3304Managing Your Exchange 5.5 Enterprise Using Windows Script Host

1
Managing Your Exchange 5.5 Enterprise Using
Windows Script Host Stephen Campbell Anjura
Technology Corporation stephen.campbell_at_anjura.com
http//www.marchview.com/mec99
2
(No Transcript)
3
Topics

• Windows Script Host
• ADSI and ADO and Admin
• Navigating your Organization
• Retrieving/Changing registry entries
• Retrieving/Changing directory entries
• Exchange Services
• Managing Platinum Servers (Briefly!)

4
Why Management Scripts?

• Repeatable
• Can be delegated
• Time savings
• Perhaps
• or 3rd Party Management/Inventory
• e.g., Messagewise (2MA, InLook)

5
Windows Script Host

• A wrapper for scripting engines
• Visual Basic Scripting Edition, JavaScript,
  ltothersgt
• Exposes some objects that are oriented to the
  computer
• Registry, Environment, Desktop, Network
• WScript and CScript
• Interpreted ? slow
• but simple
• Installed with Windows NT 4.0 Option Pack

6
WSH Development Environment

• Powered by Notepad
• Visual Studio/Visual InterDev
• Script Debugger
• VBScript versus JScript
• VBScript Basic syntax, less stringent,
  functions (MsgBox, InputBox)
• JScript Java-like, stringent, portable

7
Useful Objects

• Windows Scripting Host
• WScript - arguments, messages
• WShell - local registry, launch, environment,
  desktop
• VBScript/JScript
• FileSystemObject
• file and folder manipulation
• Err

8
WSH Can Use Any Object

• Excel/Word
• Collect and process data
• Write reports
• CDO/CDONTS
• Read/write messages
• Create and load public folders
• ADO
• Read or write databases including DS
• Internet Information Server/SQL Management
  Objects

9
Windows Script Host 2.0

• Windows 2000
• .WS File
• Separate Jobs in one .WS
• Includes
• Multiple Scripting Languages per job
• Can use XML Editor
• .WSH File
• Script Options for corresponding .WS, .VBS or .JS
  script

10
Directory Access

• Admin
• LDAP
• Standards-based protocol
• ADSI
• Generic Directory Access objects
• Read and write attributes
• Windows NT, Netware, LDAP back ends
• ADO
• Read Directory objects/attributes

11
Using Admin

• Create CSV Template File
• Create INI Control File
• Shell to Admin /E
• Read the CSV Result
• Take required action
• Create another CSV, INI
• Shell to Admin /I

12
Using Admin

• Open a File System Object
• CreateObject(Scripting.FileSystemObject)
• Open the file
• objFS.CreateTextFile(strCSVFile,True)
• Write lines
• objCSVFile.WriteLine(obj-class,)
• objCSVFile.Close
• Run export
• objShell.run(admin /E ...,1,True)

13
Exchange Windows 2000

• Active Directory is already using LDAP ports 389
  and 637 (SSL)
• Change 389 in Exchange
• Configuration, Protocols, LDAP
• Change 637 (See Q232606)
• SP3
• Admin /r
• Configuration, Protocols, LDAP
• Incoming-Msg-Size-Limit

14
Demo Read and Set LDAP Ports using Admin
15
Manage The Organization

• Find all servers and/or sites
• Perform some action
• Mailbox quota
• Directory Replication schedule
• Diagnostic logging

16
LDAP Paths

• Directory Access
• LDAP//ltservergtltportgt/ltobjectgt
• Server DNS, NetBIOS or IP
• Port 389 (SSL637)

LDAP//SABER/OANJURA/OUMARCHVIEW/CNCONFIGURATIO
N /CNSERVERS/CNACER2000 /CNMICROSOFT PRIVATE
MDB LDAP//acer2000.marchview.com8389/ cnmicros
oft private mdb, cnacer2000, cnservers,
cnconfiguration, oumarchview, oanjura
17
ADSI Commands

• GetObject(ltpathgt),.OpenDSObject(ltpathgt, ltusergt,
  ltpasswordgt,ltauthenticationgt)
• Get an LDAP object
• oItem.Get(ltattributegt), .GetEx()
• Get the Value of an attribute
• oItem.Put(ltattributegt), .PutEx()
• Set or clear the value of an attribute
• oItem.SetInfo

18
Find All Servers with ADSI

• Point to any server in the site
• Use ADSI/LDAP (must be installed)

Set objOrgGetObject(LDAP//ltservergtltportgt) For
Each objSite in objOrg Set objServersobjMyIAD
s.OpenDSObject( LDAP//ltservergt/oltOrggt/oult
Sitegt /cnConfiguration/cnServers,
dcltdomaingt, cnltuseridgt,ltpassgt,1) For Each
objServer in objServers Record or act on
objServer.Name, objSite.Name NextNext
19
ADO Queries LDAP

• LDAP Syntax (RFC-1960)
• ltbasegtfilterfieldsscope
• Base
• LDAP Path of starting point inside ltgt
• Filter
• (fieldvalue)
• ((fieldvalue)(fieldvalue))
• means all, Use \2a to select character
• ! gt lt

20
ADO Queries LDAP

• Fields
• Separated by commas
• Case-sensitive
• Schema Attributes Description field
• Scope
• base, onelevel, subtree

ltLDAP//power28389gt ((objectClassRFC1006-X40
0-Link) (Admin-Display-Name\2a))
adspath,Admin-Display-Namesubtree
21
ADO Queries SQL Syntax

