The one tricky bit of information to retrieve was the installed Exchange rollups. These are not available via WMI or any other method I could find. I did find a very effective solution on flaphead.com. This little piece of magic, locates the installed patches in the remote registry, and loops through the keys to find and list the installed rollups.
Unlike Exchange 2003, Exchange 2007 servers are installed with specific roles. This plays a part, when checking things like queues and mailbox stores. For instance, there is no point in checking a pure Hub Transport server for mailbox stores etc. I initially built in a check which would check the ServerRole property of the server to match a specific role, forgetting that one server could have multiple roles. I now do a match for the role anywhere in the property string with this if statement: if ($exServer.ServerRole -notlike “*Mailbox*”) This will skip the mailbox related check if the word “Mailbox” cannot be located anywhere in the string.
To automate the running of the checks on a daily basis I setup a scheduled task on one of my Exchange 2007 servers as the script requires the commandlets.
I really had no idea how to get the scheduled task to run in the Exchange management shell so, as a test I basically used the following command: C:WINDOWSsystem32windowspowershellv1.0powershell.exe -PSConsoleFile “D:Program FilesMicrosoftExchange Serverbinexshell.psc1” c:scriptsExchangeAudit2k7.ps1 .servers.txt
This did the trick and the entire check process now runs and completes before I even get to work. My version of the script, also creates an HTML menu and moves the reports to our departmental web server for my managers’ viewing pleasure. The mailbox stores now also indicate the last backup time, as we have had issues before where the backups aren’t completed, and we don’t find out until it’s too late.
This script has been replaced by a later version, please check the following link, or download the updated version below:
http://powershellneedfulthings.blogspot.com/2009/11/exchange-2007-audit-script-version-3.html
I am getting a couple of odd errors when i run this. the first is after the Event Log (quota violation) and the other is after Mailbox Stores.
I can send full details if you would like.
please let me know
thanks
app
Please send me a screen shot and I will have a look at the problems.
Thanks for the feedback!
App,
I had a chance today to look at your issues:
At :line:103 char:34
+ $colLoggedEventsE = Get-WmiObject <<<< -computer $Target -query ("Select * from Win32_NTLogEvent Where Type='Error' and SourceName like 'MSExchange%' or SourceName like 'ESE%' and TimeWritten >='" + $WmidtQueryDT + "'")
This is really telling you there were no Error Event entries matching the criteria. I will build in a check to deal with an empty variable.
The '+=' operator failed: Exception of type 'System.OutOfMemoryException' was thrown..
At :line:702 char:11
+ $Report+= <<<<
I have not seen this problem when running the script. I have researched the problem and have not come up with anything conclusive. Could you try another computer / server to run this on?
Jean
Thanks for the info. I ran it directly from one of the servers, and it eventually ran, but it took well over 3 hours to complete. I think the problem is actually having SO many event log messages. We are auditing everything. Is it possible to set the Event log portion to only grab events in say the last 24 or 48 hours? When the script finally completed, the HTML file that it created was over 50MB, and this was just on the Hub Transport server. If we could find a way to tell it to just grab the last 24 hours or so of Event log items, it would be great, and would probably run much quicker.
I will talk to you later
app
Hey App,
Thanks for the reply, I had that same issue the other day, with regards to my event log, and it aided me in troubleshooting a problem on our Mailbox server.
Ill have a look at adjusting the amount of data retrieved, although I was under the impression that I grabbed only the last 24hrs.
Jean
Aaron,
I have changed a great deal of this script, in terms of how it deals with the event logs. It now uses .net instead of WMI. Not only can you control the dates ranges better, but I also suspect it runs faster. I should be ready to upload a new copy tomorrow some time.
Jean