Lab Setup Script – Part 4 – Advanced Features 1

If you’ve followed my previous posts on this topic you have seen the growing list of automated PowerShell setups that are included for some of the basic functions in Exchange. For this article I am going to start delving into the more complicated, more advanced features of Exchange including the option to handle more complex situations with previous configurations.

Configure Delegation

“You can use the EAC or the Shell to assign permissions to users or groups (called delegates) that allow them to open or send messages from other mailboxes. Permissions can be assigned to user mailboxes, linked mailboxes, resource mailboxes, and shared mailboxes. You can also assign permissions to distribution groups, dynamic distribution groups, and mail-enabled security groups to allow delegates to send messages on behalf of the group. You can assign delegates the following permissions to access mailboxes or send messages on behalf of mailboxes or groups.”

SOURCE

# Code for menu
20 { # Configure Delegation
     configure-delegation
}

# Configure Delegation
function Configure-delegation {
    
    $userA = read-host "What user needs delegation rights? [enter the user's alias]"
    $userB = read-host "What user mailbox will have access granted to it? [enter the user's alias]"  
    $accessrights = read-host "What access rights will be granted? [use commas if more than one]"
    $folder = read-host "All folders or specific folder [a or s]"
    if ($folder -eq "a") {
        $folder2 = "*"
        $combo = $usera+":\"+$folder2
        add-MailboxFolderPermission -Identity $userB -User $UserA -AccessRights $accessrights
    }
    if ($folder -eq "s") {
        $folder2 = read-host "Which folder will the rights apply to"
        $combo = $usera+":\"+$folder2
        # Add the folder tothe user's mailbox being modified"
        $name = $userB+":\"+$folder2
        add-MailboxFolderPermission -Identity $name -User $UserA -AccessRights $accessrights
    }
} # End the Configure Delegation function

Sample run through of the Delegation part of the script:

Calendar Access

LabSetup-Advanced-08

All Folder Access

LabSetup-Advanced-07

As you can see from the script, you need to specify the folder, the user, who is assigned the right, etc. Make sure you have the right correctly typed, or the command will fail.

Room Lists

Room lists are like a little gem hidden in Exchange 2013. I am hoping to shed more light in this feature with my blog article earlier this month, to this advanced functionality included in the lab setup script. More information can be found at this TechNet page.

# Menu Choices
5 { # Create Rooms
	$choice = read-host "Do you want to [1] create rooms or [2] rooms and roomlists?[1 or 2]"			 
	if($choice -eq 1) {
		create-roommailboxes
	} else { # Added an move advanced option (1.3)
		New-RoomList
	}
}

# Create new Room Lists
Function New-RoomList {
    write-host " "
	Write-host "This function will help you create rooms and room lists for your test environment, assuming" -ForegroundColor green
    write-host "the OU's and rooms are not created so far." -ForegroundColor green
    write-host " "
	$answer1 = read-host "Create room lists from scratch? [y or n]"
	If ($answer1 -eq "y") {
		$csvmanual = read-host "Do you want to [1] use a CSV file or [2] enter the rooms manually ? [1 or 2]"
		If ($csvmanual -eq 1) {
			# import rooms and room lists from CSV file
			# CSV format:
			# roomlist,room,ou
			
            $csvfile = read-host "Specify a CSV file to read from"
			$csv = Import-csv $csvfile
            write-host "No column validation here - use this at your own risk."

            # pausing
            Write-Host "Press any key to continue ..."
            $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
            
			Foreach ($line in $csv) {
                # Check for the existence of the Room list, create if it does not exist
                if ((get-distributiongroup $line.roomlist) -eq $null) {
				    New-DistributionGroup -Name $line.roomlist -OrganizationalUnit $line.ou -RoomList
                }
                $track = 0
                $database = (get-mailboxdatabase).name
                write-host "For the new Room Mailboxe:"
                $mbx = $line.room
                $password = read-host "Enter password for the $mbx mailbox" -AsSecureString
                $dbcount = (get-mailboxdatabase).count
                $domain = read-host "Enter a domain to be used for the rooms SMTP address"
#               $source2 = import-csv c:\temp\roommailboxes.csv
                $name = $line.room
                $name = $name -replace '\s',''
                $upn = $name+"@"+$domain
                new-mailbox -userprincipalname $upn -alias $name -database $database[$track] -displayname $line.room -name $name -password $password -room
                $track++
                if ($track -ge $dbcount) {
                    $track = 0
                }
            }

