Restore deleted mailbox Exchange 2013

Recently we had a customer accidentally delete a mailbox while in the ECP.

Going to Recipients -> mailboxes -> connect a mailbox showed no results

Using the following management shell commands were also fruitless

Get-MailboxStatistics | Where {$._DisconnectReason -eq "SoftDeleted" fl DisplayName,MailboxGUID,LegacyDN,Database

Get-MailboxStatistics | Where {$._DisconnectReason -eq "Disabled" fl DisplayName,MailboxGUID,LegacyDN,Database

I know I needed the GUID of this mysterious mailbox so I ran

Get-MailboxDatabase | Get-MailboxStatistics | Format-list DisplayName,MailboxGuid,Database,DisconnectReason,DisconnectDate > usermail.txt

In here I was able to locate the users mailbox in the text file
DisplayName : First Last
MailboxGuid : xxxxxxxxx-xxxx-xxxx-xxxxxxxxxxx
Database : DB02
DisconnectReason :
DisconnectDate :

I took note of the mailbox guid and ran

Update-storemailboxstate -database "DB02" -Identity "xxxxxxxxx-xxxx-xxxx-xxxxxxxxxxx"

After this the mailbox now appeared in the ECP under connect to mailbox.
I was then able to confirm that the mailbox was reconnected to the user.

I did have to recreate the users alias in the users properties.

casey jones / July 7, 2016 / Active Directory, Exchange / 0 Comments

SSL Certificate Revocation lists when using Internal CA

Recently, we were making some changes to eliminate some of the pop ups when using Remote Desktop Web Access.  Certificates on an RDP deployment have to be on point, the article over at is an awesome resource on the topic.

Well when using an Internal CA (certificate authority) for certificate signing, one thing that can be easily overlooked  is the CRL Distribution Point (CDP).  The Certificate Revocation List is essentially a text file of certificates that the issuing CA has revoked.  Certificate revocation allows for the quick repeal of an otherwise valid certificate.  If you take a look at the extensions in any SSL certificate, you’ll see an entry for the CDP (the method in how this list is distributed).

When using an Internal CA, by default it will use an ldap path for the CDP. And it will work just fine for domain joined computers.  However, non domain joined computer can’t navigate to the ldap path (lack of computer credentials) and the checking for the revocation list prompts an error.  If using RDP, you’ll get the familiar yellow error pop up stating as such.  Accepting the error will allow the connection to be made.

The fix is to configure the CDP to point to an http:// site  (its supposed to use Http, not https).  Using an https:// site will create a “chicken and egg” issue, how can you check the revocation status of a site that it itself might be on that list hosted by that very site. In other words, just use http, its supposed to be reachable. is another great resource that walks you through these steps.  Configure the http CDP and then you’ll have to reissue the certificate in question.  Reapply to whatever resources and now non domain joined won’t get prompted for that revocation error!

Happy troubleshooting,


james gonzales / June 13, 2016 / Active Directory, Certificates, Remote Desktop Services / 0 Comments

Novell eDirectory to Active Directory Migration Scripts

Sometime last year we were tasked with migrating an organizations old 2000+ user Novell environment (eDirectory & Groupwise) to Active Directory and Exchange 2013.

Here are the scripts we created for the directory portion of that transition.

Masterscript.bat  (sets the execution policy for powershell and reboots the workstation)


Domainjoin.ps1 (joins the workstation to the new domain)


novell_uninst.vbs  (uninstalls sp1 and older versions of novell client)


novell_uninst_sp2andnewer.bat (uninstalls sp2 and newer versions of novell client)



casey jones / September 15, 2015 / Active Directory, migration, scripts / 0 Comments