$ErrorActionPreference = "SilentlyContinue"$WarningActionPreference = "Silentl

1. $ErrorActionPreference = "SilentlyContinue"
2. $WarningActionPreference = "SilentlyContinue"
3.  
4. $CheckPS = Get-Command Get-Mailbox
5. If ($CheckPS.Name -ne "Get-Mailbox")
6. {Write-Host "This script must be run using the Exchange Management Shell. Please close this PowerShell session, open the Exchange Management Shell, and then run the configuration script again." -back red -for black
7. $ErrorActionPreference = "Continue"
8. exit}
9.  
10. $ErrorActionPreference = "Continue"
11. $WarningActionPreference = "Continue"
12.  
13. Get-ExchangeServer *>&1 | Out-Null
14.  
15. $DC = (Get-ADDomain).InfrastructureMaster
16.  
17. $LabDomain = (Get-AcceptedDomain | where {$_.DomainName -like "Lab*"}).DomainName.Domain.Substring(0,8)
18.  
19. $MBXServer = (Get-ExchangeServer | where-object {($_.ServerRole -like "Mailbox*") -and ($_.Name -eq $env:computername)}).Name
20.  
21. $LyncPool = "redpool.contoso.local"
22.  
23. Function VerifyPath1 {
24. $filepath = Test-Path "C:\LabFiles\DigiCert_certs.zip"
25. return $filepath
26. }
27.  
28. Function Extract {
29. if (VerifyPath1 -eq "True") {
30.  
31. $shell = new-object -com shell.application
32. $zip = $shell.NameSpace("C:\LabFiles\DigiCert_certs.zip")
33. foreach($item in $zip.items())
34. {
35. $shell.Namespace("C:\LabFiles").copyhere($item)
36. }
37.  
38. } else {
39.  
40. write-host "The DigiCert_certs.zip file does not appear to be located in the C:\LabFiles folder. Please verify the file exists and rerun the script." -back red -for black
41.  
42. exit
43.  
44. }
45. }
46.  
47. Extract
48.  
49.  
50. #Importing the publicly trusted certificate and assigning services for Exchange Server
51.  
52. Write-Host "Importing the publicly trusted certificate and assigning services for Exchange Server" -back yellow -for black
53.  
54. $CertPath = "C:\LabFiles\certs\sip_" + $Labdomain + "_o365ready_com.cer"
55.  
56. Import-ExchangeCertificate -Server $MBXServer -FileData ([Byte[]]$(Get-Content -Path $CertPath -Encoding Byte -ReadCount 0)) | Out-Null
57.  
58. Start-Sleep -s 3
59.  
60. $Cert = Get-ExchangeCertificate | where {$_.Subject -like "CN=sip*"}
61.  
62. Enable-ExchangeCertificate -Thumbprint $Cert.Thumbprint -Service IIS,SMTP -Force
63.  
64. Start-Sleep -s 3
65.  
66. $password = ConvertTo-SecureString 'Pa$$w0rd' -asplaintext -force
67.  
68. [String]$CertThumb = $Cert.Thumbprint
69.  
70. Export-PfxCertificate -Cert cert:\LocalMachine\My\$CertThumb -ChainOption BuildChain -FilePath C:\LabFiles\LabCert.pfx -Password $password | Out-Null
71.  
72.  
73. # Completing private certificate request and importing certificate
74.  
75. certreq -submit -config DC1.Contoso.local\Contoso-DC1-CA -attrib "CertificateTemplate:WebServer" C:\Scripts\PrivCertRequest.req C:\Scripts\PrivCert.cer | Out-Null
76.  
77. $CertPath = "C:\Scripts\PrivCert.cer"
78.  
79. Import-ExchangeCertificate -Server $MBXServer -FileData ([Byte[]]$(Get-Content -Path $CertPath -Encoding Byte -ReadCount 0)) | Out-Null
80.  
81. $PrivCert = Get-ExchangeCertificate | where {$_.Subject -like "CN=mail*"}
82.  
83. Get-ChildItem -Path C:\Scripts -Recurse | Where {$_.Name -like "Priv*"} | Remove-Item
84.  
85.  
86. # Configure Outlook Web App for IM integration
87.  
88. Write-Host "Configure Outlook Web App IM integration" -back yellow -for black
89.  
90. Get-OwaVirtualDirectory -Server $MBXServer | Set-OwaVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled $true
91.  
92. Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $true -InstantMessagingType OCS
93.  
94. $filepath = "\\$MBXServer\C$\Program Files\Microsoft\Exchange Server\v15\ClientAccess\Owa\"
95.  
96. $file = "web.config"
97.  
98. $fileName = $filepath + $file
99.  
100. $tag = "<appSettings>"
101.  
102. $key1 = '<add key="IMCertificateThumbprint"' + ' value="' + $PrivCert.thumbprint + '" />'
103.  
