locked
Exchange 2010 cmdlets vs. FIM RRS feed

  • Question

  • Hello - for all the rudimentary use cases (create mail-enabled AD user, enable mailbox for existing AD user, delete user) FIM worked as expected against Exchange 2003/2007 mixed-mode.

    Just wondering how easy or difficult it would be implement equivalents of Exchange 2010 cmdlet functions such as enable-mailbox, disable-mailbox, connect-mailbox, remove-mailbox (mostly recipient cmdlets) in FIM?

    Looking for some thought starters....thanks!
    Anu
    Monday, February 1, 2010 9:39 PM

Answers

  • Not easy.

    I wrote up this powershell xma last year: http://www.wapshere.com/missmiis/adding-exchange-2007-mailboxes-to-existing-user-accounts

    BUT I don't know how good it would be at running multiple different cmdlets. Yes you could make the cmdlet itself one of the attributes on the cs object, to then be run as appropriate by the export routine - but how would you do an import? Sometimes people use "export-only MAs", but I don't think that's a good idea as you loose the confirmation and retry. You'd do just as well exporting your cmdlets out to a ps1 script file and then running them from a scheduled task, or as part of your job scheduling scripts.

    Carol


    http://www.wapshere.com/missmiis
    Tuesday, February 2, 2010 8:17 PM

All replies

  • Not easy.

    I wrote up this powershell xma last year: http://www.wapshere.com/missmiis/adding-exchange-2007-mailboxes-to-existing-user-accounts

    BUT I don't know how good it would be at running multiple different cmdlets. Yes you could make the cmdlet itself one of the attributes on the cs object, to then be run as appropriate by the export routine - but how would you do an import? Sometimes people use "export-only MAs", but I don't think that's a good idea as you loose the confirmation and retry. You'd do just as well exporting your cmdlets out to a ps1 script file and then running them from a scheduled task, or as part of your job scheduling scripts.

    Carol


    http://www.wapshere.com/missmiis
    Tuesday, February 2, 2010 8:17 PM
  • Hi Carol,

    I was very impressed the way you got one of the use cases working for enabling 2007 mailboxes. I used your same technique a few months ago to PoC mixed mode 2003/2007 mailbox provisioning with FIM RC0.

    It is hard to tell your customer and say FIM can do this but not that when it comes to general administration of mailboxes or managing email information on users or contacts. Trying hard to figure out a viable solution, exploring invoking cmdlets via rules extensions that may be run out of process.

    I like your idea too - will try "assembling" the right cmdlet and its data into a file based on requests coming in from portal and then running them from scheduled task.

    Thanks for your time and great feedback!

    Anu
    Anu
    Wednesday, February 3, 2010 12:17 AM
  • Hi carol,

    Im triying to build an xma like your example but I have a problem with the path of the exchange database, the path is:

    \\servername\E:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group.

    I don't know how to put the parameter in the command.

    Do you have any idea???

    Thursday, September 9, 2010 1:02 AM
  • I'm not sure which bit you're referring to but I expect the required path is to the AD object for the database, not the physical file path. It will look something like this:

    CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=EXCHSCR,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local 


    http://www.wapshere.com/missmiis
    Thursday, September 9, 2010 6:47 AM
  • Thanks for you answer. This is my code with te database path and I have the same error: "Database was not found"

     

    RunspaceConfiguration config= RunspaceConfiguration.Create();

     

    string pscmd ;

     

    Pipeline pipeLine;

     

    PSSnapInException warning=null;

     

    "Microsoft.Exchange.Management.PowerShell.Admin",out warning);

     

    Runspace myRunSpace = RunspaceFactory.CreateRunspace(config);

     

    Command createMailbox = new Command("Enable-Mailbox");

     

    createMailbox.Parameters.Add(

    "identity", "server.com.mx/testAD");

     

    "alias", "testAD");

     

    "database", @"CN=Mailbox Database,CN=First Storage Group"+

     

    ",CN=InformationStore,CN=server55,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),"+

     

    "CN=Administrative Groups,CN=server,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=server"+

     

    ",DC=com,DC=mx");

     

    pipeLine = myRunSpace.CreatePipeline();

    pipeLine.Commands.Add(createMailbox);

    pipeLine.Invoke();

     

    Thanks in advance

     

     

     

    createMailbox.Parameters.Add(

    createMailbox.Parameters.Add(

     

    myRunSpace.Open();

     

     

    config.AddPSSnapIn(

     

     

     

    • Edited by Axlrod86 Tuesday, September 14, 2010 1:34 AM
    Thursday, September 9, 2010 3:35 PM
  • Thursday, September 9, 2010 6:26 PM
  • Thanks Carol,

    I'm developing a rule extension on the AD MA based on your code, because not all the users that have account on AD must have a mailbox in Exchange. I have 3 mailbox storage and there no rule to use them, so I'm calling them with a random.

