dvandermaas1 Absent Member.
Absent Member.
322 views

Who can tell me how the AD/Exchange Shim actually works.


L.S.

Here's our issue :
All users need a mailbox, which is fully automated. All mailbox
preferences besides quota are managed by the driver or via
groups/policies at the exchange back-end.
Beside user mailboxes, We need "Shared" mailboxes. These
(group)mailboxes are requested via workflows and may have very different
preferences (quota, retention etc)

MS Exchange and the O365 counterpart have a web management interface but
this is insufficient, so we need to used this wonderful management
"tool" called powershell ;-o. (so much for the "click" generation).

So we create a mailbox and we need to make it shared, create a group,
give the group Full Access and Send As, Set Quota, change retention
times timezone etc etc.

My first attempt was to add a few attributes PSExecute with all cmdlets.
Some were executed some not and there was no telling why or when things
were not executed.
The second attempt was to add the same few attributes PSExecute with the
difference that all cmdlets are grouped and separated by ";". (This is
NOT supported by MS). The grouping was based on all quota cmdlets in a
single group, all access action grouped together etc.
But to no avail, we had the same issues. some cmdlets were carried out,
some not, and no telling which or why. The only thing we found out is
that Exchange takes its time to create and we need to wait for that
sending new cmdlets.
We cannot use "scripts" at the Exchange side nor can we use groups and
policies for this, because it is to dynamic.

The only way we got it to work is fire 2 cmdlets on creation, write back
the other 4 in an eDirectory, and with a trigger job fire one cmdlet at
a time. So any shared mailbox creation needs 4 triggers in order to
finalize the creation.

My question, referring to the title :

Does the NetIQ AD/Exchange shim concatenate all Attributes called
PSExecute to one single command or does it fire them one by one ?
If it is one command, then i understand my findings. If it is not i do
not (besides the timing).

I am starting on building an O365 driver (the new one) and wonder if i
will run into the same issues

Thanks very much in advance


--
dvandermaas
------------------------------------------------------------------------
dvandermaas's Profile: https://forums.netiq.com/member.php?userid=1956
View this thread: https://forums.netiq.com/showthread.php?t=53951


The Network lives on patches, re-configurations and caffeine. One Net, One Engineer, One Coffee Brand.
Labels (1)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Who can tell me how the AD/Exchange Shim actually works.


Hi dvandermaas,
Officially AD driver support only Active Directory and Exchange
Cmdlets.
>Does the NetIQ AD/Exchange shim concatenate all Attributes called

PSExecute to one single command or does it fire them one by one ?

I believe, that you suppose to "generate" command line for powershell.
PSExecute will inject your generated line to PS.

> <rule>
> <description>Adding PSExecute to Disable New User
> Account</description>
> <conditions>
> <and>
> <if-operation mode="regex"
> op="not-equal">query|status</if-operation>
> </and>
> </conditions>
> <actions>
> <do-set-local-variable name="identityname" scope="policy">
> <arg-string>
> <token-xpath
> expression='./add-attr[@attr-name="sAMAccountName"]/value/text()'/>
> </arg-string>
> </do-set-local-variable>
> <do-set-dest-attr-value name="PSExecute">
> <arg-value type="string">
> <token-text xml:space="preserve">Disable-ADAccount -Identity
> </token-text>
> <token-local-variable name="identityname"/>
> </arg-value>
> </do-set-dest-attr-value>
> </actions>
> </rule>



--
al_b
------------------------------------------------------------------------
al_b's Profile: https://forums.netiq.com/member.php?userid=209
View this thread: https://forums.netiq.com/showthread.php?t=53951

0 Likes
dvandermaas1 Absent Member.
Absent Member.

Re: Who can tell me how the AD/Exchange Shim actually works.


Yes, that what is does but .............
If you were to use this code :

Does the shim concatenate these 2 lines or does it fire them one by one
?


