0 votes

Can you assist with a script to create non-user mailboxes, such as Resource Mailboxes or Shared Mailboxes?

by (350 points)
0

Michael,

Our script guy is already working on the required scripts. I'll update this topic as soon as he comes up with something.

1 Answer

0 votes
by (216k points)

Hello Michael,

Find the required scripts below.

Note that Resource Mailboxes and Shared Mailboxes are also represented as disabled user accounts in Active Directory. So, if you want to create Resource and Shared Mailboxes with Adaxes, you can create a customized Create User Home Page Actions for your Adaxes Web Interface. In those Home Page actions you can set a certain property of that user account to a certain predefined value. Then, you can create a Business Rule that will be triggered After Creating a User and check the value of the property that you chose, and if it equals to the predefined value, launch the required script that will create a user or resource mailbox. For this purpose you can use one of the Adaxes virtual properties, for example, CustomAttributeText1. Adaxes virtual properties are not stored in Active Directory, but you may use them as any other property of directory objects.

To create such a Home Page Action:

  1. On the computer, where your Web Interface is installed, start the Web Interface Customization tool.
  2. In the Interface type drop-down list, select the Web Interface you want to configure.
  3. Activate the General tab, select the Actions pane option, and click Configure Home Page Actions.
  4. In the dialog box that appears, click Add...
  5. On the 1st step of the Add Home Page Action wizard that appears, select Create and choose User from the associated drop-down list.
  6. On the 4th step of the wizard, click Add in the Predefined Fields section.
  7. In the Add Default Property Value dialog box that appears, select Show all properties and choose an Adaxes virtual property in the Property name field, for example, CustomAttributeText1.
  8. Type the text that will trigger execution of the script in your Business Rule (for example, Create Resource Mailbox or Create Shared Mailbox) and then click OK.
  9. Also, you may want to use a different form for creating resource and shared mailboxes than the one that you use for creating normal users. See Step 4 in the Create New Object section of the Configure Home Page Actions Tutorial for instructions on how to do this.

To create the Business Rule that will create the mailboxes:

  1. Create a new Business Rule.
  2. On the 2nd step of the Create Business Rule wizard, select After Creating a User.
  3. On the 3rd step, add the Run a program or PowerShell script and paste the required script. For scripts, see Provision shared and room mailboxes in our Script Repository.
  4. Type a short description for the script and click OK.
  5. Click the Add Action button.
  6. In the dialog box that appears, select the Update User action and click Add...
  7. Open the drop-down list of the Property to modify field and select Show all properties.
  8. Select the property that serves as the trigger for the script and that you chose on the 7th step of creating the Home Page Action.
  9. Switch the radio button to Remove property.
  10. Click OK. This will remove the property as we no longer need it.
  11. Click the Add Condition button.
  12. In the dialog box that appears, select the If <property> <relation> <value> condition.
  13. In the <property> drop-down list, select Show all properties and select the virtual property that you chose as the trigger for the script and that you chose on the 7th step of creating the Home Page Action.
  14. Select equals and type the trigger text that you typed on the 8th step of creating the Home Page Action.
0

Still receiving the following error message.

The operation couldn't be performed because object 'mydomain.com/Adaxes/adaxes resource mb3' couldn't be found on 'DC5.mydomain.com'. Cannot process argument transformation on parameter 'ResourceDelegates'. Cannot convert value "System.Collections.ArrayList" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter[]". Error: "Cannot convert the "adaxes testuser2" value of type "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter"."

0

Hello,

To help us troubleshoot the issue, can you answer, is DC5.mydomain.com a global catalog?

0

It is a global catalog. I ended up getting past the previous error message with some slight script modification and by inserting a Start-Sleep command to deley the script by 60 seconds. Now the resource mailbox is getting created successfully, however I am still receiving the following error and resource delegates fail to get assigned.

Cannot open mailbox /o=my org/ou=Exchange Administrative Group (FYDIB0LF23SPDLT)/cn=Configuration/cn=Servers/cn=MBX1/cn=Microsoft System Attendant.

