locked
exchange powershell script RRS feed

  • Question

  • i have an exchange 2007 with 2 domains controllers ,  i have ps1 scripts that open new users, mostly its working but from time to time , the script isnt working because im on a diffrent domain , and than i need to edit the script and change the domain

    example :

    "$dc = domaincontroller1"

    "Using DC - $DC to create the mailbox"

    and in order to fix it i need to change the script to "$dc = domaincontroller2"

    how can i make the script to retrieve which dc it works on , and automaticly insert/modify the correct dc in to the script .

    Thanks,

    Johnny

    Wednesday, July 25, 2012 8:38 AM

Answers

  • Try {new-mailbox -domaincontroller DC1 ......... -erroraction 'Stop'}

    Catch {new-mailbox -domaincontroller DC2 .........}

    PS will attempt to run whatever is in the Try block. If a terminting error occurs it will then run whatever is in the following Catch block.  Note that it must be a terminating error (that's why the -erroraction 'Stop' parameter is used on the command in the Try block). 


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Wednesday, July 25, 2012 3:30 PM
  • Create a hashtable of smtp domains, with the DC for that domain as the value. Use that to determine which is the appropriate DC to use for the address of the smtp domain for the user.

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Tuesday, July 31, 2012 11:04 AM

All replies

  • if both DC are in the same domain (1 forest - 1 domain), you dont need to change DC, however you may have some latency with AD replication, just add a Start-Sleep to delay operations.

    If there are multiple domains in the same forest, you can use the $AdminSessionADSettings.ViewEntireForest = $true to change the script scope to the entire forest.

    If there are multiple forest, you have to rely on request on each forest to search where the user belong and adjust your $dc to the correct forest.



    • Edited by Bruce JDC Wednesday, July 25, 2012 8:53 AM
    Wednesday, July 25, 2012 8:53 AM
  • ahm dont know if the effect of entire forest is correct , the 2 dcs are in the same domain and forest, but its designed as cloud , meaning those scripts are preveting companies that we give IT services to see each other's domain or users , and if i make it to entire forest , it can be a problem , so i need in the script something that can "get" the dc that i work with , and modify the $dc setting to the correct dc .

    because its a cloud design i prefer not to make adjustment in the forest level .

    Thanks,

    Johnny

    Wednesday, July 25, 2012 10:02 AM
  • If there are only 2 DCs, you could use try/catch.

    Use the first DC in the Try block, and if it throws an error that will invoke the Catch block, where you can try it again with the other DC.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Wednesday, July 25, 2012 10:57 AM
  • im sorry but dont know the try/catch command , any example that i can understand it ?
    Wednesday, July 25, 2012 3:18 PM
  • Try {new-mailbox -domaincontroller DC1 ......... -erroraction 'Stop'}

    Catch {new-mailbox -domaincontroller DC2 .........}

    PS will attempt to run whatever is in the Try block. If a terminting error occurs it will then run whatever is in the following Catch block.  Note that it must be a terminating error (that's why the -erroraction 'Stop' parameter is used on the command in the Try block). 


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Wednesday, July 25, 2012 3:30 PM
  • On Wed, 25 Jul 2012 08:38:52 +0000, MagicMan007 wrote:
     
    >
    >
    >i have an exchange 2007 with 2 domains controllers , i have ps1 scripts that open new users, mostly its working but from time to time , the script isnt working because im on a diffrent domain , and than i need to edit the script and change the domain
    >
    >example :
    >
    >"$dc = domaincontroller1"
    >
    >"Using DC - $DC to create the mailbox"
    >
    >and in order to fix it i need to change the script to "$dc = domaincontroller2"
    >
    >how can i make the script to retrieve which dc it works on , and automaticly insert/modify the correct dc in to the script .
     
    Wouldn't "Get-ADDomainController" work if you used the "-Discover
    -ForceDiscover" switches? That should return a single DC in the AD
    site where the script runs.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Thursday, July 26, 2012 12:47 AM
  • I think you can follow mjolinor's suggestion, use try/catch command.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Thursday, July 26, 2012 7:32 AM
    Moderator
  • ok i see what you mean but it doesnt fit to the script , here are the stages in the script for your better understanding :

    stage1:

    "1 of 12"
    $DC = "dc1.domain.net"
    "Using DC - $DC to create the mailbox"

    $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $DC)
    $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
    $root = $domain.psbase.GetDirectoryEntry()

    # check if the 'Companies' ou exists
    $orgs = $null
    $orgs = $root.psbase.Children.psbase.Find("OU=blabla")

    if ($orgs -eq $null)
    {
    " "
    write-host "Cannot find an OU named 'Companies'"; exit
    " "
    }
    #-----------------------------
    #-----------------------------

    stage 2 :

    "2 of 12"
    "Enter User Company Name:"
    $UserCompany = "company"
    #[Console]::ReadLine().Trim()
    " "
    #check for this companies OU
    #--------------------------------
    #--------------------------------

    # find the org itself
    $newOrg = $null
    $newOrg = $orgs.psbase.Children.psbase.Find("ou="+$userCompany)
    if ($newOrg -eq $null)
    {
    " "
    write-host "Cannot find an OU named" $userCompany
    " "
    exit
    }
    #---------------------------------
    #---------------------------------

    stage 3 :

