Office 365 Shared Mailbox Sent Items Folder

20 February, 2017

When creating a shared mailbox in Office 365 the default behaviour for items sent from this mailbox is odd. When a user who has access to the shared mailbox sends an item from or on behalf of the mailbox the item goes into the users ‘sent items’ folder. The sent item will not appear in the ‘sent items’ folder of the shared mailbox.

There is no obvious way to configure items sent from a shared mailbox to appear in the ‘sent items’ folder of the shared mailbox. This however can be configured quite easily from PowerShell. To do this you will first need to establish an Office 365 session in PowerShell. To establish a session:

Get Credentials

$cred = get-credential

Create a session with using the saved credentials

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection 

Import the session

Import-PSSession $session -AllowClobber 

Once you have established the connection to Office 365 you can configure the ‘sent items’ behaviour or shared mailboxes.
To configure emails that are Sent As:

set-mailbox <mailbox name> -MessageCopyForSentAsEnabled $True

To configure emails that are sent of behalf of:

set-mailbox <mailbox name> -MessageCopyForSendOnBehalfEnabled $True

If you later want to stop the shared mailbox’s from saving sent items into their own ‘sent items’ folder, you can simple set the values in the commands above to $false instead of $true.

Adding Azure Remote App Users with PowerShell

16 February, 2017

Adding azure remote app users with PowerShell is a relatively simple task and many times quicker than waiting for the clunky web based UI. The first thing to do is install the ‘Microsoft Azure PowerShell module’.

Once you have this module installed you need to add an Azure account. You only ever need to do this once. It’s as simple as running the following cmdlet and signing in.


Once you have signed in you will need to select the subscription that you want to add the user to. You can get a list of all you subscriptions using:


select a subscription use the following:

Select-AzureSubscription <Subscription Name>

Once you have selected your subscription you can begin to add users. This is as simple as running:

add-AzureRemoteAppUser -CollectionName <Collection Name> -Type orgid -Userupn <User UPN/Email>

This will then add the user to the selected collection under the selected subscription and allow them to start using remote apps.

SCCM 2012 R2 and PowerShell

14 February, 2017

To use PowerShell with SCCM you will all you need to do is import the module. If you don’t have the module installed you can get it from here: Note that you will also need to have Configuration Manager Console installed on your computer.

Once you have the module installed, import the module using the following command:

import-module "C:\Program Files (x86)\Microsoft Configuration \Manager\AdminConsole\bin\ConfigurationManager.psd1" 

Once you have imported the module you will need to connect to your site using the following:


Where ‘x’ is your site code. In my case this is:

CD PR1: 

Once connected to your site you can query information about your site using:


There are a whole bunch of cmdlets for SCCM that will allow you to do many tasks directly from the PowerShell console. I have a few SCCM scripts on my GitHub at:

As I create more scripts utilising SCCM I will be adding them to my Git. So far I have used PowerShell to query User and Device memberships from collections and export the results out to CSV’s for reporting.

Log Off an Azure Remote App User via PowerShell

15 November, 2016

I wrote this script because Azure Remote App is shit and always causes problems for users. One of the bigger problems is when a user’s application within Azure Remote App freezes, the user can’t simple restart the remote app as the server keeps the session and frozen/crashed application alive.

The solution to this is to log the user off the server. This module is designed to be a super simple way to log off a user just by using their email address that is associated with the Azure Remote App account.

function global:end-azureSession{
        [parameter(HelpMessage='your username/email for azure')]
        [parameter(HelpMessage='your password for azure')]

    #define our set variables for the penrith enviroment
    $azureSubscription = 'PCC-AAE'

    #create credentials
    #$secPass = ConvertTo-SecureString $password -AsPlainText -Force
        #$AzureCred = New-Object System.Management.Automation.PSCredential ($username, $secPass)
        $cred = Get-Credential
        #$AzureCred = New-Object System.Management.Automation.PSCredential
    #this will throw exception even if success.... so yep... this is my work-around...
    try{Add-AzureAccount -Credential $cred}catch{write-host "Connected to Azure" -ForegroundColor green}

    #Select subscription
    Select-AzureSubscription $azureSubscription

    #disconnect user
    write-host "Disconnecting user, this may take a while....." -ForegroundColor green
        invoke-AzureRemoteAppSessionLogoff -CollectionName rappaaeprod -UserUpn $userEmail -confirm:$false >$null 2>&1
        write-host "diconnected..." -ForegroundColor green
        $errorMessage = $_.Exception.Message
        if($errorMessage -eq "InternalError: The server encountered an internal error. Please retry the request."){
            write-host "User has been disconnected" -ForegroundColor green
            write-host "ERROR: User connection to Azure not found" -ForegroundColor red


Example 1: this will prompt you for credentials then end the users session


Example 2: You can save and pass credentials to the module

$cred = get-credential
end-azureSession $cred



PowerShell Mindflash Administration

04 April, 2016

Having a position where part of my job is to administrate users within Mindflash I am frequently completing the following tasks on Mindflash:
• Creating Users
• Enrolling users in courses
• Resetting user passwords

Often these tasks need to be completed for either an individual user or a batch of users at any given time. While Mindflash provides some bulk administration options through their web portal I found it a little limiting and a little clunky to use.

