Exchange Remote Mailbox creation via workflow

matt_a · ‎06-03-2020

We are moving over to O365 and using the remote mailbox on an on premise exchange server.

Up until now, we have been using orchestration on ServiceNow to build a new employees Active Directory account. But when we move to exchange, we need to create the account via the exchange remote mailbox method which then sync's to Active Directory.

Using our workflows, I see that there is a custom activity for creating a mailbox on exchange, but understand that this is different to a remote mailbox.

Im thinking that we could just copy the activity, add the new poweshell script to the midserver and then point the custom activity to the new ps script.

Has anyone had experience of this and would this work?

Any tips/suggestions for a doing this?

Many thanks in advance

matt_a · ‎11-26-2020

Hi Rajesh, I have successfully managed to achieve this and I have now automated the process.

Here is what I did:

I used the existing activity in the workflow - Enable Mailbox. I then customised this as follows to work with the remote mailbox cmdlet:

The credential tag is a credential I use for orchestration and has Exchange Admin as a role in AD. This is extremely important and must have this role. Once granted, it will require an app pool recycle - again, really important,

I added in the remoteroutingaddress and primarysmtpaddress as we have multiple email domains in my business. Both will be the same input which is the users UPN from AD. I required both as with just the remouteroutingaddress, it defaulted the mail account for the user to our main domain. So by including the SMPT, this set the mail address to the correct domain. If you only have the one mail domain, then you may not need to include this.

The domain parameter being: mycompany.onmicrosoft.com

I then utilised the OOB EnableMailbox script file, but updated the parameters. Copy this, create a new midserver script file with it and then link to this activity. Then restart the Mid.

Param([string]$exchangeServer, [string]$domain, [string]$exchangeUser, [string]$RemoteRoutingAddress, [string]$PrimarySmtpAddress, [string]$parameters)

# Import Exchange module
Import-Module -DisableNameChecking "$executingScriptDirectory\Exchange";

# Copy the environment variables to their parameters
if (test-path env:\SNC_exchangeServer) {
  $exchangeServer=$env:SNC_exchangeServer;
  $domain=$env:SNC_domain;
  $exchangeUser=$env:SNC_exchangeUser;
$RemoteRoutingAddress=$env:SNC_RemoteRoutingAddress;
$PrimarySmtpAddress=$env:SNC_PrimarySmtpAddress;
  $parameters=$env:SNC_parameters;
};

SNCLog-ParameterInfo @("Running Exchange-EnableRemoteMailbox", $exchangeServer, $domain, $exchangeUse, $RemoteRoutingAddress, $PrimarySmtpAddress)

$session = Create-PSSession -exchangeServerName $exchangeServer -credential $cred;
Import-PSSession $session -DisableNameChecking

# Enable-Mailbox switch parameters
# This parameters do NOT require a value...
# Parameter name is the key and the value is just the version that supports the parameter
$switchParams = @{"Arbitration" = "2010,2013";
                              "Discovery" = "2010,2013";
                              "Equipment" = "2010,2013";
                              "PublicFolder" = "2013";
                              "Room" = "2010,2013";
                              "Shared" = "2010,2013";
                              "Archive" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "Confirm" = "2010,2013";
                              "Force" = "2010,2013";
                              "HoldForMigration" = "2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "ManagedFolderMailboxPolicyAllowed" = "2010,2013";
                              "OverrideRecipientQuotas" = "2013";
                              "RemoteArchive" =  "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "PrimarySMTPAddress" = "2010,2013";
                              "RemoteRoutingAddress" = "2010,2013";
                              "WhatIf" =  "2010,2013"
                             };

# MultiValued parameters
# Parameter name is the key and the value is just the version that supports the parameter
$multiValued = @{"AddOnSKUCapability" = "2013";
                           "ArchiveName" = "2010,2013"
                          };

# These parameters are for Microsoft internal use only
# Parameter name is the key and the value is just the version that supports the parameter
$microsoftOnly = @{"AccountDisabled" = "2010,2013";
                              "AddOnSKUCapability" = "2013";
                              "ArchiveGuid" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "Location" = "2013";
                              "MailboxPlan" = "2013";
                              "OverrideRecipientQuotas" = "2013";
                              "SKUAssigned" = "2010,2013";
                              "SKUCapability" = "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "UsageLocation" = "2010,2013"
                              };