    "3 of 12"
    "Enter User First Name:"
    $UserFirst = [Console]::ReadLine()
    $UserFirst = $UserFirst.Trim()
    " "

    stage 4 :

    "4 of 12"
    "Enter User Last Name:"
    $UserLast = [Console]::ReadLine()
    $UserLast = $UserLast.Trim()
    " "

    stage 5 :

    "5 of 12"
    do

    {

    "Enter User UPN:"

    $UserUPN = [Console]::ReadLine()

    $userUPN = $UserUPN.Trim()

    $tmpUser = Get-User -Filter {UserPrincipalName -eq $userUPN}

    if($tmpUser -ne $null)

    {

    write-host "The upn already exists in the directory! Please enter a unique UPN"

    }

    }

    while($tmpUser -ne $null)" "

    stage 6 :

    "6 of 12, parsing UPN name"

    " "
    $useralias = $userUPN.split("@")[0]
    $userdomain = $userUPN.split("@")[1]
    $userFull = $UserFirst + " " + $UserLast
    $UserOU = domain.net/blabla/" + $UserCompany
    $SamAccountName = $userAlias

    stage 7 :

    "7 of 12, creating mailbox"
    New-Mailbox -Name $UserFull -Alias $UserAlias -OrganizationalUnit $UserOU -UserPrincipalName $UserUPN -SamAccountName $SamAccountName -FirstName $UserFirst -LastName $UserLast -ResetPasswordOnNextLogon $false -Database "company" -domaincontroller $DC

    stage 8 :

    "8 of 12, setting customattribute1 to $userCompany"
    set-mailbox "$userAlias" -customattribute1 "$userCompany" -offlineaddressbook "company OAB" -domaincontroller $DC -EmailAddressPolicyEnabled $false -emailAddresses ("SMTP:" + $userAlias + "@" + $userDomain) -windowsEmailAddress ($useralias + "@" + $userdomain)

    stage 9 :

    "9 of 12, adding $userAlias to $usercompany security group"
    add-distributiongroupmember "company" -member "$userAlias" -domaincontroller $DC

    stage 10 :

    "10 of 12, updating Address List"
    update-addresslist "company AL"

    #=============================
    # Mailbox Confirmation Section
    #=============================

    $a1 = get-mailbox $UserAlias
    $a2 = $a1.name
    $a3 = $a1.addresslistmembership
    $a4 = $a1.OfflineAddressBook
    $a5 = $a1.userprincipalname
    $a6 = $a1.organizationalunit
    $a7 = $a1.customattribute1
    $a8 = $a1.distinguishedname
    $a10 = $a1.emailaddresses

    stage 11:

    "11 of 12, Setting msExchQueryBaseDN"
    #To Bind:
    $user = ([ADSI]"LDAP://$a8").psbase;
    #To Modify:
    $user.Properties["msExchQueryBaseDN"].Value = "ou=$a7,ou=bla,dc=domain,dc=int";
    $user.CommitChanges();

    $a9 = $user.Properties["msExchQueryBaseDN"]
    $a9b =$user.Properties["memberof"]

    stage 12:

    "12 of 12, Display Attributes"
    " "
    "Address List Membership: $a3"
    "Alias: $userAlias"
    "CustomAttribute1: $a7"
    "DN: $a8"
    "Email Addresses: $a10"
    "Memberof: $a9b"
    "mxExchQueryBaseDN: $a9"
    "Offline Address Book: $a4"
    "UPN: $a5"
    "OU: $a6"
    "User Name: $a2"
    " "

    if the error comes at phase 11 , i need to correct the dc in phase 1 in order to fix it - ofcourse i need to delete the mailbox it created fix the script and re launch it , the error in phase 11 is :

    "Exception calling "CommtChanges" with "0" argument(s): "A constraint violation occureed. (Exception from HRESULT: 0x8007202F

    At c:\scripts\script.ps1:187 char:20

    +$userCommitChanges <<<< ();

    +CategoryInfo :NotSpecified: (:) [], ParentContainsErrorRecordException

    +FullyQualifiedErrorId: DotNetMethodExceptioon"

    Thursday, July 26, 2012 9:41 AM
  • I'm not understanding your description of the environment.

    In the initial post, you said:

    the script isnt working because im on a diffrent domain , and than i need to edit the script and change the domain

    But then in a subsequent reply:

    the 2 dcs are in the same domain and forest,


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Thursday, July 26, 2012 1:02 PM
  • 2 dcs in the same forest , and a lot of domains , not just one domain
    Saturday, July 28, 2012 9:11 AM
  • Still not clear. 2 dcs implies 2 (AD) domains.  Do you mean lots of smtp domains?

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Saturday, July 28, 2012 11:12 AM
  • yep lots of smtp domains
    Tuesday, July 31, 2012 4:46 AM
  • Create a hashtable of smtp domains, with the DC for that domain as the value. Use that to determine which is the appropriate DC to use for the address of the smtp domain for the user.

    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Tuesday, July 31, 2012 11:04 AM