Clever Geek Handbook

Running Exchange Powershell Commands from Linux Using Ruby / WinRM

I am trying to run enable-mailbox command for existing users in Active Directory with ruby ​​script. I am using this winrm gem . So far, I've managed to connect to the exchange server using winrm and kerberos authentication. I can start the exchange control shell from powershell. From there I can execute swap commands.

However, when I try to run enable-mailbox, I get the following error:

Active Directory operation completed. The granted authority for 'domain \ account' is invalid.

The operation failed. is literal. There is no text in space where you think it should be. The \ account domain is the same one I use to successfully connect to winrm via kerberos.

Here's my simple code:

endpoint = 'http://server:5985/wsman'
krb5_realm = 'myrealm'
winrm = WinRM::WinRMWebService.new(endpoint, :kerberos, :realm => krb5_realm)

#exch_cmd = "Get-Help Enable-Mailbox" NOTE THAT THIS COMMAND WORKS FINE
exch_cmd = "Enable-Mailbox -Identity:'user DN' -Alias:'username' -Database:'mailbox'"
command = "powershell -psconsolefile \"C:\\Program Files\\Microsoft\\Exchange Server\\V15\\bin\\exshell.psc1\" -command \". "+exch_cmd+"\""

winrm.cmd(command) do |stdout, stderr|
  STDOUT.print stdout
  STDERR.print stderr
end

Thanks for any help!

+3


source to share


1 answer


We managed to get it to work. I had to first connect to the "management" server to initiate the powershell command.

endpoint = 'http://YOURSERVER:5985/wsman' krb5_realm = 'YOURREALM' winrm = WinRM::WinRMWebService.new(endpoint, :kerberos, :realm => krb5_realm)

Then I had to change the swap command to:



exch_cmd = "Enable-Mailbox -Identity:'DOMAIN/OU/#{fullname}' -Alias:'#{username}' -Database:'#{MailboxDB}'"

command = "powershell -NonInteractive -WindowStyle Hidden -command \" $username = '#{account}'; $password = ConvertTo-SecureString '#{password}' -asplaintext -force; $UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username,$password; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri #{server} -Authentication Kerberos -Credential $UserCredential; Invoke-Command -Session $Session {#{exch_cmd}}\""

On the management and Exchange servers, the service account must be in the remote control group. You also need to update the SDDL according to this guide: http://www.sevecek.com/Lists/Posts/Post.aspx?ID=280 This will be different depending on your server configuration.

+2


source






More articles:


All Articles