Dotting a few I's for Microsoft Exchange Server using Powershell 2016

image

Working for six months with Microsoft Exchange Server 2016 at the company, where more than 500 employees use the corporate e-mail, I was faced with the problem of complete removal of information about users that are disabled in Active Directory.

The tasks we want to automate, after you disable user accounts in AD:

the
    the
  • Export all messages from the main and archive box in .pst file;
    • the
  • Full lock mailbox after exporting emails;
    • the
  • Cleaning of all distribution lists from the "dead users" (not automatically cleared);
    • the
  • update the Global Address List and Offline Address Book to the active users do not see disabled.

Feeling utter dislike of manual work, it was decided to automate all these tasks using the PowerShell.

the

Preparation:


Library Exchange Management PowerShell:

the 
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

Get a list of all disabled in the Active Directory users and exclude some service records:

the 
$DisableUsers = get-user -Filter {(UserAccountControl -eq 'AccountDisabled, NormalAccount') -and (RecipientType -eq 'UserMailbox')} | ? {($_.SamAccountName -ne 'krbtgt') -and ($_.SamAccountName -ne 'SM_2013a5b0c2bd4ca2a') -and ($_.SamAccountName -ne 'testvc')}

Declare variables:

the 
# Declare a variable to combine multiple export requests.
$BatchName = 'MassRequest'
# Create paths for export
$CMounth = (Get-Date).month 
$CYear = (Get-Date).year 
$CurrentDate = "$CYear.$CMounth" # Get the future name of the folder view.A month
$MainDir = "\\%Your path%"
$ExportPath = $MainDir + $CurrentDate + "\"

the

Processing:


To make it easier to find .pst files of the user are dismissed, a decision was made to create a folder view.A month. So, all fired users in April 2017 will be in the folder 2017.4 dismissed in may in a folder 2017.5 and so on.

the 
# Check if there's already a folder.A month, if not, create.
if ((Test-Path $ExportPath -PathType Container) -eq $false){
New-Item-Path $MainDir -Name $CurrentDate -ItemType "directory"
}

In the loop for disabled users paged them in the mail .pst file from the primary and archive mailboxes and save in folder.A month.

Using parameter -BatchName combine the queries under one name, to be able to track the status of all discharge at once, and not each request separately.

the 
foreach($User in $DisableUsers){
$PrimaryPath = $ExportPath + $User.SamAccountName + ".pst"
$ArhivePath = $ExportPath + $User.SamAccountName + "_Archive.pst"

New-MailboxExportRequest -Mailbox $User.SamAccountName -BatchName $BatchName -FilePath $PrimaryPath
New-MailboxExportRequest -Mailbox $User.SamAccountName -BatchName $BatchName -FilePath $ArhivePath -IsArchive 
}

Wait until the script finishes. You need to wait necessarily, because then we translate the boxes in the status of Disable and want to be sure that the unloading post is over.

the 
# Wait until the script finishes
$i=1;
while ((Get-MailboxExportRequest -BatchName $BatchName | Where {($_.Status-eq “Queued”) -or ($_.Status-eq “InProgress”)})) {
sleep 60
Write-Host "running Script $i minutes. The expected completion.."
$i=$i+1
}

When the export is complete, delete all the queries that received the status of Completed

the 
# when the export is complete, delete all the queries
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest -Confirm:$false

The first part is done, begin to clean the mailing lists. For starters get an array of all lists:

the 
# Begin clean mailing lists. First, get the full list. 
$DistribList = Get-DistributionGroup

In a loop check all distribution lists and remove disabled users:

the 
# In a loop-deleted disabled users from all lists
foreach($List in $DistribList){
foreach($User in $DisableUsers){ 
Remove-DistributionGroupMember -Identity $List -Member $User -Confirm:$false -ErrorAction Ignore 
}
}

Penultimate step: disable the mailboxes. Of user accounts in AD missing E-mail, and the mailbox itself is removed. Now it only for some time you can restore the standard means of Exchange.

the 
# Begin disable mailboxes, after which they disappear from the address book

Disable-Mailbox -Identity $User.SamAccountName -Archive -Confirm:$false 
Disable-Mailbox -Identity $User.SamAccountName -Confirm:$false 
}

Updated the GAL and OAB for users to see changes as quickly as possible.

the 
# Update Global Adress List, so clients see changes to your address book
Get-GlobalAddressList | Update-GlobalAddressList
Get-OfflineAddressBook | Update-OfflineAddressBook
Get-AddressList | Update-AddressList

the

a Small comment:


In my firm we put this processing to a custom button in 1C. The personnel Department in the employee's profile puts the status to "Dismissed" and the script begins to work.

Thus, disabled users in the address book is almost impossible to see, and fired the employee immediately loses access to email. (If only off uchetku in Active Directory, check your mail, the employee may still, in line with our corporate policy is unacceptable).

I hope someone script will be useful. Thank you!
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Looking for books as you want

Изображение
this last week or two, as curious users can watch Russian search service on books from Google . However, the General public before the official announcement from Google itself remains in the dark. Meanwhile, already there is something to see and something to tell. Besides, Google has not gone unnoticed in Yandex, which last week began offering users with Store cards and the output presented there books. What, in turn, did not fail to say publicly. Let's take a closer look at what is offered book lovers the giants of the search. Let's start with Google. The California company offers us their traditional approach. Typing in the familiar search bar the title of the book, we get... well, what we will get, greatly depends on many factors. Mostly while where a book has been published. If it's a popular publication in the United States (as an example from reference service — exposing the social ills of America's best-selling book " Fast Food Nation "), the...
Далее...

Automatically create Liquibase migrations for PostgreSQL

Изображение
Working with Liquibase always brings confidence in the fact that the database objects are in the same condition in which you want it. It is this confidence and makes system migrations so popular databases. Today I want to tell you how to make using liquibase a bit easier. If you write a migration by hand, and your target database is PostgreSQL, then read this article, I am sure, the time spent on reading the article will be repaid with interest. I hope you already know how to work with Liquibase, so only two words describe how the system works. In order to make changes in the database, you need to create a migration file (changeset) that you need to specify in the file change log (changelog), after which the migration can be successfully applied to the target database. Undeniable and obvious benefit of this approach is the ability to rollback the changes. In my opinion, liquibase, there is only one drawback — the automatic rollback of changes only works only if the mi...
Далее...

Vkontakte sync with address book for iPhone. How it was done

Изображение
the Background application on androidphone when you install the application Vkontakte is possible to use it as a provider of contacts to synchronize the contacts from Facebook with contacts in your address book. In this case stretches the avatar, date of birth, address, phone numbers, etc. When I after prolonged use HTC Wildfire S rated and are so used to this that he wanted to find a similar to the iPhone. Not found, so we took it and made his own — Synchronizer VKontakte :) It was back in November of last year. The application was done fairly quickly — it uses quite a few functions of Vkontakte API and functionality with the address book of the iPhone. But when we started to deal with the automatic matching of contacts, it was fun. Compare head-on by name, last name and phone number was easy to do, easy, and worked through it quickly. But found only 20 percent of coincidences of the contacts from what is provider in Android. Of course, only direct hits do not sui...
Далее...