    I'm using the following code:

     

     

    void IMASynchronization.MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry)

    {

     

    if (mventry["PuestoMail"].Value == "true")

    {

     

    RunspaceConfiguration config = RunspaceConfiguration.Create();

     

    Pipeline pipeLine;

     

    PSSnapInException warning = null;

    config.AddPSSnapIn(

    "Microsoft.Exchange.Management.PowerShell.Admin", out warning);

     

    Runspace myRunSpace = RunspaceFactory.CreateRunspace(config);

     

    Command createMailbox = new Command("Enable-Mailbox");

     

     

    string username = mventry["mailNickname"].Value;

     

    Random random;

     

    string path;

     

    random =

    new Random();

     

    double num = random.Next(0, 30);

     

    string storage = null;

     

    if (num < 10)

    {

    storage =

    @"server55\Second Storage Group\SG2 Mailbox 01";

    path=

    "CN=SG2 Mailbox 01,CN=Second Storage Group";

    }

     

    else

     

    if (num < 20)

    {

    storage =

    @"server55\first Storage Group\Mailbox database";

    path =

    "CN=Mailbox database,CN=first Storage Group";

    }

     

    else

    {

    storage =

    @"server55\Third Storage Group\SG3 Mailbox 01";

    path =

    "CN=SG3 Mailbox 01,CN=Third Storage Group";

    }

    createMailbox =

    new Command("Enable-Mailbox");

    myRunSpace.Open();

    createMailbox.Parameters.Add(

    "identity", username + "@domain.com.mx");

    createMailbox.Parameters.Add(

    "DomainController", "server01");

    createMailbox.Parameters.Add(

    "database", storage);

    pipeLine = myRunSpace.CreatePipeline();

    pipeLine.Commands.Add(createMailbox);

    pipeLine.Invoke();

    myRunSpace.Close();

    csentry[

    "HomeMDB"].Value=path+ "CN=InformationStore,CN=SERVER55,CN=Servers,"+

     

    "CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,"+

     

    "CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com,DC=mx;";

     

     

    }

     

     

    On the AD MA I have the follow attribute flow

    DS attribute

    Action

    MV attribute

    Extensionattribute3

    Export

    mailbox

    and it seems working but I just get a contact on Exchange none of my user get a SMTP mail address, and I dont know how to fill the HomeMBD attribute. I just used this flow to call my rule extension I guess that this is the problem. Should I use HomeMDB? how should I do the advanced flow???

    Could you help me out. If there is a little oportunnity would you accpet make a VPN session to check out my config. please?

     My best regards

    Tuesday, September 14, 2010 1:26 AM
  • Hi there

    I'm Having the same issue with a Exchange MA as Carol just did, but when I run the export profile it run succesfully, but I can´t get a SMTP E-Mail Address. It just look like a contact.

    The Exchange MA call the follow powershell cmd:

    Enable-Mailbox -Identity 'domain.com/test/John Smith' -Alias 'John.Smith' -Database 'serverExch\First Storage Group\Mailbox Database

    The odd thing is that when I ran this cmd on the Exchange powershell it works correctly, I get a nice MailBox.

     Although when I ran it from my Exchange MA calling the DLL I just get the user as a contact and is missing the SMTP E-mail Account

    It sound familiar for you guys.

    Thanks for your help :)

    Tuesday, September 14, 2010 10:50 PM
  • I'm not sure you need to be doing it this way anyway. You should just be able to apply the email attributes through export flow rules, with a regular AD Management agent. It doesn't matter that you only want certain users to have a mailbox - just make the flow rules use the flag.

    See my article on the Greatest Hits section of the ILM forum: http://social.technet.microsoft.com/Forums/en-US/identitylifecyclemanager/thread/f8ad045d-7252-4cd1-a189-d704a8f99129


    http://www.wapshere.com/missmiis
    Wednesday, September 15, 2010 8:26 AM
  • Hi carol a lot of thanks for all your answers.

    I have another question i want to retrieve de Exchange users (like your Exchange MA), Im using get-user powershell code but I wany to retrieve only specific attributes. Fo you know hoy to do that???

    Thanks

    Friday, October 8, 2010 11:08 PM
  • You'll need a different XMA for that, one that just deals with this data. Something like this: http://www.wapshere.com/missmiis/remote-powershell-script-xma


    http://www.wapshere.com/missmiis
    Saturday, October 9, 2010 5:45 AM
  • Thought I would put my 2 cents on this...

    1.  Default FIM/ILM/MIIS is lacking with its exchange funtionality... Alot can be done though...

    2.  Please stay away from making any calls in rules extension, its bad practice and you will see alot of different results and you will have to adjust your run profiles.... You will also cause all sorts of issues... I have seen alot...

    3.  XMA is a nice approach doing single cmdlets.. But becomes quite crazy expecially when you want to do multiple things..

    Example.. You want to mail-disable someone then mailbox-enable the person..

    I know, because I have done an xma this way...

    The best way I find is to do it in workflow... Workflow in FIM, is still not very mature... docs are coming everyday.. and it will get better...

    You can manage these transitions much easier... but it will be a little bit more complicated.. if you haven't coded alot...

    Good luck...

     

    Here's a link to how to create custom workflow

    http://msdn.microsoft.com/en-us/library/ff859524.aspx


    Joe Stepongzi - Identity Management Consultant www.microsoftIdM.com,ilmXframework.codeplex.com
    Sunday, October 10, 2010 6:04 AM