Skip to main content


Showing posts from October, 2012

EWS Snippets for PowerGui

Snippets are an idea that has been around in IDE environments for quite some time and can really be a time saver when it comes to writing EWS scripts. The following are the Snippets for PowerGUI that i presented in my MEC talk in September (Sorry I'm a little late in publishing these). To use these snippits first you need to have powergui then you can download the Zip file that contains all the snippits from .  Once you have unzipped the files to a directory run the ./installsnippits.ps1 script from this directory which will create a snippits folder under %UserName%\My Documents\WindowsPowerShell and copy the snippits into this directory. Using the Snippits is pretty easy but you do need to understand a little bit about building EWS scripts. The majority of the EWS scripts you create will have 4 major phases 1st Phase - Is to connect and authenticate to the CAS server, in this da

Show the cities and Email has tranisted through using the Mail Header, EWS,Powershell and Geolocation (MEC Sample)

This is Sample 2 from the where's wally section of my MEC talk, In this sample we will look at how you can get the Internet Headers of a Message via EWS. Then using RegEx parse the IPAddress's from the MailHeader and then using the Geolocation code I talk about in sample 1 The Internet Headers on a Message eg tell you what happened to a message on the way to your inbox for example what SMTP mail-servers its transited through. In EWS this information can be accessed via the PR_TRANSPORT_MESSAGE_HEADERS extended property  By using Regex in Powershell (and some other parsing code to clean the code up) you can parse all the IPAddress's you see in the Received headers then using GeoLocation look these up to determine the city that IPAddress is located in, then compile a list of cities that the email transited through. An example report of running this script on the Junk Email Folder of a Mailbox gives us some

Geolocating a users last Send location (MEC sample)

This is sample one from the where's wally section of my MEC talk and demonstrates how you can locate the geographical place where a user last sent a Message from using EWS, Extended properties and GeoIp. This script makes use of the x-ms-exchange-organization-originalclientipaddress extended property which is a extended property that gets set on the copy of the message that is saved into the SentItems folder of a mailbox when you send a message from OWA or Outlook (Note this isn't transmitted with the actually messages itself) . eg   The value of this property reflects the IP Address of the sending client eg so if your using OWA from a Kiosk PC it will show the IP from the Kiosk, or if your using Outlook from home via Outlook-Anywhere it will contain your ISP's Address. Or if your traveling around the world using different hotspots then the address you will get would be from each of the hotspot's you used. Here's a sample report from a mailbox I used from dif
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.