Configure exchange DAG server in DR to not auto activate

If you have a DAG server in a DR site and you don't want the databases to automount in the event of a failover set the server to intrasite only.

Set-MailboxServer -Identity EXDR01 -DatabaseCopyAutoActivationPolicy IntrasiteOnly 

To confirm this, run 

Get-MailboxServer EXDR01 | Select DatabaseCopyAutoActivationPolicy

You should be told the server auto activation is set to Intrasite only.

To set it back to auto run 

Set-MailboxServer EXDR01 -DatabaseCopyAutoActivationPolicy Unrestricted

If you re-run the get command you will now see it is set to unrestricted.

Exchange DAG getting split?

I had an incident where the DAG was telling me all my servers were offline.  I was not able to mount or move any databases.  I ended up running these commands:

From each DAG member run
net stop clussvc
then cluster (dagname) node /forcecleanup

After the cleanup is complete on each dag member remove the nodes from cluster manager.

After that you need to re-add the servers back to the DAG

Start-DatabaseAvailabilityGroup -identity (dagname) -mailboxserver (servername)

after that the databases should mount and come back online.

SQL Backdoor

An actual backdoor into SQL Server does exist that does not require restarting and/or rebooting anything into single-user mode. I have done this on systems where I did not have access but needed to check stuff.

Download PSexec tools from here. Place this on the server and then in a command prompt execute this command:psexec -i -s SSMS.exe, or sqlwb.exe

This will open up SSMS as the system account that has sysadmin access to the instance of SQL Server. This is done during installation of SQL Server, however I have heard that this will not be so with SQL 2012.

Script to unexpire/expire a password

Running this expires a password allowing a logged on user to change their password if you have domain requirements needing a certain number of days between password changes.

$User = Get-ADUser user.name -properties pwdlastset
$user.pwdlastset = 0
Set-ADUser -instance $user

If a user has had their password expire, this script will unexpire it:

$User = Get-ADUser user.name -properties pwdlastset
$user.pwdlastset = -1
Set-ADUser -instance $user

This is handy if your domain security requires you to wait a day between password changes.  So if your user forgets their password and you change it, normally they would need to wait a day to change it again.  Instead run the script with the "0" setting once they are logged on and they can change their password.

Script to dump IIS logs from exchange

Running this will delete files older than 7 days:
You may also need to run it against w3svc2 as well

forfiles /p "C:\inetpub\logs\LogFiles\W3svc1" /s /m *.* /c "cmd /c Del @path" /d -7

Exchange 2013 drive space alert

You may get this alert:
The performance counter '\\exchange server\LogicalDisk(Datebase)\Free Megabytes' sustained a value of '7,027.00', for the '15' minute(s) interval starting at '8/11/2014 3:48:00 PM'. Additional information: None. Trigger Name:DatabaseDriveSpaceTrigger. Instance:Database

You can disable these alerts, edit the config file:

C:\Program Files\Microsoft\ExchangeServer\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe (config file)

Change "xchangeJobs.Triggers.DatabaseDriveSpaceTrigger" from "True" to "False".

Exchange 2013 anonymous relay IMPORTANT TIP

If you are running exchange 2013 and need to setup an anonymous relay make sure you choose FRONT END TRANSPORT, not hub transport.  There is an issue with port 25 being used by another transport and it will cause the front end transport service to not start and fill up your event log.  You create the connector the same the rest of the way including the powershell script.