-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathEnable-MailDynamicGroup.ps1
295 lines (236 loc) · 12.2 KB
/
Enable-MailDynamicGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
<#
.SYNOPSIS
This function enables the dynamic group for hybird mail flow.
.DESCRIPTION
This function enables the dynamic group for hybird mail flow.
.PARAMETER GlobalCatalogServer
The global catalog to make the query against.
.PARAMETER routingContactConfig
The original DN of the object.
.PARAMETER originalDLConfiguration
The original DN of the object.
.PARAMETER isRetry
This specifies if the operation is being retried after a failure.
.OUTPUTS
None
.EXAMPLE
enable-mailDynamicGroup -globalCatalogServer GC -routingContactConfig contactConfiguration -originalDLConfiguration DLConfiguration
#>
Function Enable-MailDyamicGroup
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory = $true)]
[string]$globalCatalogServer,
[Parameter(Mandatory = $true)]
$routingContactConfig,
[Parameter(Mandatory = $true)]
$originalDLConfiguration,
[Parameter(Mandatory = $false)]
$isRetry=$FALSE
)
#Output all parameters bound or unbound and their associated values.
write-functionParameters -keyArray $MyInvocation.MyCommand.Parameters.Keys -parameterArray $PSBoundParameters -variableArray (Get-Variable -Scope Local -ErrorAction Ignore)
[string]$isTestError="No"
#Declare function variables.
$functionEmailAddress=$NULL
#Start function processing.
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "BEGIN Enable-MailDyamicGroup"
Out-LogFile -string "********************************************************************************"
#Log the parameters and variables for the function.
#Create the dynamic distribution group.
#This is very import - the group is scoped to the OU where it was created and uses the two custom attributes.
#If the mail contact is ever moved from the OU that the DL originally existed in - hybrid mail flow breaks.
try{
out-logfile -string "Creating dynamic group..."
if ($isRetry -eq $false)
{
out-logfile -string "Operation is not retried creating dynamic distribution group."
$tempOUSubstring = Get-OULocation -originalDLConfiguration $originalDLConfiguration
new-dynamicDistributionGroup -name $originalDLConfiguration.name -alias $originalDLConfiguration.mailNickName -primarySMTPAddress $originalDLConfiguration.mail -organizationalUnit $tempOUSubstring -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName -errorAction STOP
}
else
{
out-logfile -string "Operation is retried creating dynamic distribution group."
$tempOUSubstring = Get-OULocation -originalDLConfiguration $routingContactConfig
if ($originalDlConfiguration.RecipientTypeDetails -ne "GroupMailbox")
{
out-logfile -string "Operation is retried using Office 365 values for normal DL."
new-dynamicDistributionGroup -name $originalDLConfiguration.name -alias $originalDLConfiguration.Alias -primarySMTPAddress $originalDLConfiguration.windowsEmailAddress -organizationalUnit $tempOUSubstring -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName -errorAction STOP
}
else
{
out-logfile -string "Operation is retried using Office 365 values for universal group."
new-dynamicDistributionGroup -name $originalDLConfiguration.displayName -alias $originalDLConfiguration.Alias -primarySMTPAddress $originalDLConfiguration.primarySMTPAddress -organizationalUnit $tempOUSubstring -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName -errorAction STOP
}
}
}
catch{
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
#All of the email addresses that existed on the migrated group need to be stamped on the new group.
if ($isRetry -eq $FALSE)
{
out-logfile -string ("Address used for target address verification: "+$routingContactConfig.targetAddress)
foreach ($address in $originalDLConfiguration.proxyAddresses)
{
out-logfile -string ("Adding proxy address = "+$address)
#If the address is not a mail.onmicrosoft.com address - stamp it.
#Otherwise skip it - this is because the address is stamped on the mail contact already.
if ($address -ne $routingContactConfig.targetAddress)
{
out-logfile -string "Address is not a mail.onmicrosoft.com address."
out-logfile -string $address
try{
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$address} -domainController $globalCatalogServer
}
catch{
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
else
{
out-logfile -string "Address is a mail.onmicrosoft.com address - skipping."
