abgesehen von ein paar Fehler in der Anleitung von MS finde ich diese auch die beste. Vor allem da man hier saubere Vorlagen für die Scripts hat.
Habe heute den Server mal weider Frisch aufgebaut und die Anleitung mal bis zu:
-- Adding a Segregated Company to the Environment --
durch gearbeitet. Ab diesem Punkt kommt ja das einrichten der einzelnen Firmen. Um dies zu automatisieren habe ich das "Beispiel-Script" von der selben MS-Seite genommen und die paar Anpassungen an meinen Servername gemacht.
Ich starte das Script und ohne, dass ich was eingeben kann schliesst es mit folgendem Fehler ab:
Unexpected token 'to' in expression or statement.
At C:\Program Files\Microsoft\Exchange Server\Scripts\NewCompany.ps1:79 char:52
+ "3 of 15, Add a Security Group for $CompanyName" to <<<< the "All Hosted Gro
ups SG"
Langsam aber sicher glaube ich ich werde Bäcker oder Koch oder sonst was...
Hier noch das Script von MS
#"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
#"!!!!!!! THIS IS NOT A MICROSOFT SUPPORTED SCRIPT. !!!!!!!!"
#"!!!!!!! TEST IN A LAB FOR DESIRED OUTCOME !!!!!!!!"
#"!!!!!!! !!!!!!!!!!"
#"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
#" "
#"1. Change the server names."
#"A. OABGeneration server in Step 9"
#"B. OAB website in Step 9"
#"C. Public folder server"
#"2. Modify the domain and OU structure in Step 1"
#"3. Change the domain controller name in Step 3"
#
#" "
#
#"When the above steps have been taken, comment out this line and all those above it using # #at the beginning of the line."
#" "
#
#" "
#!!!! Change DC below !!!!
#This step gets a domain controller name ##
$DC = "dc01.contoso.com"
"Using Domain Controller - $DC"
#checks for the "Company" OU
#----------------------------
#----------------------------
$eaSave = $ErrorActionPreference
$ErrorActionPreference = "Inquire"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $dc)
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
$root = $domain.psbase.GetDirectoryEntry()
# check if the 'Companies' ou exists
$orgs = $null
$orgs = $root.psbase.Children.psbase.Find("OU=Companies")
if ($orgs -eq $null)
{
write-host "Cannot find an OU named 'Companies'"; exit
}
#-----------------------------
#-----------------------------
" "
" "
## Gets the company name ##
"Enter the company name:"
$CompanyName = [Console]::ReadLine()
$CompanyName = $CompanyName.Trim()
## Gets the company Email Domain Name ##
"Enter the company email domain name - e.g. contoso.com:"
$CompanyEmailDomainName = [Console]::ReadLine()
$CompanyEmailDomainName = $CompanyEmailDomainName.Trim()
## Create the OU for New Company ##
##!!!!! Change DC to a valid DC for your environment !!!!!!
"1 of 15, Creating an Organizational Unit for $CompanyName"
$NewOU = $CompanyName
$objDomain = [ADSI]"LDAP://DC01:389/ou=Companies,dc=contoso,dc=com"
$objOU = $objDomain.Create("organizationalUnit","ou="+$NewOU)
$objOU.SetInfo()
"An OU has been created for $CompanyName"
" "
"Wait 20 seconds for the OU to be visible on the Domain Controller"
[System.Threading.Thread]::Sleep(20000)
#check for this companies OU
#--------------------------------
#--------------------------------
# Find the org itself
$newOrg = $null
$newOrg = $orgs.psbase.Children.psbase.Find("ou="+$CompanyName)
if ($newOrg -eq $null)
{
" "
write-host "Cannot find an OU named" $CompanyName
" "
exit
}
#---------------------------------
#---------------------------------
" "
".............................................."
"2 of 15, Creating a Security Group for $CompanyName"
".............................................."
#!!!OU structure must be created first!!!!
new-distributiongroup -name "$CompanyName SG" -Type "security" -OrganizationalUnit "contoso.com/Companies/$CompanyName" -SamAccountName "$CompanyName" -Alias "$CompanyName" -domaincontroller $DC
" "
".............................................."
"3 of 15, Add a Security Group for $CompanyName" to the "All Hosted Groups SG"
".............................................."
Get-distributiongroup -name "All Hosted Groups SG" | Add-DistributionGroupMember -Member "$CompanyName SG" -domaincontroller $DC
" "
".............................................."
"4 of 15, Set customattribute1 on the USG for $CompanyName"
".............................................."
set-distributiongroup "$CompanyName SG" -customattribute1 "$CompanyName" -domaincontroller $DC
" "
".............................................."
"5 of 15, Creating an Address List for $CompanyName"
".............................................."
new-AddressList -Name "$CompanyName AL" -Container '\' -IncludedRecipients 'AllRecipients' -conditionalcustomattribute1 $CompanyName -domaincontroller $DC
#" "
#".............................................."
"6 of 15, Add an Accepted Domain for $CompanyName"
".............................................."
New-AcceptedDomain -Name "$CompanyName" -DomainName "$CompanyEmailDomainName" -DomainType Authoritative -domaincontroller $DC
" "
".............................................."
"7 of 15,Adding Email Address Policy for $CompanyName"
".............................................."
