0 votes

Good day,

Currently I'm working on implementing the automation of the user disable/deprovisioning process. I have been able to automate all but the email forwarding.

the main issue I'm experiencing is that due to the structure of our company users request specific email addresses to have emails forwarded to when a user leaves the company or goes on leave. We are currently working with our clients to see if we can make updates to AD to make this process easier (but is easier said than done).

Regardless, what I'm looking to find out Is if there is an option for a technician to input a requested email address when deprovisioning a user account through the Adaxes web portal. I've searched the site and through tutorials and see no options within the console itself that seems like the clear-cut answer.

Regards

by (700 points)
0

Any assistance would be appreciated,

1 Answer

0 votes
by (216k points)

Hello,

That's very easy to do. For this purpose, you can create a Home Page Action that allows modifying the forwarding address and sets a certain flag indicating that the user is being deprovisioned. Also, you'll need to create a Business Rule triggered after updating a user only when the flag is set that will launch the Custom Command that you use for deprovisioning. To set a flag, you can assign the True value to one of Adaxes virtual properties that can store boolean values, for example, CustomAttributeBoolean1. Virtual properties are not stored in Active Directory, but can be used the same as any other property of AD objects.

To implement such a solution:

I. Create a Home Page Action that allows setting a forwarding address

For information on how to create a Home Page Action that allows modifying a user, see section Modify Object on the 5th step of the following tutorial: http://www.adaxes.com/tutorials_WebInte ... htm#modify.

On Step 4 of the section, you will find instructions on how to modify the form used for the Home Page Action. You need to configure a form that allows to update only the Forward To property.

Also, you need to add a flag to indicate that the user is being deprovisioned. For this purpose, add a predefined field for the property that you want to use and set it to True. Information on how to add predefined fields is also available on Step 4.

II. Create a Business Rule that performs user deprovisioning
To automatically perform deprovisioning actions once the above home Page Action is executed, you need to configure a Business Rule triggered after updating a user that performs the necessary actions only when the flag is set. To create such a Business Rule:

  1. Create a new Business Rule.
  2. On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.
  3. On the 3rd step, you need to add an action that performs the deprovisioning actions. For this purpose, add the Execute a Custom Command action and click Select.
  4. Select the Custom Command that you use for deprovisioning and click OK 2 times.
  5. Now, you need to add conditions for the Custom Command to be run only when the flag is set. Right-click the action that you've just added and click Add Condition.
  6. Select the If <property> changed condition type.
  7. Expand the <property> drop-down list and select Show all properties.
  8. Select the virtual property that you want to use as a flag, e.g. CustomAttributeBoolean1.
  9. Select has changed.
  10. Click OK.
  11. Right-click the action that you've just added and click Add Condition again.
  12. Select the If <property> <relation> <value> condition type.
  13. Expand the <property> drop-down list and select Show all properties.
  14. Select the virtual property that you want to use as a flag.
  15. Select equals and True.
  16. Click OK. You should get something like this:
  17. Finish creation of the Business Rule.
0

Thank you, that works perfectly for when we disable a user!

I have a more advanced variation on this that I would expect to use a similar process.

There are instances when we delete a user where we assign a mail address to a requested manager/shared mailbox. So to clarify this is we remove the address from the user we're deleting and assigning that address to another user/mailbox entirely(not forwarding) because we also delete the users mailbox. First off, is this possible in Adaxes?

If so, I have a further request to see if there is a way to create a scheduled task from a custom command. The example would be as follows

I delete Johnny and assign his email address to his managers mailbox, but they only need it for a certain timeframe (30 days) following that they would like it removed from their mailbox. I know how to create a scheduled task in Adaxes, but cannot seem to find if there is a way to create one using a custom command.

Regards

0

Hello,

That's also possible, however creating a separate Scheduled Task for each user that is deleted is not a good idea because, eventually, you'll end up with tons of Scheduled Tasks after some time, which will be quite hard to manage. We recommend an alternative solution.

