Merge pull request #1845 from microsoft/main

Release 10-4-23
microsoft · Oct 4, 2023 · 08fb3a3 · 08fb3a3
2 parents c7d72c5 + 0d4812e
commit 08fb3a3
Show file tree

Hide file tree

Showing 18 changed files with 2,631 additions and 32 deletions.
diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerExchangeInformation.ps1
@@ -21,6 +21,8 @@ function Invoke-AnalyzerExchangeInformation {
     $keyExchangeInformation = Get-DisplayResultsGroupingKey -Name "Exchange Information"  -DisplayOrder $Order
     $exchangeInformation = $HealthServerObject.ExchangeInformation
     $hardwareInformation = $HealthServerObject.HardwareInformation
+    $getWebServicesVirtualDirectory = $exchangeInformation.VirtualDirectories.GetWebServicesVirtualDirectory |
+        Where-Object { $_.Name -eq "EWS (Default Web Site)" }
 
     $baseParams = @{
         AnalyzedInformation = $AnalyzeResults
@@ -208,8 +210,8 @@ function Invoke-AnalyzerExchangeInformation {
     if ($exchangeInformation.GetExchangeServer.IsEdgeServer -eq $false) {
 
         Write-Verbose "Working on MRS Proxy Settings"
-        $mrsProxyDetails = $exchangeInformation.GetWebServicesVirtualDirectory.MRSProxyEnabled
-        if ($exchangeInformation.GetWebServicesVirtualDirectory.MRSProxyEnabled) {
+        $mrsProxyDetails = $getWebServicesVirtualDirectory.MRSProxyEnabled
+        if ($getWebServicesVirtualDirectory.MRSProxyEnabled) {
             $mrsProxyDetails = "$mrsProxyDetails`n`r`t`tKeep MRS Proxy disabled if you do not plan to move mailboxes cross-forest or remote"
             $mrsProxyWriteType = "Yellow"
         } else {
@@ -294,10 +296,10 @@ function Invoke-AnalyzerExchangeInformation {
     }
     Add-AnalyzedResultInformation @params
 
-    if (-not ([string]::IsNullOrWhiteSpace($exchangeInformation.GetWebServicesVirtualDirectory.InternalNLBBypassUrl))) {
+    if (-not ([string]::IsNullOrWhiteSpace($getWebServicesVirtualDirectory.InternalNLBBypassUrl))) {
         $params = $baseParams + @{
             Name             = "EWS Internal Bypass URL Set"
-            Details          = "$($exchangeInformation.GetWebServicesVirtualDirectory.InternalNLBBypassUrl) - Can cause issues after KB 5001779"
+            Details          = "$($getWebServicesVirtualDirectory.InternalNLBBypassUrl) - Can cause issues after KB 5001779"
             DisplayWriteType = "Red"
         }
         Add-AnalyzedResultInformation @params

diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOrganizationInformation.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerOrganizationInformation.ps1
@@ -76,4 +76,33 @@ function Invoke-AnalyzerOrganizationInformation {
         }
         Add-AnalyzedResultInformation @params
     }
+
+    if ($null -ne $organizationInformation.GetDynamicDgPublicFolderMailboxes -and
+        $organizationInformation.GetDynamicDgPublicFolderMailboxes.Count -ne 0) {
+        $displayWriteType = "Green"
+
+        if ($organizationInformation.GetDynamicDgPublicFolderMailboxes.Count -gt 1) {
+            $displayWriteType = "Red"
+        }
+
+        $params = $baseParams + @{
+            Name             = "Dynamic Distribution Group Public Folder Mailboxes Count"
+            Details          = $organizationInformation.GetDynamicDgPublicFolderMailboxes.Count
+            DisplayWriteType = $displayWriteType
+        }
+
+        Add-AnalyzedResultInformation @params
+
+        if ($displayWriteType -ne "Green") {
+            $params = $baseParams + @{
+                Details                = "More Information: https://aka.ms/HC-DynamicDgPublicFolderMailboxes"
+                DisplayCustomTabNumber = 2
+                DisplayWriteType       = "Yellow"
+            }
+
+            Add-AnalyzedResultInformation @params
+        }
+    } else {
+        Write-Verbose "No Dynamic Distribution Group Public Folder Mailboxes found to review."
+    }
 }
diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2021-1730.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2021-1730.ps1
@@ -26,7 +26,8 @@ function Invoke-AnalyzerSecurityCve-2021-1730 {
         $SecurityObject.IsEdgeServer -eq $false) {
 