            # Add members according to the CSV file provided
            Add-DistributionGroupMember -Identity $line.roomlist -Member $line.room
        }				
		If ($csvmanual -eq 2) {
			$norooms = read-host "How many rooms do you want to create?"
			$noroomlists = read-host "How many room lists do you want to create?"
            $counter = 0
            while ($counter -lt $norooms) {
                $roomname = read-host "Enter a name for the room"
                $capacity = read-host "Enter a room capacity"
                $ou = read-host "Enter an OU to search for [i.e. rooms]"
                Get-OrganizationalUnit -SearchText $ou |ft *canonicalname*
                $ou = read-host "Copy one of the OUs above to use for placing the room mailboxes or enter a new one"
                New-mailbox -Name $roomname -OrganizationalUnit $ou -room -ResourceCapacity $capacity
                $counter++
            }
            $counter = 0
            while ($counter -lt $noroomlists) {
                $roomlist = read-host "Enter a name for the room list"
                $ou2 = read-host "Enter an OU for the room list"
                New-DistributionGroup -Name $roomlist -OrganizationalUnit $ou2 -RoomList
                $NoRoomMembers = read-host "How many rooms do you want to add to the $roomlist roomlist?"
                $counter2 = 0
                while ($counter -lt $NoRoomMembers) {
                    $RoomListMember = read-host "What room do you want to add to the $roomlist room list?"
                    Add-DistributionGroupMember -Identity $roomlist -Member $RoomListMember
                    $counter2++
                }

            $counter++
            }
		}
    }
    If ($answer1 -eq "n") {
        write-host " "
        write-host "Exiting room list function...." -foregroundcolor red
        write-host " "
        start-sleep 5
        cls
    }
} # End of the New-RoomList function

Sample run through of working through Room List options:

Enter Rooms and Room Lists Manually

LabSetup-Advanced-10

Using a CSV File for the Process

LabSetup-Advanced-11

The Room Lists script section provides options for creating lists via CSV files or entering the details manually.

Configure Journaling

“Journaling can help your organization respond to legal, regulatory, and organizational compliance requirements by recording inbound and outbound email communications. When planning for messaging retention and compliance, it’s important to understand journaling, how it fits in your organization’s compliance policies, and how Microsoft Exchange Server 2013 helps you secure journaled messages.”

SOURCE

# Menu Code
19 { # Configure Journaling
       configure-journaling
}

# Configure Journaling for Exchange
function configure-journaling {
    $journaloption = read-host "Do you want to configure [1] Per User Journaling or [2] Journaling for all messages? [1 or 2]"
    # Scope options - Internal | External | Global
    $mailbox = read-host "Do you need to create a journal mailbox? [y or n]"
    $database = read-host "Do you need to create a journal database? [y or n]"
    $name = read-host "Provide a name for the journal rule"
    if ($database -eq "y") {
        write-host "The next part of the script will ask for how many databases to create.  Choose 1." -foregroundcolor Green
        create-database
    } else {
        $dbname = read-host "What database would you like to use for journaling?"
    }
    if ($mailbox -eq "y") {
        $journalmailbox = read-host "What will you call the journaling mailbox?"
        $password = read-host "Enter a password" -AsSecureString
        $prefix = read-host "Enter a prefix for the User Principal Name [i.e. @domain.local]"
        $mailbox = $journalmailbox+$prefix
        write-host "The $journalmailbox will be created in the Users OU"
        new-mailbox -userprincipalname $mailbox -alias $journalmailbox -database $tbd -displayname $journalmailbox -name $journalmailbox -password $password
    } else {
        $journalmailbox = read-host "What is the name of the journaling mailbox?"
    }
    
    if ($journaloption -eq "1") {
        $nousers = read-host "How many users do you want to configure journaling for?"
        $counter = 0
        $list = @()
        while ($counter -lt $nousers) {
            $user = read-host "What user do you want to configure for journaling? [user alias]"
            $email = (get-mailbox $user).primarysmtpaddress
            $smtp = $email.local+"@"+$email.domain
            $list += ,($smtp)
            $counter++
        }
        # Configure journaling for the user
        New-JournalRule -Name $name -JournalEmailAddress $smtp -Scope Global -recipient $smtp -Enabled $true
    } else {
        # Configure journaling for the organization
        $email = (get-mailbox $journalmailbox).primarysmtpaddress
        $smtp = $email.local+"@"+$email.domain
        New-JournalRule -Name $name -JournalEmailAddress $smtp -Scope Global -Enabled $true
    }
} # End the Configure Journaling function

Global
In the below sample run-through, I am attempting to simulate Journaling for all mailboxes, while creating a database (calls another function in the script), as well as creating a Journal mailbox to go with it.

