WinSCP Auto-Download

Recently, I had to download several different items from the same sftp server and after a while I felt like automating it since it wouldn’t be the last time I needed to do that. WinSCP has a cool feature that generates a script for several tasks you’re doing. You can check the function out here.

Anyway here’s my script. Make sure to customize the green parts first. Generate those parts yourself in WinSCP with the generate code function linked above. Also, of course you need to have WinSCP installed on your system.

# Variables
$MyLog = "C:\Temp\Logfile.log"

# Cleaning up previous log files
if (Test-Path "$MyLog"){
    Remove-Item "$MyLog"

# This function shows a basic menu
function Show-Menu
    param (
        [string]$Title = 'My Download Menu'
    Write-Host "================ $Title ================"
    Write-Host "1: Press '1' for downloading A."
    Write-Host "2: Press '2' for downloading B."
    Write-Host "3: Press '3' for downloading C."
    Write-Host "Q: Press 'Q' to quit."

# This do-loop loops through the menu until 'Q' is pressed. 
do {

Show-Menu ‚ÄďTitle "$Title"

# Start the script with chosen number
$MySelection = Read-Host "Please make a selection"
switch ($MySelection)
     '1' {
         'You chose option #1 - Downloading A'
                & "C:\Program Files (x86)\WinSCP\" `
                /log=$MyLog /ini=nul `
                /command `
                "open sftp://USERNAME:PASSWORD@SERVERADDRESS/"
                "cd FOLDERPATH" `
                "lcd %userprofile%\Downloads" `
                "get *" `
     } '2' {
         'You chose option #2 - Downloading B'

                & "C:\Program Files (x86)\WinSCP\" `
                /log="$MyLog" /ini=nul `
                /command `
                "open sftp://USERNAME:PASSWORD@SERVERADDRESS/"
                "cd FOLDERPATH" `
                "lcd %userprofile%\Downloads" `
                "get *" `

     } '3' {
         'You chose option #3 - Downloading C'

                & "C:\Program Files (x86)\WinSCP\" `
                /log="$MyLog" /ini=nul `
                /command `
                "open sftp://USERNAME:PASSWORD@SERVERADDRESS/"
                "cd FOLDERPATH" `
                "lcd %userprofile%\Downloads" `
                "get *" `

           } 'Q' {
 until ($MySelection -eq 'Q')

Powershell Browser Tab Switcher

Hey, there long time no see. ūüôā

Ever wanted to automatically rotate through open tabs in your browser but didn’t want to install a shady browser extension?

You can accomplish the same with Powershell.

$MY_SHELL=New-Object -ComObject

#Tab Rotator
while($MY_COUNTER -lt $MY_ENDER){
	Sleep $MY_SLEEPER; 

The sleeper is the delay in seconds before the next tab is opened. The script will continue to rotate through the tabs as long as the counter is less than the ender value. Adjust the values to your liking. Have fun.

Windows 10 1809 Firewall Notifications

In some environments people in charge want the local Windows Firewall to be disabled. This could be the case if for example a company uses third party firewall clients instead of the built-in ones.

With Windows 10 1809 tho you’ll get a nice notification every time you boot your pc.

If you want to disable notifications completely you need to change a registry value. Please note that this will disable notifications completely.


Value: ‚ÄúEnabled‚ÄĚ=dword:00000000

Forefront TMG and Exchange Hybrid

Since most of the documentations about this topic have been taken down I decided to write a quick post about it cause no matter in what year we’re living in I continue to stumble upon Forefront TMG servers and people refusing to get rid of them. ūüôā

Side note:

Always… ALWAYS try to get rid of unsupported systems! In my case I simply configured the TMG server for Exchange Hybrid so I could quickly migrate the server and take care of it later. In all cases I’ve uninstalled the TMG after successful migration.

Alright, let’s start by creating a new Web Publishing Rule.

Most of the settings can be left with the defaults. Of course we need to allow the connections.

In the next tab you can either choose “Anywhere” as source or create a connection group for all the Exchange online and Office365 IP addresses. (Office365 IP Address Ranges)

Now choose your internal Exchange Server.

Traffic that wee need to go through here is mostly HTTPS. Exchange Online only needs to be able to connect to our Exchange on-premise MRSProxy for mailbox migration.

Choose your default listener. (You should have one since you have a working TMG)

Public names used for those connections are usually, or in my case, autodiscover and owa. (Your webmail address)

Internal Paths that we need to configure are “EWS” and “Autodiscover”.

Make sure to pass the authentication through. Otherwise the connection to the MRSProxy won’t work.

Last but not least we need to change the default setting “Authenticated Users” to “All users”.

After that save your rule and don’t forget to actually activate it and put it on top of all the other rules.

The hybrid connection and especially the creation of the migration endpoint should now work. If there are still issues with it check my other post about MRSProxy settings.

Connection failed to migration endpoint

Missing mail icon from control panel in Windows 10

This was a weird one.

I wanted to test something and therefore needed to add a separate mail profile but when I opened my control panel I couldn’t find the “Mail” icon in the list.

I thought I was just blind but after asking my colleagues they told me not to have one either. Apparently this icon got removed when we installed the 32bit Version of Office365 directly through our O365 tenant. Not yet sure if it’s a bug or not but the needed options can be opened by using the command “outlook.exe /manageprofiles”

Mailbox Import Request preventing database removal

I’ve received the request to clear out an Exchange database and then remove it from a server. Migrated all the mailboxes, arbitration mailboxes, etc. to a different database and tried to delete the unneeded one. When I tried tho I received the following error:

Alright, maybe I forgot something but I’ve used the command in the error message and got nothing out of it. I’ve checked all the possibilities again but there’s nothing left on the database.