New-EmailAddressPolicy -Name "Fabrikam" -Priority "1" -EnabledEmailAddressTemplates "SMTP:%1g%s@$CompanyEmailDomainName" -domaincontroller $DC
" "
".............................................."
"8 of 15, Remove Authenticated Users from the $CompanyName address list"
Get-AddressList "$companyName AL" -domaincontroller $DC | #Remove-ADPermission -User "Authenticated Users" -accessrights GenericRead -extendedrights "open address list" -deny:$false -domaincontroller $DC
" "
".............................................."
"9 of 15, Granting permissions for users of $CompanyName to view the Address List for $CompanyName"
".............................................."
get-addresslist "$companyname AL" -domaincontroller $DC | add-adpermission -USER "$CompanyName SG" -extendedrights "Open Address list" -deny:$false -domaincontroller $DC
" "
".............................................."
"10 of 15, Creating a Global Address List for $CompanyName"
".............................................."
new-globaladdresslist -name "$CompanyName GAL" -recipientFilter {(alias -ne $null -and customattribute1 -eq $CompanyName)} -domaincontroller $DC
" "
".............................................."
"11 of 15, Updating the Address List for $CompanyName"
".............................................."
update-AddressList "$CompanyName AL" -domaincontroller $DC
" "
".............................................."
"12 of 15, Updating the Global Address List for $CompanyName"
".............................................."
update-GlobalAddressList -Identity "$CompanyName GAL" -domaincontroller $DC
" "
".............................................."
"13 of 15, Updating the Email Address Policy for $CompanyName"
".............................................."
update-EmailAddressPolicy -Identity "$CompanyName" -domaincontroller $DC
" "
".............................................."
"14 of 15,Creating an Offline Address List for $CompanyName"
".............................................."
# !!!! Will need to change the server name here !!!!
# !!!! Specify the OAB Generation Server and the OAB Distribution Location !!!!
new-offlineAddressBook -Name "$CompanyName OAB" -Server OABGENERATIONSERVER.contoso.COM -AddressLists "$CompanyName AL" -PublicFolderDistributionEnabled $true -VirtualDirectories "DISTRIBUTIONSERVERNAME\OAB (Default Web Site)" -domaincontroller $DC
".............................................."
"15 of 15, Granting permissions for users of $CompanyName to view the Offline Address Book for $CompanyName"
".............................................."
Get-OfflineAddressBook "$CompanyName OAB" -domaincontroller $DC | Add-ADPermission -User "$CompanyName SG" -ExtendedRights 'ms-Exch-Download-OAB' -Deny:$false -domaincontroller $DC
$OAB = (get-offlineaddressbook "$CompanyName OAB" -domaincontroller $DC).distinguishedname
$OU = (get-distributiongroup "$CompanyName SG" -domaincontroller $DC).organizationalunit
$USG = (get-distributiongroup "$CompanyName SG" -domaincontroller $DC).name
" "
"=============================================="
"Script for setup of $companyname complete"
"=============================================="
" "
"For each user created in $Companyname, set the following attributes to the specified values:"
"customattribute1 = $CompanyName"
"msExchUseOAB = $OAB"
"msExchQueryBaseDN = $OU"
"groupmembership = $USG"
" "
" "
" "
#====================================================
#=====confirmation Section - Output to HTML file=====
#====================================================
$b3 = get-addresslist "$companyName AL"-domaincontroller $DC
$b3a = $b3.recipientfilter
$b4 = get-globaladdresslist "$companyName GAL"-domaincontroller $DC
$b4a = $b4.recipientfilter
$b5 = get-offlineaddressbook "$companyName OAB"-domaincontroller $DC
$b5a = $b5.addresslists
$b5b = $b5.distinguishedname
$b6 = get-distributiongroup "$companyName SG" -domaincontroller $DC
$b6a = $b6.grouptype
$date = date
set-content -path c:\$CompanyName.htm -value "<html>
<title>Company Confirmation: $companyName</title>
<head></head>
<body>
<h1>Company Confirmation: <font color=green>$Companyname</font></h1>
<table>
<tr><td><font size=2>The script will query each item listed and return the value in <font color=green>GREEN</font>. If the value is not found, it will not be listed. </td></tr>
</table>
<br>
<table>
<tr><td>Creation Date:</td><td><font color=green>$date</font></td></tr>
<tr><td>AddressList:</td><td><font color=green>$b3 - $b3a</font></td></tr>
<tr><td>GlobalAddressList:</td><td><font color=green>$b4 - $b4a</font></td></tr>
<tr><td>OfflineAddressBook:</td><td><font color=green>$b5 - $b5a</font></td></tr>
<tr><td>DistributionGroup:</td><td><font color=green>$b6 - $b6a</font></td></tr>
</table>
<table>
<br>
<tr><td> </td></tr>
<tr><td><font size=2>For each user created in $CompanyName, you will set the following attributes to the underlined values:</td></tr>
<tr><td><font size=2>customattribute1 - <u>$companyName</u> (In ADSIEdit its extensionattribute1)</td></tr>
<tr><td><font size=2>msExchUseOAB - <u>$OAB</u> (IN EMS its -offlineaddressbook)</td></tr>
<tr><td><font size=2>msExchQueryBaseDN - <u>$OU</u></td></tr>
<tr><td><font size=2>groupmembership - <u>$USG</u></td></tr>
<tr><td> </td></tr>
</font>
</table>
</body>
</html>"
invoke-item c:\$companyname.htm