         $downloadDomainsEnabled = $SecurityObject.OrgInformation.EnableDownloadDomains
-        $owaVDirObject = $SecurityObject.ExchangeInformation.GetOwaVirtualDirectory
+        $owaVDirObject = $SecurityObject.ExchangeInformation.VirtualDirectories.GetOwaVirtualDirectory |
+            Where-Object { $_.Name -eq "owa (Default Web Site)" }
         $displayWriteType = "Green"
 
         if (-not ($downloadDomainsEnabled)) {

diff --git a/...ics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySerializedDataSigningState.ps1 b/...ics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySerializedDataSigningState.ps1
@@ -100,10 +100,18 @@ function Invoke-AnalyzerSecuritySerializedDataSigningState {
         }
         Add-AnalyzedResultInformation @params
 
-        if ($null -ne $additionalSerializedDataSigningDisplayValue) {
+        # Always display if not true
+        if (-not ($serializedDataSigningState -eq $true)) {
+            $addLine = "This may pose a security risk to your servers`r`n`t`tMore Information: https://aka.ms/HC-SerializedDataSigning"
+
+            if ($null -ne $additionalSerializedDataSigningDisplayValue) {
+                $details = "$additionalSerializedDataSigningDisplayValue`r`n`t`t$addLine"
+            } else {
+                $details = $addLine
+            }
+
             $params = $baseParams + @{
-                Details                = $additionalSerializedDataSigningDisplayValue +
-                "`r`n`t`tThis may pose a security risk to your servers`r`n`t`tMore Information: https://aka.ms/HC-SerializedDataSigning"
+                Details                = $details
                 DisplayWriteType       = $serializedDataSigningWriteType
                 DisplayCustomTabNumber = 2
             }

diff --git a/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeInformation.ps1 b/Diagnostics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeInformation.ps1
@@ -15,6 +15,7 @@
 . $PSScriptRoot\Get-ExchangeServerCertificates.ps1
 . $PSScriptRoot\Get-ExchangeServerMaintenanceState.ps1
 . $PSScriptRoot\Get-ExchangeUpdates.ps1
+. $PSScriptRoot\Get-ExchangeVirtualDirectories.ps1
 . $PSScriptRoot\Get-ExSetupDetails.ps1
 . $PSScriptRoot\Get-FIPFSScanEngineVersionState.ps1
 . $PSScriptRoot\Get-ServerRole.ps1
@@ -55,13 +56,7 @@ function Get-ExchangeInformation {
             Invoke-CatchActions
         }
 
-        try {
-            $getOwaVirtualDirectory = Get-OwaVirtualDirectory -Identity ("{0}\owa (Default Web Site)" -f $Server) -ADPropertiesOnly -ErrorAction Stop
-            $getWebServicesVirtualDirectory = Get-WebServicesVirtualDirectory -Server $Server -ErrorAction Stop
-        } catch {
-            Write-Verbose "Failed to get OWA or EWS virtual directory"
-            Invoke-CatchActions
-        }
+        $getExchangeVirtualDirectories = Get-ExchangeVirtualDirectories -Server $Server
 
