EXC18 Iron Chef: Using Powershell with Exchange 2003

1
EXC18 Iron Chef Using Powershell with Exchange
2003

• Devin L. Ganger (3Sharp LLC) deving_at_3sharp.com
• (e)Mail Insecurity http//blogs.3sharp.com/blog/d
  eving/

2
Download the most up-to-date version of these
slides athttp//www.3sharp.com/files/deving/exc1
8-ganger-s07.ppt
3
Using PowerShell with Exchange

• PowerShell built on .NET Framework 2.0
• PowerShell provides basic capabilities
• File
• Registry
• Services
• Event logs
• ADSI
• WMI
• COM objects
• Exchange 2007 Management Shell built as a
  PowerShell 1.0 snap-in

4
Whats missing?

• No AD provider
• No native understanding of Exchange objects
• Wrappers around ADSI objects can obscure how to
  directly use them within PowerShell
• Conclusion youll be doing a lot of direct
  translation of existing ADSI, WMI and COM scripts
  into PowerShell equivalents

5
Why bother?

• Existing cmdlets reduce the amount of scripting
  you need to write
• Import-
• Export-
• Integrated file, registry, service, and event log
  handling done easily
• Object support
• Use collections, Foreach-Object, Where-Object,
  other cmdlets to bring native PowerShell
  capabilities to bear on your script

6
Credentials in PowerShell

• SecureString
• .NET type to safely store passwords in memory
• Use Get-Host cmdlet to accept input into a
  SecureString and store it as a variable
• Other cmdlets use the variable to populate
  theirPassword parameter
• Get-Credentials
• Pops up dialog to gather credential set
• Access credentials as a single object, or by
  individual property

7
VBScript with ADSI

• Recipe 5.3, Removing a Mailbox for an Existing
  User
• strDCName"exc18"
• strUserName"/cnLee Adama,ouPegasus,ouMilitary,
  dc12colonies,dcgov"
• ' find the target user
• strQuery"LDAP//" strDCName strUserName
• Set theUser GetObject(strQuery)
• strUser theUser.sAMAccountName
• if (theuser.HomeMDB "") then
• Wscript.Echo strUser " doesn't have a mailbox"
• else
• theuser.DeleteMailbox
• theuser.SetInfo
• WScript.Echo "Deleted mailbox for " strUser
• end if

8
PowerShell with ADSI

• DCName"exc18"
• UserName"/cnLee Adama,ouPegasus,ouMilitary,dc
  12colonies,dcgov
• Query"LDAP//" DCName UserName
• User ADSI Query
• UserName User.sAMAccountName
• if (User.HomeMDB -eq null )
• Write-Host UserName "doesn't have a mailbox"
• else
• User.DeleteMailbox
• User.SetInfo
• Write-Host "Deleted mailbox for" UserName

9
VBScript with WMI

• Recipe 5.8, Determining the Size of a Mailbox
• strComputerName "exc18"
• strWMIQuery "winmgmts//" strComputerName
  "/root/MicrosoftExchangeV2"
• ' Find each mailbox on the target server and
  report their
• ' item counts and sizes
• Set mboxList GetObject(strWMIQuery).InstancesOf(
  "Exchange_Mailbox")
• For each mailbox in mboxList
• strOutput ""
• strOutput "Mailbox " mailbox.MailboxDispla
  yName
• strOutput strOutput " " mailbox.Size
  "KB in " mailbox.TotalItems " items"
• WScript.Echo strOutput
• Next

10
PowerShell with WMI

• Computer "exc18"
• Mailboxes Get-Wmiobject -class
  "Exchange_Mailbox -computer Computer -namespace
  root\MicrosoftExchangeV2
• Foreach (Mailbox in Mailboxes)
• Write-Host "Mailbox" Mailbox.MailboxDisplayName
  " " Mailbox.Size "KB in " Mailbox.TotalItems
  " items"

11
VBScript with COM

• Recipe 6.7, Mounting a Database
• strServername "exc18"
• strMDBName "GalacticaMDB"
• Set theServer CreateObject("CDOEXM.ExchangeServe
  r")
• Set theMDB CreateObject("CDOEXM.MailboxStoreDB")
  
• theServer.DataSource.Open strServerName
• arrSG theServer.StorageGroups
• theFirstSG arrSG(0)
• strURL "LDAP//" theServer.DirectoryServer
  "/cn" strMDBName "," theFirstSG
• theMDB.DataSource.Open strURL
• theMDB.Mount
• WScript.Echo "Database mounted."

12
PowerShell with COM

• Server "exc18"
• MDB "GalacticaMDB"
• objServer New-Object -com CDOEXM.ExchangeServer
  
• objServer.DataSource.Open(Server)
• URL "LDAP//" objServer.DirectoryServer
  "/cn" MDB "," objServer.StorageGroups0
• objMDB New-Object -com CDOEXM.MailboxStoreDB
• objMDB.DataSource.Open(URL)
• objMDB.Mount()
• Write-Host "Database" MDB "mounted."

13
Example Setting recipient limits

• Global recipient limits vs. per-user recipient
  limits
• Me 20MB limit
• Everyone else 10MB limit

14
Setting recipient limits in PowerShell

• dsNew-Object DirectoryServices.DirectorySearcher
  
• ds.Filter"((objectcategoryperson)(objectclass
  user))"
• AllUsersds.FindAll()
• Foreach-Object (User in AllUsers)
• oUserUser.GetDirectoryEntry()
• if (oUser.sAMAccountName -ne "deving")
• oUser.Put("delivcontlength", "10240")
• oUser.SetInfo()
• oUser.psbase.RefreshCache()
• oUser select displayname,delivcontlength

15
Additional Help

• Quest ActiveRoles Management Shell for Active
  Directory Version 1.0 Betahttp//www.quest.com/a
  ctiveroles_server/arms.aspx
• Provides following cmdlets
• Connect-QADService
• Disconnect-QADService
• Get-QADUser
• Set-QADUser
• New-QADUser
• Add-QADGroupMember
• Remove-QADGroupMember
• New-QADGroup

16
Resources

• Windows PowerShell TFM
• Don Jones Jeffery Hicks
• SAPIEN Press
• ISBN 0-9776597-2-0

• Windows PowerShell in Action
• Bruce Payette
• Manning Publications
• ISBN 1932394-90-7

17
Questions?