‘Remove Exchange Attributes’ á la PowerShell

The extensions to Active Directory Users and Computers for Exchange 2000 and Exchange 2003 have a task called Remove Exchange Attributes that is accessible from the Exchange Tasks menu. It removes all Exhange related attributes from the objects on which it is run. This is useful when an object is in an inconsistent state, as regards to Exchange. For example if an Exchange attribute has invalid data or not all required attributes are present.
If you remove the last Exchange 2000/2003 server from your organization you will not be able to use the Remove Exchange Attributes task, even if the extensions are still installed on a computer. I recently found myself in just that situation and had to come up with a workaround. My favorite tool lately is PowerShell so I decided to use that. This is the command I came up with, using the cmdlets from Quest Software for Active Directory:

https://gist.github.com/morgansimonsen/8040285

As you can see, this command targets groups, but it can be easily changed to apply to other object types.
I found a list of all the Exchange attributes that the Remove Exchange Attributes task removes here:

Installing PowerShell with Package Manager on Windows Vista

Package Manager (Pkgmgr.exe) is a new Windows Vista command-line tool that you can use offline to install, remove, or update Windows packages. You can add a package, provided as a .cab file, to an offline Windows image.  Package Manager can also enable or disable a Windows feature, either offline or on a running Windows installation. And it is this last piece of functionality that we are going to be using here.

When you install the PowerShell package (KB928439) on Windows Vista it extends the list of optional features that can be selected to enable or disable. A lot of updates behave like this, eg. the Remote Server Administration Tools (RSAT) package. You can run optionalfeatures.exe to use a GUI to enable or disable the available features. But as mentioned you can also use Package Manager (pkgmgr.exe) to enable or disable the same features. The command to enable PowerShell is:

start /w pkgmgr.exe /iu:MicrosoftWindowsPowerShell

To disable PowerShell; run:

start /w pkgmgr.exe /uu:MicrosoftWindowsPowerShell

The start /w part is necessary because the default behaviour of pkgmgr.exe is to return immediately to the command line even when it is still performing its tasks. So to have the command prompt wait for the pkgmgr.exe process to finish before returning, add start /w.

Package Manager requires elevation to run, so either start it from an elevated prompt or be prepared to approve the elevation with the UAC prompt. To check the result of the Package Manager operation run echo %errorlevel% after Package Manager has finished.

To enable or disable other features have a look here for the names:

Windows Vista packages: http://technet.microsoft.com/en-us/library/cc722041.aspx

Windows Server 2008 packages: http://technet.microsoft.com/en-us/library/cc748930.aspx

 

How to use the whenCreated and whenChanged attributes to search for objects in Active Directory

Sometimes it is useful to be able to search for objects in Active Directory based on when they were created or changed, or both. The two attributes that hold this information are whenCreated and whenChanged, and they are present on all AD objects.
You use these two attributes like any other in you LDAP queries, the only thing to watch is the syntax of the date/time value. The syntax of both attributes is like this:
YYYY MM DD HH mm ss.s Z
2008 08 12 00 00 00.0 Z
(The capital Z at the end is mandatory and denotes Zulu time, which is the same as GMT.)
So to search for all users created on or after 12 August 2008 you use this query:
(&(objectClass=User)(whenChanged>=20080812000000.0Z))