So naturally been a fan on the command line and primarily a Linux user I thought it would be great to be able to administer Mindflash users from a command line, In this case PowerShell. I have created Get-MindflashUser, A PowerShell cmdlet that hooks into the Mindflash API allowing for administration of users.

Get-MindflashUser allows you to complete all of the following tasks without ever leaving the PowerShell window.
• Get a list of all Mindflash users
• Get a list of all Mindflash courses
• Get a list of all users in a specific course
• Get a specific users details
• Get a specific users details including course enrolment details
• Get course progress for a given user and course
• Invite users to a course
• Reset user password
• Create new users

In addition to all of this, you would obviously be able to use Get-MindflashUser within you own scripts to automate repetitive tasks or generate reports.

Some Examples of Use
Resetting a users password

get-MindflashUser -email -resetPassword true -newPassword P@ssword21 –Key <yourAPIKeyHere>

Creating a new user

get-MindflashUser -email -first michael -last cho -newUser true -newPassword P@ssword21 –Key <yourAPIKeyHere>

There are more examples of user provided in the header of the script. If you find this script useful in any way please let me know by email at Additionally if you find any issues or bugs in the script please shout out so I can resolve them.


Download Get-MindflashUser.ps1


Creative Commons License
Get-MindflashUser by Nathan Kewley is licensed under a Creative Commons Attribution 4.0 International License


Playing around with IIS and Powershell

01 April, 2016

Playing around with IIS, .NET and PowerShell, more specifically how to execute PowerShell from a form on a webpage. It turns out actually invoking some PowerShell on server side via a client request is quite easy. Here I am hoping to show an example of the minimum code required to achieve this.

We will create a simple interface like the one below. The button to run code will invoke a PowerShell command on the server. The result of the PowerShell command will be appended to the text box below the button.


The command I am using for testing this with is:

$(Get-WmiObject Win32_Computersystem).name

This command will query the pc for its hostname and return it. So after pressing the button the server will run this command and print the result in the text box. The webpage should now look like this.


Only 2 files are required to achieve this, I have chosen to use C# to create this. The .html file required is:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="test.aspx.cs" Inherits="powerWeb.test" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">

    <head id="Head1" runat="server">
        <title>c# iis powersehll</title>

        <form id="form1" runat="server">
            <asp:Button ID="resetButton" runat="server" Width="308" Text="Run Code" onClick="runCode" /><br />

            <!-- Holds the result of the command -->
            <asp:TextBox ID="response" TextMode="MultiLine" Width="600" Height="200" runat="server"></asp:TextBox><br />

And the .aspx.cs file required that goes along with the html is is:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Management.Automation;

namespace powerWeb
    public partial class test : System.Web.UI.Page
        //function that runs when the button is pressed
        protected void runCode(object sender, EventArgs e)
            //create the powershell instance and give it the command we will be executing
            var shell = PowerShell.Create();

            //build out query string
            string query = "$(Get-WmiObject Win32_Computersystem).name";

            //add the command specified from the gui

            //execute the command and store resutls in results
            var results = shell.Invoke();

            //for each item in the results we append it ot the response text box on the webpage
            foreach (PSObject result in results)
                response.Text = Server.HtmlEncode(result.BaseObject.ToString());


Note that you may need to use package manager to install 'System.Management.Automation' as detailed here:


Like stated before the point of this is to provide a minimum example of how to execute PowerShell from IIS and .NET. I plan to expand on this concept to allow some PowerShell to ad automation. So I might get around to posting more on here if I have success with this.

Restoring Enterprise Vault Items From 365

31 March, 2016

Restoring items from Enterprise Vault for 365 users is the single most painful thing I have ever had to do in my life… EV is literally the devil. So hopefully by documenting the method I used to restore these Items I can save someone from many a sleepless night. The basis of this problem is that once a user has been migrated to the 365 exchange the Enterprise Vault server can no longer see the users mailbox and thus is unable to restore vaulted items.

In order to restore the items to the user’s mailbox the vaulted items need to be recovered to an on-prem account, restored and then returned to the mailbox. The method I used to achieve this is as follows.