}
}
}
else
{
if ($originalDLConfiguration.RecipientTypeDetails -ne "GroupMailbox")
{
$functionAddress = $originalDLConfiguration.windowsEmailAddress
}
else {
$functionAddress = $originalDLConfiguration.primarySMTPAddress
}
foreach ($address in $originalDLConfiguration.emailAddresses)
{
out-logfile -string ("Adding proxy address = "+$address)
#If the address is not a mail.onmicrosoft.com address - stamp it.
#Otherwise skip it - this is because the address is stamped on the mail contact already.
if (!($address.toLower()).contains("mail.onmicrosoft.com"))
{
out-logfile -string "Address is not a mail.onmicrosoft.com address."
try{
set-dynamicdistributionGroup -identity $functionAddress -emailAddresses @{add=$address} -domainController $globalCatalogServer
}
catch{
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
else
{
out-logfile -string "Address is a mail.onmicrosoft.com address - skipping."
}
}
}
#The legacy Exchange DN must now be added to the group.
if ($isRetry -eq $FALSE)
{
if ($originalDLConfiguration.legacyExchangeDN -ne $NULL)
{
out-logfile -string "Determined that legacy Exchange DN was not NULL - calculate x500 address."
$functionEmailAddress = "x500:"+$originalDLConfiguration.legacyExchangeDN
out-logfile -string $originalDLConfiguration.legacyExchangeDN
out-logfile -string ("Calculated x500 Address = "+$functionEmailAddress)
try{
set-dynamicDistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$functionEmailAddress} -domainController $globalCatalogServer
}
catch{
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
else
{
out-logfile -string "Original DL configuration legacyExchangeDN is NULL - no action required."
}
}
else
{
out-logfile -string "X500 added in previous operation since it already existed on the group."
}
#The script intentionally does not set any other restrictions on the DL.
#It allows all restriction to be evaluated once the mail reaches office 365.
#The only restriction I set it require sender authentication - this ensures that anonymous email can still use the DL if the source is on prem.
if ($isRetry -eq $FALSE)
{
if ($originalDLConfiguration.msExchRequireAuthToSendTo -eq $NULL)
{
out-logfile -string "The sender authentication setting was not set - maybe legacy version of Exchange."
out-logfile -string "The sender authentication setting value FALSE in this instance."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $FALSE -domainController $globalCatalogServer
}
catch {
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
else
{
out-logfile -string "Sender authentication setting is present - retaining setting as present."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $originalDLConfiguration.msExchRequireAuthToSendTo -domainController $globalCatalogServer
}
catch {
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
}
else
{
try{
set-dynamicDistributionGroup -identity $functionAddress -RequireSenderAuthenticationEnabled $originalDLConfiguration.RequireSenderAuthenticationEnabled -domainController $globalCatalogServer
}
catch{
out-logfile -string "Unable to update require sender authentication on the group."
out-logfile -string $_ -isError:$TRUE
}
}
#Evaluate hide from address book.
if ($isRetry -eq $FALSE)
{
if (($originalDLConfiguration.msExchHideFromAddressLists -eq $TRUE) -or ($originalDLConfiguration.msExchHideFromAddressLists -eq $FALSE))
{
out-logfile -string "Evaluating hide from address list."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -HiddenFromAddressListsEnabled $originalDLConfiguration.msExchHideFromAddressLists -domainController $globalCatalogServer
}
catch {
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
else
{
out-logfile -string "Hide from address list settings retained at default value - not set."
}
}
else
{
try {
set-dynamicdistributionGroup -identity $functionAddress -HiddenFromAddressListsEnabled $originalDLConfiguration.HiddenFromAddressListsEnabled -domainController $globalCatalogServer
}
catch {
out-logfile -string $_
$isTestError="Yes"
return $isTestError
}
}
Out-LogFile -string "END Enable-MailDyamicGroup"
Out-LogFile -string "********************************************************************************"
}