Saturday, June 21, 2008

More fun with combining mutliple Powershell cmdlets to produce reports

Over the years one of the most popular and useful scripts i've written and gotten feedback and questions on is the various mailbox size scripts i've posted here and on Outlookexchange. The fact that this functionality has been pulled from the GUI in Exchange 2007 doesn't appear to have been a very popular decision amongst sysadmins i guess the majority of which don't want to look at a line of code or script. While this blog/post isn't probably for those people If you are really ruing the loss of Mailbox size information out of the GUI don't think about what you have lost but whats been gained through the flexibility of Powershell and the Exchange Cmdlets. GUI's are great for displaying simple information but anyone who's been working in IT for any length of time knows that requests are rarely simple and not always logical when dealing with management. Trying to make information you export from a GUI display the way you want can be time consuming and tedious and really tie up time that could be better spent elsewhere. While the unavoidable reality may be yes you need learn how to script and really these day when i say that I'm not talking about VBS which like the Model T Ford has had its day. The main point is you see that thing in fount of you with the flashing cursor and the keyboard designed to slow you down its main purpose in life is to save you time and make your life easier well isn't it about time it started to ? .

This is a question i recieved via email this week and its typical of the kind of thing im talking about.

How do i export the list for Exchange Users from Exchange Server 2007 SP1 by using a cmdlet:


I want something like the following table

Example:

Department , Alias , DefaultQuota ,OverQuota ,TotalitemSize, LastAccessTime

------------------------------------------------------------------------------------------------

ITD Glen 50 MB 55 MB 55 MB March3rd 2008


Now it would be nice if there was a simple Oneliner powershell cmdlet that could return this information but there isn't. What you need to do is combine a number of different cmdlet's to get the information you want. And this is really where the Power in Powershell comes in because it allows you to easily integrate the result of different operations. So to get this information we need to combine get-mailbox, get-mailboxstatitics and to get information about what department the users is in straight ADSI is the best way to go. To be able to use the Export cmdlets that come with Powerhell its best to store the result of your combination in a custom object and then when it comes time to produce the report you can the use something like export-csv or converttohtml . So the following script is one method of solving the above question it reuses a cut down version of the mailbox size gui script that been tweaked to show the required information and produces a CSV file at the end. The script has one variable that is hardcoded which is the name of the server you want to run the script against which you will need to change. I've put a download of this script here the script it self looks like

$snServerName = "servername"
$fname = "c:\mbreport.csv"
$usrquotas = @{ }
$mstoresquotas = @{ }
$mbcombCollection = @()

get-mailboxdatabase -server $snServerName | ForEach-Object{
if ($_.ProhibitSendReceiveQuota.IsUnlimited -ne $true){
$mstoresquotas.add($_.identity,$_.ProhibitSendReceiveQuota)
}

}

$usrquotas = @{ }
Get-Mailbox -server $snServerName -ResultSize Unlimited | foreach-object{
if($_.ProhibitSendReceiveQuota.IsUnlimited -ne $true){
$usrquotas.add($_.ExchangeGuid,$_.ProhibitSendReceiveQuota)
}
}
$quQuotaval = 0
get-mailboxstatistics -Server $snServerName | Where {$_.DisconnectDate -eq $null} | ForEach-Object{
$quQuota = "0"
if ($usrquotas.ContainsKey($_.MailboxGUID)){
if ($usrquotas[$_.MailboxGUID].Value -ne $null){
$quQuotaval = $usrquotas[$_.MailboxGUID].Value.ToMB()
$quQuota = "{0:P0}" -f ($_.TotalItemSize.Value.ToMB()/$usrquotas[$_.MailboxGUID].Value.ToMB())}
}
else{
if ($mstoresquotas.ContainsKey($_.database)){
if ($mstoresquotas[$_.database].Value -ne $null){
$quQuotaval = $mstoresquotas[$_.database].Value.ToMB()
$quQuota = "{0:P0}" -f ($_.TotalItemSize.Value.ToMB()/$mstoresquotas[$_.database].Value.ToMB())}}
}
$icount = 0
$tisize = 0
$disize = 0
if ($_.DisplayName -ne $null){$dname = $_.DisplayName}
if ($_.ItemCount -ne $null){$icount = $_.ItemCount}
if ($_.TotalItemSize.Value.ToMB() -ne $null){$tisize = $_.TotalItemSize.Value.ToMB()}
if ($_.TotalDeletedItemSize.Value.ToMB() -ne $null){$disize = $_.TotalDeletedItemSize.Value.ToMB()}
$mbcomb = "" | select DisplayName,QuotaSize,TotalItemSize,Department,LastLogonTime
$mbcomb.DisplayName = $dname
$mbcomb.QuotaSize = $quQuotaval
$mbcomb.TotalItemSize = $tisize
$usrString = 'LDAP://' + $_.identity
$usr = [ADSI]$usrString
$mbcomb.Department = $usr.Department
$mbcomb.LastLogonTime = $_.LastLogonTime

