Wednesday, October 31, 2012

EWS Snippets for PowerGui

Snippets are an idea that has been around in IDE environments for quite some time and can really be a time saver when it comes to writing EWS scripts. The following are the Snippets for PowerGUI that i presented in my MEC talk in September (Sorry I'm a little late in publishing these).

To use these snippits first you need to have powergui then you can download the Zip file that contains all the snippits from https://github.com/gscales/Powershell-Scripts/raw/master/ScriptArchive/ews-PowerGuiSnipits.zip . 

Once you have unzipped the files to a directory run the ./installsnippits.ps1 script from this directory which will create a snippits folder under %UserName%\My Documents\WindowsPowerShell and copy the snippits into this directory.

Using the Snippits is pretty easy but you do need to understand a little bit about building EWS scripts. The majority of the EWS scripts you create will have 4 major phases

1st Phase - Is to connect and authenticate to the CAS server, in this day and age you should have a proper SSL certificate and Autodiscover should be configured.  So in this first phase you need to acquire from somewhere the SMTPAddress of the mailbox you want to access and credentials for you to use to access the mailbox. Then perform a Autodiscover using the SMTPAddress and credentials you acquired which should then return the URL for EWS.

I've bundled this phase into the following snippit



The snippit will take the SMTPAddress as a cmdline parameter

$MailboxName = $args[0]

And also grab the credentials from the user (make sure you use the UPN as the username when it prompts)

$psCred = Get-Credential 
$creds = New-Object System.Net.NetworkCredential($psCred.UserName.ToString(),$psCred.GetNetworkCredential().password.ToString()) 
$service.Credentials = $creds     

2nd Phase - Now you have the URL for the CAS server to send your EWS request to, the next step is to bind to the folder you want to work with. For all the WellKnownFolders you can bind using the WellKnownFolder enum. I've bundled this phase together in another snippit for each folder for example to bind to the Inbox you use



If you wanted to instead bind to a Subfolder or user created folder I have another snippit for this phase which will bind to a folder using a path.





3rd Phase - Once you have the Folderid of the Folder you want to work with you can then either work with that folder or work with the Items in that folder so the snippit to use if you wish to Enumerate All Folder Items is (there are also several example of searches)




 With this snippit you need to replace the $Folder.Id with the Folder.Id from the other Snippit eg if you used

$folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox,$MailboxName)  
$Inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)

You should then change

$fiItems = $service.FindItems($Folder.Id,$ivItemView)

to

$fiItems = $service.FindItems($Inbox.Id,$ivItemView)

4th Phase : There is no snippit for this but its basically where you put the code to process the Items eg you could output the Subject

    foreach($Item in $fiItems.Items){     
                $Item.Subject    
    }

or any of the other things I've listed in my other Howto http://gsexdev.blogspot.com.au/2012/02/ews-managed-api-and-powershell-how-to.html


That's it there are over 60 snippits altogether that I'll try to grow over time if you have any you want to include to help others out please send them to me and I'll include them.

Wednesday, October 10, 2012

Show the cities and Email has tranisted through using the Mail Header, EWS,Powershell and Geolocation (MEC Sample)

This is Sample 2 from the where's wally section of my MEC talk, In this sample we will look at how you can get the Internet Headers of a Message via EWS. Then using RegEx parse the IPAddress's from the MailHeader and then using the Geolocation code I talk about in sample 1

The Internet Headers on a Message eg


tell you what happened to a message on the way to your inbox for example what SMTP mail-servers its transited through. In EWS this information can be accessed via the PR_TRANSPORT_MESSAGE_HEADERS extended property http://msdn.microsoft.com/en-us/library/office/cc815628.aspx


 By using Regex in Powershell (and some other parsing code to clean the code up) you can parse all the IPAddress's you see in the Received headers then using GeoLocation look these up to determine the city that IPAddress is located in, then compile a list of cities that the email transited through. An example report of running this script on the Junk Email Folder of a Mailbox gives us something like