• SELECT fields FROM base WHERE filter

SELECT rdn,adspath FROM 'LDAP//power2' WHERE
objectClass'Computer'

• Default Scope is subtree
• Or create a command and set its SearchScope
  property

Set objCommand CreateObject("ADODB.Command") Set
objCommand.ActiveConnection objADOConn objComma
nd.Properties(SearchScope)0 Base Set
objRSobjCommand.Execute

• Fields are returned in reverse order

22
Find All Servers With ADO

• Point to any server in the site
• Use ADSI/LDAP with ADO

Set objConnCreateObject(ADODB.Connection) objCo
nn.Provider"ADSDSOObject objConn.Open My
Connection Set objRSobjConn.OpenRecordSet(
ltLDAP//ltservergt(objectClasscomputer)
adspath,rdnsubtreegt) While not objRS.EOF
Record or act on objRS.Fields(0) wend objRS.Close
23
Demo Find servers using ADSI and ADO
24
Change Quota

• Change the Quotas using ADSI
• Use ADO to read attributes
• Cant .GET if bit 3 of Heuristics for that
  attribute1 (Operational attribute)

SET objPrivobjMyIADs.GetObject(
"LDAP//ltservergt/oltorggt/oultsitegt
/cnConfiguration/cnServers/cnltservergt
/cnMicrosoft Private MDB) objPriv.GetInfo objPri
v.Put "MDB-Storage-Quota",CLng(lngWarning)
objPriv.Put "MDB-Over-Quota-Limit",CLng(lngNoSend
) objPriv.Put "DXA-Task",CLng(lngNoReceive) objPr
iv.SetInfo
25
Demo Server quotas
26
Registry Access

• Circular logging is a registry change
• HKLM\CCS\Services\MSExchangeIS\ParametersSystem\C
  ircular Logging0
• HKLM\CCS\Services\MSExchangeDS\Parameters\Circula
  r Logging0

Set oRegShell WScript.CreateObject("WScript.Shell
") iRegValueoRegShell.RegWrite(
"HKLM\System\CurrentControlSet\Services
\MSExchangeDS\Parameters\Circular Logging", 0,
"REG_DWORD")
27
Registry Access

• WShell.RegWrite is local only
• Use IISSample.RegistryAccess for network access

set objRegCreateObject("IISSample.RegistryAccess"
) objReg.Get("\\POWER\HKLM\Software\Microsoft\Exch
ange") objReg.Set \\POWER\HKLM\System\CurrentCont
rolSet\ Services\MSExchangeDS\Parameters\Circula
r Logging, 0, True
28
Demo Registry Access
29
Managing NT Services

• ADSI to access Services and Status
• NT4 Use WinNT
• W2000 Use WinNT or LDAP
• Objects under Computer (with users, print queues,
  etc)

set objServerGetObject("WinNT//ltservergt,computer
") for each objService in objServer if
objService.Class "Service" then
wscript.echo objService.DisplayName Next Set
objServiceGetObject( WinNT//ltservergt/MSExchang
eDS,Service)
30
Managing NT Services

• Service Object
• .Name, .DisplayName, .ServiceAccount, .StartType,
  .StartupParameters, .HostComputer, .Path
• ServiceOperations Object
• .Status
• .Start, .Stop, .Pause, .Continue, .SetPassword

31
Demo Managing NT Services
32
Public Store

• Hidden Object

SET objLDAPGetObject("LDAP") SET
objPubobjLDAP.OpenDSObject(
"LDAP//ltservergt/oltorggt/oultsitegt
/cnConfiguration/cnServers/cnltservergt
/cnMicrosoft Public MDB", "dcltdomaingt,
cnltusergt, cnadmin",0)
33
Schedules

• Activation-Style
• 0-Never, 1-Selected Times, 2-Always
• Activation-Schedule
• 168 characters(7 of 24 chars)
• 0-9,A-F bit mask
• GMT!!

00F0000000000000000000000000500000800000F00000F0
0000500000800000F00000F0
34
Things to Check

• Circular Logging (Registry)
• Diagnostic Levels (Registry)
• Quotas Server/Mailbox (DS)
• Protocols Enabled? (DS)
• Connector Schedules (DS)
• Routing (DS)
• Disk Consumption (Registry, FileSystem)
• Permissions (DS)

35
Caveats/Notes

• Admin does more than change directory and
  registry
• Site addressing, permissions
• Test!! before implementing
• Assess cost to develop and test
• Admin versus ADSI
• Admin does security, straightforward translation
  from Raw properties
• ADSI easier to get information
• Assess 3rd party solutions

36
Managing Exchange 2000

• Everything is in the directory and can be
  retrieved using LDAP
• Platinum specific items are implemented as custom
  classes and attributes
• W2000 Resource Kit includes Schema snap-in for
  MMC
• All of the Windows 2000 facilities
• MMC

37
Managing Exchange 2000

• Exchange Management Objects (EMO)
• Provide simple access to common tasks
• CDOEXM.MailboxStore
• Quotas, Garbage collection, delegates, HomeMDB
• .CreateMailbox, .MoveMailbox, .DeleteMailbox
• CDOEXM.MailRecipient
• Forward rules, proxy addresses, message size
  limits, allow/deny recipients
• .MailEnable, .MailDisable
• More coming

38
For More Information

• WSH
• http//msdn.microsoft.com/scripting/
• ADSI
• MSDN, Platform SDK
• http//www.15seconds.com/
• Schema (Objects, Attributes)
• schema.csv, admin -r, Technet, MSDN
• MEC!

39
(No Transcript)