Enabling Debug…
Some administrators like to create debug on the fly. When they fix the issue then they edit the script and comment out the line. Sometimes I do that as well. However, in this script, we will use the debug switch that can be enabled or disabled from the command line to give more information without the need to go back to the code.In order to enable debug we will add two lines in the first block of the script. The first line will be a third option when running the script, and the second line will be a variable $vDebug which has the value of –WarningAction SilentlyContinue. This is to avoid those warning messages when the user already has the value and there was no change.
$DebugMode = $args[2]
$vDebug = " -WarningAction SilentlyContinue"
If we want to use the debug mode, we need to add a third ($True) parameter when running the script.$vDebug = " -WarningAction SilentlyContinue"
.\Assign-Profile.ps1 mailbox profile $True
Before you start reading the ex.info file we will display information about the account parameters entered and if the debug option was requested, then we will clear the value of $vDebug which will inform us about any warning issues during the execution of the cmdlets.
If ($DebugMode -eq $True) {
Write-Host "==General Settings======="
Write-Host "Mailbox Name......:" $vMailbox
Write-Host "Current Profile...:" $vProfile
$vDebug = ""
Write-Host "==Cmdlet Actions======="
} Else {
Write-Host "Modifying... " $vMailbox
}
In the heart of our script where we perform modifications to the
mailbox, we added a line to write on the console what will be executed
by Invoke-Expression(). It is exactly the same thing but we print that
out on the console. The last addition was the $vDebug at the end of the
Invoke-Expression.Write-Host "==General Settings======="
Write-Host "Mailbox Name......:" $vMailbox
Write-Host "Current Profile...:" $vProfile
$vDebug = ""
Write-Host "==Cmdlet Actions======="
} Else {
Write-Host "Modifying... " $vMailbox
}
If ($tValid -eq $True) {
If ($DebugMode -eq $True) { Write-Host "Cmdlet....:" ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug) }
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
Time for the initial test, when we execute the script in normal conditions the result will be similar to Figure 01.If ($DebugMode -eq $True) { Write-Host "Cmdlet....:" ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug) }
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
Figure 01
If we use the $True as third parameter, then we have all cmdlets that are being performed and all debug information, as shown in Figure 02.
Figure 02
Putting all pieces together... The final Script…
Time to wrap up everything done so far and put all pieces together. This script assigns a profile to an existent mailbox.
$vMailbox = $args[0]
$vProfile = $args[1].ToUpper()
$DebugMode = $args[2]
$vDebug = " -WarningAction SilentlyContinue"
#Validation…
$tPath = Test-Path C:\ExUtil\Scripts\EX.info
If ($tPath -eq $True) {
$vFile = import-csv C:\EXUtil\Scripts\EX.info
} Else {
Write-Warning "The file containing all Exchange Profile rules was not found."
Break;
}
If (($args[0] -eq $null ) -or ($args[1] -eq $null)){
Write-Warning "You need to provide a mailbox and profile."
Write-Warning "Example: Assign-Profile.ps1 Anderson Gold"
Break;
}
If (((Get-Mailbox -Identity $vMailbox -ErrorAction 'SilentlyContinue').IsValid) -eq $null) {
Write-Warning "The specified Mailbox cannot be found."
Break;
}
If ( ($vProfile -ne "GOLD") -and ($vProfile -ne "BRONZE") -and ($vProfile -ne "SILVER") ) {
Write-Warning "Use a valid profile!!"
Write-Warning "Possible values are: gold, silver, and bronze."
Break;
}
If ($DebugMode -eq $True) {
Write-Host "==General Settings======="
Write-Host "Mailbox Name......:" $vMailbox
Write-Host "Current Profile...:" $vProfile
$vDebug = ""
Write-Host "==Cmdlet Actions======="
} Else {
Write-Host "Modifying... " $vMailbox
}
ForEach ($tFile in $vFile) {
$tValid=$False
Switch ($vProfile)
{
"GOLD" { $tValue=$tFile.GOLDValue;$tValid=$True}
"SILVER" { $tValue=$tFile.SILVERValue; $tValid=$True}
"BRONZE" { $tValue=$tFile.BronzeValue; $tValid=$True}
default { write-host "Mailbox does not have a valid Profile"}
}
If ($tValid -eq $True) {
If ($DebugMode -eq $True) { Write-Host "Cmdlet....:" ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug) }
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
Set-Mailbox $vMailbox -CustomAttribute6 $vProfile -WarningAction SilentlyContinue
}
}
$vProfile = $args[1].ToUpper()
$DebugMode = $args[2]
$vDebug = " -WarningAction SilentlyContinue"
#Validation…
$tPath = Test-Path C:\ExUtil\Scripts\EX.info
If ($tPath -eq $True) {
$vFile = import-csv C:\EXUtil\Scripts\EX.info
} Else {
Write-Warning "The file containing all Exchange Profile rules was not found."
Break;
}
If (($args[0] -eq $null ) -or ($args[1] -eq $null)){
Write-Warning "You need to provide a mailbox and profile."
Write-Warning "Example: Assign-Profile.ps1 Anderson Gold"
Break;
}
If (((Get-Mailbox -Identity $vMailbox -ErrorAction 'SilentlyContinue').IsValid) -eq $null) {
Write-Warning "The specified Mailbox cannot be found."
Break;
}
If ( ($vProfile -ne "GOLD") -and ($vProfile -ne "BRONZE") -and ($vProfile -ne "SILVER") ) {
Write-Warning "Use a valid profile!!"
Write-Warning "Possible values are: gold, silver, and bronze."
