Email form automation

Question

Hey Support,

We receive employee requests via a request mailbox in Exchange. I am trying to get a termination request automated so we only have to approve the request in Adaxes (set an AccountExpirationDate). After their account expires I can get a scheduled task to deprovision expired accounts so that part is fine.

So we get a request that includes employee ID and termination date. I have written a powershell script to read the email in the mailbox and loop through and process the requests.

From 'Run a program or Powershell script' how do I submit for approval changing the AccountExpirationDate? I can use Set-AdmUser to update the AccountExpirationDate property but it appears to ignore any approval business rules.

Cheers.

Answer 1

Hello,

The thing is that when you use Adaxes PowerShell module cmdlets, operations on Active Directory objects can be performed either via the Adaxes Service, or by directly accessing Active Directory domain controllers. When using the Adaxes Service as a proxy, you benefit from Adaxes features, including triggering of Business Rules. When you access Active Directory domain controllers directly, Business Rules will not be triggered.

If you want an operation to be performed via the Adaxes Service, you need to specify the AdaxesService parameter for a cmdlet, for example:

Set-AdmUser -Identity johnSmith -AccountExpirationDate $expirationDate -AdaxesService localhost

Then, you can set up a Business Rule that is triggered before updating a user and that will submit any changes to the account expiration date for approval.

Comments

Hi Nodeblue,

I am interested in seeing your PowerShell Script that reads email messages.

We also receive notifications via email that are system generated so are always in the same format.

---

Second this

---

Why not just let them run a custom command from the self service that pushes an approval for the IT folks instead of sending an email that would need to be specifically formatted to be read problematically? We are pushing to delegate tasks out to our users to keep our AD up to date and it is allowing our help desk to spend more time on other tasks rather than dealing with a large stack of simple requests. Allow your HR to run a term process command or allow those that are managers and assigned to that attribute to run the term process. I am interested to hear if there are reasons to not do this other than job security and micro management. Adaxes is proving itself to be very powerful with its logging, delegating, scripting, and workflows, why not use it to its full ability?

---

Using Powershell and EWS you can read and process email.

You need the EWS Managed API (http://www.microsoft.com/en-us/download ... x?id=35371) installed for it to work. You will need to install this on your Adaxes server if you want read email from within Adaxes.

In the 'Connect to EWS' section please make sure you have the correct version of Exchange set (http://msdn.microsoft.com/en-us/library ... g.80).aspx).

# Exchange Server
$configExchangeServer = "exchange.domain.local"
# Exchange Mailbox, must have permissions to this mailbox such as Adaxes service account or you could use credentials
$configMailboxName = "itrequests@domain.local"
# Folder to move the processed emails to
$configProcessedFldr = "\Processed"

# Connect to EWS (Exchange Web Services)
[Reflection.Assembly]::LoadFile("C:\Program Files\Microsoft\Exchange\Web Services\2.0\Microsoft.Exchange.WebServices.dll") | Out-Null
$s = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP2)
$s.Url = new-object Uri("https://" + $configExchangeServer + "/ews/exchange.asmx")

# Since we are using a custom folder we have to search for it
$PathToSearch = $configProcessedFldr
$rootFolder = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::MsgFolderRoot,$configMailboxName)   
$tfTargetFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($s,$rootFolder)  
#Split the Search path into an array  
$fldArray = $PathToSearch.Split("\") 
#Loop through the Split Array and do a Search for each level of folder 
for ($lint = 1; $lint -lt $fldArray.Length; $lint++) { 
    #Perform search based on the displayname of each folder level 
    $fvFolderView = new-object Microsoft.Exchange.WebServices.Data.FolderView(1) 
    $SfSearchFilter = new-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo([Microsoft.Exchange.WebServices.Data.FolderSchema]::DisplayName,$fldArray[$lint]) 
    $findFolderResults = $s.FindFolders($tfTargetFolder.Id,$SfSearchFilter,$fvFolderView) 
    if ($findFolderResults.TotalCount -gt 0){ 
        foreach($folder in $findFolderResults.Folders){ 
            $tfTargetFolder = $folder                
        } 
    } 
    else{ 
        $tfTargetFolder = $null  
        break  
    }     
}  

# Open Inbox
$mailbox = New-Object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox,$configMailboxName)
$inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($s,$mailbox)

# Grab 10 of the latest emails
$mails = $inbox.FindItems(10) 
$mails | % {$_.Load()}

# Restrict emails based on Subject
$requests = $mails | Where {$_.ConversationTopic -like "Some Sort Of Request*"}

# Loop through each email and process
foreach ($mail in $requests)
{

    # Body text of email
    $body = $mail.body.ToString()
    $subject = $mail.ConversationTopic

    # Process Email...

    # Move email to processed folder
    $mail.Move($tfTargetFolder.Id)
}

Additional Info:
http://gsexdev.blogspot.com.au/2012/01/ ... ow-to.html
http://gsexdev.blogspot.com.au/2012/01/ ... to_23.html

---

Why not just let them run a custom command from the self service that pushes an approval for the IT folks instead of sending an email that would need to be specifically formatted to be read problematically? ... Adaxes is proving itself to be very powerful with its logging, delegating, scripting, and workflows, why not use it to its full ability?

We will be looking to move the workflow to Adaxes but at present we already have workflows in place with forms that get send via email. The form results are using HTML tables which is quite easy to extract.

Get table data into hashtable ($hashData):

# match text between td (table data) html tags
$results = [Regex]::Matches($bodyText, '(?i)<td[^>]*>(.*)</td>')

$i = 0
$hashData = @{}

# Add Subject entry
$hashData.Add("Subject", $mail.ConversationTopic)

# The results from the regex will have all names and values alternating, loop through and alternate between name and value pairs

foreach ($result in $results)
{
    # alternate rows
    if($i -eq 0)
    {
        # Store the name to be matched up to the next result
        $hashName = $result.Groups[1].Value
        # i = 1, next result will be the value
        $i++
    } 
    else
    {
        # We have the name from last result, add to hash table
        $hashData.Add($hashName, $result.Groups[1].Value)
        # i = 0, start over, next result will be the name
        $i--
    }

}

---

Thanks Nodeblue!

We are in the same situation where we may eventually move the workflow to HR, but for now we would be maintaining control.

Our email notifications are also in a set format as they are system generated, so the data should be parsable.

Kind of busy now, but I will try to test this out later.