$mbcombCollection += $mbcomb
}

$mbcombCollection | export-csv -noTypeInformation $fname

Saturday, June 07, 2008

Creating a new public folder and setting the permissions via EWS

I’ve had a couple of questions about this one based on a previous post that no-one really seemed to understand (oh and there was a bug in the code in post). Permissions aren't an easy subject and EWS doesn’t really give a straight forward method of manipulating ACL's but once you understand the basics its generally functional. It’s one thing you do need to dedicate some time too to get your logic right. I posted a calendar permissions helper for powershell a couple of months back I thought this would be a pretty simple task but when I started to test the library it ended up taking a numbers of hours to get the logic right. To summarize the things to watch out for when setting permission via EWS two important points are.
  • The first is that the ACE’s for the EWS security roles enumerations and Outlook roles don’t match. There are only sutle differences but if you need these roles to marry up in Outlook you need to include your own routines to do this.
  • When you want to modify,add or delete an ACE on a public folder (or a mailbox folder) do a GerFolder to retrieve the current ACL and make sure you build a new Permission set and populate it with the existing ACE’s and the add,or modified the ACE you want to change.

There’s a lot more detail you can go into but I think it just gets confusing as I would be just trying to repeat what I mentioned in the past but if you can understand those two points then this code will start making a little sense.

So the code basically creates a Subfolder under another subfolder under a Root Public folder. So the first part of the code is an enumeration section that first finds the root public folder and then traverses this Root folder to find the Subfolder which will be the parent of the new folder. It then creates a new folder and then after that it gets the permissions for the new folder and modifies them so that the default ACE has editor rights so all users can modify the contacts that are created in this folder. Adding or deleting ACE’s is pretty simple you just use a new PermissionType object. Well maybe simple once you’ve done it a few times.

I’ve put a download of the code here the code itself looks like

ExchangeServiceBinding esb = new ExchangeServiceBinding();
esb.RequestServerVersionValue = new RequestServerVersion();
esb.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2007_SP1;
esb.Credentials = new NetworkCredential("username", "password","domain");
esb.Url = @"https://servername/EWS/Exchange.asmx";
DistinguishedFolderIdType parentFolder = new DistinguishedFolderIdType();
parentFolder.Id = DistinguishedFolderIdNameType.publicfoldersroot;
FolderIdType cfContactsFolder = FindFolder(esb, parentFolder, "ParentFolder", "Months");
CreateFolder(esb, cfContactsFolder, "Contacts-June");
GetContacts(esb, cfContactsFolder);
Console.WriteLine(cfContactsFolder.Id);
}
static FolderIdType FindFolder(ExchangeServiceBinding esb, DistinguishedFolderIdType fiFolderID, String pfRootFldName, String sfChildSub)
{
FolderIdType rvFolderID = new FolderIdType();
// Create the request and specify the travesal type
FindFolderType findFolderRequest = new FindFolderType();
findFolderRequest.Traversal = FolderQueryTraversalType.Shallow;