When a user is deleted and the user's e-mail address is assigned to someone else, the user's e-mail address and the time when it should be removed will be stored in a certain property of the user to whom the address is assigned. Since the user who receives the address may be assigned more than one address simultaneously, we recommend using a multivalued property, for example, one of Adaxes virtual attributes, such as CustomAttributeTextMultiValue1. Adaxes virtual attributes are not stored in AD, but can be used the same as any other attribute of AD objects.

For example if user John Smith is deleted on the 3rd of September, and his address, john.smith@example.com is assigned to Jane Doe, the following entry will be added to Jane Doe's CustomAttributeTextMultiValue1 property:

john.smith@example.com:03.10.2014

Then, you can create a Scheduled Task that will run once a day. The task will check whether the CustomAttributeTextMultiValue1 property of each user and remove all the e-mail addresses that need to be deleted today.

Could you clarify a few things so that our script guys could proceed to the task:

  1. What do you mean exactly by "assigning that address to another user/mailbox entirely"? Does this mean that you add the user's email address (stored in the Email property) to the E-mail Proxy Addresses property of the user to whom you assign the address?
  2. How do you identify to whom the address will be assigned? Is it always the user's manager or some designated mailbox or do you need a workflow where users can select to whom the address will be assigned?
0

Thank you for the response,

In regards to clarity:

1.What do you mean exactly by "assigning that address to another user/mailbox entirely"? Does this mean that you add the user's email address (stored in the Email property) to the E-mail Proxy Addresses property of the user to whom you assign the address?
A: Basically this request is to process our delete user requests. In this process if a manager or requestor asks us to forward an email to a specific mailbox we need to take the address from the user we are planning to delete and migrate it to the requested user/shared mailbox, as we are deleting the user and their mailbox, therefore the standard forwarding options would be deleted as well. When adding these to the user we add the email address directly to the users list of email addresses located in the email address tab in EMC

2.How do you identify to whom the address will be assigned? Is it always the user's manager or some designated mailbox or do you need a workflow where users can select to whom the address will be assigned?
A: The party that places the request would note a specific mailbox (can be the manager, can be a shared-mailbox). so having the option for an Adaxes admin to choose a mailbox would be the best option

0

OK, got it.

We'll update this topic as soon as required scripts are ready.

0

Thank you,

looking forward to your response!

0

Hello,

The scripts are ready. To implement what you want, you can create a Home Page Action that will be executed on a user whose e-mail address you need to transfer to another user. For this Home Page Action, you'll need a property that allows specifying the user to whom the e-mail address is being transferred. For this purpose, you can use one of the properties supporting DN syntax that you don't use, for example, Assistant or Secretary.

Also, you'll need to create a Business Rule triggered after updating the property that will transfer the user's e-mail address to the user specified in the property. Also, it will save the address together with the date when it should be removed in a certain multivalued property of the receiving user, for example, CustomAttributeTextMultiValue1.

Finally, you can create a Scheduled Task that will run, say. once a day and check the CustomAttributeTextMultiValue1 property of each user. If the task finds an address that must be removed today, it will remove the address from the Email Proxy Addresses property of the user. Also, it will remove the record for the address from the CustomAttributeTextMultiValue1 property.

To implement such a solution:

I. Create a Home Page Action that allows transferring a user's e-mail address to another user

For information on how to create such Home Page Action, see section Modify Object on the 5th step of the following tutorial: http://www.adaxes.com/tutorials_WebInte ... htm#modify.

On Step 4 of the section, you will find instructions on how to modify the form used for the Home Page Action. You need to configure a form that allows to update only the property that will be used to specify the user who will receive the e-mail address, for example, Assistant or Secretary.


II. Create a Business Rule that transfers the e-mail address to the specified user

To transfer a user's e-mail address once the above home Page Action is executed, you need to configure a Business Rule that performs the necessary actions triggered after updating the property that you chose for the Home Page Action. To create such a Business Rule:

  1. Create a new Business Rule.

  2. On the 2nd step of the Create Business Rule wizard, select User and After Updating a User.

  3. On the 3rd step, you need to add an action that transfer the e-mail address to the specified user. This will be done with the help of a PowerShell script. Thus, you need to add the Run a program or PowerShell script action and paste the below script in the Script field.

