Using PowerShell to Provide a List of Mailboxes by Mailbox Size and Export to CSV File

To provide a list of mailboxes by size in M365 and export it to a CSV file using PowerShell, you can use the following command:

Get-MailboxStatistics -ResultSize Unlimited | Sort-Object TotalItemSize -Descending | Select-Object DisplayName, ItemCount, ` @{Name="TotalItemSize(MB)";Expression={[math]::Round(($_.TotalItemSize.ToString().Split("(")[1].Split(" ")[0].Replace(",","")/1MB),2)}}, ` StorageLimitStatus, LastLogonTime | Export-Csv -Path "C:\MailboxSizes.csv" -NoTypeInformation

This command uses the Get-MailboxStatistics cmdlet to retrieve mailbox statistics for all mailboxes in the organization, sorts the results by the TotalItemSize property in descending order, selects the DisplayName, ItemCount, TotalItemSize in MB, StorageLimitStatus, and LastLogonTime properties, and then exports the results to a CSV file located at "C:\MailboxSizes.csv".

Note that the expression used to calculate the TotalItemSize in MB converts the value from bytes to MB and rounds it to two decimal places using the Round method. The -NoTypeInformation parameter is used to exclude the object type information from the CSV file to make it easier to read.

Enabling Previous Versions / Volume Shadow Copy on Windows 10 and 11 Via Command Line / PowerShell

 Volume Shadow Copy (VSS) is a feature in Windows that allows you to create snapshots of your system at different points in time. These snapshots are called "previous versions," and they can be used to recover files and folders that have been accidentally deleted or changed. It should be noted that Volume Shadow Copy does not take the place of backups, as the previous versions are stored on the same system as the data it is making a copy of, but it can be used to quickly and easily restore deleted or overwritten files and directories. 

VSSAdmin, also known as Volume Shadow Copy Service Administration, is a command-line utility tool used in Microsoft Windows operating systems and is used to manage and control the behavior of the Volume Shadow Copy Service, including creating, deleting, and modifying shadow copies.

To enable Volume Shadow Copy and create previous versions using VSSAdmin on Windows 10 or Windows 11, follow these steps:

Open Command Prompt as an administrator. To do this, click the Start button, type "powershell" in the search bar, right-click on the first result and select "Run as administrator."

Once launched, type the following command and press Enter to check if Volume Shadow Copy is already enabled:

vssadmin list shadowstorage

Since I don't yet have VSS enabled, I get the following result:

Enable the Volume Shadow Service:

vssadmin resize shadowstorage /for=C: /on=C: /maxsize=5GB

Once enabled, you can then use the wmic utility to create your first shadow copy:

wmic shadowcopy call create Volume='C:\'

You can learn more about the components of Volume Shadow Copy on Microsoft Learn - VSS Deep Dive

How to Properly Remove a Domain Account Profile from a Windows 10 / 11 Domain Joined Computer

Removing a domain user account from a Windows 10 domain joined workstation requires a few steps to ensure that the process is completed properly and fully. This is useful if you are re-deploying the computer to a new user and want to remove any data left behind from any previous users. This article outlines the steps required to remove a domain user account from a Windows 10 domain joined workstation.

Step 1: Log in as a Local Administrator

Before you can remove a domain user account, you must first log in as a local administrator on the workstation. This can be done by selecting the "Local Account" option on the login screen and entering the username and password of a local administrator account.

Step 2: Remove the User Account from the Local Administrators Group

Once you have logged in as a local administrator, you must remove the domain user account from the local administrators group on the workstation. This can be done by following these steps:

Open the Control Panel and select "User Accounts".

Select "Manage User Accounts".

Select the domain user account you want to remove and click "Remove".

Click "Yes" to confirm the removal.

Or

Launch Computer Manage by clicking Start, type compmgmt.msc and hit Enter. 

From the left window pane, expand Local Users and Groups and on the right double-click the Administrators group.

Step 3: Delete the User Profile

After you have removed the domain user account from the local administrators group, you must delete the user profile associated with the account. This can be done by following these steps:

Open the Control Panel and select "System".

Click on "Advanced system settings".

Under the "User Profiles" section, click on "Settings".

Select the domain user account you want to remove and click "Delete".

Click "Yes" to confirm the deletion.

Delete the Registry Entries

The next step is to delete the registry entries that correspond to the user account you want to delete. Removing a user profile following the steps above SHOULD remove the associated registry keys related to their account, but it's prudent to confirm the keys were actually removed. To do this, follow these steps:

Press the Windows key + R to open the Run dialog box.

Type "regedit" (without the quotes) and press Enter to open the Registry Editor.

Navigate to the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

In the left pane of the Registry Editor, locate the key that corresponds to the user account you want to delete. The key name will be a long string of letters and numbers, followed by the user account name.

Right-click on the key and select "Delete."

Confirm that you want to delete the key.

Repeat steps 4-6 for any other keys that correspond to the user account you want to delete.

Step 4: Reboot Your Computer

After deleting the user profile folder and registry entries, it's important to reboot your computer. This will ensure that any changes you made to the registry are fully applied. To reboot your computer, simply click on the Start menu, then click on the power icon, and select "Restart."

In conclusion, removing a domain profile from a Windows 10 workstation requires deleting the user profile folder and the corresponding registry entries. It's important to create a backup of the registry before making any changes, and to reboot your computer after deleting the registry entries. By following these steps, you can safely remove a domain profile from your Windows 10 workstation.

You can view a more in depth version of this article at RTGLabs.IT!