For more information on the Geolocation code I've used see the 1st example

I've put a download of this script here the code itself looks like

  1. ## Get the Mailbox to Access from the 1st commandline argument  
  2.   
  3. $MailboxName = $args[0]  
  4. $rptCollection = @()  
  5.   
  6. ## Load Managed API dll    
  7. Add-Type -Path "C:\Program Files\Microsoft\Exchange\Web Services\1.2\Microsoft.Exchange.WebServices.dll"    
  8.     
  9. ## Set Exchange Version    
  10. $ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2    
  11.     
  12. ## Create Exchange Service Object    
  13. $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)    
  14.     
  15. ## Set Credentials to use two options are availible Option1 to use explict credentials or Option 2 use the Default (logged On) credentials    
  16.     
  17. #Credentials Option 1 using UPN for the windows Account    
  18. $psCred = Get-Credential    
  19. $creds = New-Object System.Net.NetworkCredential($psCred.UserName.ToString(),$psCred.GetNetworkCredential().password.ToString())    
  20. $service.Credentials = $creds        
  21.     
  22. #Credentials Option 2    
  23. #service.UseDefaultCredentials = $true    
  24.     
  25. ## Choose to ignore any SSL Warning issues caused by Self Signed Certificates    
  26.     
  27. ## Code From http://poshcode.org/624  
  28. ## Create a compilation environment  
  29. $Provider=New-Object Microsoft.CSharp.CSharpCodeProvider  
  30. $Compiler=$Provider.CreateCompiler()  
  31. $Params=New-Object System.CodeDom.Compiler.CompilerParameters  
  32. $Params.GenerateExecutable=$False  
  33. $Params.GenerateInMemory=$True  
  34. $Params.IncludeDebugInformation=$False  
  35. $Params.ReferencedAssemblies.Add("System.DLL") | Out-Null  
  36.   
  37. $TASource=@' 
  38.   namespace Local.ToolkitExtensions.Net.CertificatePolicy{ 
  39.     public class TrustAll : System.Net.ICertificatePolicy { 
  40.       public TrustAll() {  
  41.       } 
  42.       public bool CheckValidationResult(System.Net.ServicePoint sp, 
  43.         System.Security.Cryptography.X509Certificates.X509Certificate cert,  
  44.         System.Net.WebRequest req, int problem) { 
  45.         return true; 
  46.       } 
  47.     } 
  48.   } 
  49. '@   
  50. $TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)  
  51. $TAAssembly=$TAResults.CompiledAssembly  
  52.   
  53. ## We now create an instance of the TrustAll and attach it to the ServicePointManager  
  54. $TrustAll=$TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")  
  55. [System.Net.ServicePointManager]::CertificatePolicy=$TrustAll  
  56.   
  57. ## end code from http://poshcode.org/624  
  58.     
  59. ## Set the URL of the CAS (Client Access Server) to use two options are availbe to use Autodiscover to find the CAS URL or Hardcode the CAS to use    
  60.     
  61. #CAS URL Option 1 Autodiscover    
  62. $service.AutodiscoverUrl($MailboxName,{$true})    
  63. "Using CAS Server : " + $Service.url     
  64.      
  65. #CAS URL Option 2 Hardcoded    
  66.     
  67. #$uri=[system.URI] "https://casservername/ews/exchange.asmx"    
  68. #$service.Url = $uri      
  69.     
  70. ## Optional section for Exchange Impersonation    
  71.     
  72. #$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)   
  73.   
  74. # Bind to the Inbox Folder  
  75. $folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::JunkEmail,$MailboxName)     
  76. $Inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)  
  77.   
  78. #Define Property for the Message Header  
  79. $PR_TRANSPORT_MESSAGE_HEADERS = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(0x007D,[Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String);  
  80.   
  81. $psPropset= new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)    
  82. $psPropset.add($PR_TRANSPORT_MESSAGE_HEADERS)  
  83.   
  84. #Setup GEOIP  
  85. $geoip = New-Object -ComObject "GeoIPCOMEx.GeoIPEx"  
  86. $geoip.set_db_path('c:\mec\') 
  87.  
  88. #Define ItemView to retrive just 10 Items     
  89. $ivItemView =  New-Object Microsoft.Exchange.WebServices.Data.ItemView(50)         
  90.     $fiItems = $service.FindItems($Inbox.Id,$ivItemView)     
  91.     [Void]$service.LoadPropertiesForItems($fiItems,$psPropset)   
  92.     foreach($Item in $fiItems.Items){       
  93.         $MailHeaderVal = $null 
  94.         if($Item.TryGetProperty($PR_TRANSPORT_MESSAGE_HEADERS,[ref]$MailHeaderVal)){     
  95.             $rptObj = "" | Select DateTimeReceived,From,Subject,Size,TransitCities 
  96.             $rptObj.DateTimeReceived = $Item.DateTimeReceived  
  97.             $rptObj.From = $Item.Sender.Address 
  98.             if($Item.Subject.Length -gt 50){ 
  99.                 $rptObj.Subject = $Item.Subject.SubString(0,50) 
  100.             } 
  101.             else{ 
  102.                 $rptObj.Subject = $Item.Subject 
  103.             } 
  104.             $rptObj.Size = $Item.Size 
  105.             $SMTPTrace = $MailHeaderVal.Substring(0,$MailHeaderVal.IndexOf("From:")) 
  106.             # RegEx for IP address 
  107.             $RegExIP = '\b(([01]?\d?\d|2[0-4]\d|25[0-5])\.){3}([01]?\d?\d|2[0-4]\d|25[0-5])\b'  
  108.             $matchedItems = [regex]::matches($SMTPTrace$RegExIP)  
  109.             $lochash = @{}  
  110.             foreach($Match in $matchedItems){  
  111.                 $preVal = $MailHeaderVal.SubString(($Match.Index-1),1)  
  112.                 if($preVal -eq "[" -bor $preVal -eq "("){  
  113.                     if($geoip.find_by_addr($Match.Value)){  
  114.                         if($geoip.country_name -ne "Localhost" -band $geoip.country_name -ne "Local Area Network"){  
  115.                             if($lochash.ContainsKey(($geoip.city + "-" +  $geoip.country_name)) -eq $false){  
  116.                                 $lochash.add(($geoip.city + "-" +  $geoip.country_name),1)  
  117.                                 $rptObj.TransitCities = $rptObj.TransitCities + $geoip.city + "-" +  $geoip.country_name + ";"  
  118.                             }  
  119.                         }  
  120.                     }  
  121.                 }  
  122.             }  
  123.             $rptCollection += $rptObj  
  124.         }            
  125.     }  
  126. $tableStyle = @" 
  127. <style> 
  128. BODY{background-color:white;} 
  129. TABLE{border-width: 1px; 
  130.   border-style: solid; 
  131.   border-color: black; 
  132.   border-collapse: collapse; 
  133. } 
  134. TH{border-width: 1px; 
  135.   padding: 10px; 
  136.   border-style: solid; 
  137.   border-color: black; 
  138.   background-color:#66CCCC 
  139. } 
  140. TD{border-width: 1px; 
  141.   padding: 2px; 
  142.   border-style: solid; 
  143.   border-color: black; 
  144.   background-color:white 
  145. } 
  146. </style> 
  147. "@  
  148.     
  149. $body = @" 
  150. <p style="font-size:25px;family:calibri;color:#ff9100">  
  151. $TableHeader  
  152. </p>  
  153. "@  
  154.   
  155. $rptCollection | ConvertTo-HTML -head $tableStyle –body $body | Out-File c:\temp\jnkmhReport.htm  