     $userDN = "%assistant%" # TODO: modify me
     $mail = "%mail%" # TODO: modify me
    
     if ([System.String]::IsNullOrEmpty($mail))
     {
         return # The user has no mail address
     }
    
     $mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
     $emailAddresses = $mailboxParams.EmailAddresses
    
     # Create a new e-mail address
     $emailAddress = $emailAddresses.CreateAddress("ADM_EXCHANGE_ADDRTYPE_SMTP", $null)
     $emailAddress.Address = "%mail%"
     $emailAddress.IsPrimary = $False
    
     # Add the e-mail address to the list of e-mail addresses of the receiving user
     $emailAddresses.Add("ADS_PROPERTY_APPEND", $emailAddress)
     $emailAddresses.OverrideOldValues = $False
     $mailboxParams.EmailAddresses = $emailAddresses
    
     # Save the changes
     $user = $Context.BindToObjectByDN($userDN)
     $user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
    
     # Update the CustomAttributeTextMultiValue1 property of the receiving user with the new address
     $date = (Get-Date).AddDays(30).ToString("d")
     $user.PutEx("ADS_PROPERTY_APPEND", "adm-CustomAttributeTextMultiValue1", @("%mail%:$date"))
     $user.SetInfo()
    
  4. In the script, $userDN specifies a value reference for the property that will be used to pass the user receiving the e-mail address. Specify a value reference for the property that you used in the Home Page Action.

  5. Add a short description for the script and click OK.

  6. Now, you need to add a condition for the script to be run only when the property that you chose is modified. Right-click the action that you've just added and click Add Condition.

  7. Select the If <property> changed condition type.

  8. Expand the <property> drop-down list.

  9. Select the property that you chose.

  10. Select has changed.

  11. Click OK.

  12. Right-click the action that you've added and click Add Condition again.

  13. Select the If <property> <relation> <value> condition type.

  14. Expand the <property> drop-down list.

  15. Select the property that you chose.

  16. Select is not empty.

  17. Click OK. You should get something like this:

  18. Finish creation of the Business Rule.

III. Create a Scheduled Task that will remove the addresses

Now, you need to create a Scheduled Task that will remove the addresses on the day specified in CustomAttributeTextMultiValue1. To create such a Scheduled Task:

  1. Create a new Scheduled Task.

  2. On the 3rd step of the Create Scheduled Task wizard, select the User object type.

  3. On the 4th step, add the Run a program or PowerShell script action and paste the following script in the Script field.

     # Get all e-mail addresses that were assigned to the user on a temporary basis
     try
     {
         $addedMailAddresses = $Context.TargetObject.GetEx("adm-CustomAttributeTextMultiValue1")
     }
     catch
     {
         # No addresses assigned to the user
         return
     }
    
     $valuesToRemove = @()
     foreach ($mailAddressInfo in $addedMailAddresses)
     {
         $values = $mailAddressInfo.Split(":")
    
         # Find e-mail addresses to be removed right now
         $date = $values[1]
         $date = [System.DateTime]::Parse($date).ToLocalTime()
    
         if ($date.CompareTo([System.DateTime]::Now) -gt 0)
         {
             # The address will be removed in the future, skip it for now
             continue
         }
    
         # Create an object that represents the address to be removed
         $mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
         $emailAddresses = $mailboxParams.EmailAddresses
    
         $emailAddress = $emailAddresses.CreateAddress("ADM_EXCHANGE_ADDRTYPE_SMTP", $null)
         $emailAddress.Address = $values[0]
         $emailAddress.IsPrimary = $False
    
         # Mark that the address will be deleted
         $emailAddresses.Add("ADS_PROPERTY_DELETE", $emailAddress)
         $emailAddresses.OverrideOldValues = $False
         $mailboxParams.EmailAddresses = $emailAddresses
    
         # Commit the changes
         $Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
    
         # Mark the value to be removed from the CustomAttributeTextMultiValue1 property
         $valuesToRemove += $mailAddressInfo
     }
    
     # Update the CustomAttributeTextMultiValue1 property
     if ($valuesToRemove.Length -ne 0)
     {
         $Context.TargetObject.PutEx("ADS_PROPERTY_DELETE", "adm-CustomAttributeTextMultiValue1", @($valuesToRemove))
         $Context.TargetObject.SetInfo()
     }
    
  4. Add a short description for the script and click OK.

  5. Finish creation of the Scheduled Task.

IV. Modify the display name for the property used

Since the name of the property that you'll use, such as Assistant or Secretary, will not tell much to your users on the meaning and the function of the field in the Home Page Action, you'll probably want to give the property your own name. For information on how to do this, see Customizing Display Names for AD Properties.

