Thursday, November 17, 2011

Exchange 2010 Provisioning

A long time ago when I first started working with MaXware Identity Center, I had to pass a hands on test to demonstrate my proficiency with Identity Center and Virtual Directory. The part of this whole exam that scared me the most was provisioning to Microsoft Exchange.  Long story short, I aced the exam and successfully provisioned to all of my target systems including Exchange.

Recently I was asked to set up provisioning to Microsoft Exchange 2010 specifically via PowerShell. So I got to earn a little education along the way.
To start with there are a few pre-requisites that you need:
  1. Ensure 64 bit PowerShell 2.0 is installed on the server
  2. Ensure that the Exchange 2010 Console is installed on the server
There are a few steps that I’m going to skip along the way mostly because they deal more with PowerShell scripting than Identity Management.
You’ll need to create a script which I refer to as exchprov.ps1. PowerShell will need to be configured to store the password for the Service Account as a PowerShell Credential object.
#Gather Parameters
#user info
$password = (get-content d:\pshell\zservice.idm)  | ConvertTo-SecureString
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $user, $password
#session info
$session = New-PSSession -Configurationname –ConnectionUri $EXCH_URL -Credential $cred
Import-PSSession $session
#actual work!
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
enable-mailbox -Database $EXCH_DB $MSKEYVALUE
#close session
Remove-PSSession $session

The code receives three parameters to hold the MSKEYVALUE, Exchange Server and Exchange Database. Then reads the service account ID and password. It then opens a session and imports it to the local system. When this is done the Exchange Snap-in gets loaded and the mailbox is created based on the Exchange Server and Database that were passed. When this is all done the session gets closed out.
In closing, as usual there were a number of people who helped out with the creation of this process, Exchange Admins, PowerShell experts and other smart people.  However, there are a couple of people that I’d like to thank because you stood behind me all those years ago when I provisioned Exchange for the first time.  Thanks, guys!


Jonathan Gijsemans said...

A few notes for people looking towards integrating this.
If you want to install Exchange 2010 console you'll need a Windows 2008 server.
A workarround for those running Windows 2003 is to change the Powershell 2.0 script in such a way that it firstly opens a remote powershell on the exchange server and then runs the commands.

Matt Pollicove said...


Good background points. However, I've assumed it's installed and set up before trying to provision. :)

This reminds me of a point that someone else had brought up to me. There are several types of objects that can provisioned in Exchange, users, mailboxes, etc. This will be something else to keep in mind.

Thanks for your comment!

Jonathan Gijsemans said...

Hey Matt,
At some point I'll stop spamming you ... but not quite yet ;p

How do you start the script from in IdM? I've played around a bit with jscript's uShellRead (not to much success) and I tried uShellStart but even less success there.

Anonymous said...

Has a bug any names with "$" "&" are not escaped

Matt Pollicove said...

Jonathan, I believe I called it from a Shell Execute pass