0
Answered

IdBPlus Projects with Exchange Provisioning

Daniel Walters 7 years ago in UNIFYBroker/Plus updated by anonymous 7 years ago 1

Does anyone know of any projects that used IdBPlus and configured Exchange Provisioning? My initial investigation suggests it's more complicated than a simple enable-mailbox -identity x in a post-provisioning task.

Answer

Answer
Answered

The base script that I'd recommend starting with and adapting is as follows. It can be run unlimited times without duplication as it checks for users in AD that haven't been enabled. This particular script uses the default Exchange rules for mailbox name, but can be adapted by changing the arguments supplied to the Enable-Mailbox command:

# STEP 1
#   The first step involves securing the password to Exchange.
#   The following command should be run in a PowerShell console, changing the out-file to the desired location:
#     read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt
#   Enter the password to Exchange. A file should be written to the desired location.
#   If a permission error was shown, try running the script as administrator, or select a new location.
# STEP 2
#   Configure the following settings:
#     ExchangeServer - Configure the URL to the PowerShell virtual directory on the Exchange machine.
#     AdminAccount   - The name of the account being used to connect to the Exchange machine.
#     SearchBase     - The deepest container that holds all items being managed.
#     Filter         - The LDAP filter to select items that have not been mail enabled. This will probably not need to be updated.
#     Password       - The file path should be updated to the file created in STEP 1.
$ExchangeServer = http://exchange/PowerShell/
$AdminAccount = "DOMAIN\Administrator"
$SearchBase = "OU=RootContainer,DC=organization"
$Filter = "(&(objectCategory=user)(objectClass=user)(!msExchHomeServerName=*))"
$Password = cat C:\securestring.txt | convertto-securestring
# END OF CONFIGURABLE SECTION #
$UserCredential =  New-Object -Typename System.Management.Automation.PSCredential -Argumentlist $AdminAccount,$Password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeServer -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session
Add-Type -Assembly Microsoft.ActiveDirectory.Management
Import-Module ActiveDirectory
$users = get-aduser -LDAPFilter $Filter -searchbase $SearchBase -searchscope "Subtree"
if ($users -ne $null) 
{
    foreach ($user in $users)
    {
        Enable-Mailbox $user.SamAccountName | Set-Mailbox -SingleItemRecoveryEnabled $true
    }
}
#Exit-PSSession
Remove-PSSession -session $Session
GOOD, I'M SATISFIED
Satisfaction mark by Daniel Walters 7 years ago
Answer
Answered

The base script that I'd recommend starting with and adapting is as follows. It can be run unlimited times without duplication as it checks for users in AD that haven't been enabled. This particular script uses the default Exchange rules for mailbox name, but can be adapted by changing the arguments supplied to the Enable-Mailbox command:

# STEP 1
#   The first step involves securing the password to Exchange.
#   The following command should be run in a PowerShell console, changing the out-file to the desired location:
#     read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt
#   Enter the password to Exchange. A file should be written to the desired location.
#   If a permission error was shown, try running the script as administrator, or select a new location.
# STEP 2
#   Configure the following settings:
#     ExchangeServer - Configure the URL to the PowerShell virtual directory on the Exchange machine.
#     AdminAccount   - The name of the account being used to connect to the Exchange machine.
#     SearchBase     - The deepest container that holds all items being managed.
#     Filter         - The LDAP filter to select items that have not been mail enabled. This will probably not need to be updated.
#     Password       - The file path should be updated to the file created in STEP 1.
$ExchangeServer = http://exchange/PowerShell/
$AdminAccount = "DOMAIN\Administrator"
$SearchBase = "OU=RootContainer,DC=organization"
$Filter = "(&(objectCategory=user)(objectClass=user)(!msExchHomeServerName=*))"
$Password = cat C:\securestring.txt | convertto-securestring
# END OF CONFIGURABLE SECTION #
$UserCredential =  New-Object -Typename System.Management.Automation.PSCredential -Argumentlist $AdminAccount,$Password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeServer -Authentication Kerberos -Credential $UserCredential
Import-PSSession $Session
Add-Type -Assembly Microsoft.ActiveDirectory.Management
Import-Module ActiveDirectory
$users = get-aduser -LDAPFilter $Filter -searchbase $SearchBase -searchscope "Subtree"
if ($users -ne $null) 
{
    foreach ($user in $users)
    {
        Enable-Mailbox $user.SamAccountName | Set-Mailbox -SingleItemRecoveryEnabled $true
    }
}
#Exit-PSSession
Remove-PSSession -session $Session