Exchange 2010 cmdlets vs. FIM
Hello - for all the rudimentary use cases (create mail-enabled AD user, enable mailbox for existing AD user, delete user) FIM worked as expected against Exchange 2003/2007 mixed-mode. Just wondering how easy or difficult it would be implement equivalents of Exchange 2010 cmdlet functions such as enable-mailbox, disable-mailbox, connect-mailbox, remove-mailbox (mostly recipient cmdlets) in FIM?Looking for some thought starters....thanks! Anu
February 2nd, 2010 12:39am

Not easy.I wrote up this powershell xma last year: I don't know how good it would be at running multiple different cmdlets. Yes you could make the cmdlet itself one of the attributes on the cs object, to then be run as appropriate by the export routine - but how would you do an import? Sometimes people use "export-only MAs", but I don't think that's a good idea as you loose the confirmation and retry. You'd do just as well exporting your cmdlets out to a ps1 script file and then running them from a scheduled task, or as part of your job scheduling scripts.Carol
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2010 11:17pm

Hi Carol,I was very impressed the way you got one of the use cases working for enabling 2007 mailboxes. I used your same technique a few months ago to PoC mixed mode 2003/2007 mailbox provisioning with FIM RC0.It is hard to tell your customer and say FIM can do this but not that when it comes to general administration of mailboxes or managing email information on users or contacts. Trying hard to figure out a viable solution, exploring invoking cmdlets via rules extensions that may be run out of process. I like your idea too - will try "assembling" the right cmdlet and its data into a file based on requests coming in from portal and then running them from scheduled task.Thanks for your time and great feedback!AnuAnu
February 3rd, 2010 3:17am

Hi carol, Im triying to build an xma like your example but I have a problem with the path of the exchange database, the path is: \\servername\E:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group. I don't know how to put the parameter in the command. Do you have any idea???
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2010 4:02am

I'm not sure which bit you're referring to but I expect the required path is to the AD object for the database, not the physical file path. It will look something like this: CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=EXCHSCR,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=local
September 9th, 2010 9:47am

Thanks for you answer. This is my code with te database path and I have the same error: "Database was not found" RunspaceConfiguration config= RunspaceConfiguration.Create(); string pscmd ; Pipeline pipeLine; PSSnapInException warning=null; "Microsoft.Exchange.Management.PowerShell.Admin",out warning); Runspace myRunSpace = RunspaceFactory.CreateRunspace(config); Command createMailbox = new Command("Enable-Mailbox"); createMailbox.Parameters.Add( "identity", ""); "alias", "testAD"); "database", @"CN=Mailbox Database,CN=First Storage Group"+ ",CN=InformationStore,CN=server55,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),"+ "CN=Administrative Groups,CN=server,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=server"+ ",DC=com,DC=mx"); pipeLine = myRunSpace.CreatePipeline(); pipeLine.Commands.Add(createMailbox); pipeLine.Invoke(); Thanks in advance createMailbox.Parameters.Add( createMailbox.Parameters.Add( myRunSpace.Open(); config.AddPSSnapIn(
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2010 6:35pm
September 9th, 2010 9:26pm