0

Good Morning,

Thank you for the reply.

I've implemented the code and business rule to migrate an email to a certain user but received the following error when running the command

"Exception calling "SetMailParameters" with "2" argument(s): The proxy address "smtp:TTester@testcompany.com" is already being used by Testcompany/Test Tester". Please choose another proxy address."

As I understand it Exchange will not allow a duplicate of the same address under another mailbox. I'd assume this would mean stripping the email address from the initial user and passing it to the requested user.

Is there an option I missed? Please update, as I'm looking forward to adding this functionality to our current Adaxes configuration.

0

Hello,

Since you are going to delete the initial user anyway, we suggest first deleting the mailbox of the initial user, and then assigning the e-mail address to the receiving user. Here's a script that behaves like this:

$userDN = "%assistant%" # TODO: modify me
$mail = "%mail%" # TODO: modify me

if ([System.String]::IsNullOrEmpty($mail))
{
    return # The user doesn't have an e-mail address
}

# Delete the user's mailbox
$Context.TargetObject.DeleteMailbox()

# Create a new e-mail address
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$emailAddresses = $mailboxParams.EmailAddresses
$emailAddress = $emailAddresses.CreateAddress("ADM_EXCHANGE_ADDRTYPE_SMTP", $null)
$emailAddress.Address = "%mail%"
$emailAddress.IsPrimary = $False

# Add the e-mail address to the list of e-mail addresses of the receiving user
$emailAddresses.Add("ADS_PROPERTY_APPEND", $emailAddress)
$emailAddresses.OverrideOldValues = $False
$mailboxParams.EmailAddresses = $emailAddresses

# Save the changes
$user = $Context.BindToObjectByDN($userDN)
$user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

# Update the CustomAttributeTextMultiValue1 property of the receiving user with the new address
$date = (Get-Date).AddDays(30).ToString("d")
$user.PutEx("ADS_PROPERTY_APPEND", "adm-CustomAttributeTextMultiValue1", @("%mail%:$date"))
$user.SetInfo()
0

Hello,

I've tried using the attached script to remove the existing email addresses from a user and assign them to another. Unfortunately I still run into problems when trying to process the change.

When I run the script, nothing happens, I've verified the account I'm using has enough access and that I've copied the code correctly. I've also configured the business rule as requested.

I am able to enter in the fields of both the user whom I'm transferring from and transferring to, but as stated no change is made to either user. any advice would be appreciated. I will look to provide debug errors shortly.

0

Hello,

Is the Business Rule actually triggered? Do you see it in the Execution Log of the operation after the Home Page Action (step I of our instructions) is performed?

0

Hello,

I apologize for the VERY delayed reply.
After further testing I was able to get the process to work, with a one concern.

After testing with a few different test users. I was only able to migrate the default alias (i.e. the address set as reply), not any additional email addresses. Do we have an option to migrate all email alias' located under the users mailbox in Exchange? If you need further clarification, please let me know. Again, thanks for all the help.

0

Hello,

You requirement is pretty clear. This will require a modification of the script. We've assigned the task to our script guys and will update this topic as soon as our script guys come up with something.

0

Thank you,

I look forward to your assistance!

