PowerShell One Liners
Exchange 2013 comes with a series of prebuilt PowerShell commands that allow for a basis of testing various Exchange. One command in particular ‘get-OwaConnectivity’ has been removed in the newest versions of Exchange 2013. It was last present in Exchange 2013 CU3 and because the recommended version is now CU7, I will not cover that command here. If you need further information on how to use this, please reference this blog link.
Test-ActiveSyncConnectivity Test-ArchiveConnectivity Test-AssistantHealth Test-CalendarConnectivity Test-EcpConnectivity Test-EdgeSynchronization Test-ExchangeSearch Test-FederationTrust Test-FederationTrustCertificate Test-ImapConnectivity Test-IPAllowListProvider Test-IPBlockListProvider Test-IRMConfiguration Test-Mailflow Test-MAPIConnectivity Test-MigrationServerAvailability Test-MRSHealth Test-OAuthConnectivity Test-OrganizationRelationship Test-OutlookConnectivity Test-OutlookWebServices Test-PopConnectivity Test-PowerShellConnectivity Test-ReplicationHealth Test-SenderId Test-ServiceHealth Test-SiteMailbox Test-SmtpConnectivity Test-UMConnectivity Test-WebServicesConnectivity
I will cover 10 commands for this article and 10 for each subsequent article.
Credentials used in Testing
First, and this can be used for future commands, you will want to create a password file to be referenced in future test scripts. This file will be referenced for credentials used in the test cmdlets below. Add this to whatever script your are using:
$credfile = cat C:\scripts\securefile.txt | convertto-securestring $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "testing",$credfile
Now to loop this command would take a bit of work to accomplish only because of the stored credentials. If the goal is to test multiple accounts, then multiple credentials would need to be stored in the secure files as mentioned above. One way to do this is to loop something like this in PowerShell:
$NumCred = read-host "How many credentials would you like to enter?"
$I = 0
$path = read-host "What directory will the credentials files be stored in? (i.e. c:\temp)"
$rowheader = "UserName," + "File"
$csvfile = $path+"\credential-list.csv"
Add-Content $csvfile $rowheader
do {
write-host "Enter the credentials"
$cred = get-credential
$filename = read-host "Enter a unique file name for the stored credentials (i.e. credential1.txt)."
$completepath = $path+"\"+$filename
$cred.password | convertfrom-securestring | set-content $completepath
$username = $cred.username
$rowline = "$username," + "$completepath"
Add-Content $csvfile $rowline
$i++
} while ($i -lt $numcred)
The script would run in sequence like the below screenshot shows asking for credentials for each user to test and storing the encrypted information in a file.
Encrypted passwords look like this:
A CSV file to be referenced later holds a match between the user and the encrypted password file:
Test-ActiveSyncConnectivity
On a quick run of the command, you will realize that we need to select a few other options to get it to run properly:
A better option is:
Test-ActiveSyncConnectivity -mailboxcredential $cred -trustanysslcertificate |ft -auto
Which results in a good test:
Test-ArchiveConnectivity
foreach ($line in $smtp) {Test-ArchiveConnectivity $line |ft Identity,ComplianceConfiguration,Error,Result -auto}
The first few mailboxes do not have an Archive Mailbox:
However, a mailbox with an Archive Mailbox results in a succsssful conection (at least in this case):
As additional switch -IncludeArchiveMRMConfiguration will reveal more information about the user’s archive:
Test-AssistantHealth
Test-CalendarConnectivity
“Use the Test-CalendarConnectivity cmdlet to verify that anonymous calendar sharing is enabled and working properly. The Calendar virtual directory is a subdirectory of the Microsoft Office Outlook Web App virtual directory. When you run this command without any parameters, the command tests against all Outlook Web App calendar virtual directories.”
The default setting is to have calendar sharing off in an Exchange organization, which makes this test cmdlet useless:
A good test will look like this:
There are reports of earlier versions of the command never working at all, so be aware of this. The above screenshot was from Exchange 2013 CU6.
Test-EcpConnectivity
This command seems a bit finicky and I have not gotten it to produce meaningful results. When I run this on just about any Exchange 2013 environment I get these results:
I will add more to this section once I get my bugs worked out.
Test-EdgeSynchronization
This command is used to test the Edge Sync agreement that is setup between your Edge Transport Servers and your internal Exchange 2013 Servers. If you do not have an Edge Transport Server and run the command, it will return a result like this:
Test-ExchangeSearch
“The Test-ExchangeSearch cmdlet creates a hidden message and an attachment visible only to Exchange Search. Unless a mailbox is specified in the Identity parameter, the hidden message is stored in the System Attendant mailbox. The command waits for the message to be indexed and then searches for the content. It reports success or failure depending on whether the message is found after the interval set in the IndexingTimeoutInSeconds parameter has elapsed.” The entire purpose is to make sure that the Exchange Search function is doing what it is supposed to do in a timely manner.
A basic test of the Exchange Search cmdlet shows that search is working.
Note that the SearchTimeInSeconds is limited to 120 seconds by default. If the test takes longer than this, a test result will show like this:
A more detailed view of the search test process is shown below:
Test-FederationTrust
This command simply validates the Federation Trusts that you have configured in Exchange. First it checks the AD account associated with the test, then the actual trust and finally validates the certificates used in the trust.
Not much else can be confired other than which account to use for validate and what domain controller to validate against.
The Federation Trust can be the one for Office 365 or for another domain you have a federated setup for.
Test-FederationTrustCertificate
This command is used to test the status of your on-premise Exchange Mailbox and CAS servers. The command only has a few switches [Confirm, DomainController, Whatif]. Running the command without switches should get the result you need to verify the certificates:
Test-ImapConnectivity
“Use the Test-ImapConnectivity cmdlet to verify that the IMAP4 service is running as expected. The Test-ImapConnectivity cmdlet can be used to test the IMAP4 functionality for a specified Client Access server for all mailboxes on servers running Microsoft Exchange Server 2013 in the same Active Directory site.“
This cmdlet does not seem to work well and I have had better results with Telnet for this testing. My typical result looks like:
Once I get a successful test, I will update this page.
What To Do Now
In this article we’ve only just begun to scratch the surface of the testing once can do with native Exchange PowerShell Cmdlets. The problem is, what does it all mean and how can you format this into either a meaningful report. The quickest and simplest way is to pick the fields that have the most meaning so that a table formatted PowerShell output looks clean and can fit on the screen. At the end of my series I will go through a more in-depth report that will require formatting and end up with a nice HTML table for either an email or a dashboard reporting page.
For one liners, I have assembled the above 10 test commands and simplified them to show only what should be important from each test:
Test-ActiveSyncConnectivity -TrustAnySSLCertificate |ft clientaccessserver,localsite,scenario,secureaccess,result,error -auto Test-ArchiveConnectivity <smtp address> |ft Identity,ComplianceConfiguration,Error,Result -auto $testassistanthealth = (Test-AssistantHealth -server ex01).events;$testassistanthealth | fl Test-CalendarConnectivity |ft clientaccessserver,localsite,scenario, result,error -auto Test-EcpConnectivity |ft clientaccessserver,localsite,scenario,result,error -auto Test-EdgeSynchronization |ft name,lease*,*status,failuredetail -auto Test-ExchangeSearch |ft -auto Test-FederationTrust |fl Test-FederationTrustCertificate |fl Test-ImapConnectivity -MailboxCredential:(Get-Credential <domain\user) -ConnectionType plaintext |fl