         $registryValues = Get-ExchangeRegistryValues -MachineName $Server -CatchActionFunction ${Function:Invoke-CatchActions}
         $serverExchangeBinDirectory = [System.Io.Path]::Combine($registryValues.MsiInstallPath, "Bin\")
@@ -161,9 +156,8 @@ function Get-ExchangeInformation {
         return [PSCustomObject]@{
             BuildInformation                         = $buildInformation
             GetExchangeServer                        = $getExchangeServer
+            VirtualDirectories                       = $getExchangeVirtualDirectories
             GetMailboxServer                         = $getMailboxServer
-            GetOwaVirtualDirectory                   = $getOwaVirtualDirectory
-            GetWebServicesVirtualDirectory           = $getWebServicesVirtualDirectory
             ExtendedProtectionConfig                 = $extendedProtectionConfig
             ExchangeConnectors                       = $exchangeConnectors
             ExchangeServicesNotRunning               = [array]$exchangeServicesNotRunning

diff --git a/...stics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeVirtualDirectories.ps1 b/...stics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeVirtualDirectories.ps1
@@ -0,0 +1,111 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+. $PSScriptRoot\..\..\..\..\Shared\ErrorMonitorFunctions.ps1
+
+function Get-ExchangeVirtualDirectories {
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$Server
+    )
+    begin {
+        Write-Verbose "Calling: $($MyInvocation.MyCommand)"
+
+        $failedString = "Failed to get {0} virtual directory."
+        $getActiveSyncVirtualDirectory = $null
+        $getAutoDiscoverVirtualDirectory = $null
+        $getEcpVirtualDirectory = $null
+        $getMapiVirtualDirectory = $null
+        $getOabVirtualDirectory = $null
+        $getOutlookAnywhere = $null
+        $getOwaVirtualDirectory = $null
+        $getPowerShellVirtualDirectory = $null
+        $getWebServicesVirtualDirectory = $null
+        $paramsNoShow = @{
+            Server           = $Server
+            ErrorAction      = "Stop"
+            ADPropertiesOnly = $true
+        }
+        $params = $paramsNoShow + @{
+            ShowMailboxVirtualDirectories = $true
+        }
+    }
+    process {
+        try {
+            $getActiveSyncVirtualDirectory = Get-ActiveSyncVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "EAS")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getAutoDiscoverVirtualDirectory = Get-AutodiscoverVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "Autodiscover")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getEcpVirtualDirectory = Get-EcpVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "ECP")
+            Invoke-CatchActions
+        }
+
+        try {
+            # Doesn't have ShowMailboxVirtualDirectories
+            $getMapiVirtualDirectory = Get-MapiVirtualDirectory @paramsNoShow
+        } catch {
+            Write-Verbose ($failedString -f "Mapi")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getOabVirtualDirectory = Get-OabVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "OAB")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getOutlookAnywhere = Get-OutlookAnywhere @params
+        } catch {
+            Write-Verbose ($failedString -f "Outlook Anywhere")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getOwaVirtualDirectory = Get-OwaVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "OWA")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getPowerShellVirtualDirectory = Get-PowerShellVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "PowerShell")
+            Invoke-CatchActions
+        }
+
+        try {
+            $getWebServicesVirtualDirectory = Get-WebServicesVirtualDirectory @params
+        } catch {
+            Write-Verbose ($failedString -f "EWS")
+            Invoke-CatchActions
+        }
+    }
+    end {
+        return [PSCustomObject]@{
+            GetActiveSyncVirtualDirectory   = $getActiveSyncVirtualDirectory
+            GetAutoDiscoverVirtualDirectory = $getAutoDiscoverVirtualDirectory
+            GetEcpVirtualDirectory          = $getEcpVirtualDirectory
+            GetMapiVirtualDirectory         = $getMapiVirtualDirectory
+            GetOabVirtualDirectory          = $getOabVirtualDirectory
+            GetOutlookAnywhere              = $getOutlookAnywhere
+            GetOwaVirtualDirectory          = $getOwaVirtualDirectory
+            GetPowerShellVirtualDirectory   = $getPowerShellVirtualDirectory
+            GetWebServicesVirtualDirectory  = $getWebServicesVirtualDirectory
+        }
+    }
+}
diff --git a/...tics/HealthChecker/DataCollection/OrganizationInformation/Get-OrganizationInformation.ps1 b/...tics/HealthChecker/DataCollection/OrganizationInformation/Get-OrganizationInformation.ps1
@@ -66,6 +66,13 @@ function Get-OrganizationInformation {
             $wellKnownSecurityGroups = Get-ExchangeWellKnownSecurityGroups
             $isSplitADPermissions = Get-ExchangeADSplitPermissionsEnabled -CatchActionFunction ${Function:Invoke-CatchActions}
 
