enable-CrossForestConnector
Param(
[Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject] $instance = $null,
[string] $connectorName = $null,
[switch] $help,
[switch] $genericMTA
)
begin
{
# Display help
#
function Usage()
{
write-host @'
Adjusts the permissions on a Send Connector for Cross Forest trust.
Enable-CrossForestConnector [-help] [-instance $x] [-connectorName "foo"] [-genericMTA]
-instance A SendConnector instance. Usually this is obtained from
get-SendConnector and used in place of -connectorName.
-connectorName The identity/Name of the connector to modify.
-genericMTA Set the permissions necessary for Exchange 2003 or another type of MTA.
Examples
get-sendConnector "OneSendConnector" | enable-CrossforestConnector
enable-CrossforestConnector -instance $(get-sendconnector "CfSendConnector")
'@
}
# Locate a Receive or Send connector by its identity.
#
# The identity of the connector to find.
# The name can be either a Receive or Send connector. The name space for both enforces unique names across both.
#
function FindInstance([string] $name)
{
# Attempt to find it as a Receive Connector and suppress the failure behavior as it could be a send connector.
$connector= Get-ReceiveConnector $name -ErrorAction SilentlyContinue
if (!$connector)
{
# Attempt to find it as a Send Connector and suppress the failure behavior.
$connector = Get-SendConnector $name -ErrorAction SilentlyContinue
}
# return the connector.
$connector -as [Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject]
}
# Calculate the set of new rights to add to this object for this user.
#
# The connector instance to modify
# The user or USG that is being added
# An array of new rights that are needed
#
# Add-AdPermission will fail if the same rights for the same user are being added. Therefore a filtered list of new rights must
# be generated by analyzing the existing rights.
#
function FilterNewRights([Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject] $instance, [string] $user, [object[]]$newRights)
{
trap [Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException]
{
$Script:invalidUser = $true
continue;
}
# find all the existing rights for the specified user.
$rules = get-adpermission -Identity $instance.Identity -user $user -ErrorAction SilentlyContinue
if ($Script:invalidUser)
{
return @()
}
# flatten this list into one and skip deny rules.
$oldRights = @()
if ($rules -ne $null)
{
foreach($rule in $rules)
{
if ($rule.Deny -or !$rule.ExtendedRights)
{
continue
}
foreach($right in $rule.ExtendedRights)
{
$oldRights += $right.ToString()
}
}
}
# Create a new list by filtering out existing rights.
$applyRights = @()
foreach ($right in $newRights)
{
if ($oldRights -notcontains $right)
{
[Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter] $temp = [Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter]::Parse($right)
$applyRights += $temp;
}
}
# Return the applyRights.
$applyRights;
}
}
process
{
if ($help -or $args -contains "-?")
{
Usage
return
}
$User = "NT AUTHORITYANONYMOUS LOGON"
if (!$instance)
{
$instance = $_
}
if (!$instance)
{
if ($connectorName -eq "")
{
throw "Either ConnectorName or Identity must be specified."
}
$instance = FindInstance $connectorName
}
if (!$instance)
{
throw "No connector found that matches '$connectorName'"
}
$invalidUser = $false
$applyRights = @()
if ($instance -is [Microsoft.Exchange.Data.Directory.SystemConfiguration.SendConnector])
{
if ($genericMTA)
{
$newRights = @(
"ms-Exch-Send-Headers-Routing",
"ms-Exch-SMTP-Send-Exch50"
)
}
else
{
$newRights = @(
"ms-Exch-Send-Headers-Routing",
"ms-Exch-Send-Headers-Forest",
"ms-Exch-Send-Headers-Organization"
)
}
$applyRights = FilterNewRights $instance $user $newRights
}
else
{
throw "The found instance was not a SendConnector."
}
if ($invalidUser)
{
throw $error[0].Exception
}
if ($applyRights -ne $null -and $applyRights -ne @())
{
write-host "Connector:" $instance.Identity
Add-ADPermission -Identity $instance.Identity -user $user -ExtendedRights $applyRights
}
else
{
write-host "Connector:" $instance.Identity
write-host ""
write-host "All rights necessary already exist for '$user'"
}
}
[@more@]来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/23700676/viewspace-1052339/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/23700676/viewspace-1052339/