Break;
}
If ($DebugMode -eq $True) {
Write-Host "==General Settings======="
Write-Host "Mailbox Name......:" $vMailbox
Write-Host "Current Profile...:" $vProfile
$vDebug = ""
Write-Host "==Cmdlet Actions======="
} Else {
Write-Host "Modifying... " $vMailbox
}
ForEach ($tFile in $vFile) {
$tValid=$False
Switch ($vProfile)
{
"GOLD" { $tValue=$tFile.GOLDValue;$tValid=$True}
"SILVER" { $tValue=$tFile.SILVERValue; $tValid=$True}
"BRONZE" { $tValue=$tFile.BronzeValue; $tValid=$True}
default { write-host "Mailbox does not have a valid Profile"}
}
If ($tValid -eq $True) {
If ($DebugMode -eq $True) { Write-Host "Cmdlet....:" ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug) }
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $vMailbox + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
Set-Mailbox $vMailbox -CustomAttribute6 $vProfile -WarningAction SilentlyContinue
}
}
Enforcing corporate profiles to all mailboxes…
Our goal for this series is to create a mechanism that by assigning a profile to a mailbox we can guarantee that all features and/or restrictions that come with the profile type will be enforced to the mailbox.In the previous articles of our series up until the last section, we went through the process of creating a script to read a master file (ex.info) and apply our defined rules to a single mailbox.
We will be creating a new script file called ApplyProfiles.ps1 and we will start where we left off in the previous script (Assign-Profile.ps1) but this new one is much simpler. A few items that we will need to consider before creating this new script:
- All testing blocks will be removed from the script, after all it is all users.
- We will apply the corporate profile only on mailboxes that have a profile defined (CustomAttribute6).
- If a mailbox does not have a profile assigned then the script will skip it.
- We do not set the CustomAttribute6 for the mailbox because that does not make sense, since we are getting all mailboxes that have something on the same attribute.
- For this script, we are using the default limit of 1000 objects being returned from Get-Mailbox. If your environment has more than 1000 users then you should use – ResultSize parameter
- If you are a developer or more advanced on scripting, you may wondering why not use a single script with procedures/functions. The goal is to show in a simple way how to accomplish our goals, but you can always improve on your production environment.
$vUsers = get-mailbox -filter { CustomAttribute6 -ne $null }
The second and most important piece is the additional ForEach statement (ForEach ($tmbx in $vUsers) {}) and that is responsible to go over each one of the mailboxes stored in the $vUsers and
then apply the profiles accordingly. Bear in mind that the code to
apply the profile is the same from the original script (we just changed a
couple of variables).Finally, the variables for the mailbox and the profile were replaced to match our new source of information (a list of all users) instead of the information entered in the previous script.
The final script is listed below, and only the code in bold was added from the previous script.
$vFile = import-csv C:\EXUtil\Script\EX.info
$DebugMode = $args[0]
$vUsers = get-mailbox -filter { CustomAttribute6 -ne $null }
$vDebug = " -WarningAction SilentlyContinue"
ForEach ($tmbx in $vUsers)
{
ForEach ($tFile in $vFile)
{
If ($DebugMode -eq $True) {
Write-Host "Mailbox Name......:" $tmbx.Name
Write-Host "Current Profile...:" $tmbx.CustomAttribute6.ToUpper()
Write-Host "Cmdlet............:" $tFile.Rulecmdlet
Write-Host "Attribute.........:" $tFile.RuleAttribute
$vDebug = ""
}
$tValid=$False
Switch ($tmbx.CustomAttribute6.ToUpper())
{
"GOLD" { $tValue=$tFile.GOLDValue; $tValid=$True}
"SILVER" { $tValue=$tFile.SILVERValue; $tValid=$True}
"BRONZE" { $tValue=$tFile.BRONZEValue; $tValid=$True}
default { write-host "User does not have a valid Profile"}
}
If ($tValid -eq $True) {
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $tmbx.Name + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
}
}
}
In order to make sure that our script is working properly, we will
check first a user that has a profile (tor21 in our example) and a user
that does not have a profile (tor27). Finally, we will change one of the
parameters managed by the corporate profile for user tor21 (we enabled
MAPI for the user). The entire process can be seen in Figure 03.$DebugMode = $args[0]
$vUsers = get-mailbox -filter { CustomAttribute6 -ne $null }
$vDebug = " -WarningAction SilentlyContinue"
ForEach ($tmbx in $vUsers)
{
ForEach ($tFile in $vFile)
{
If ($DebugMode -eq $True) {
Write-Host "Mailbox Name......:" $tmbx.Name
Write-Host "Current Profile...:" $tmbx.CustomAttribute6.ToUpper()
Write-Host "Cmdlet............:" $tFile.Rulecmdlet
Write-Host "Attribute.........:" $tFile.RuleAttribute
$vDebug = ""
}
$tValid=$False
Switch ($tmbx.CustomAttribute6.ToUpper())
{
"GOLD" { $tValue=$tFile.GOLDValue; $tValid=$True}
"SILVER" { $tValue=$tFile.SILVERValue; $tValid=$True}
"BRONZE" { $tValue=$tFile.BRONZEValue; $tValid=$True}
default { write-host "User does not have a valid Profile"}
}
If ($tValid -eq $True) {
Invoke-Expression ($tFile.Rulecmdlet + " -Identity " + $tmbx.Name + " -" + $tFile.RuleAttribute + " " + $tValue + $vDebug)
}
}
}
Figure 03
Time to run .\ApplyProfiles.ps1 (Figure 04) and this script does not take prisoners. It will go ahead and if you have a profile then you will receive the corporate settings. After running the script we can check the user tor21 and find that the MAPI feature was set back to false value, which is the default of the profile, and for user tor27, which does not have a profile assigned to it, nothing happened.
Figure 04
We kept the debug option in this new script and when using $True in the script (figure 05) we will have the info about each user, its current profile, the cmdlet, attribute and result of the operation.
Figure 05
No comments:
Post a Comment