Monday, October 08, 2012

Geolocating a users last Send location (MEC sample)

This is sample one from the where's wally section of my MEC talk and demonstrates how you can locate the geographical place where a user last sent a Message from using EWS, Extended properties and GeoIp.

This script makes use of the x-ms-exchange-organization-originalclientipaddress extended property which is a extended property that gets set on the copy of the message that is saved into the SentItems folder of a mailbox when you send a message from OWA or Outlook (Note this isn't transmitted with the actually messages itself) . eg



 
The value of this property reflects the IP Address of the sending client eg so if your using OWA from a Kiosk PC it will show the IP from the Kiosk, or if your using Outlook from home via Outlook-Anywhere it will contain your ISP's Address. Or if your traveling around the world using different hotspots then the address you will get would be from each of the hotspot's you used. Here's a sample report from a mailbox I used from different hotspot's I was using on my recent trip to MEC which included a short holiday in New York.

To resolve the IP Address to geographical location involves using GeoLocation which has an increasing number of users in IT from WebStats to GeoDNS. In this script I've used Maxmind's GeoLiteCity database and Com object. The only thing with the COM object while it only take a few lines of Powershell to use because its a 32 bit library you need to make sure you run it from 32 bit session of Powershell.

 Before running this code you need the GEOIP database and Com object and the database must be in the following location and named GeoIPCity.dat.


$geoip = New-Object -ComObject "GeoIPCOMEx.GeoIPEx"
$geoip.set_db_path('c:\mec\')

