiscoverUrl($email)
# get a handle to the inbox
$inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($s,[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox)
$MailboxRootid = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root, $email) # selection and creation of new root
$MailboxRoot = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($s,$MailboxRootid)
$fvFolderView = new-object Microsoft.Exchange.WebServices.Data.FolderView(100) #page size for displayed folders
$fvFolderView.Traversal = [Microsoft.Exchange.WebServices.Data.FolderTraversal]::Deep; #Search traversal selection Deep = recursively
$SfSearchFilter = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo([Microsoft.Exchange.WebServices.Data.FolderSchema]::Displayname,$NAME_OF_ARCHIVE_FOLDER_IN_MAILBOX) #for each folder in mailbox define search
$findFolderResults = $MailboxRoot.FindFolders($SfSearchFilter,$fvFolderView)
$ArchiveFolder = ""
# This next loop successfully finds my folder, but it is an inefficient way
# to do it. It's ok, because there's not that many folders, but there's tens
# of thousands of emails to search through in the folder itself, and that will
# need a more efficient search.
foreach ($Fdr in $findFolderResults.Folders)
{
$theDisplayName = $Fdr.DisplayName
if($theDisplayName -eq $USER_DEFINED_FOLDER_IN_MAILBOX)
{
$ArchiveFolder = $Fdr
}
}
# Now to actually try and search through the emails in my $ArchiveFolder (the hard way)
$textToFindInSubject = "TEST"
$emailsInFolder = $ArchiveFolder.FindItems(9999) # <-- Successfully finds ALL emails with no filtering, requiring iterative code to find the ones I want.
foreach($individualEmail in $emailsInFolder.Items)
{
if($individualEmail.Subject -match "$textToFindInSubject")
{
# found the email i want - but a super inefficient
# way to do it
echo "Successfully found the email!"
}
}
# Attempt 1 to get the emails with a more refined search
$emailSearchFilter = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.EmailMessageSchema]::Subject,$textToFindInSubject)
$emailsInFolder1 = $ArchiveFolder.FindItems($emailSearchFilter) # <-- Fails to return an object
# Attempt 2 to get the emails with a more refined search
$iv = new-object Microsoft.Exchange.WebServices.Data.ItemView(2000)
$emailsInFolder2 = $s.FindItems($ArchiveFolder, $emailSearchFilter, $iv) # <-- Also fails to return an object
echo "Done."
Thanks heaps :-)

I figured it out. Here are the lines of code that work [when appended to the initial code]
$searchfilter = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+ContainsSubstring([Microsoft.Exchange.WebServices.Data.EmailMessageSchema]::Subject,$textToFindInSubject)
$itemView = new-object Microsoft.Exchange.WebServices.Data.ItemView(999)
$searchResults = $s.FindItems($ArchiveFolder.ID, $searchfilter, $itemView)
foreach($result in $searchResults)
{
$subj = $result.Subject
echo "Subject: $subj"
}

This EWS script lists all folders, including custom ones. I'm running this on our Exchange 2010 SP1 server:
Import-Module -Name "C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\Bin\Microsoft.Exchange.WebServices.dll"
$userEmail = "email.address#domain.com"
$service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2)
$service.UseDefaultCredentials = $true
$service.AutoDiscoverUrl($userEmail)
$view = New-Object Microsoft.Exchange.WebServices.Data.FolderView(100)
$view.PropertySet = New-Object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.Webservices.Data.BasePropertySet]::FirstClassProperties)
$view.PropertySet.Add([Microsoft.Exchange.Webservices.Data.FolderSchema]::DisplayName)
$view.Traversal = [Microsoft.Exchange.Webservices.Data.FolderTraversal]::Deep
$findResults = $service.FindFolders([Microsoft.Exchange.Webservices.Data.WellKnownFolderName]::MsgFolderRoot, $view)
# List all folders
$findResults | select displayname

Powershell Bulk Find ActiveDirectory Objects

I'm trying to develop a powershell script to help with AD Group Membership management. We have a handful of large groups (30k-60k+ objects) that we want to update with data from another system.
The script loads the objects that should be in the group from a text file. Each object then has to located in AD using a System.DirectoryServices.DirectorySearcher. After that each object is added to the group membership.
The script spends some 80% of its time looking up each object, is there a bulk way to find objects in AD with powershell?
Thanks!

This is the fast way to query AD that I found in my experience, you need to change the query to find specific objects, in this code you'll find all user/person object in $objRecordSet.
$Ads_Scope_SubTree = 2
$objConnection = new-Object -com "ADODB.Connection"
$objCommand = new-Object -com "ADODB.Command"
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open( "Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
$objCommand.Properties.Item("Page Size").value = 1000
$objCommand.Properties.item("Searchscope").value = $Ads_Scope_SubTree
$objCommand.CommandText = "Select Name From 'LDAP://DC = int, DC= my, DC = local' Where objectCategory = 'Person'"
$objRecordSet = $objCommand.Execute()
$objRecordSet.RecordCount
More info here

You perhaps can try System.DirectoryServices.Protocols (S.DS.P) the native (non managed) version is quite efficient.
Here is a PowerShell starting script :
# ADDP-Connect.PS1
Clear-Host
# Add the needed assemblies
Add-Type -AssemblyName System.DirectoryServices.Protocols
# Connexion
$serverName = "WM2008R2ENT"
$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName
$userName = "JPB"
$pwd = "PWD"
$domain = "Dom"
$ADDPConnect.Credential = New-Object system.Net.NetworkCredential -ArgumentList $userName,$pwd,$domain
# Create a searcher
$searchTargetOU = "dc=dom,dc=fr"
$searchFilter = "(samAccountName=user1)"
$searchScope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$searchAttrList = $null
foreach($user in "user1","user2","user3")
{
$searchFilter = "(samAccountName=$user)"
$searchRequest = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $searchTargetOU,$searchFilter,$searchScope,$searchAttrList
$searchResponse = $ADDPConnect.SendRequest($searchRequest)
foreach($searchEntries in $searchResponse.Entries)
{
$searchEntries.DistinguishedName
}
}

If you start seeing timeout issues then set the timeout parameter appropriately like shown below
$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName
$ADDPConnect.Timeout = "1000"

The below can help if you see timeout issues during execution
$ADDPConnect = New-Object System.DirectoryServices.Protocols.LdapConnection $serverName
$ADDPConnect.Timeout = "1000"