none
FIM Codeplex PowerShell & Exchange mailbox provisioning RRS feed

  • Question

  • Hi,

    I would like to use the FIM PowerShell activity to create mailboxes for users, and when they are disabled in AD, I would like for FIM to disable their Exchange mailboxes. The activity I am talking about is: http://fim.codeplex.com/

    I have successfully registered this activity, but have no idea on how to proceed further with the powershell elements of the solution?

    Please could someone give me an idea of what is required?

    thank you,

    SK

    Friday, September 28, 2012 6:05 AM

All replies

  • Just a quick question - why not to create mailboxes using MA functionality for Exchange provisioning? And thus also modifications will be done through flows and agent functionality (I know Carol has touched this recently that she is doing this always with a script but I do this using MA most of the time and it works fine). 

    For Powershell you need to write a script in Exchange console which is doing what you want to do and then just use it in this activity.  Are you asking for a script to create a mailbox? 

    BTW - there is no something like "disable mailbox". Mailbox can't be disabled. Usually if I need to stop mailbox from functioning what I do is that I send reference to a specific user on a mailbox as the only user from whom this mailbox can receive e-mail. Just an idea. 

    Friday, September 28, 2012 7:34 AM
  • If you wanted an MA for Powershell / Exchange, you can use mine here (http://blog.goverco.com/p/powershell-management-agent.html). 

    I agree with Tomasz that you need to write a script that does what you want - and what "disabling" a mailbox means, varies from organizations to organizations; some just wants to hide it from the address lists (this you could do by just setting msExchHideFromAddressLists to true in the AD MA) - other wants other actions such as archiving or delegating access to the mailbox to manager og similar. So you really need to decide which action you want on "disabling a mailbox" - and then you can decide on the technology (properly PowerShell)

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Friday, September 28, 2012 7:48 AM
  • Thank you both.

    Yes, 'disabling' and Exchange mailbox does mean different things to different people - and we have already discussed it internally.

    I dont think I can use the built-in functionality of the MA due to the folowing reason: AD is the source of truth, so the account will first be created in AD by IT staff...then FIM will create the mailbox - hence I thought the only way to do this would be via powershell activity? Is that correct or can I still use the MA under these circumstances?

    Also, in the powershell activity do I simply use the cmdlet like this:

    "enable-mailbox -Identity domain\username -database server\sg\db"

    Thank you


    • Edited by D Wind Friday, September 28, 2012 8:59 AM
    Friday, September 28, 2012 8:54 AM
  • You can use the MA for all purposes as long as you can script it - and by flowing a value to the PS MA, you could do what ever you want to do in the script, including enabling/'disabling' mailboxes.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Friday, September 28, 2012 9:08 AM
  • Hi,

    So I am trying to use this one http://fim.codeplex.com/ and in the powershell activity window I have this simple example for now (just want to see this working):

    param($workflowDefinitionID,$RequestId,$AnchorId,$TargetId,$WorkflowData)

    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

    enable-mailbox -Identity Domain\username -Database 'server\SG\database'

    But the 'Search Request' section throws an error:

    Type is not resolved for member 'Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException,Microsoft.Exchange.Configuration.ObjectModel, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.

    I am trying to provision an Exchange 2007 mailbox, and have deployed Exchange 2007 EMC on the FIM Server (FIM Sync and Service & Portal are on the same server).

    What could this error be?

    thank you

    PS. If I run this command from powershell from FIM server it works:

    enable-mailbox -Identity Domain\username -Database 'server\SG\database'





    • Edited by D Wind Monday, October 1, 2012 3:40 AM
    Monday, October 1, 2012 3:23 AM
  • You need to check your security context maybe; when running the PS command as a WF, you're acting as the FIMService account (I guess, depending on how to workflow activity is written). So that user needs Exchange permissions.

    Try doing a RunAs as the FIMService service account and see that you can execute the Exchange PS cmdlet successfully.

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, October 1, 2012 7:05 AM
  • Hi Soren,

    I have given FIMService account 'Exch Org Admin' permissions (group membership). And just successfully executed the 'enable-mailbox...' cmdlet for a user from a Runas-FIMService account powershell ISE command prompt.

    I may start looking for other, simpler powershell workflow activities - I need something uncomplicated - register the activity, paste the powershell cmdlet and it should work - what I am trying to do is very straight forward.

    Thank you,

    SK

    Monday, October 1, 2012 8:04 AM
  • If you still have problems, you may need to restart the FIMSevice for it to pick up the new token with the new group membership.

    Is it working? Otherwise, you may want to take a look at my PS MA for doing Powershell instead of a workflow (http://blog.goverco.com/p/powershell-management-agent.html)


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, October 1, 2012 8:07 AM
  • solved.

    the cmdlet I had was: enable-mailbox -identity domain\username -database 'server\sg\database'

    while it should have been:

    enable-mailbox -identity domain\username -database "server\sg\database"

    it needs " " for Exchange 2007.

    thank you

    Wednesday, October 3, 2012 12:17 AM