104. $key2 = '<add key="IMServerName"' + ' value="' + $LyncPool + '" />'
105.  
106. $value = ($tag+"`r`n"+$key1+"`r`n"+$key2)
107.  
108. Copy-Item $filename ($filepath + $file + ".backup" + (Get-Date -format 'yyyy-MM-dd.hh.mm'))
109.  
110. (Get-Content $filename) | Foreach-Object {$_ -replace $tag,$value} | Set-Content $filename
111.  
112. C:\windows\system32\inetsrv\appcmd recycle apppool /apppool.name:"MSExchangeOWAAppPool" | Out-Null
113.  
114.  
115. # Import certificate into Local Machine Certificate Store on TMG1, configure Firewall and Web Listener
116.  
117. Write-Host "Importing the publicly trusted certificate, configuring firewall and web listener on TMG1" -back yellow -for black
118.  
119. Get-PsSession | where {$_.ComputerName -eq "TMG1"} | Remove-PsSession
120.  
121. $username = "Admin"
122.  
123. $password = ConvertTo-SecureString 'Pa$$w0rd' -asplaintext -force
124.  
125. $cred = New-Object System.Management.Automation.PsCredential($username,$password)
126.  
127. New-PSDrive -Name TMG -PSProvider FileSystem -Credential $cred -Root \\TMG1\c$\LabFiles | out-null
128.  
129. Copy-Item C:\LabFiles\Labcert.pfx TMG:\
130.  
131. $PubCertThumbprint = (Get-ExchangeCertificate | where {$_.Subject -like "CN=sip*"}).Thumbprint
132.  
133. $sessionTMG = New-PSSession -ComputerName TMG1 -Credential $cred
134.  
135. Invoke-Command -Session $sessionTMG -ScriptBlock {
136.  
137. $certcmd = 'certutil -p Pa$$w0rd -importpfx C:\LabFiles\Labcert.pfx'
138.  
139. cmd.exe /c $certcmd | Out-Null
140.  
141. # Import lab rules xml file
142.  
143. $FPC = New-Object -ComObject FPC.root
144. $array = $FPC.GetContainingArray()
145. $LabTMGrules = "C:\LabFiles\LabTMGRules-$args.xml"
146. $PolicyRules = $Array.ArrayPolicy.PolicyRules
147. $PolicyRules.ImportFromFile($LabTMGrules,"")
148. $Array.Save($True,$True)
149.  
150. # Update existing web listener certificate with public certificate
151.  
152. $FPC = New-Object -ComObject FPC.root
153. $array = $FPC.GetContainingArray()
154. $listener = $array.RuleElements.WebListeners | Where-Object {$_.Name -eq "Lab Services"}
155. $LabCert = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object {$_.Subject -like "CN=sip*"}
156. $NewCertThumb = $LabCert.Thumbprint
157. $MyServer= $FPC.GetContainingServer()
158. $Listener.Properties.AppliedSSLCertificates.Remove(1)
159. $NewCert = $MyServer.SSLServerCertificates | Where-Object { (([byte[]]$_.Hash | ForEach-Object { $_.ToString("X2") } ) -Join '' ) -eq $NewCertThumb}
160. $Listener.Properties.AppliedSSLCertificates.Add($NewCert.Hash,"")
161. $listener.Save($True,$True)
162.  
163. } -args $LabDomain | Out-Null
164.  
165. # Import certificate into Local Machine Certificate Store on member servers
166.  
167. Write-Host "Importing the publicly trusted certificate on member server(s)" -back yellow -for black
168.  
169. #If (Test-Connection -ComputerName VIS1 -Count 1 -Quiet) {
170. #
171. #Copy-Item C:\LabFiles\LabCert.pfx \\VIS1\C$\LabFiles
172. #
173. #Invoke-Command -ComputerName VIS1 -ScriptBlock {
174. #
175. # Import-PfxCertificate -FilePath C:\LabFiles\LabCert.pfx -Password $args[0] -CertStoreLocation cert:\localMachine\My
176. #
177. # } -args $password
178. # }
179. #Else {Write-Host "VIS1 not online"}
180.  
181. If (Test-Connection -ComputerName SRV1 -Count 1 -Quiet) {
182.  
183. Copy-Item C:\LabFiles\LabCert.pfx \\SRV1\C$\LabFiles
184.  
185. Invoke-Command -ComputerName SRV1 -ScriptBlock {
186.  
187. Import-PfxCertificate -FilePath C:\LabFiles\LabCert.pfx -Password $args[0] -CertStoreLocation cert:\localMachine\My | Out-Null
188.  
189. } -args $password
190. }
191. Else {Write-Host "SRV1 not online"}
192.  
193. Copy-Item C:\LabFiles\LabCert.pfx \\$DC\C$\LabFiles
194.  
195.  
196. ""
197. Write-Host "Complete" -back yellow -for black