Thanks Carol, I'm developing a rule extension on the AD MA based on your code, because not all the users that have account on AD must have a mailbox in Exchange. I have 3 mailbox storage and there no rule to use them, so I'm calling them with a random. I'm using the following code: void IMASynchronization.MapAttributesForExport(string FlowRuleName, MVEntry mventry, CSEntry csentry) { if (mventry["PuestoMail"].Value == "true") { RunspaceConfiguration config = RunspaceConfiguration.Create(); Pipeline pipeLine; PSSnapInException warning = null; config.AddPSSnapIn( "Microsoft.Exchange.Management.PowerShell.Admin", out warning); Runspace myRunSpace = RunspaceFactory.CreateRunspace(config); Command createMailbox = new Command("Enable-Mailbox"); string username = mventry["mailNickname"].Value; Random random; string path; random = new Random(); double num = random.Next(0, 30); string storage = null; if (num < 10) { storage = @"server55\Second Storage Group\SG2 Mailbox 01"; path= "CN=SG2 Mailbox 01,CN=Second Storage Group"; } else if (num < 20) { storage = @"server55\first Storage Group\Mailbox database"; path = "CN=Mailbox database,CN=first Storage Group"; } else { storage = @"server55\Third Storage Group\SG3 Mailbox 01"; path = "CN=SG3 Mailbox 01,CN=Third Storage Group"; } createMailbox = new Command("Enable-Mailbox"); myRunSpace.Open(); createMailbox.Parameters.Add( "identity", username + ""); createMailbox.Parameters.Add( "DomainController", "server01"); createMailbox.Parameters.Add( "database", storage); pipeLine = myRunSpace.CreatePipeline(); pipeLine.Commands.Add(createMailbox); pipeLine.Invoke(); myRunSpace.Close(); csentry[ "HomeMDB"].Value=path+ "CN=InformationStore,CN=SERVER55,CN=Servers,"+ "CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,"+ "CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com,DC=mx;"; } } On the AD MA I have the follow attribute flow DS attribute Action MV attribute Extensionattribute3 Export mailbox and it seems working but I just get a contact on Exchange none of my user get a SMTP mail address, and I dont know how to fill the HomeMBD attribute. I just used this flow to call my rule extension I guess that this is the problem. Should I use HomeMDB? how should I do the advanced flow??? Could you help me out. If there is a little oportunnity would you accpet make a VPN session to check out my config. please? My best regards
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2010 4:26am

Hi there I'm Having the same issue with a Exchange MA as Carol just did, but when I run the export profile it run succesfully, but I can´t get a SMTP E-Mail Address. It just look like a contact. The Exchange MA call the follow powershell cmd: Enable-Mailbox -Identity ' Smith' -Alias 'John.Smith' -Database 'serverExch\First Storage Group\Mailbox Database The odd thing is that when I ran this cmd on the Exchange powershell it works correctly, I get a nice MailBox. Although when I ran it from my Exchange MA calling the DLL I just get the user as a contact and is missing the SMTP E-mail Account It sound familiar for you guys. Thanks for your help :)
September 15th, 2010 1:50am

I'm not sure you need to be doing it this way anyway. You should just be able to apply the email attributes through export flow rules, with a regular AD Management agent. It doesn't matter that you only want certain users to have a mailbox - just make the flow rules use the flag. See my article on the Greatest Hits section of the ILM forum:
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2010 11:26am

Hi carol a lot of thanks for all your answers. I have another question i want to retrieve de Exchange users (like your Exchange MA), Im using get-user powershell code but I wany to retrieve only specific attributes. Fo you know hoy to do that??? Thanks
October 9th, 2010 2:08am

You'll need a different XMA for that, one that just deals with this data. Something like this:
Free Windows Admin Tool Kit Click here and download it now
October 9th, 2010 8:45am

Thought I would put my 2 cents on this... 1. Default FIM/ILM/MIIS is lacking with its exchange funtionality... Alot can be done though... 2. Please stay away from making any calls in rules extension, its bad practice and you will see alot of different results and you will have to adjust your run profiles.... You will also cause all sorts of issues... I have seen alot... 3. XMA is a nice approach doing single cmdlets.. But becomes quite crazy expecially when you want to do multiple things.. Example.. You want to mail-disable someone then mailbox-enable the person.. I know, because I have done an xma this way... The best way I find is to do it in workflow... Workflow in FIM, is still not very mature... docs are coming everyday.. and it will get better... You can manage these transitions much easier... but it will be a little bit more complicated.. if you haven't coded alot... Good luck... Here's a link to how to create custom workflow Stepongzi - Identity Management Consultant,
October 10th, 2010 9:04am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics