[Quest ActiveRoles Management Shell for Active Directory] QADProxyAddress BUG!!!

I don't know it's a known bug or not, anyway I couldn't run QADProxyAddress related cmdlets.

Welcome email to: larry.song@outlook.com

The thing is,

My company used to have many different SMTP domains due to business requirement, now we want those additional SMTP domains removed. We are using Quest ARServer for AD management, so actually my account doesn't have any native permissions to Active directory, all the AD modifications, I have to use the ARS console, a good thing is Quest published corresponding powershell module, make us process batch jobs by scripting or command.

Again, the scripting thing fall onto my shoulder.

Launch ISE, coding, for myself, scripting or we say programming, the kernel codes must NOT in the first place, logging function is the most important, cause once the scripts ran, the only thing can help us debugging is logs.

Back to the title, the coding is really not complex, according to the schedule of project team, they provide me users list by batchly, what i need to do is read the user list, retrieve user's ID, and use Get-QADUser cmdlet to get user's object from AD, parse the proxyaddress strings, see if any matches, if no, skip process the user, if yes, save the matches, and use Remove-QADProxyAddress cmdlet to remove them. Simply, right?

On the way of coding, I would like to use my own account to do a testing, see how Remove-QADProxyAddress cmdlet works.

WTH, what's this error? What's going on? why?

I am quite sure I can do the same process via ARS GUI console, I am very sure I don't need to setup primary address for each address type. So I tried to search online, found below one guys posted the same bug on Dell community (Quest was bought by Dell in 2012). It's between 2 years after the post, seems no one care about it.

http://en.community.dell.com/techcenter/powergui/f/4834/t/19574623.aspx

My company is using ARS 6.7.0, the corresponding powershell module is 1.5.1, the latest ARS is 6.8.0, maybe the bug already fixed in the latest release, but I can't use because client and servers must match versions for each other, otherwise, will get refused information.

What to do now? Actually the problem is simply, several QADProxyAddress cmdlets will check every address types, each type must have a primary address defined. But, try to setup primary for each address type now is too late, becuase if there are over 2 types without primary address, when we do primary for 1 of them, the cmdlet will report other type(s) have no primary. for example, below screenshot shows SIP and X500 have no primary address, when i run cmdlet to fix SIP, the cmdlet will report X500 with no primary error, truely hell.

Anyway i had made the promise to the project manager, so shame if i quit rightnow.

Summaries, first, my AD account doesn't have real permissions to AD, ARS powershell has such kind of bug, at last I get Exchange 2010, I knew my account has permissions on mailboxes, so if mailbox has the same address property, i can do the job by exchange cmdlets.

So I launch Exchange, open powershell, use Get-Mailbox | fl *, bingo, same property appeared, I try to use Set-Mailbox cmdlet to change the property, and yes, it was succeed, so, I get it, below script borned to remove desired address domains.

. 'D:\Program Files\Microsoft\Exchange Server\v14\bin\RemoteExchange.ps1'
Connect-ExchangeServer -auto

$users = cat '.\Process.list.txt' | ?{$_} | %{$_.Trim()}
$addressToRemove = 'regular expression'

$Date = Get-Date
$strDate = $Date.ToString('yyyy-MM-dd') $strLogFile = "$strDate.log" function Add-Log{ PARAM( [String]$Path, [String]$Value, [String]$Type ) $Type = $Type.ToUpper() Write-Host "$((Get-Date).ToString('[HH:mm:ss] '))[$Type] $Value" if($Path){ Add-Content -Path $Path -Value "$((Get-Date).ToString('[HH:mm:ss] '))[$Type] $Value" } } $Total = $users.Count Add-Log -Path $strLogFile -Value "Users count: [$Total]" -Type Info $users | %{$Processed = 0}{ $Processed++ Add-Log -Path $strLogFile -Value "Processing: [$Processed/$Total][$_]" -Type Info $mailbox = $null $mailbox = Get-Mailbox -Identity $_ if(!$mailbox) { Add-Log -Path $strLogFile -Value "Failed to get user's mailbox" -Type Error return } Add-Log -Path $strLogFile -Value "All 1: [$(($mailbox.EmailAddresses | %{$_.ProxyAddressString}) -join '], [')]" -Type Info $addresses = $mailbox.EmailAddresses | ?{$_.Prefix.DisplayName -eq 'SMTP'} | %{$_.SmtpAddress} $addressMatch = $null $addressMatch = $addresses -imatch $addressToRemove if($addressMatch) { Add-Log -Path $strLogFile -Value "Matched: [$($addressMatch -join '], [')]" -Type Info $mailbox | Set-Mailbox -EmailAddresses @{remove=$addressMatch} -ErrorAction:SilentlyContinue if(!$?) { Add-Log -Path $strLogFile -Value 'Remove address failed, cause:' -Type Error Add-Log -Path $strLogFile -Value $Error[0] -Type Error } $mailbox = Get-Mailbox -Identity $_ Add-Log -Path $strLogFile -Value "All 2: [$(($mailbox.EmailAddresses | %{$_.ProxyAddressString}) -join '], [')]" -Type Info } else { Add-Log -Path $strLogFile -Value "No SMTP address matched, move to next." -Type Info return } }

转载于:https://www.cnblogs.com/LarryAtCNBlog/p/3923882.html