I've put a download of this script here the code itself looks like

  1. ## Get the Mailbox to Access from the 1st commandline argument  
  2.   
  3. $MailboxName = $args[0]  
  4.   
  5. ## Load Managed API dll    
  6. Add-Type -Path "C:\Program Files\Microsoft\Exchange\Web Services\1.2\Microsoft.Exchange.WebServices.dll"    
  7.     
  8. ## Set Exchange Version    
  9. $ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2    
  10.     
  11. ## Create Exchange Service Object    
  12. $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)    
  13.     
  14. ## Set Credentials to use two options are availible Option1 to use explict credentials or Option 2 use the Default (logged On) credentials    
  15.     
  16. #Credentials Option 1 using UPN for the windows Account    
  17. $psCred = Get-Credential    
  18. $creds = New-Object System.Net.NetworkCredential($psCred.UserName.ToString(),$psCred.GetNetworkCredential().password.ToString())    
  19. $service.Credentials = $creds        
  20.     
  21. #Credentials Option 2    
  22. #service.UseDefaultCredentials = $true    
  23.     
  24. ## Choose to ignore any SSL Warning issues caused by Self Signed Certificates    
  25.     
  26. ## Code From http://poshcode.org/624  
  27. ## Create a compilation environment  
  28. $Provider=New-Object Microsoft.CSharp.CSharpCodeProvider  
  29. $Compiler=$Provider.CreateCompiler()  
  30. $Params=New-Object System.CodeDom.Compiler.CompilerParameters  
  31. $Params.GenerateExecutable=$False  
  32. $Params.GenerateInMemory=$True  
  33. $Params.IncludeDebugInformation=$False  
  34. $Params.ReferencedAssemblies.Add("System.DLL") | Out-Null  
  35.   
  36. $TASource=@' 
  37.   namespace Local.ToolkitExtensions.Net.CertificatePolicy{ 
  38.     public class TrustAll : System.Net.ICertificatePolicy { 
  39.       public TrustAll() {  
  40.       } 
  41.       public bool CheckValidationResult(System.Net.ServicePoint sp, 
  42.         System.Security.Cryptography.X509Certificates.X509Certificate cert,  
  43.         System.Net.WebRequest req, int problem) { 
  44.         return true; 
  45.       } 
  46.     } 
  47.   } 
  48. '@   
  49. $TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)  
  50. $TAAssembly=$TAResults.CompiledAssembly  
  51.   
  52. ## We now create an instance of the TrustAll and attach it to the ServicePointManager  
  53. $TrustAll=$TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")  
  54. [System.Net.ServicePointManager]::CertificatePolicy=$TrustAll  
  55.   
  56. ## end code from http://poshcode.org/624  
  57.     
  58. ## Set the URL of the CAS (Client Access Server) to use two options are availbe to use Autodiscover to find the CAS URL or Hardcode the CAS to use    
  59.     
  60. #CAS URL Option 1 Autodiscover    
  61. $service.AutodiscoverUrl($MailboxName,{$true})    
  62. "Using CAS Server : " + $Service.url     
  63.      
  64. #CAS URL Option 2 Hardcoded    
  65.     
  66. #$uri=[system.URI] "https://casservername/ews/exchange.asmx"    
  67. #$service.Url = $uri      
  68.     
  69. ## Optional section for Exchange Impersonation    
  70.     
  71. #$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)   
  72.   
  73. # Bind to the SentItems Folder  
  74. $folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::SentItems,$MailboxName)     
  75. $SentItems = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)  
  76. #Define ExtendedProps  
  77. $OriginalServerIP = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(  
