Exchange Remote Mailbox creation via workflow

matt_a · ‎06-03-2020

We are moving over to O365 and using the remote mailbox on an on premise exchange server.

Up until now, we have been using orchestration on ServiceNow to build a new employees Active Directory account. But when we move to exchange, we need to create the account via the exchange remote mailbox method which then sync's to Active Directory.

Using our workflows, I see that there is a custom activity for creating a mailbox on exchange, but understand that this is different to a remote mailbox.

Im thinking that we could just copy the activity, add the new poweshell script to the midserver and then point the custom activity to the new ps script.

Has anyone had experience of this and would this work?

Any tips/suggestions for a doing this?

Many thanks in advance

matt_a · ‎11-26-2020

Hi Rajesh, I have successfully managed to achieve this and I have now automated the process.

Here is what I did:

I used the existing activity in the workflow - Enable Mailbox. I then customised this as follows to work with the remote mailbox cmdlet:

The credential tag is a credential I use for orchestration and has Exchange Admin as a role in AD. This is extremely important and must have this role. Once granted, it will require an app pool recycle - again, really important,

I added in the remoteroutingaddress and primarysmtpaddress as we have multiple email domains in my business. Both will be the same input which is the users UPN from AD. I required both as with just the remouteroutingaddress, it defaulted the mail account for the user to our main domain. So by including the SMPT, this set the mail address to the correct domain. If you only have the one mail domain, then you may not need to include this.

The domain parameter being: mycompany.onmicrosoft.com

I then utilised the OOB EnableMailbox script file, but updated the parameters. Copy this, create a new midserver script file with it and then link to this activity. Then restart the Mid.

Param([string]$exchangeServer, [string]$domain, [string]$exchangeUser, [string]$RemoteRoutingAddress, [string]$PrimarySmtpAddress, [string]$parameters)

# Import Exchange module
Import-Module -DisableNameChecking "$executingScriptDirectory\Exchange";

# Copy the environment variables to their parameters
if (test-path env:\SNC_exchangeServer) {
  $exchangeServer=$env:SNC_exchangeServer;
  $domain=$env:SNC_domain;
  $exchangeUser=$env:SNC_exchangeUser;
$RemoteRoutingAddress=$env:SNC_RemoteRoutingAddress;
$PrimarySmtpAddress=$env:SNC_PrimarySmtpAddress;
  $parameters=$env:SNC_parameters;
};

SNCLog-ParameterInfo @("Running Exchange-EnableRemoteMailbox", $exchangeServer, $domain, $exchangeUse, $RemoteRoutingAddress, $PrimarySmtpAddress)

$session = Create-PSSession -exchangeServerName $exchangeServer -credential $cred;
Import-PSSession $session -DisableNameChecking

# Enable-Mailbox switch parameters
# This parameters do NOT require a value...
# Parameter name is the key and the value is just the version that supports the parameter
$switchParams = @{"Arbitration" = "2010,2013";
                              "Discovery" = "2010,2013";
                              "Equipment" = "2010,2013";
                              "PublicFolder" = "2013";
                              "Room" = "2010,2013";
                              "Shared" = "2010,2013";
                              "Archive" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "Confirm" = "2010,2013";
                              "Force" = "2010,2013";
                              "HoldForMigration" = "2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "ManagedFolderMailboxPolicyAllowed" = "2010,2013";
                              "OverrideRecipientQuotas" = "2013";
                              "RemoteArchive" =  "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "PrimarySMTPAddress" = "2010,2013";
                              "RemoteRoutingAddress" = "2010,2013";
                              "WhatIf" =  "2010,2013"
                             };

# MultiValued parameters
# Parameter name is the key and the value is just the version that supports the parameter
$multiValued = @{"AddOnSKUCapability" = "2013";
                           "ArchiveName" = "2010,2013"
                          };

# These parameters are for Microsoft internal use only
# Parameter name is the key and the value is just the version that supports the parameter
$microsoftOnly = @{"AccountDisabled" = "2010,2013";
                              "AddOnSKUCapability" = "2013";
                              "ArchiveGuid" = "2010,2013";
                              "BypassModerationCheck" = "2010,2013";
                              "IncludeSoftDeletedObjects" = "2013";
                              "Location" = "2013";
                              "MailboxPlan" = "2013";
                              "OverrideRecipientQuotas" = "2013";
                              "SKUAssigned" = "2010,2013";
                              "SKUCapability" = "2010,2013";
                              "TargetAllMDBs" = "2013";
                              "UsageLocation" = "2010,2013"
                              };

# Define hash table
$myParams = @{};

try {
	if ($exchangeUser) {
		$myParams.Add("Identity", $exchangeUser);
$myParams.Add("RemoteRoutingAddress", $RemoteRoutingAddress);
$myParams.Add("PrimarySmtpAddress", $PrimarySmtpAddress);
	};
	$myParams.Add("Confirm", $false);

	if ($parameters) {
		SNCLog-DebugInfo "`tProcessing parameters:  $parameters"
		$returnObj = Process-Params -cmd Enable-RemoteMailbox -params $parameters -cmdSwitches $switchParams -internalParams $microsoftOnly -multiValueParams $multiValued -inputParams $myParams;
		# retrieve the returned data
		$myParams = $returnObj;
	};

	# Call Cmdlet with our defined parameters
	# e.g.: Enable-Mailbox -Identity $exchangeUser -Confirm:$false
	# Note: Enable-Mailbox does not return any data
	$Private:cmdParams = SNCGet-CmdParams $myParams
	SNCLog-DebugInfo "`tInvoking Enable-RemoteMailbox $Private:cmdParams"
	Enable-RemoteMailbox @myParams;
	if (-not $?) {
		SNCLog-DebugInfo "`tEnable-RemoteMailbox failed, $error"
	}
} finally {
	# Disconnect the session
	Remove-PSSession $session;
}

This means that you will utilise the existing PS modules on the midserver to ensure that the script runs correctly.

Here is my final workflow:

Hope this helps

View solution in original post

shanedavis · 2 weeks ago

@matt_a , we are working on project moving from Exchange on-prem to Exchange Online. How did you set the AD UPN value? I see a run script where you add the value to scratchpad, but nothing after that. Thank you for any help you can provide.