// Define the properties returned in the response
FolderResponseShapeType responseShape = new FolderResponseShapeType();
responseShape.BaseShape = DefaultShapeNamesType.Default;
findFolderRequest.FolderShape = responseShape;

// Identify which folders to search
DistinguishedFolderIdType[] folderIDArray = new DistinguishedFolderIdType[1];

folderIDArray[0] = new DistinguishedFolderIdType();
folderIDArray[0].Id = fiFolderID.Id;
// folderIDArray[0].ChangeKey = fiFolderID.ChangeKey;

//Add Restriction for DisplayName
RestrictionType ffRestriction = new RestrictionType();
IsEqualToType ieToType = new IsEqualToType();
PathToUnindexedFieldType diDisplayName = new PathToUnindexedFieldType();
diDisplayName.FieldURI = UnindexedFieldURIType.folderDisplayName;

FieldURIOrConstantType ciConstantType = new FieldURIOrConstantType();
ConstantValueType cvConstantValueType = new ConstantValueType();
cvConstantValueType.Value = pfRootFldName;
ciConstantType.Item = cvConstantValueType;
ieToType.Item = diDisplayName;
ieToType.FieldURIOrConstant = ciConstantType;
ffRestriction.Item = ieToType;
findFolderRequest.Restriction = ffRestriction;

// Add the folders to search to the request
findFolderRequest.ParentFolderIds = folderIDArray;
// Send the request and get the response
FindFolderResponseType findFolderResponse = esb.FindFolder(findFolderRequest);

// Get the response messages
ResponseMessageType[] rmta = findFolderResponse.ResponseMessages.Items;

foreach (ResponseMessageType rmt in rmta)
{
if (((FindFolderResponseMessageType)rmt).ResponseClass == ResponseClassType.Success)
{
FindFolderResponseMessageType ffResponse = (FindFolderResponseMessageType)rmt;
if (ffResponse.RootFolder.TotalItemsInView > 0)
{
foreach (BaseFolderType fld in ffResponse.RootFolder.Folders)
{
Console.WriteLine(fld.DisplayName.ToString());
if (fld.ChildFolderCount != 0)
{
rvFolderID = FindSubFolder(esb, fld, sfChildSub);
}
}


}
else
{ //handle no folder
}
}
else
{ //handle error
}

}
return rvFolderID;


}
static FolderIdType FindSubFolder(ExchangeServiceBinding esb, BaseFolderType pfParentFolder, String sfChildSub)
{
FolderIdType rvFolderID = new FolderIdType();
FolderType dd = new FolderType();
BaseFolderIdType bf = new FolderIdType();

// Create the request and specify the travesal type
FindFolderType findFolderRequest = new FindFolderType();
findFolderRequest.Traversal = FolderQueryTraversalType.Shallow;

// Define the properties returned in the response
FolderResponseShapeType responseShape = new FolderResponseShapeType();
responseShape.BaseShape = DefaultShapeNamesType.Default;
findFolderRequest.FolderShape = responseShape;

// Identify which folders to search
FolderIdType[] folderIDArray = new FolderIdType[1];

folderIDArray[0] = new FolderIdType();
folderIDArray[0] = pfParentFolder.FolderId;

// Add the folders to search to the request
findFolderRequest.ParentFolderIds = folderIDArray;
// Send the request and get the response
FindFolderResponseType findFolderResponse = esb.FindFolder(findFolderRequest);

// Get the response messages
ResponseMessageType[] rmta = findFolderResponse.ResponseMessages.Items;

foreach (ResponseMessageType rmt in rmta)
{
if (((FindFolderResponseMessageType)rmt).ResponseClass == ResponseClassType.Success)
{
FindFolderResponseMessageType ffResponse = (FindFolderResponseMessageType)rmt;
if (ffResponse.RootFolder.TotalItemsInView > 0)
{
foreach (BaseFolderType fld in ffResponse.RootFolder.Folders)
{
Console.WriteLine(fld.DisplayName.ToString());
if (fld.DisplayName == sfChildSub) { rvFolderID = fld.FolderId; };
if (fld.ChildFolderCount != 0 & rvFolderID.Id == null)
{
rvFolderID = FindSubFolder(esb, fld, sfChildSub);
}
}

