new-blogentry -topic "Powershell and More"

My observations about Powershell, Windows, System Center and life.

Recent posts

Recent comments

Archive

Tags

Don't show

    Categories


    Disclaimer

    Any opinions expressed herein are completely accidental. But if one happens to slip in, it represents my own personal opinion and NO one elses. I'm also not concerned with changing anyone elses opinion, so any rants about anything presented on this site are likely to be 100% ignored.

    © Copyright 2010

    Using Powershell to Mail-Enable an AD User without CDOEXM

    * This is a repost from my original blog location *

    Over on microsoft.public.windows.powershell, it’s been asked how to mail-enable an AD user in an Exchange 2003 Environment. The MS supported way involves CDOEXM (part of Exchange System Manager) which seems to be rather difficult to use from powershell.

    In reality, you can usually get away with using [ADSI] to modify several key attributes on the AD user and let RUS initialize the remaining attributes to create the mail-enabled user.

    Here’s the example I posted on Usenet:

    $user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"

    $user.mailNickname = "ptest"

    $user.msExchHomeServerName = "/o=testlab/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SITE1-03EX1"

    $user.setinfo()

    #wait for RUS - This can be seconds or hours depending on your Exchange configuration.

    # To see the changes, reassign the modified AD object to $user

    $user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"

    $user | fl *

     

    The minimum attributes needed for RUS are mailNickname (Exchange Alias) and msExchHomeServerName.  You can see the format that msExchHomeServerName expects in the example and this will obviously be different for every exchange server. If you don’t fill in any additional attributes, the mailbox will be created in the default mail store on the server specified. If you need to point to a different mail store, you can use the homeMDB attribute.  Again, the easiest way to see the expected format is to grab an already mail-enabled user and take a look at the attributes:

     

      

    PS C:\> $user = [ADSI]"LDAP://CN=Powershell Test,OU=Standard Users,OU=Site1,DC=testlab,DC=com"                          
PS C:\> $user | format-list cn,mailNickname,msExchHomeServerName,homeMDB,homeMTA,proxyAddresses                         
cn                   : {Powershell Test}                                                                                
mailNickname         : {ptest}                                                                                          
msExchHomeServerName : {/o=testlab/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=SITE1-03EX1}            
homeMDB              : {CN=Mailbox Store (SITE1-03EX1),CN=First Storage Group,CN=InformationStore,CN=SITE1-03EX1,CN=Ser 
vers,CN=First Administrative Group,CN=Administrative Groups,CN=testlab,CN=Microsoft Exchange,CN= 
Services,CN=Configuration,DC=testlab,DC=com}                                                     
homeMTA              : {CN=Microsoft MTA,CN=SITE1-03EX1,CN=Servers,CN=First Administrative Group,CN=Administrative Grou 
ps,CN=testlab,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=testlab,DC=com}              
proxyAddresses       : {SMTP:ptest@testlab.com, X400:c=US;a= ;p=testlab;o=Exchange;s=Test;g=Powershell;}

     

    After you assign the necessary attributes and issue the .setInfo() method, you just have to wait for RUS to do it’s magic. This can take seconds or much longer. It just depends on how the Exchange environment is configured.

     

    As with anything that directly modifies AD attributes… TEST, TEST and TEST some more in a LAB. Never start in a production environment.

     

    gaurhoth


    Categories: active directory | exchange | powershell
    Posted by gaurhoth on Wednesday, August 15, 2007 8:39 AM
    E-mail | Permalink | Comments (124) | Post RSSRSS comment feed

    Querying date based Active Directory fields

    * This is a repost from my original blog location *

    Another “from usenet to blog” entry.  Someone wanted to a list of all users in their Active Directory created after a specific day. Like most AD related tasks, this is fairly easy in Powershell, but you do have to be aware of one tricky piece. LDAP queries require a specially formatted string to represent date/time. For this, we’ll query the ‘whenCreated’ field of the AD. Here’s an example that returns all users from AD that were created in the last 15 days:

    $past = [datetime]::UtcNow.adddays(-15)

    $ldappast = "{0:0000}{1:00}{2:00}000000.0Z" -f $past.year,$past.month,$past.day

    $s = new-object directoryservices.directorysearcher([ADSI]'')

    $s.filter = "(&(objectcategory=person)(objectclass=user)(whenCreated>=$ldappast))"

    $s.findall()

    $ldappast holds the date in the specific format needed when comparing date/times in LDAP: YYYYMMDDHHMMSS.TZ. An example of March 12, 2007 00:00 represented in this format would be: 20070312000000.0Z. By the way, “0Z” indicates UTC.

     

    gaurhoth


    Categories: active directory | powershell
    Posted by gaurhoth on Monday, March 19, 2007 8:19 AM
    E-mail | Permalink | Comments (17) | Post RSSRSS comment feed