0 votes

Can you assist with a script to create non-user mailboxes, such as Resource Mailboxes or Shared Mailboxes?

by (2.7k points)
0

Michael,

Our script guy is already working on the required scripts. I'll update this topic as soon as he comes up with something.

1 Answer

0 votes
by (215k points)

Hello Michael,

Find the required scripts below.

Note that Resource Mailboxes and Shared Mailboxes are also represented as disabled user accounts in Active Directory. So, if you want to create Resource and Shared Mailboxes with Adaxes, you can create a customized Create User Home Page Actions for your Adaxes Web Interface. In those Home Page actions you can set a certain property of that user account to a certain predefined value. Then, you can create a Business Rule that will be triggered After Creating a User and check the value of the property that you chose, and if it equals to the predefined value, launch the required script that will create a user or resource mailbox. For this purpose you can use one of the Adaxes virtual properties, for example, CustomAttributeText1. Adaxes virtual properties are not stored in Active Directory, but you may use them as any other property of directory objects.

To create such a Home Page Action:

  1. On the computer, where your Web Interface is installed, start the Web Interface Customization tool.
  2. In the Interface type drop-down list, select the Web Interface you want to configure.
  3. Activate the General tab, select the Actions pane option, and click Configure Home Page Actions.
  4. In the dialog box that appears, click Add...
  5. On the 1st step of the Add Home Page Action wizard that appears, select Create and choose User from the associated drop-down list.
  6. On the 4th step of the wizard, click Add in the Predefined Fields section.
  7. In the Add Default Property Value dialog box that appears, select Show all properties and choose an Adaxes virtual property in the Property name field, for example, CustomAttributeText1.
  8. Type the text that will trigger execution of the script in your Business Rule (for example, Create Resource Mailbox or Create Shared Mailbox) and then click OK.
  9. Also, you may want to use a different form for creating resource and shared mailboxes than the one that you use for creating normal users. See Step 4 in the Create New Object section of the Configure Home Page Actions Tutorial for instructions on how to do this.

To create the Business Rule that will create the mailboxes:

  1. Create a new Business Rule.
  2. On the 2nd step of the Create Business Rule wizard, select After Creating a User.
  3. On the 3rd step, add the Run a program or PowerShell script and paste the required script. For scripts, see Provision shared and room mailboxes in our Script Repository.
  4. Type a short description for the script and click OK.
  5. Click the Add Action button.
  6. In the dialog box that appears, select the Update User action and click Add...
  7. Open the drop-down list of the Property to modify field and select Show all properties.
  8. Select the property that serves as the trigger for the script and that you chose on the 7th step of creating the Home Page Action.
  9. Switch the radio button to Remove property.
  10. Click OK. This will remove the property as we no longer need it.
  11. Click the Add Condition button.
  12. In the dialog box that appears, select the If <property> <relation> <value> condition.
  13. In the <property> drop-down list, select Show all properties and select the virtual property that you chose as the trigger for the script and that you chose on the 7th step of creating the Home Page Action.
  14. Select equals and type the trigger text that you typed on the 8th step of creating the Home Page Action.
0

Still receiving the following error message.

The operation couldn't be performed because object 'mydomain.com/Adaxes/adaxes resource mb3' couldn't be found on 'DC5.mydomain.com'. Cannot process argument transformation on parameter 'ResourceDelegates'. Cannot convert value "System.Collections.ArrayList" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter[]". Error: "Cannot convert the "adaxes testuser2" value of type "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter"."

0

Hello,

To help us troubleshoot the issue, can you answer, is DC5.mydomain.com a global catalog?

0

It is a global catalog. I ended up getting past the previous error message with some slight script modification and by inserting a Start-Sleep command to deley the script by 60 seconds. Now the resource mailbox is getting created successfully, however I am still receiving the following error and resource delegates fail to get assigned.

Cannot open mailbox /o=my org/ou=Exchange Administrative Group (FYDIB0LF23SPDLT)/cn=Configuration/cn=Servers/cn=MBX1/cn=Microsoft System Attendant.