+            try {
+                $getDdgPublicFolders = @(Get-DynamicDistributionGroup "PublicFolderMailboxes*" -IncludeSystemObjects -ErrorAction "Stop")
+            } catch {
+                Write-Verbose "Failed to get the dynamic distribution group for public folder mailboxes."
+                Invoke-CatchActions
+            }
+
             try {
                 $rootDSE = [ADSI]("LDAP://$([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name)/RootDSE")
                 $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
@@ -123,18 +130,19 @@ function Get-OrganizationInformation {
         }
     } end {
         return [PSCustomObject]@{
-            GetOrganizationConfig   = $organizationConfig
-            DomainsAclPermissions   = $domainsAclPermissions
-            WellKnownSecurityGroups = $wellKnownSecurityGroups
-            AdSchemaInformation     = $adSchemaInformation
-            GetHybridConfiguration  = $getHybridConfiguration
-            EnableDownloadDomains   = $enableDownloadDomains
-            GetAcceptedDomain       = $getAcceptedDomain
-            MapiHttpEnabled         = $mapiHttpEnabled
-            SecurityResults         = $securityResults
-            IsSplitADPermissions    = $isSplitADPermissions
-            ADSiteCount             = $adSiteCount
-            GetSettingOverride      = $getSettingOverride
+            GetOrganizationConfig             = $organizationConfig
+            DomainsAclPermissions             = $domainsAclPermissions
+            WellKnownSecurityGroups           = $wellKnownSecurityGroups
+            AdSchemaInformation               = $adSchemaInformation
+            GetHybridConfiguration            = $getHybridConfiguration
+            EnableDownloadDomains             = $enableDownloadDomains
+            GetAcceptedDomain                 = $getAcceptedDomain
+            MapiHttpEnabled                   = $mapiHttpEnabled
+            SecurityResults                   = $securityResults
+            IsSplitADPermissions              = $isSplitADPermissions
+            ADSiteCount                       = $adSiteCount
+            GetSettingOverride                = $getSettingOverride
+            GetDynamicDgPublicFolderMailboxes = $getDdgPublicFolders
         }
     }
 }
diff --git a/Diagnostics/HealthChecker/Features/Get-HealthCheckerData.ps1 b/Diagnostics/HealthChecker/Features/Get-HealthCheckerData.ps1
@@ -113,6 +113,8 @@ function Get-HealthCheckerData {
         } catch {
             Write-Red "Failed to Health Checker against $serverName"
             $failedServerList.Add($serverName)
+            # Try to handle the issue so we don't get a false positive report.
+            Invoke-CatchActions
             continue
         }
 

diff --git a/Diagnostics/HealthChecker/HealthChecker.ps1 b/Diagnostics/HealthChecker/HealthChecker.ps1
@@ -172,6 +172,7 @@ begin {
     . $PSScriptRoot\..\..\Shared\LoggerFunctions.ps1
     . $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Host.ps1
     . $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Verbose.ps1
+    . $PSScriptRoot\..\..\Shared\OutputOverrides\Write-Warning.ps1
     . $PSScriptRoot\..\..\Shared\ScriptUpdateFunctions\Test-ScriptVersion.ps1
 
     $BuildVersion = ""
@@ -192,6 +193,7 @@ begin {
         -ErrorAction SilentlyContinue
     SetProperForegroundColor
     SetWriteVerboseAction ${Function:Write-DebugLog}
+    SetWriteWarningAction ${Function:Write-DebugLog}
 } process {
     $Server | ForEach-Object { $Script:ServerNameList.Add($_.ToUpper()) }
 } end {