As we can see, there’s nothing left. Wrong, there actually is. Deep within the AD. I’ve opened ADSIEdit and navigated to the following path:

Configuration [] – CN=Configuration,DC=toxicoon,DC=com – CN=Services,CN=Microsoft Exchange,CN=Mailbox Replication,CN=MailboxImportRequests

And finally there was the “MailboxImportRequest” that somehow got stuck.

I’ve deleted the entry and tried to remove the database again and finally I was able to remove it from the server.

Keep in mind that you can screw up a lot when manually editing or deleting objects via ADSIEdit.

Connection failed to migration endpoint

I’ve recently worked on another Exchange Hybrid deployment and when I tried to create a new migration batch I’ve received the following error after entering the endpoints FQDN.

There are several possible reasons for this behaviour. Most likely the MRSProxy is either not activated or the authentication method is set to “Negotiate” instead of “Basic Authentication”.

To check and also correct this follow these steps.

Check MRSProxy
Get-WebServicesVirtualDirectory | FL -Auto Identity, MRSProxyEnabled

If it’s set to “false” then activate it with the following command.
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

In my case this wasn’t enough since the authentication method was also wrong.
You can check with “Get-WebServicesVirtualDirectory | select *auth*” and then enable “Basic Authentication” with
“Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory ‚ÄďBasicAuthentication $TRUE”

After those changes I was able to successfully create migration batches and move mailboxes to Exchange online.

Duplicate mailbox on-prem and in cloud

In an Exchange hybrid environment with ADFS and AzureSync we stumbled upon an issue with mailboxes being created on the on-premise Exchange and on the online Exchange Server after assigning a license to the synchronised user.

This happened because an administrator assigned an Exchange Online Plan 2 License to a synchronised user before the on-prem mailbox was created. (The local user needed the license for the cloud archive). Therefore the Attribut “Hey I already have an on-prem mailbox” was missing and Exchange Online automatically created a cloud mailbox for the user. Deleting the mailbox didn’t do the trick cause the connection to the “MsolUser” was still present. To get rid of that mailbox duplicate we can follow this procedure.

I recommend exporting the cloud mailbox via eDiscovery prior to deleting it. There’s a high chance that mails already have been received on it.

Make sure the AzureSync Service is stopped before you start!

First we remove the Exchange license from the user. You can do this in the Tenant Administration Portal under “Active Users”.

Then we connect to Exchange Online via Powershell and connect the MsolService.


After the license has been removed check if the user is present and unlicensed. The cloud mailbox should automatically get deactivated after that, as well.

Get-MsolUser -UserPrincipalName b.coon(at)

You should get an output similiar to this

UserPrincipalName           Display     Name              isLicensed
b.coon(at)     Burger      Raccoon        False

Now remove the user. We need to do this cause the mailbox is still present as “SoftDeletedMailbox” and when you add the Exchange license again the soft deleted mailbox will just be re-activated. Without deleting the MsolUser you can’t delete the soft deleted mailbox cause you’d receive an error saying that there’s still a connected MsolUser in need of that particular mailbox.

Remove-MsolUser -UserPrincipalName b.coon(at)

Again, the user is only soft deleted but still present in the depths of the system. In order to completely remove it we need to get some more info.

Get-MsolUser -ReturnDeletedUsers | fl UserPrincipalName, ObjectID

You should receive an output similiar to this.

UserPrincipalName: b.coon(at)
ObjectId: f1XX48270-cf2b-4cca-b2ca-6a4342432XXX6

Now trash it by using the ObjectId.

Remove-MsolUser -ObjectID f1XX48270-cf2b-4cca-b2ca-6a4342432XXX6 -RemoveFromRecycleBin -Force

The mailbox is now “orphaned” and shouldn’t cause any more trouble. You can now go on and remove the soft deleted mailbox. It should work now since there’s no connection left.

(Watch out for other soft deleted mailboxes in case you need them! This command will delete all of them!)

Get-Mailbox -SoftDeletedMailbox | Remove-Mailbox

After all this you should re-check the local AD User for correct proxyaddresses, UPN, etc. and then you can restart the AzureSync and reassign the license. The Office365 Tenant will now understand that there’s already a local mailbox present.

Start-AzureADSyncSyncCycle -PolicyType initial (On your AzureSync Server)

You must specify the PrimaryOnly parameter

Recently I had to migrate an Exchange on-premise account to Exchange online. Since it’s a hybrid environment and the on-premise user has an Exchange online archive it was more difficult than I thought cause in such a constellation you need to be able to only migrate the primary mailbox and leave the archive untouched. The default Exchange Administration Center doesn’t have this option tho and if you try it anyway you’ll receive a nice error saying “You must specify the PrimaryOnly parameter” and the migration job fails with unmigrated data.

But it is possible to set this parameter via powershell. Keep in mind that you need to “pull” the mailbox from your on-premise server to Exchange online instead of “sending” it from on-premise to online.

First, log into Exchange online using Powershell and then enter the following command. (Keep in mind that you need to replace the URLs and account names with the ones that are valid for your environment)

New-MoveRequest -Identity user(at)” -RemoteCredential (Get-Credential) -Remote -RemoteHostName” -BatchName “User_Migration” -PrimaryOnly -TargetDeliveryDomain “”