<do-set-dest-attr-value name="PSExecute">
<arg-value type="string">
<token-text xml:space="preserve">Set-Mailbox -type Shared -Identity
</token-text>
<token-local-variable name="identityname"/>
</arg-value>
</do-set-dest-attr-value>
<do-set-dest-attr-value name="PSExecute">
<arg-value type="string">
<token-text xml:space="preserve">Set-Mailbox -Identity </token-text>
<token-local-variable name="identityname"/>
<token-text xml:space="preserve">-IssueWarningQuota 255252
</token-text>
</arg-value>
</do-set-dest-attr-value>


--
dvandermaas
------------------------------------------------------------------------
dvandermaas's Profile: https://forums.netiq.com/member.php?userid=1956
View this thread: https://forums.netiq.com/showthread.php?t=53951


The Network lives on patches, re-configurations and caffeine. One Net, One Engineer, One Coffee Brand.
0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Who can tell me how the AD/Exchange Shim actually works.

On 7/30/15 3:28 PM, dvandermaas wrote:
>
> Yes, that what is does but .............
> If you were to use this code :
>
> Does the shim concatenate these 2 lines or does it fire them one by one
> ?


It will execute them one by one.

Please remember that PSExecute was never intended to be used for
anything but simple scripting. If you need something advanced then it is
recommended to use the Scripting Driver.

Casper

0 Likes
Knowledge Partner
Knowledge Partner

Re: Who can tell me how the AD/Exchange Shim actually works.

Casper Pedersen wrote:

>
> It will execute them one by one.


Doesn't it execute them in a remote runspace/session also?

> Please remember that PSExecute was never intended to be used for anything but simple scripting. If you need something advanced then it is recommended to use the Scripting Driver.
>


This is exactly why I use the Scripting Driver for these types of use-cases.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
dvandermaas1 Absent Member.
Absent Member.

Re: Who can tell me how the AD/Exchange Shim actually works.


Thx Al_b, Casper & Alex,
So the issue seems on the Exchange side 😉

I know this is only for simple things , it's even written in the
documentation.
However, the commands themselves are not that advanced, and i need to
convince the customer to buy the Scripting driver (Many users) so i was
hoping that this was sufficient.
We can achieves the goals but not in a very nice way, hence my asking.
I'm gonna advice them on the scripting driver....

Thanks again !!!


--
dvandermaas
------------------------------------------------------------------------
dvandermaas's Profile: https://forums.netiq.com/member.php?userid=1956
View this thread: https://forums.netiq.com/showthread.php?t=53951


The Network lives on patches, re-configurations and caffeine. One Net, One Engineer, One Coffee Brand.
0 Likes
Highlighted
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Who can tell me how the AD/Exchange Shim actually works.

On 7/30/15 5:54 PM, dvandermaas wrote:
>
> Thx Al_b, Casper & Alex,
> So the issue seems on the Exchange side 😉


Could be, if you fire off the same command from the commandline what
happens ?

That is normally how I test this stuff.

> I know this is only for simple things , it's even written in the
> documentation.
> However, the commands themselves are not that advanced, and i need to
> convince the customer to buy the Scripting driver (Many users) so i was
> hoping that this was sufficient.


I've seen 'cmd; cmd; cmd;' been used by some people, so it should work.


Casper
0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Who can tell me how the AD/Exchange Shim actually works.

On 7/30/15 5:14 PM, Alex McHugh wrote:
> Casper Pedersen wrote:
>
>>
>> It will execute them one by one.

>
> Doesn't it execute them in a remote runspace/session also?


Alex,

I think TID7012362 should cover some of it, but just to recap; with
PowerShell service it will execute as remote runspace, and with Exchange
2010 it will execute in local runspace.

Now the "fun" part, AD cmdlets are executed in local runspace - so with
the powershell service (requirement with Exchange 2013) you will no
longer be able to mix Exchange and AD cmdlets. Ie. scripting driver....

That is the very short story.

Casper

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.