forked from timmcmic/DLConversionV2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Enable-MailDynamicGroup.ps1
159 lines (118 loc) · 6.2 KB
/
Enable-MailDynamicGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<#
.SYNOPSIS
This function enables the dynamic group for hybird mail flow.
.DESCRIPTION
This function enables the dynamic group for hybird mail flow.
.PARAMETER GlobalCatalogServer
The global catalog to make the query against.
.PARAMETER routingContactConfig
The original DN of the object.
.PARAMETER originalDLConfiguration
The original DN of the object.
.OUTPUTS
None
.EXAMPLE
enable-mailDynamicGroup -globalCatalogServer GC -routingContactConfig contactConfiguration -originalDLConfiguration DLConfiguration
#>
Function Enable-MailDyamicGroup
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory = $true)]
[string]$globalCatalogServer,
[Parameter(Mandatory = $true)]
$routingContactConfig,
[Parameter(Mandatory = $true)]
$originalDLConfiguration
)
#Declare function variables.
$functionEmailAddress=$NULL
#Start function processing.
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "BEGIN Enable-MailDyamicGroup"
Out-LogFile -string "********************************************************************************"
#Log the parameters and variables for the function.
#Create the dynamic distribution group.
#This is very import - the group is scoped to the OU where it was created and uses the two custom attributes.
#If the mail contact is ever moved from the OU that the DL originally existed in - hybrid mail flow breaks.
try{
out-logfile -string "Creating dynamic group..."
new-dynamicDistributionGroup -name $originalDLConfiguration.name -alias $originalDLConfiguration.mailNickName -primarySMTPAddress $originalDLConfiguration.mail -organizationalUnit $originalDLConfiguration.distinguishedName.substring($originalDLConfiguration.distinguishedname.indexof("OU")) -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName
}
catch{
out-logfile -string $_ -isError:$TRUE
}
#All of the email addresses that existed on the migrated group need to be stamped on the new group.
foreach ($address in $originalDLConfiguration.proxyAddresses)
{
out-logfile -string ("Adding proxy address = "+$address)
#If the address is not a mail.onmicrosoft.com address - stamp it.
#Otherwise skip it - this is because the address is stamped on the mail contact already.
if (!$address.contains("mail.onmicrosoft.com"))
{
out-logfile -string "Address is not a mail.onmicrosoft.com address."
try{
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$address} -domainController $globalCatalogServer
}
catch{
out-logfile -string $_ -isError:$TRUE
}
}
else
{
out-logfile -string "Address is a mail.onmicrosoft.com address - skipping."
}
}
#The legacy Exchange DN must now be added to the group.
$functionEmailAddress = "x500:"+$originalDLConfiguration.legacyExchangeDN
out-logfile -string $originalDLConfiguration.legacyExchangeDN
out-logfile -string ("Calculated x500 Address = "+$functionEmailAddress)
try{
set-dynamicDistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$functionEmailAddress} -domainController $globalCatalogServer
}
catch{
out-logfile -string $_ -isError:$TRUE
}
#The script intentionally does not set any other restrictions on the DL.
#It allows all restriction to be evaluated once the mail reaches office 365.
#The only restriction I set it require sender authentication - this ensures that anonymous email can still use the DL if the source is on prem.
if ($originalDLConfiguration.msExchRequireAuthToSendTo -eq $NULL)
{
out-logfile -string "The sender authentication setting was not set - maybe legacy version of Exchange."
out-logfile -string "The sender authentication setting value FALSE in this instance."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $FALSE -domainController $globalCatalogServer
}
catch {
out-logfile -string $_ -isError:$TRUE
}
}
else
{
out-logfile -string "Sender authentication setting is present - retaining setting as present."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $originalDLConfiguration.msExchRequireAuthToSendTo -domainController $globalCatalogServer
}
catch {
out-logfile -string $_ -isError:$TRUE
}
}
#Evaluate hide from address book.
if (($originalDLConfiguration.msExchHideFromAddressLists -eq $TRUE) -or ($originalDLConfiguration.msExchHideFromAddressLists -eq $FALSE))
{
out-logfile -string "Evaluating hide from address list."
try {
set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -HiddenFromAddressListsEnabled $originalDLConfiguration.msExchHideFromAddressLists -domainController $globalCatalogServer
}
catch {
out-logfile -string $_ -isError:$TRUE
}
}
else
{
out-logfile -string "Hide from address list settings retained at default value - not set."
}
Out-LogFile -string "END Enable-MailDyamicGroup"
Out-LogFile -string "********************************************************************************"
}