  78. [Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::InternetHeaders,"x-ms-exchange-organization-originalserveripaddress",  
  79. [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String)  
  80.   
  81. $OriginalClientIP = new-object Microsoft.Exchange.WebServices.Data.ExtendedPropertyDefinition(  
  82. [Microsoft.Exchange.WebServices.Data.DefaultExtendedPropertySet]::InternetHeaders,"x-ms-exchange-organization-originalclientipaddress",  
  83. [Microsoft.Exchange.WebServices.Data.MapiPropertyType]::String)  
  84.   
  85. $psPropset = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)    
  86. $psPropset.add($OriginalServerIP)  
  87. $psPropset.add($OriginalClientIP)  
  88.   
  89. #Setup GEOIP  
  90. $geoip = New-Object -ComObject "GeoIPCOMEx.GeoIPEx"  
  91. $geoip.set_db_path('c:\mec\')  
  92.   
  93.   
  94. #Define ItemView to retrive just 1000 Items      
  95. $ivItemView =  New-Object Microsoft.Exchange.WebServices.Data.ItemView(1000)   
  96. $ivItemView.PropertySet = $psPropset  
  97. $fiItems = $null  
  98. $rptCollection = @()  
  99. do{      
  100.     $fiItems = $service.FindItems($SentItems.Id,$ivItemView)      
  101.     #[Void]$service.LoadPropertiesForItems($fiItems,$psPropset)    
  102.     foreach($Item in $fiItems.Items){   
  103.         $rptobj = "" | select DateSent,Subject,ClientIP,LocationCity,LocationCountry,Latitute,Longitute  
  104.         "Subject : " + $Item.Subject  
  105.         $rptobj.Subject = $Item.Subject  
  106.         $rptobj.DateSent = $Item.DateTimeSent  
  107.         $clientIpvalue = $null  
  108.         if($Item.TryGetProperty($OriginalClientIP,[ref]$clientIpvalue)){  
  109.             $rptobj.ClientIP = $clientIpvalue  
  110.             "ClientIP : " + $clientIpvalue  
  111.             if($geoip.find_by_addr($clientIpvalue)){  
  112.                 "Location City : " + $geoip.city  
  113.                 $rptobj.LocationCity = $geoip.city  
  114.                 "Location Country : " + $geoip.country_name  
  115.                 $rptobj.LocationCountry = $geoip.country_name  
  116.                 "Location Latitute : " + $geoip.latitude  
  117.                 $rptobj.Latitute = $geoip.latitude  
  118.                 "Location Longitute : " + $geoip.longitude  
  119.                 $rptobj.Longitute = $geoip.longitude  
  120.             }  
  121.         }  
  122.         $serverIpValue = $null  
  123.         if($Item.TryGetProperty($OriginalServerIP,[ref]$serverIpValue)){  
  124.             "ServerIP : " + $serverIpValue  
  125.         }   
  126.         $rptCollection += $rptobj  
  127.   
  128.     }      
  129.     $ivItemView.Offset += $fiItems.Items.Count      
  130. }while($fiItems.MoreAvailable -eq $true)   
  131.   
  132. $tableStyle = @" 
  133. <style> 
  134. BODY{background-color:white;} 
  135. TABLE{border-width: 1px; 
  136.   border-style: solid; 
  137.   border-color: black; 
  138.   border-collapse: collapse; 
  139. } 
  140. TH{border-width: 1px; 
  141.   padding: 10px; 
  142.   border-style: solid; 
  143.   border-color: black; 
  144.   background-color:#66CCCC 
  145. } 
  146. TD{border-width: 1px; 
  147.   padding: 2px; 
  148.   border-style: solid; 
  149.   border-color: black; 
  150.   background-color:white 
  151. } 
  152. </style> 
  153. "@  
  154.     
  155. $body = @" 
  156. <p style="font-size:25px;family:calibri;color:#ff9100">  
  157. $TableHeader  
  158. </p>  
  159. "@  
  160.   
  161. $rptCollection | ConvertTo-HTML -head $tableStyle –body $body | Out-File c:\temp\GeoIpUserSentReport.html