LabSetup-Advanced-05

Per User
The next sample is a run-through of adding journaling on a per user basis, without creating a database or journal mailbox.

LabSetup-Advanced-06

Retention Policies

“In Microsoft Exchange Server 2013 and Exchange Online, Messaging records management (MRM) helps organizations to manage email lifecycle and reduce legal risks associated with e-mail and other communications. MRM makes it easier to keep messages needed to comply with company policy, government regulations, or legal needs, and to remove content that has no legal or business value. “

SOURCE

# Menu Code
10 {#	Create retention Policies
     create-retentionpolices
}

# Create Retention Policies
function create-retentionpolices {
    $createorapply = read-host "[1] Create or [2] Apply retention policies [1 or 2]"
    if ($createorapply -eq 1) {

    $polno = read-host "How many Retention Policies do you want to create"
    $polcounter = 0
    while ($polcounter -lt $polno) {
        $currentpol = $polcounter +1
        $polname = read-host "Specify a name for Rentention Policy number $currentpol"
        $tagno = read-host "How many Retention Tags do you want to create"
        $counter = 0
        $alltags = @()
        $allpolicies = @()
        while ($counter -lt $tagno) {
            $current = $counter + 1
            $name = read-host "Specify a name for Retention Tag number $current"
            $allpolicies += ,($name)
            $time = read-host "Specify a time frame to apply the tag (i.e. 60, 90, 120)"
            $RetentionAction = read-host "Specify a retention action (DeleteAndAllowRecovery, PermanentlyDelete, MoveToArchive)"
            if ($retentionaction -eq "MoveToArchive") {
                $type = "all"
            } else {
                $type = read-host "Specify which folders will be affect (All, Inbox, etc.  )"
            }
            $comment = read-host "Specify a comment for the Retention Tag (optional)"
            $alltags += ,($name)
            if ($retentionaction -eq "permanentlyDelete") {
                $archive = $false
            } else {
                $archive = $true
            }
            New-RetentionPolicyTag -Name $name -Type $type -RetentionAction $retentionaction -RetentionEnabled:$archive -AgeLimitForRetention $time -Comment $comment
            $counter++
        }
        new-retentionpolicy -name $polname -RetentionPolicyTagLinks $alltags
        $polcounter++
    }
    $action = read-host "Do you want to apply these policies to your users now? [y or n]"
    }

    # After creating polcies - create them?
    if ($action -eq "y") {$createorapply = 2}

    if ($createorapply -eq 2) {
        $allpolicies = (get-retentionpolicy).name
        foreach ($line in $allpolicies) {
           $action2 = read-host "For the retention policy $line, do you want to apply this policy to any users? [y or n]"
           if ($action2 -eq "y") {
                $applyto = read-host "Do you want to apply the policies to [a] all users, [r] random users or [c] use a csv file? [a, r or c]"
                if ($applyto -eq "a") {
                    get-mailbox | set-mailbox -retentionpolicy $line
                }
                if ($applyto -eq "r") {
                    $mbxcount = (get-mailbox | where {$_.RecipientTypeDetails -ne "DiscoveryMailbox"}).count
                    $range =  get-random -minimum 0 -maximum $mbxcount
                    $mailbox = (get-mailbox | where {$_.RecipientTypeDetails -ne "DiscoveryMailbox"}).alias
                    $counter = 0
                    $userlist = @()
                    while ($counter -lt $range) {
                        $alias = $mailbox[$counter]
                        get-mailbox $alias | set-mailbox -retentionpolicy $line
                        $counter++
                    }
                }
                if ($applyto -eq "c") {
                    # CSV format is just the mailbox alias, with a header of 'alias'
                    $csv = read-host "Specify a CSV file to read from"
                    foreach ($line in $csv) {
                        get-mailbox $line.alias | set-mailbox -retentionpolicy $line
                    }
                }

           }    
        }
    }
} # End of the create-retentionpolices function.

Applying Retention Policies
In the below example, the script will ask if you want to apply the listed retention policy to users in the environment.

LabSetup-Advanced-12

Dynamic Distribution Groups
For distribution groups, the script initially created very generic groups with the “DistributionGroup” name and places a random 1 to 10 users into each distribution group. For this version, there will be a small menu to drive your choices for group creations and validations.