}
else
{ //handle no folder
}
}
else
{ //handle error
}

}
return rvFolderID;


}
static void CreateFolder(ExchangeServiceBinding esb, FolderIdType pfParentFolder, String nfNewFolderName)
{
CreateFolderType cfCreateFolder = new CreateFolderType();
ContactsFolderType nfNewFolder = new ContactsFolderType();
nfNewFolder.DisplayName = nfNewFolderName;
TargetFolderIdType tfTargetFolder = new TargetFolderIdType();
cfCreateFolder.ParentFolderId = new TargetFolderIdType();
cfCreateFolder.ParentFolderId.Item = pfParentFolder;
cfCreateFolder.Folders = new ContactsFolderType[] { nfNewFolder };
CreateFolderResponseType cfResponse = esb.CreateFolder(cfCreateFolder);
FolderInfoResponseMessageType cfResponseMessage = (FolderInfoResponseMessageType)cfResponse.ResponseMessages.Items[0];
if (cfResponseMessage.ResponseClass == ResponseClassType.Success)
{
setPerms(esb, cfResponseMessage.Folders[0].FolderId);
}
else
{//handle Error }
}

}
static void setPerms(ExchangeServiceBinding esb, FolderIdType ffFolder) {

FolderResponseShapeType frFolderRShape = new FolderResponseShapeType();
frFolderRShape.BaseShape = DefaultShapeNamesType.AllProperties;

GetFolderType gfRequest = new GetFolderType();
gfRequest.FolderIds = new BaseFolderIdType[1] { ffFolder };
gfRequest.FolderShape = frFolderRShape;


GetFolderResponseType gfGetFolderResponse = esb.GetFolder(gfRequest);
ContactsFolderType cfCurrentFolder = null;
if (gfGetFolderResponse.ResponseMessages.Items[0].ResponseClass == ResponseClassType.Success)
{

cfCurrentFolder = (ContactsFolderType)((FolderInfoResponseMessageType)gfGetFolderResponse.ResponseMessages.Items[0]).Folders[0];

}
else
{//handle error
}

UserIdType auAceUser = new UserIdType();
auAceUser.DistinguishedUserSpecified = true;
auAceUser.DistinguishedUser = DistinguishedUserType.Default;

PermissionSetType cfCurrentPermsionsSet = cfCurrentFolder.PermissionSet;
PermissionSetType cfNewPermsionsSet = new PermissionSetType();
cfNewPermsionsSet.Permissions = new PermissionType[cfCurrentPermsionsSet.Permissions.Length];
for (int cpint = 0; cpint < distinguisheduser ="=" distinguisheduserspecified ="=" userid =" cfCurrentPermsionsSet.Permissions[cpint].UserId;" permissionlevel =" PermissionLevelType.Editor;" permissionlevel ="=" userid =" cfCurrentPermsionsSet.Permissions[cpint].UserId;" permissionlevel =" cfCurrentPermsionsSet.Permissions[cpint].PermissionLevel;" cfupdatefolder =" new" permissionset =" cfNewPermsionsSet;" upupdatefolderrequest =" new" fcfolderchanges =" new" cffolderid =" new" id =" cfCurrentFolder.FolderId.Id;" changekey =" cfCurrentFolder.FolderId.ChangeKey;" item =" cfFolderid;" cpperms =" new" cpfielduri =" new" fielduri =" UnindexedFieldURIType.folderPermissionSet;" item =" cpFieldURI;" item1 =" cfUpdateFolder;" updates =" new" folderchanges =" new" ufupdatefolderresponse =" esb.UpdateFolder(upUpdateFolderRequest);" responseclass ="=">