0

Hello,

Here's a new version of the script that does the job:

$userDN = "%assistant%" # TODO: modify me

# Get all E-mail addresses from the target user
try
{
    $sourceMailboxParams = $Context.TargetObject.GetMailParameters()
}
catch
{
    return # The user doesn't have an Exchange account
}
$sourceEmailAddresses = $sourceMailboxParams.EmailAddresses

# Add the user's e-mail addresses to e-mail addresses of the receiving user
$targetMailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$targetEmailAddresses = $targetMailboxParams.EmailAddresses
$targetEmailAddresses.OverrideOldValues = $False
$emailAddressesInfo = @()
$date = (Get-Date).AddDays(30).ToString("d")
foreach ($sourceEmailAddress in $sourceEmailAddresses.GetAddressesByPrefix("smtp"))
{
    $emailAddress = $targetEmailAddresses.CreateAddress("ADM_EXCHANGE_ADDRTYPE_SMTP", $null)
    $emailAddress.Address = $sourceEmailAddress.Address
    $emailAddress.IsPrimary = $False
    $targetEmailAddresses.Add("ADS_PROPERTY_APPEND", $emailAddress)

    $emailAddressesInfo += $emailAddress.Address + ":$date"
}
$targetMailboxParams.EmailAddresses = $targetEmailAddresses

# Delete the source mailbox
$Context.TargetObject.DeleteMailbox()

# Save the changes for target mailbox
$user = $Context.BindToObjectByDN($userDN)
$user.SetMailParameters($targetMailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

# Update the CustomAttributeTextMultiValue1 property of the receiving user with the new addresses
$date = (Get-Date).AddDays(30).ToString("d")
$user.PutEx("ADS_PROPERTY_APPEND", "adm-CustomAttributeTextMultiValue1", $emailAddressesInfo)
$user.SetInfo()
0

Hello,

Thank you for the script, this does pass over all a users alias', however we are noting the following

When we migrate a users alias' to a mailbox that has no policy set on it (not set to follow e-mail address policy), it deletes the existing alias' in the mailbox we are looking to transfer to.

If possible could this be reviewed?

0

Hello,

We've changed the script so that it doesn't overwrite the current e-mail addresses of the target mailbox. See an updated version of the script in the Automate Email forwarding when disabling/deprovisioning user.

0

Hello,

I just wanted to thank you for all the effort, this works perfectly.

0

I've done some further testing and would like to know if there can be an adjustment to the script to allow it to bypass if no email option is selected. Currently it does not complete the process if there is no selected recipient of the email addresses.

0

Hello,

So, in the case of the sample script above, you want the script to bypass the process if no assistant is selected, is that correct? If so, on step 7-17 of the original instructions for creating the Business Rule available Automate Email forwarding when disabling/deprovisioning user, you needed to create 2 conditions:

  • If <property> (e.g. Assistant) changed;
  • If <property> (e.g. Assistant) is not empty.

If you've added these conditions to your Business Rule, that would suffice to bypass the process if no receiving mailbox is specified.

If that's not what you were looking for, could you specify your requirements in more detail?

0

Thank you for your reply.

I've double checked my business rule and verified that it is as follows

After updating a user:
If the operation succeeded AND
the 'Assistant' property has changed AND
the 'Assistant' property is not empty then
Run PowerShell script 'Transfer E-mail Address to another user' for the User
Delete User

I understand this will only work when at least one of these conditions is true. However I want to be able to delete the user regardless of whether I've selected an "assistant" or not. I have tested and am still having the same issue, the operation states it was successful. but no change occurs and the user is not deleted.

0

Hello,

To resolve your issue, you simply need to move the Delete the User action to another action/condition set that will be executed regardless of whether the Assistant property has changed or not. To do this:

  1. In the list of actions and conditions of your Business Rule, right-click the Delete the User action, and then chose Delete the Action.
  2. Select Yes.
  3. Click the Add Action to a New Set link.
  4. Select Delete the User.
  5. Click OK. You should receive something like this:
  6. Click Save changes.
0

The only problem with this is that the delete user command would apply any time a user makes a change in adaxes as I understand it. So say if the user changes their password, this would then run and delete their account.

0

Hello,

Sorry, our bad, you are correct.

On Step I of the Automate Email forwarding when disabling/deprovisioning user, you needed to create a Home Page Action that allows you to launch the deprovisioning process and specify a person to whom the mail addresses will be transferred. You can configure the action to set a certain flag to distinguish user deprovisioning from other operations. Then, in your Business Rule, you can delete user accounts only when the flag is set.