Here is an updated copy of my script:

$exchangeServer = "myexchangeserver.com" # TODO: Modify me

try
{
    $usersIdentity = ($Context.TargetObject.Get("adm-CustomAttributeText8")).Split(',')
}
catch
{
    $Context.LogMessage("No users to grant Delegates permissions to", "Error") # TODO: modify me
    $usersIdentity = $NULL
}

# Disable the Target User
$targetUser = $Context.BindToObject($Context.TargetObject.AdsPath)
$targetUser.AccountDisabled = $True
$targetUser.SetInfo()

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

$session = new-pssession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Start-Sleep -s 60

Enable-Mailbox -Identity '%userPrincipalName%' -DomainController $domainControllerFQDN -Room

$resourceMailBox = Get-MailBox -Identity '%userPrincipalName%' -DomainController $domainControllerFQDN | Select-Object DistinguishedName
if ($usersIdentity -ne $NULL)
{
   foreach ($userIdentity in $usersIdentity)
    { 
        Set-CalendarProcessing -Identity $resourceMailBox.DistinguishedName -ResourceDelegates $usersIdentity -DomainController $domainControllerFQDN
    }
}
Remove-PSSession -Session $session
0

Hello,

The error The operation couldn't be performed because object 'mydomain.com/Adaxes/adaxes resource mb3' couldn't be found on 'DC5.mydomain.com'. is caused by delays in replication, and inserting Start-Sleep commands that give some time for replication to complete is a good choice in this case. However the time interval that you chose, 60 seconds, is, probably, too much. We reduced it to 10 seconds, which should be quite enough.

The error Cannot open mailbox /o=my org/ou=Exchange Administrative Group (FYDIB0LF23SPDLT)/cn=Configuration/cn=Servers/cn=MBX1/cn=Microsoft System Attendant. is also caused by replication. The thing is that the Set-CalendarProcessing cmdlet uses the nearest available DC to write information to Active Directory, and that specific DC may not have enough time to replicate information that a mailbox has already been created for the user.To remedy the issue, we inserted one more Start-Sleep command before calling this cmdlet.

If any of these errors still persist, try increasing the time intervals for the Start-Sleep commands.

Here's our modified version of the script:

$exchangeServer = "ExchangeServer.com" # TODO: Modify me

try
{
    $usersIdentity = ($Context.TargetObject.Get("adm-CustomAttributeText8")).Split(',')
}
catch
{
    $Context.LogMessage("No users to grant Delegates permissions to", "Error") # TODO: modify me
    $usersIdentity = $NULL
}

# Disable the Target User
$targetUser = $Context.BindToObject($Context.TargetObject.AdsPath)
$targetUser.AccountDisabled = $True
$targetUser.SetInfo()

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

Start-Sleep -s 10

$session = new-pssession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Enable-Mailbox -Identity '%distinguishedName%' -DomainController $domainControllerFQDN -Room

Start-Sleep -s 30

if ($usersIdentity -ne $NULL)
{
    for ($i = 0; $i -lt $usersIdentity.Length; $i++)
    {
        $usersIdentity[$i] = $usersIdentity[$i].Trim()
    }

    Set-CalendarProcessing -Identity '%distinguishedName%' -ResourceDelegates $usersIdentity -DomainController $domainControllerFQDN
}
Remove-PSSession -Session $session
0

Thank you. I was able to get it working after my previous post by implementing the additional Start-Sleep command after the "Enable-Mailbox" section of the script.

Related questions

0 votes
1 answer

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6, 2022 by Sandberg94 (340 points)
0 votes
1 answer

We'll be updating over 14K accounts with data (adding data to a virtual attribute) using a scheduled task but I don't want the updates to trigger Business Rules and flood the Adaxes log with entries. Is there an easy way to prevent this?

asked Apr 12, 2022 by sandramnc (870 points)
0 votes
1 answer

Hi there. I'm trying to work out the best way to create a shared mailbox, which will automatically create a group based on the shared mailbox name, and then add ... the delegation of the shared mailbox. Any advice/scripts etc will be much appreciated. Thanks

asked Aug 27, 2014 by ColinB (180 points)
0 votes
1 answer

I need a specific user, when requesting another user to join a group, to have an approval sent to the AD management team. I tried to create a "Business Rule", but I'm getting an "Access Denied" error. Any idea what this could be?

asked Aug 20, 2024 by fgmello (40 points)
0 votes
0 answers

Good Afternoon, I'm looking for some clarification on what security settings I would need to apply to the Self-Service Users to allow them to update both their own ... accounts they have full access to. Please let me know if this requires more clarification.

asked Jul 22, 2021 by jtop (700 points)
3,606 questions
3,293 answers
8,343 comments
548,458 users