1. Extract the vaulted items from the users mailbox
Extracting the vaulted items is probably the most difficult task as you want to extract only the items that are vaulted while maintaining the folder structure that the user has in their outlook. The first think to do is get full access to the user’s mailbox. This can be don’t from > admin > exchange > mailboxes. There are guides all over google for how to do this if you get stuck ;)

Once you have granted yourself full access to the user’s mailbox you will need to start outlook on your machine and create a new profile. Fill out the name and email address fields with the users details, make sure to leave the password field blank.


Upon hitting next you will be asked for credentials, put your credentials in here as you should have access to the user’s mailbox. Make sure to tick the ‘remember my credentials’ box. Outlook should then open to the user’s mailbox. You will need to go into mailbox settings and set outlook to cache the whole mailbox offline.


You will need to restart outlook and wait for it to cache the mailbox, this could take a while depending on the size of the mailbox. We cache the whole mailbox because only cached items are picked up when we scan the mailbox for vaulted items.

I wrote a PowerShell script that scans the current mailbox for vaulted items and makes a copy of them to ‘c:/vaultedmail’ while retaining folder structure. Running this script could take a while if the mailbox is large. The script will also generate some logs to help diagnose errors, these logs are stored at ‘c:/scans/’.

#script written by Nathan Kewley 2015

#file path saving output
$emailPathLog = "c:\Scans\emailFiles.csv";

#initial script setup
$ol = new-object -com Outlook.Application
$ns = $ol.GetNamespace("MAPI")

#variables to keep track of current folder to keep folder structure in tact
$masterDir = "c:\vaultedmail\" + $ol.Application.DefaultProfileName  + "\";
$currentDir = "c:\vaultedmail\" + $ol.Application.DefaultProfileName  + "\";

#counter so emails are not overwritten
$counter = 0;

#get the vault folder
$vault = $namespace.Folders | ?{$ -match "Inbox"}

#check if the email is vaulted, if so move it to the local drive keeping folder structure in tact
function checkMail($mail){
    if($mail.body -like "*has been archived*"){
        write-host("Vaulted Item Detected" + $counter);
        $filename = $currentDir + "mail" + $counter + ".msg";
        $filename >> $emailPathLog;

#recursivly scan all items and subfolders in users mailbox
function Get-MailboxFolder($folder){
    write-host $, $folder.items.count

    #create directory for the folder
    $path = $currentDir + $ + "\";
    New-Item -ItemType directory -Path $path;
    $currentDir = $path;

    foreach($mail in $folder.items){

    foreach ($f in $folder.folders){
        Get-MailboxFolder $f

#start a transcript
Start-Transcript -Path "c:\Scans\log.txt";

#initial script setup
$ol = new-object -com Outlook.Application
$ns = $ol.GetNamespace("MAPI")
$mailbox = $ns.stores | where {$_.ExchangeStoreType -eq 0}
$mailbox.GetRootFolder().folders | foreach { Get-MailboxFolder $_}

When the script has finished you will have extracted all the vaulted items from the users mailbox (Note: there is a small error margin for some mailboxes).

2. Get the vaulted Items back on prem
You will need to use your ‘vault service account’ or alternatively any other account that has permissions to restore any items from the vault. Log into a pc using your ‘vault service account’ and start outlook. You will need to copy the folder structure containing the vaulted items to this pc. To import this folder structure into outlook I used a third party tool called ‘msg to pst’, it seems to work ok. Use ‘msg to pst’ on the folder structure and it will import it into the ‘vault service account’ mailbox. It might be an idea to change the name of the imported folder to the name of the end user. Note that this tool will append the title text of the emails with something like ‘msg to pst trial version’. Don’t worry about this, this text will disappear when the vaulted item is restored.

3. Restore the vaulted items.
You should be able to restore the vaulted items from the ‘vault service account’ mailbox using the EV add in just like normal. Easy! :) Once you have un-vaulted all the items export the folder from outlook as a .pst

4. Return the items to the end user
You will need to open up outlook to the users mailbox using the profile you created for them earlier. Once back in their mailbox you will need to do an import from the pst using outlooks inbuilt import/export wizard. When importing you will need to match up the ‘inbox’ folder in the pst to the ‘inbox’ folder in the mailbox. You may need to do multiple imports from the pst if there were vaulted items in other folders like ‘sent items’.


Once you have imported all the items the user will have 2 versions of every vaulted email in their mailbox, one that is vaulted and one that you have restored. The last step to completing the restoration is to remove all the vaulted stubs. You can search the whole mailbox with the search term ‘messageclass:ipm.note.enterprisevault’ which will show you all the vaulted items. Then select all, delete. Done!

Also, don’t forget to remove your permissions from the users mailbox once you are done.