# Define hash table
$myParams = @{};

try {
	if ($exchangeUser) {
		$myParams.Add("Identity", $exchangeUser);
$myParams.Add("RemoteRoutingAddress", $RemoteRoutingAddress);
$myParams.Add("PrimarySmtpAddress", $PrimarySmtpAddress);
	};
	$myParams.Add("Confirm", $false);

	if ($parameters) {
		SNCLog-DebugInfo "`tProcessing parameters:  $parameters"
		$returnObj = Process-Params -cmd Enable-RemoteMailbox -params $parameters -cmdSwitches $switchParams -internalParams $microsoftOnly -multiValueParams $multiValued -inputParams $myParams;
		# retrieve the returned data
		$myParams = $returnObj;
	};

	# Call Cmdlet with our defined parameters
	# e.g.: Enable-Mailbox -Identity $exchangeUser -Confirm:$false
	# Note: Enable-Mailbox does not return any data
	$Private:cmdParams = SNCGet-CmdParams $myParams
	SNCLog-DebugInfo "`tInvoking Enable-RemoteMailbox $Private:cmdParams"
	Enable-RemoteMailbox @myParams;
	if (-not $?) {
		SNCLog-DebugInfo "`tEnable-RemoteMailbox failed, $error"
	}
} finally {
	# Disconnect the session
	Remove-PSSession $session;
}

This means that you will utilise the existing PS modules on the midserver to ensure that the script runs correctly.

Here is my final workflow:

Hope this helps

View solution in original post

Rajesh38 · ‎11-23-2020

ohh.ok. Just look at this and see if this help out for you?

https://community.servicenow.com/community?id=community_question&sys_id=d8e90729db5cdbc01dcaf3231f96190e

So, if we use OOB create email box custom activity with premise exchange server details, does it not working ?

matt_a · ‎11-23-2020

The PS script we need is Enable Remote Mailbox. OOB, the PS is to enable a standard mailbox which has different parameters and I dont believe to be compatible?

Rajesh38 · ‎11-23-2020

No idea and need to check. I have custom PS script in handy to enable Remote Mailbox (same PS script being used from AD PS script) but my requirement now is to invoke same PS from SN workflow .

what do you think best approach would be easy.

- > call PS script in run script activity in workflow ?

- > write BR to insert record to ECC Queue to process PS script ? Not sure how to pass input parameters which are required

- > Can we make use of OOB "Create email box" by using custom script ?

matt_a · ‎11-26-2020

Hi Rajesh, I have successfully managed to achieve this and I have now automated the process.

Here is what I did:

I used the existing activity in the workflow - Enable Mailbox. I then customised this as follows to work with the remote mailbox cmdlet:

The credential tag is a credential I use for orchestration and has Exchange Admin as a role in AD. This is extremely important and must have this role. Once granted, it will require an app pool recycle - again, really important,

I added in the remoteroutingaddress and primarysmtpaddress as we have multiple email domains in my business. Both will be the same input which is the users UPN from AD. I required both as with just the remouteroutingaddress, it defaulted the mail account for the user to our main domain. So by including the SMPT, this set the mail address to the correct domain. If you only have the one mail domain, then you may not need to include this.

The domain parameter being: mycompany.onmicrosoft.com

I then utilised the OOB EnableMailbox script file, but updated the parameters. Copy this, create a new midserver script file with it and then link to this activity. Then restart the Mid.

Param([string]$exchangeServer, [string]$domain, [string]$exchangeUser, [string]$RemoteRoutingAddress, [string]$PrimarySmtpAddress, [string]$parameters)

# Import Exchange module
Import-Module -DisableNameChecking "$executingScriptDirectory\Exchange";

# Copy the environment variables to their parameters
if (test-path env:\SNC_exchangeServer) {
  $exchangeServer=$env:SNC_exchangeServer;
  $domain=$env:SNC_domain;
  $exchangeUser=$env:SNC_exchangeUser;
$RemoteRoutingAddress=$env:SNC_RemoteRoutingAddress;
$PrimarySmtpAddress=$env:SNC_PrimarySmtpAddress;
  $parameters=$env:SNC_parameters;
};