As for the flag itself, you can use one of Adaxes custom attributes that can store boolean values, for example, CustomAttributeBoolean1. Such attributes are not stored in AD, but can be used the same as any other attributes of AD objects. When flagging a departing user, you can set the attribute to True.

To implement such a solution:

I. Configure the Home Page Action to flag all deprovisioned users
To configure your Home Page Action to flag all deprovisioned users with a boolean attribute:

  1. On the computer, where the Web Interface is installed, start the Web Interface Customization tool.
  2. In the Interface type drop-down list, select the Web Interface that you want to configure.
  3. Activate the General tab and click Configure Home Page Actions. This will bring up the Home Page Actions dialog.
  4. Select the action that you've configured for user deprovisioning and click Edit.
  5. Activate the Form Customization tab.
  6. In the Predefined fields section, click Add.
  7. In the Property name section, select Show all properties and select the property you want to use as a flag, e.g. CustomAttributeBoolean1.
  8. Select Yes.
  9. Click OK 4 times.

II. Configure the Business Rule to delete only flagged users
To configure your Business Rule to delete only accounts of the users flagged by the Home Page Action:

  1. On the computer where Adaxes service is located, launch Adaxes Administration Console.
  2. In the Console Tree, locate and select your Business Rule that you've configured for deprovisioning users. The actions and conditions of the rule will appear in the Result Pane (located to the right).
  3. Right-click the Delete the User action.
  4. Click Add Condition.
  5. Select If <property> <relation> <value>.
  6. Specify If CustomAttributeBoolean1 equals True.

    where CustomAttributeBoolean1 is the property that you chose for flagging departing users.
  7. Click OK. You should receive something like this:
  8. Click Save changes.
0

Thank you, this works perfectly.

One question:

Currently it doesn't seem Adaxes can forward to distribution lists via this method (unable to manage the account in Adaxes) Is this something that can be added as needed?

0

Hello,

By default, you can't select distribution lists, but this is something that you can add yourself. To do this:

  1. On the computer, where the Web Interface is installed, start the Web Interface Customization tool.
  2. In the Interface type drop-down list, select the Web Interface that you want to configure.
  3. Activate the General tab and click Configure Home Page Actions. This will bring up the Home Page Actions dialog.
  4. Select the action that you've configured for user deprovisioning and click Edit.
  5. Activate the Form Customization tab.
  6. Click Customize Form.
  7. Click Configure next to the field you are using to specify the user receiving the email addresses.
  8. Select Show only the following object types.
  9. Enable Groups.
  10. Make sure that only Distribution is selected.
  11. Click OK 4 times.
0

Awesome support, awesome product. Thanks for the assist.

0

Hello,

Thank you for your good words. We really appreciate it.

Related questions

0 votes
1 answer

Good Afternoon, Currently as far as I can tell when defining a new user we are forced to select a location for a newly created user before defining information like the ... If not, is there a better way of applying this sort of functionality? Regards Josh

asked Apr 21, 2014 by jtop (700 points)
0 votes
1 answer

"Connecting to remote server &lt;&lt;FQDN Servername&gt;&gt; failed with the following error message : The server certificate on the destination computer (&lt;&lt;FQDN servername: ... ? This may help to diagnose the issue with schannel on the skype server.

asked Mar 5, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer

We have a process that when a new user is created they are emailed their username and apssword. If the user is in an Admin Group they are then sent an email with some PDFs ... you can send emails, but am unable to see where it could attach files to the email?

asked Sep 3, 2020 by dknapp (100 points)
0 votes
1 answer

Hello, I'm trying to setup a business rule that will send an email to the user when they are added to a group. Under the User Object I don't have an option to Launch ... to get the new group member's email address so I can send a notification to it? Thanks!

asked Dec 1, 2015 by drew.tittle (810 points)
0 votes
1 answer

Is is possiable to send Automate an email to go out to the users of a delegated mailbox? We give Full Access and Send As access of disabled accounts to thier replacements for 30days ... then send a email to each one of them? Adaxes version: 2017.2 3.8.14823.0

asked Oct 28, 2019 by hgletifer (1.3k points)
3,526 questions
3,217 answers
8,197 comments
547,625 users