# Code for Menu
22 { #Configure dynamic DLs
       create-dynamicdistributiongroups
}

# Create Distribution Groups
function create-dynamicdistributiongroups {
    $random = read-host "Create random [1] Dynamic Distribution Groups or [2] create with a CSV file? [1 or 2]"
    if ($random -eq 1) {
        $dlcount = read-host "How many distribution groups would you like to create"
        $alias1 = "DistributionGroup"
        $displayname1 = "Distribution Group "
        $dlcounter = 1
        while ($dlcounter -lt $dlcount) {
            $displayname = $displayname1+$dlcounter
            $alias = $alias1+$dlcounter
            $orgunit = read-host "Enter the OU for the Dynamic Distribution Group"
            new-dynamicdistributiongroup -name $displayname -displayname $displayname -alias $alias -RecipientFilter {RecipientType -eq 'UserMailbox'} -OrganizationalUnit $orgunit
            $dlcounter++
        }
    }
    if ($random -eq 2) {
        $csvfile = read-host "Specify CSV file for creating Dynamic Distribution Groups"
        $csv = import-csv $csvfile
        foreach ($line in $csv) {
            new-dynamicdistributiongroup -name $line.displayname -displayname $line.displayname -alias $line.alias -RecipientFilter {RecipientType -eq 'UserMailbox'} -OrganizationalUnit $line.orgunit
        }
    }
	
	write-host "Dynamic Distribution Groups step complete." -foregroundcolor green
	write-host " "
    start-sleep 5
    CLS
} # End of the create-dynamicdistributiongroups function

Sample Dynamic List Creation
Notice in the below example, a CSV file is specified. The CSV file contained pre-populated information to make the process go easier.

LabSetup-Advanced-13

Archive Quotas

# Code for menu
21 { # Configure Archive Quotas
       Configure-ArchiveQuotas
}

# Enable Archives for all or some users
function enable-archives {
    $selection = read-host "Do you want to enable archives for all mailboxes or random mailboxes [a or r]"
    $location = read-host "Would you like to create a new mailbox database for the archive mailboxes [y or n]"
    if ($location -eq "n") {
        $database = read-host "Which database will the archive mailboxes be placed in"
    }
    if ($location -eq "y") {
        $srv = ($server[0]).name
        write-host "The new archive database will bew placed on $srv."
        $directory1 = read-host "Please enter a valid directory to place the database files"
        $directory2 = read-host "Please enter a valid directory to place the log files"
        $archivename = "ArchiveDatabase"
        $edb = $directory1+"\"+$archivename+".edb"
        $log = $directory2+"\"+$archivename
        $server = get-mailboxserver
        new-mailboxdatabase -name $archivename -edbfilepath $edb -logfolderpath $log -server $srv -erroraction silentlycontinue
    }

    # Enable the mailboxes to have archive mailboxes
    
    if ($selection -eq "a") {
        $mailboxes = (get-mailbox | where {$_.RecipientTypeDetails -ne "DiscoveryMailbox"}).alias
        foreach ($line in $mailboxes) {
            enable-mailbox $line -Archive -ArchiveDatabase $database -erroraction silentlycontinue
        }
            $name = (get-mailbox $alias).displayname
            write-host "An archive mailbox for $name has been created." -foregroundcolor green    
    } else {
        $mbxcount = (get-mailbox | where {$_.RecipientTypeDetails -ne "DiscoveryMailbox"}).count
        $range =  get-random -minimum 0 -maximum $mbxcount
        $counter = 0
        $mailbox = (get-mailbox | where {$_.RecipientTypeDetails -ne "DiscoveryMailbox"}).alias
        while ($counter -lt $range) {
                $alias = $mailbox[$counter]
                enable-mailbox $alias -Archive -ArchiveDatabase $database -erroraction silentlycontinue
                $counter++
        }
        
        $name = (get-mailbox $alias).displayname
        write-host "All archive mailboxes have been created." -foregroundcolor green    
    }
} # End function for archive mailboxes

Using a CSV File
This example uses a CSV file to apply quotas to the Archive Mailboxes for users.

LabSetup-Advanced-04

Random Users
This option allows a policy to applied randomly, which is usually only done for lab environments.

LabSetup-Advanced-03

All Users
In the last example, the archive quota policies can be applied to all users as seen below:

LabSetup-Advanced-01

Script Download
Now that the script has reach the more advance level, I am posting it to the web at a TechNet Wiki download. Once the script has been finalized or at least has 80% of the features I want, it will be placed in the GitHub universe to allow people to modify it.

Here is the Lab-Setup-1.3 script for download now. Remember to rename it as a .ps1 file.

Next Steps
In the next article or two I will finish up the Advanced parts of the script. Following that and possibly my last post in the series I will cover using DSC and xExchange with a lab setup as well as production uses. Look for those articles in the coming weeks.

Previous Articles in this Series
Part 1
Part 2
Part 3

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s