Here is an updated copy of my script:

$exchangeServer = "myexchangeserver.com" # TODO: Modify me

try
{
    $usersIdentity = ($Context.TargetObject.Get("adm-CustomAttributeText8")).Split(',')
}
catch
{
    $Context.LogMessage("No users to grant Delegates permissions to", "Error") # TODO: modify me
    $usersIdentity = $NULL
}

# Disable the Target User
$targetUser = $Context.BindToObject($Context.TargetObject.AdsPath)
$targetUser.AccountDisabled = $True
$targetUser.SetInfo()

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

$session = new-pssession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Start-Sleep -s 60

Enable-Mailbox -Identity '%userPrincipalName%' -DomainController $domainControllerFQDN -Room

$resourceMailBox = Get-MailBox -Identity '%userPrincipalName%' -DomainController $domainControllerFQDN | Select-Object DistinguishedName
if ($usersIdentity -ne $NULL)
{
   foreach ($userIdentity in $usersIdentity)
    { 
        Set-CalendarProcessing -Identity $resourceMailBox.DistinguishedName -ResourceDelegates $usersIdentity -DomainController $domainControllerFQDN
    }
}
Remove-PSSession -Session $session
0

Hello,

The error The operation couldn't be performed because object 'mydomain.com/Adaxes/adaxes resource mb3' couldn't be found on 'DC5.mydomain.com'. is caused by delays in replication, and inserting Start-Sleep commands that give some time for replication to complete is a good choice in this case. However the time interval that you chose, 60 seconds, is, probably, too much. We reduced it to 10 seconds, which should be quite enough.

The error Cannot open mailbox /o=my org/ou=Exchange Administrative Group (FYDIB0LF23SPDLT)/cn=Configuration/cn=Servers/cn=MBX1/cn=Microsoft System Attendant. is also caused by replication. The thing is that the Set-CalendarProcessing cmdlet uses the nearest available DC to write information to Active Directory, and that specific DC may not have enough time to replicate information that a mailbox has already been created for the user.To remedy the issue, we inserted one more Start-Sleep command before calling this cmdlet.

If any of these errors still persist, try increasing the time intervals for the Start-Sleep commands.

Here's our modified version of the script:

$exchangeServer = "ExchangeServer.com" # TODO: Modify me

try
{
    $usersIdentity = ($Context.TargetObject.Get("adm-CustomAttributeText8")).Split(',')
}
catch
{
    $Context.LogMessage("No users to grant Delegates permissions to", "Error") # TODO: modify me
    $usersIdentity = $NULL
}

# Disable the Target User
$targetUser = $Context.BindToObject($Context.TargetObject.AdsPath)
$targetUser.AccountDisabled = $True
$targetUser.SetInfo()

$domainName = $Context.GetObjectDomain("%distinguishedName%")
$rootDSE = $Context.BindToObject("Adaxes://$domainName/rootDSE")
$domainControllerFQDN = $rootDSE.Get("dnsHostName")

Start-Sleep -s 10

$session = new-pssession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Enable-Mailbox -Identity '%distinguishedName%' -DomainController $domainControllerFQDN -Room

Start-Sleep -s 30

if ($usersIdentity -ne $NULL)
{
    for ($i = 0; $i -lt $usersIdentity.Length; $i++)
    {
        $usersIdentity[$i] = $usersIdentity[$i].Trim()
    }

    Set-CalendarProcessing -Identity '%distinguishedName%' -ResourceDelegates $usersIdentity -DomainController $domainControllerFQDN
}
Remove-PSSession -Session $session
0

Thank you. I was able to get it working after my previous post by implementing the additional Start-Sleep command after the "Enable-Mailbox" section of the script.

Related questions

0 votes
1 answer

Hi there. I'm trying to work out the best way to create a shared mailbox, which will automatically create a group based on the shared mailbox name, and then add ... the delegation of the shared mailbox. Any advice/scripts etc will be much appreciated. Thanks

asked Aug 27, 2014 by ColinB (1.3k points)
0 votes
1 answer

We have internal AD that syncs to o365 via Azure AD Connect. It is not a hybrid environment; there is no Exchange on site. I am trying to find the best way to use Adaxes to ... so I am not sure the best way to handle that. Thanks for any help you can provide.

asked Apr 15, 2020 by Jasonmh (2.8k points)
0 votes
1 answer

It's possible to integrate ADAXES with HR Solution to create user in active directory ?

asked Feb 14, 2020 by babid (250 points)
0 votes
1 answer

I recently upgraded to version 2013.1 and since then a create user action on my help desk website no longer adds the @domainname.com to the User logon name field. ... there Exchange will not create the mailbox. Any help with this issue is appreciated. Thanks

asked May 13, 2013 by bemho (3.8k points)
0 votes
1 answer

We are still using version 2017.2, because otherwise we can no longer authorize with smart cards. Is it still possible to connect Adaxes with Azur?

asked Oct 12, 2020 by Johann Ihnen (500 points)
2,466 questions
2,215 answers
5,950 comments
335,349 users