locked
Script agent - problem with domain controllers. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello.

    I'm trying to enforce some policies (in particular, assigning address book policies and disabling OWA/Activesync)  on our mailboxes using script agent.

    I'm using scripting agent configuration like this:

    <Feature Name="MailboxProvisioning" Cmdlets="enable-mailbox,new-mailbox">
	<ApiCall Name="OnComplete">
	if($succeeded)    {
		if ($provisioningHandler.UserSpecifiedParameters["Identity"] -ne $null) {$user = $provisioningHandler.UserSpecifiedParameters["Identity"].ToString()}
		else {$user = $provisioningHandler.UserSpecifiedParameters["Name"].ToString()}
		if($provisioningHandler.UserSpecifiedParameters["AddressBookPolicy"] -eq $null) { Set-Mailbox $user -AddressBookPolicy ABP_Default }
		Set-CasMailbox $user -OWAEnabled $false -ActiveSyncEnabled $false
	}
	</ApiCall>

    The problem is that we have three domain controllers in the AD site. So, if I use new-mailbox cmdlet immediately followed by set-mailbox (or any other mailbox or user operation), Exchange can query different domain controllers. AD replication isn't instant, and I got errors because cmdlet cannot find AD object.

    If I configure all setting by himself, I can use Set-ADServerSettings cmdlet, and all queries in single powershell session will be done to one DC. But mailbox tasks in our organization can be done by different people in different ways, so I want to use scripting agent to enforce correct settings.

    Is there any way to tell scripting agent to use the same DC in affected cmdlets and in agent's script blocks? The only way that I can think of is to use Set-ExchangeServer to set static DC configuration, but I want to avoid such extreme thing.

    Wednesday, September 19, 2012 9:11 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    I added in the below.  The first will find a DC in the site and then it uses it in the second command to set the attribute.  If it errors on one, then it will select the next one in the query.

    $DCs = Get-DomainController | where {$_.ADSite -like "*Chicago"}
    $DCs | foreach {Set-Mailbox $Alias -EmailAddressPolicyEnabled $false -DomainController $_.name -ErrorAction SilentlyContinue}

    Jason Apt, Microsoft Certified Master | Exchange 2010 My Blog

    • Proposed as answer by JasonApt Monday, August 25, 2014 2:59 PM
    • Marked as answer by ildarz Thursday, August 28, 2014 7:03 AM
    Thursday, February 6, 2014 6:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Well, it may be a workaround.

    Also I found this blog post - http://blogs.technet.com/b/rmilne/archive/2014/06/24/exchange-scripting-agent-_2d00_-the-power-of-script.aspx , looks like it describes a better way to deal with multiple DCs. I didn't test it though. 


    • Marked as answer by ildarz Thursday, August 28, 2014 7:11 AM
    • Edited by ildarz Thursday, August 28, 2014 7:12 AM
    Thursday, August 28, 2014 7:11 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

    You can specify the domain controller to be used in each command with the -DomainController parameter.

    Steve

    • Proposed as answer by Eric ZouZou Wednesday, September 19, 2012 9:24 AM
    • Unproposed as answer by ildarz Wednesday, September 19, 2012 9:33 AM
    Wednesday, September 19, 2012 9:16 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Yes, I know, but this parameter has to be manually specified. As I said, mailbox tasks can be done by different people in different ways. People can be lazy or forgetful, scripts can't. I want to be sure that correct setting will be enforced even if cmdlets are invoked without full set of correct parameters. I can pass some predefined mailbox properties to cmdlets using "ProvisionDefaultProperties" part of the scripting agent config, but I don't know how to pass -DomainController parameter.
    Wednesday, September 19, 2012 9:33 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello ildarz,

    If you want to set default domain controller in script, you can just follow Steve’s suggestion to add the domain controller in script.

    $Domaincontroller="DC.contoso.com"

    Set-mailbox -DomainController $Domaincontroller

    If you need users use the same domain controller in different ways, you can set Exchange to use the static domain controller.

    Thanks,

    Evan Liu

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tnmff@microsoft.com

    Evan Liu

    TechNet Community Support

    Thursday, September 20, 2012 8:52 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi

    It's exactly as Evan said, create a $Domaincontroller variable at the beginning of the script and then include the -Domaincontroller $domaincontroller parameter as part of every new- or set- command.

    Cheers, Steve

    Thursday, September 20, 2012 10:30 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for answers.

    Let me clarify my question. I use "ProvisionDefaultProperties" and "OnComplete" API calls in the scripting agent to customize behaviour of Exchange cmdlets. I want to know two things:

    1. If customized cmdlet can accept -DomainController parameter, is there some way to pass it's value through "ProvisionDefaultProperties" API Call (like I can pass different mailbox properties)?

    2. Is it possible to see in "OnComplete" API call which DC was actually used by customized cmdlet (new-mailbox for example)?

    If it is not possible then I'll think about other way.

    Also, are there any detailed guides about scripting agent? This and configuration file example from Exchange installation isn't very thorough...

    Thursday, September 20, 2012 3:42 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I added in the below.  The first will find a DC in the site and then it uses it in the second command to set the attribute.  If it errors on one, then it will select the next one in the query.

    $DCs = Get-DomainController | where {$_.ADSite -like "*Chicago"}
    $DCs | foreach {Set-Mailbox $Alias -EmailAddressPolicyEnabled $false -DomainController $_.name -ErrorAction SilentlyContinue}

    Jason Apt, Microsoft Certified Master | Exchange 2010 My Blog

    • Proposed as answer by JasonApt Monday, August 25, 2014 2:59 PM
    • Marked as answer by ildarz Thursday, August 28, 2014 7:03 AM
    Thursday, February 6, 2014 6:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Have there been any updates on this thread?

    Thanks,

    Jason

    Jason Apt, Microsoft Certified Master | Exchange 2010 My Blog

    Monday, August 25, 2014 3:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Well, it may be a workaround.

    Also I found this blog post - http://blogs.technet.com/b/rmilne/archive/2014/06/24/exchange-scripting-agent-_2d00_-the-power-of-script.aspx , looks like it describes a better way to deal with multiple DCs. I didn't test it though. 


    • Marked as answer by ildarz Thursday, August 28, 2014 7:11 AM
    • Edited by ildarz Thursday, August 28, 2014 7:12 AM
    Thursday, August 28, 2014 7:11 AM