• State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 61 subscribers
  • Views 15303 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create or Move Exchange Mailbox with Workflow

F.Ballango
over 8 years ago

Hello,


we are using ActiveRoles Version 7.

We want to automate User creation with workflows, but i have problems with the Mailbox creation.

We want to minimize the Rules we are using, so my Test approach is on Policy and after this the Settings are applied to the new user depending of the OU where the user is created.

With Mailbox creation i have tested the following:
1. Workflow sets the attributes mailnickname and homeMDB; in a later Step edsaCreateMsEchangeMailbox --> not working with Error Message "external Mail Address is missing"

2. created a default Policy with automatic creation of the Mailbox in the selected Store, the Workflow sets edsahomeMDB and edsaMoveMailbox "True" --> Error edsahomeMDB is missing

3. created a default Policy with automatic creation of the Mailbox in the selected Store, the Workflow sets extensionAttribute8 with the DN of the correctStore; a second Workflow starts a script which reads the User DN, extensionAttribute8 and mailNickname and starts "Set-QADUser $user -Proxy -ObjectAttributes @{"edsaMoveMailbox"=$true;"edsaHomeMDB"=$strEDSAhomeMDB}" --> Error Access Denied"

When i start a powershell with the User of our ActiveRoles Server Service the command "Set-QADUser $user -Proxy -ObjectAttributes @{"edsaMoveMailbox"=$true;"edsaHomeMDB"=$strEDSAhomeMDB}" works fine.

Does someone has a solution or concept for this ?

Is there some way to delete a moverequest from exchange when it is finished ?


Regards,

Florian Ballangó

  • 0 over 8 years ago

    Just so I understand this - you don't want to create a whole bunch of policies to set the location of mailboxes per OU.

    So that means that you need to intercept the user create request and insert into the request the desired location of the mailbox.

    So, your workflow needs to fire when a user create is attempted.

    Your script then needs to change the "in-flight" value of edsaHomeMDB.

    The script activity to do this needs to be placed before the User Create action in the workflow.

    The command to do this would be something like this:

     $Request.Put($Constants.ADS_PROPERTY_UPDATE, "edsaHomeMDB", "MailboxDB1")

    ("$Request" is the built-in ARS object that contains all the details of the user create request / transaction.)

    You need to wrap this in a function to be called by the script activity so something like this:

    function SetCorrectMailboxDB ($Request)

    {

    # Add code here to calculate the correct Mailbox DB

    # Example only

    $CorrectDB = "MailboxDB1"

    # Inject this new value into the target MDB attribute in the create request

    $Request.Put($Constants.ADS_PROPERTY_UPDATE, "edsaHomeMDB", $CorrectDB)

    }

    'Hope this helps.

  • 0 over 8 years ago

    Hello,


    nice approach.

    Where do i need to execute the Script ?
    Actualy the Workflow starts after the user creation.

    One mor Question:

    You have used the Variable $CorrectDB = "MailboxDB1".
    Is "MailboxDB1" the Name from the Exchange Database or must i use the DN ?

    Thanks for your help

    Florian

  • 0 over 8 years ago

    Would it not be better to have the workflow "catch" the user create BEFORE it happens and have the mailbox created in the correct location from the start?

    It is possible to have a workflow start condition like this.

    My script is simply added as a "script activity" in the workflow that gets triggered by the user create.

    When you're editing the workflow, the actual user create step ends up being the last step of the workflow.

    Does this make sense?

  • 0 over 8 years ago

    (not tested)

    function onPostCreate($Request)

    {

          #expecting that $Request contains $edsaHomeMDB

          #though rthe way ARS policy treats mbx creation: first create blank AD|user and then mbx-enable the excxiting AD\user

          $edsaHomeMDB = $Request.Get($edsaHomeMDB)

          if ($edsaHomeMDB -ne $null){

                $edsaHomeMDB = "CN=MailboxDB1,CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=test;"

                $Request.Put($Constants.ADS_PROPERTY_UPDATE, "edsaHomeMDB", $edsaHomeMDB)

          }    

    }

  • 0 over 8 years ago

    Hello Johnnyquest,


    you have right with your point "BEFORE it happens". Which Start Action do i need to use for the Workflow ?

    Actually available (User):

    • Any operation
    • Create
    • Modify properties
    • Move
    • Delete
    • Restore
    • Deprovision
    • Undo deprovision

    I see no option to start the workflow bevore User creation.

