zoukankan      html  css  js  c++  java
  • [Quest ActiveRoles Management Shell for Active Directory] QADProxyAddress BUG!!!

    I don't know it's a known bug or not, anyway I couldn't run QADProxyAddress related cmdlets.

    Welcome email to: larry.song@outlook.com

    The thing is,

    My company used to have many different SMTP domains due to business requirement, now we want those additional SMTP domains removed. We are using Quest ARServer for AD management, so actually my account doesn't have any native permissions to Active directory, all the AD modifications, I have to use the ARS console, a good thing is Quest published corresponding powershell module, make us process batch jobs by scripting or command.

    Again, the scripting thing fall onto my shoulder.

    Launch ISE, coding, for myself, scripting or we say programming, the kernel codes must NOT in the first place, logging function is the most important, cause once the scripts ran, the only thing can help us debugging is logs.

    Back to the title, the coding is really not complex, according to the schedule of project team, they provide me users list by batchly, what i need to do is read the user list, retrieve user's ID, and use Get-QADUser cmdlet to get user's object from AD, parse the proxyaddress strings, see if any matches, if no, skip process the user, if yes, save the matches, and use Remove-QADProxyAddress cmdlet to remove them. Simply, right?

    On the way of coding, I would like to use my own account to do a testing, see how Remove-QADProxyAddress cmdlet works.

    WTH, what's this error? What's going on? why?

    I am quite sure I can do the same process via ARS GUI console, I am very sure I don't need to setup primary address for each address type. So I tried to search online, found below one guys posted the same bug on Dell community (Quest was bought by Dell in 2012). It's between 2 years after the post, seems no one care about it.

    http://en.community.dell.com/techcenter/powergui/f/4834/t/19574623.aspx

    My company is using ARS 6.7.0, the corresponding powershell module is 1.5.1, the latest ARS is 6.8.0, maybe the bug already fixed in the latest release, but I can't use because client and servers must match versions for each other, otherwise, will get refused information.

    What to do now? Actually the problem is simply, several QADProxyAddress cmdlets will check every address types, each type must have a primary address defined. But, try to setup primary for each address type now is too late, becuase if there are over 2 types without primary address, when we do primary for 1 of them, the cmdlet will report other type(s) have no primary. for example, below screenshot shows SIP and X500 have no primary address, when i run cmdlet to fix SIP, the cmdlet will report X500 with no primary error, truely hell.

    Anyway i had made the promise to the project manager, so shame if i quit rightnow.

    Summaries, first, my AD account doesn't have real permissions to AD, ARS powershell has such kind of bug, at last I get Exchange 2010, I knew my account has permissions on mailboxes, so if mailbox has the same address property, i can do the job by exchange cmdlets.

    So I launch Exchange, open powershell, use Get-Mailbox | fl *, bingo, same property appeared, I try to use Set-Mailbox cmdlet to change the property, and yes, it was succeed, so, I get it, below script borned to remove desired address domains.

    . 'D:Program FilesMicrosoftExchange Serverv14inRemoteExchange.ps1'
    Connect-ExchangeServer -auto
    
    $users = cat '.Process.list.txt' | ?{$_} | %{$_.Trim()}
    $addressToRemove = 'regular expression'
    
    $Date = Get-Date
    $strDate = $Date.ToString('yyyy-MM-dd')
    $strLogFile = "$strDate.log"
    
    function Add-Log{
        PARAM(
            [String]$Path,
            [String]$Value,
            [String]$Type
        )
        $Type = $Type.ToUpper()
        Write-Host "$((Get-Date).ToString('[HH:mm:ss] '))[$Type] $Value"
        if($Path){
            Add-Content -Path $Path -Value "$((Get-Date).ToString('[HH:mm:ss] '))[$Type] $Value"
        }
    }
    
    $Total = $users.Count
    Add-Log -Path $strLogFile -Value "Users count: [$Total]" -Type Info
    
    $users | %{$Processed = 0}{
        $Processed++
        Add-Log -Path $strLogFile -Value "Processing: [$Processed/$Total][$_]" -Type Info
        $mailbox = $null
        $mailbox = Get-Mailbox -Identity $_
        if(!$mailbox)
        {
            Add-Log -Path $strLogFile -Value "Failed to get user's mailbox" -Type Error
            return
        }
        Add-Log -Path $strLogFile -Value "All 1: [$(($mailbox.EmailAddresses | %{$_.ProxyAddressString}) -join '], [')]" -Type Info
        $addresses = $mailbox.EmailAddresses | ?{$_.Prefix.DisplayName -eq 'SMTP'} | %{$_.SmtpAddress}
        $addressMatch = $null
        $addressMatch = $addresses -imatch $addressToRemove
        if($addressMatch)
        {
            Add-Log -Path $strLogFile -Value "Matched: [$($addressMatch -join '], [')]" -Type Info
            $mailbox | Set-Mailbox -EmailAddresses @{remove=$addressMatch} -ErrorAction:SilentlyContinue
            if(!$?)
            {
                Add-Log -Path $strLogFile -Value 'Remove address failed, cause:' -Type Error
                Add-Log -Path $strLogFile -Value $Error[0] -Type Error
            }
            $mailbox = Get-Mailbox -Identity $_
            Add-Log -Path $strLogFile -Value "All 2: [$(($mailbox.EmailAddresses | %{$_.ProxyAddressString}) -join '], [')]" -Type Info
        }
        else
        {
            Add-Log -Path $strLogFile -Value "No SMTP address matched, move to next." -Type Info
            return
        }
    }
  • 相关阅读:
    windows环境下ElasticSearch6 安装head插件
    画流程图挺好的软件---visio
    Spring AOP使用注解记录用户操作日志
    通用mapper版+SpringBoot+MyBatis框架+mysql数据库的整合
    chrony 时间同步服务器
    Python面试题
    新认知丨认知信念决定学习能力
    Ubuntu18、Ubuntu16、Ubuntu14更新源
    让人头疼的时候最有创造力
    安卓学习(2)
  • 原文地址:https://www.cnblogs.com/LarryAtCNBlog/p/3923882.html
Copyright © 2011-2022 走看看