Exchange 2010 Powershell指令碼攻略(十三)

ImSunkist發表於2011-07-12

enable-CrossForestConnector

Param(

[Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject] $instance = $null,

[string] $connectorName = $null,

[switch] $help,

[switch] $genericMTA

)

begin

{

#

Display help

#

function Usage()

{

write-host @'

Adjusts the permissions on a Send Connector for Cross Forest trust.

Enable-CrossForestConnector [-help] [-instance $x] [-connectorName "foo"] [-genericMTA]

-instance A SendConnector instance. Usually this is obtained from

get-SendConnector and used in place of -connectorName.

-connectorName The identity/Name of the connector to modify.

-genericMTA Set the permissions necessary for Exchange 2003 or another type of MTA.

Examples

get-sendConnector "OneSendConnector" | enable-CrossforestConnector

enable-CrossforestConnector -instance $(get-sendconnector "CfSendConnector")

'@

}

#

Locate a Receive or Send connector by its identity.

#

# The identity of the connector to find.

# The name can be either a Receive or Send connector. The name space for both enforces unique names across both.

#

function FindInstance([string] $name)

{

# Attempt to find it as a Receive Connector and suppress the failure behavior as it could be a send connector.

$connector= Get-ReceiveConnector $name -ErrorAction SilentlyContinue

if (!$connector)

{

# Attempt to find it as a Send Connector and suppress the failure behavior.

$connector = Get-SendConnector $name -ErrorAction SilentlyContinue

}

# return the connector.

$connector -as [Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject]

}

#

Calculate the set of new rights to add to this object for this user.

#

# The connector instance to modify

# The user or USG that is being added

# An array of new rights that are needed

#

# Add-AdPermission will fail if the same rights for the same user are being added. Therefore a filtered list of new rights must

# be generated by analyzing the existing rights.

#

function FilterNewRights([Microsoft.Exchange.Data.Directory.SystemConfiguration.ADConfigurationObject] $instance, [string] $user, [object[]]$newRights)

{

trap [Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException]

{

$Script:invalidUser = $true

continue;

}

# find all the existing rights for the specified user.

$rules = get-adpermission -Identity $instance.Identity -user $user -ErrorAction SilentlyContinue

if ($Script:invalidUser)

{

return @()

}

# flatten this list into one and skip deny rules.

$oldRights = @()

if ($rules -ne $null)

{

foreach($rule in $rules)

{

if ($rule.Deny -or !$rule.ExtendedRights)

{

continue

}

foreach($right in $rule.ExtendedRights)

{

$oldRights += $right.ToString()

}

}

}

# Create a new list by filtering out existing rights.

$applyRights = @()

foreach ($right in $newRights)

{

if ($oldRights -notcontains $right)

{

[Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter] $temp = [Microsoft.Exchange.Configuration.Tasks.ExtendedRightIdParameter]::Parse($right)

$applyRights += $temp;

}

}

# Return the applyRights.

$applyRights;

}

}

process

{

if ($help -or $args -contains "-?")

{

Usage

return

}

$User = "NT AUTHORITYANONYMOUS LOGON"

if (!$instance)

{

$instance = $_

}

if (!$instance)

{

if ($connectorName -eq "")

{

throw "Either ConnectorName or Identity must be specified."

}

$instance = FindInstance $connectorName

}

if (!$instance)

{

throw "No connector found that matches '$connectorName'"

}

$invalidUser = $false

$applyRights = @()

if ($instance -is [Microsoft.Exchange.Data.Directory.SystemConfiguration.SendConnector])

{

if ($genericMTA)

{

$newRights = @(

"ms-Exch-Send-Headers-Routing",

"ms-Exch-SMTP-Send-Exch50"

)

}

else

{

$newRights = @(

"ms-Exch-Send-Headers-Routing",

"ms-Exch-Send-Headers-Forest",

"ms-Exch-Send-Headers-Organization"

)

}

$applyRights = FilterNewRights $instance $user $newRights

}

else

{

throw "The found instance was not a SendConnector."

}

if ($invalidUser)

{

throw $error[0].Exception

}

if ($applyRights -ne $null -and $applyRights -ne @())

{

write-host "Connector:" $instance.Identity

Add-ADPermission -Identity $instance.Identity -user $user -ExtendedRights $applyRights

}

else

{

write-host "Connector:" $instance.Identity

write-host ""

write-host "All rights necessary already exist for '$user'"

}

}

[@more@]

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/23700676/viewspace-1052339/,如需轉載,請註明出處,否則將追究法律責任。

相關文章