    My steps are the following:

    Create user with the "new User" Wizard and assigned policys for Username, Logonname, Mailboxselection and so on.
    When the Wizard is finished the Workflow with Option Create User is starting, but there the Mailbox is created yet.

    When i remove the Mailboxselection from the Policy and add it to the Workflow i receive the Message "external Mail Address is missing". Because of this Errormessage i create the Mailbox with the Policy and want to move it afterwards.

    Whenb you know a Solution for the "external Mail Address is missing", this is the better way.

  • 0 over 8 years ago

    Hello Aidar,


    can you tell me where do i need to enable your Script (Policy or Workflow)?

    Regards,

    Florian

  • 0 over 8 years ago

    By setting up the workflow to activate on a user create request, you are intercepting the creation.

    You will notice that when you set the start condition in the workflow to look for a user create that a "create user" activity will be placed in the workflow.  You can place your script activity before this in the workflow and your script will fire before the user gets created.

  • 0 over 8 years ago

    Hello johnnyquest,

    i have found the place to add your script. Where/How do i enable the Mailbox creation (with policy, no other option needed, in Workflow) ?

    Thanks,

    Florian

  • 0 over 8 years ago

    Hello johnnyquest,


    i have added your commands to a powershell script. After this i have enabled the Script in the Workflow.

    At the End of the User Creation Wizard i receive an Error Message:

    Activity 'Run script: Create Mailbox' in workflow 'FB Create User - Set Default Options' returned an error. At line: 13 char:1. Cannot find an overload for "Put" and the argument count: "3".

    Any Suggestions ?


    Regards,
    Florian

  • 0 over 8 years ago

    Hello,

    i have found the solution, thanks to Aidar and jhonnyquest.

    I have customized the Webinterface "Create User" Wizard with the extensionAttribute6 as dropdown with "Yes" and "No". I use this Attribute to control the Mailbox Creation with the Script

    Create a new Powershell Script in ActiveRoles with the following Content:

    <Script>
    function onPostCreate($Request)
    {
    # set next Value to one for Debug output
    $Debug = "0"
    # Start only if User
    if($Request.Class -eq "user")
        {

    # Set Default Variables:

    $MDB_Database1 = "CN=Database1,CN=Databases,CN=Exchange Administrative Group (Number),CN=Administrative Groups,CN=Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=Local"
    $MDB_Database2 = "CN=Database2,CN=Databases,CN=Exchange Administrative Group (Number),CN=Administrative Groups,CN=Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=Local"
    # Read User from Request
          $user = '"'                                                       # Add " as first character / enclosed with ' and '
            $user += $Request.DN
            $user += '"'                                                   # Add " as last character / enclosed with ' and '
                    if($Debug -eq "1")
                    {
                    Out-File  C:\Request.txt -Append -InputObject $user
                    }

    # Read ExtensionAttribute6 --> is set with a dropdown at user Create with yes or no

            $strAttr6 = $Request.Get("extensionAttribute6")

    if($strAttr6 -eq "Yes")

        {

    # Set Mailboxstore depending of the organizational Unit where the User is created


        if (($user -like "*OU=1,DC=Domain,DC=local*") -or ($user -like "*OU=2,DC=Domain,DC=local*"))
        {
        $edsaHomeMDB = $MDB_Database1
        } elseif (($user -like "*OU=3,DC=Domain,DC=local*") -or ($user -like "*OU=3,DC=Domain,DC=local*"))
        {
        $edsaHomeMDB = $MDB_Database2
        }

    # Set Variables to User Object

                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "homeMDB", $edsaHomeMDB)
                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "edsaHomeMDB", $edsaHomeMDB)
                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "edsaCreateMsExchMailbox", $true)

    # IF ExtensionAttribute6 = other than "Yes" clear Mailbox Settings

            } else {
               
                $edsaHomeMDB = $null
                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "homeMDB", $edsaHomeMDB)
                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "edsaHomeMDB", $edsaHomeMDB)
                $Request.PutEx($Constants.ADS_PROPERTY_UPDATE, "edsaCreateMsExchMailbox", $null)
               
                    }
            }
    }
    </Script>

    Create a Workflow with Target Object "User" and select Action "create".
    In the empty Workflow you have the green Startpoint/Arrow and as Text with gray background the "Operation execution: Create User".

    Add the previous cretated Script between the green Arrow and the Operation execution.