SNCLog-ParameterInfo @("Running Exchange-EnableRemoteMailbox", $exchangeServer, $domain, $exchangeUse, $RemoteRoutingAddress, $PrimarySmtpAddress)

$session = Create-PSSession -exchangeServerName $exchangeServer -credential $cred;
Import-PSSession $session -DisableNameChecking

# Enable-Mailbox switch parameters
# This parameters do NOT require a value...
# Parameter name is the key and the value is just the version that supports the parameter
$switchParams = @{"Arbitration" = "2010,2013";
                              "Discovery" = "2010,2013";
                              "Equipment" = "2010,2013";
                              "PublicFolder" = "2013";
                              "Room" = "2010,2013";
                              "Shared" = "2010,2013";
                              "Archive" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "Confirm" = "2010,2013";
                              "Force" = "2010,2013";
                              "HoldForMigration" = "2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "ManagedFolderMailboxPolicyAllowed" = "2010,2013";
                              "OverrideRecipientQuotas" = "2013";
                              "RemoteArchive" =  "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "PrimarySMTPAddress" = "2010,2013";
                              "RemoteRoutingAddress" = "2010,2013";
                              "WhatIf" =  "2010,2013"
                             };

# MultiValued parameters
# Parameter name is the key and the value is just the version that supports the parameter
$multiValued = @{"AddOnSKUCapability" = "2013";
                           "ArchiveName" = "2010,2013"
                          };

# These parameters are for Microsoft internal use only
# Parameter name is the key and the value is just the version that supports the parameter
$microsoftOnly = @{"AccountDisabled" = "2010,2013";
                              "AddOnSKUCapability" = "2013";
                              "ArchiveGuid" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "Location" = "2013";
                              "MailboxPlan" = "2013";
                              "OverrideRecipientQuotas" = "2013";
                              "SKUAssigned" = "2010,2013";
                              "SKUCapability" = "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "UsageLocation" = "2010,2013"
                              };

# Define hash table
$myParams = @{};

try {
	if ($exchangeUser) {
		$myParams.Add("Identity", $exchangeUser);
$myParams.Add("RemoteRoutingAddress", $RemoteRoutingAddress);
$myParams.Add("PrimarySmtpAddress", $PrimarySmtpAddress);
	};
	$myParams.Add("Confirm", $false);

	if ($parameters) {
		SNCLog-DebugInfo "`tProcessing parameters:  $parameters"
		$returnObj = Process-Params -cmd Enable-RemoteMailbox -params $parameters -cmdSwitches $switchParams -internalParams $microsoftOnly -multiValueParams $multiValued -inputParams $myParams;
		# retrieve the returned data
		$myParams = $returnObj;
	};

	# Call Cmdlet with our defined parameters
	# e.g.: Enable-Mailbox -Identity $exchangeUser -Confirm:$false
	# Note: Enable-Mailbox does not return any data
	$Private:cmdParams = SNCGet-CmdParams $myParams
	SNCLog-DebugInfo "`tInvoking Enable-RemoteMailbox $Private:cmdParams"
	Enable-RemoteMailbox @myParams;
	if (-not $?) {
		SNCLog-DebugInfo "`tEnable-RemoteMailbox failed, $error"
	}
} finally {
	# Disconnect the session
	Remove-PSSession $session;
}

This means that you will utilise the existing PS modules on the midserver to ensure that the script runs correctly.

Here is my final workflow:

Hope this helps

Michael Domke · ‎06-04-2024

Have you stress tested this? By that I mean how many concurrent workflow contexts have you tried running at the same time?

I'm doing something similar using the Run PowerShell activity but an issue I'm running into is exceeding the maximum number of connections allowed when using any "RemoteMailbox" cmdlet.

The MaxConcurrency policy limit setup in my Exchange environment is 18. If I run 18+ concurrent workflows, or rather, PowerShell activities using a "RemoteMailbox" cmdlet, I'll hit this limit and the PowerShell activity in the 19th workflow fails with the maximum connection failure.

And before anyone asks, yes, I do disconnect the session at the end of the script but there are times when there are 18+ concurrent sessions running.

Thanks,
Michael