Exchange Remote Mailbox creation via workflow

matt_a · ‎06-03-2020

We are moving over to O365 and using the remote mailbox on an on premise exchange server.

Up until now, we have been using orchestration on ServiceNow to build a new employees Active Directory account. But when we move to exchange, we need to create the account via the exchange remote mailbox method which then sync's to Active Directory.

Using our workflows, I see that there is a custom activity for creating a mailbox on exchange, but understand that this is different to a remote mailbox.

Im thinking that we could just copy the activity, add the new poweshell script to the midserver and then point the custom activity to the new ps script.

Has anyone had experience of this and would this work?

Any tips/suggestions for a doing this?

Many thanks in advance

matt_a · ‎11-26-2020

Hi Rajesh, I have successfully managed to achieve this and I have now automated the process.

Here is what I did:

I used the existing activity in the workflow - Enable Mailbox. I then customised this as follows to work with the remote mailbox cmdlet:

The credential tag is a credential I use for orchestration and has Exchange Admin as a role in AD. This is extremely important and must have this role. Once granted, it will require an app pool recycle - again, really important,

I added in the remoteroutingaddress and primarysmtpaddress as we have multiple email domains in my business. Both will be the same input which is the users UPN from AD. I required both as with just the remouteroutingaddress, it defaulted the mail account for the user to our main domain. So by including the SMPT, this set the mail address to the correct domain. If you only have the one mail domain, then you may not need to include this.

The domain parameter being: mycompany.onmicrosoft.com

I then utilised the OOB EnableMailbox script file, but updated the parameters. Copy this, create a new midserver script file with it and then link to this activity. Then restart the Mid.

Param([string]$exchangeServer, [string]$domain, [string]$exchangeUser, [string]$RemoteRoutingAddress, [string]$PrimarySmtpAddress, [string]$parameters)

# Import Exchange module
Import-Module -DisableNameChecking "$executingScriptDirectory\Exchange";

# Copy the environment variables to their parameters
if (test-path env:\SNC_exchangeServer) {
  $exchangeServer=$env:SNC_exchangeServer;
  $domain=$env:SNC_domain;
  $exchangeUser=$env:SNC_exchangeUser;
$RemoteRoutingAddress=$env:SNC_RemoteRoutingAddress;
$PrimarySmtpAddress=$env:SNC_PrimarySmtpAddress;
  $parameters=$env:SNC_parameters;
};

SNCLog-ParameterInfo @("Running Exchange-EnableRemoteMailbox", $exchangeServer, $domain, $exchangeUse, $RemoteRoutingAddress, $PrimarySmtpAddress)

$session = Create-PSSession -exchangeServerName $exchangeServer -credential $cred;
Import-PSSession $session -DisableNameChecking

# Enable-Mailbox switch parameters
# This parameters do NOT require a value...
# Parameter name is the key and the value is just the version that supports the parameter
$switchParams = @{"Arbitration" = "2010,2013";
                              "Discovery" = "2010,2013";
                              "Equipment" = "2010,2013";
                              "PublicFolder" = "2013";
                              "Room" = "2010,2013";
                              "Shared" = "2010,2013";
                              "Archive" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "Confirm" = "2010,2013";
                              "Force" = "2010,2013";
                              "HoldForMigration" = "2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "ManagedFolderMailboxPolicyAllowed" = "2010,2013";
                              "OverrideRecipientQuotas" = "2013";
                              "RemoteArchive" =  "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "PrimarySMTPAddress" = "2010,2013";
                              "RemoteRoutingAddress" = "2010,2013";
                              "WhatIf" =  "2010,2013"
                             };

# MultiValued parameters
# Parameter name is the key and the value is just the version that supports the parameter
$multiValued = @{"AddOnSKUCapability" = "2013";
                           "ArchiveName" = "2010,2013"
                          };

# These parameters are for Microsoft internal use only
# Parameter name is the key and the value is just the version that supports the parameter
$microsoftOnly = @{"AccountDisabled" = "2010,2013";
                              "AddOnSKUCapability" = "2013";
                              "ArchiveGuid" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "Location" = "2013";
                              "MailboxPlan" = "2013";
                              "OverrideRecipientQuotas" = "2013";
                              "SKUAssigned" = "2010,2013";
                              "SKUCapability" = "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "UsageLocation" = "2010,2013"
                              };

# Define hash table
$myParams = @{};

try {
	if ($exchangeUser) {
		$myParams.Add("Identity", $exchangeUser);
$myParams.Add("RemoteRoutingAddress", $RemoteRoutingAddress);
$myParams.Add("PrimarySmtpAddress", $PrimarySmtpAddress);
	};
	$myParams.Add("Confirm", $false);

	if ($parameters) {
		SNCLog-DebugInfo "`tProcessing parameters:  $parameters"
		$returnObj = Process-Params -cmd Enable-RemoteMailbox -params $parameters -cmdSwitches $switchParams -internalParams $microsoftOnly -multiValueParams $multiValued -inputParams $myParams;
		# retrieve the returned data
		$myParams = $returnObj;
	};

	# Call Cmdlet with our defined parameters
	# e.g.: Enable-Mailbox -Identity $exchangeUser -Confirm:$false
	# Note: Enable-Mailbox does not return any data
	$Private:cmdParams = SNCGet-CmdParams $myParams
	SNCLog-DebugInfo "`tInvoking Enable-RemoteMailbox $Private:cmdParams"
	Enable-RemoteMailbox @myParams;
	if (-not $?) {
		SNCLog-DebugInfo "`tEnable-RemoteMailbox failed, $error"
	}
} finally {
	# Disconnect the session
	Remove-PSSession $session;
}

This means that you will utilise the existing PS modules on the midserver to ensure that the script runs correctly.

Here is my final workflow:

Hope this helps

View solution in original post

sachin_namjoshi · ‎06-03-2020

I have implemented same requirement and your approach looks good.

I created power-shell script to create exchange remote mailbox and then called this powershell script using run script activity in workflow.

Make sure that credentials for new exchange remote servers are working as well as check ECC queue for response after you point activity to new PS script.

Regards,

Sachin

matt_a · ‎06-03-2020

Thanks Sachin, would you be able to show me an example script that you used in your run script activity? As I was just going to copy the oob custom activity for the exchange standard mailbox and push a JSON object with the parameters into it.

Thanks

Rajesh38 · ‎11-23-2020

Hi Matt,

Just wanted to check if you were able to achieve this. If so, need your more inputs.

Thanks,

Rajesh T

matt_a · ‎11-23-2020

Hi rajesh, unfortunately not. Neither Hi or the community were able to assist at this stage.

I have also created another thread on progress, but as of yet, it hasnt received any replies:

https://community.servicenow.com/community?id=community_question&sys_id=2797360ddb286410fb4ae15b8a96192a