从 ASP.NET 应用程序调用 Exchange activesync cmdlet
我正在开发一种解决方案,用户可以通过网页擦除在 Exchange 2010 中注册的移动设备,但不能使用 Outlook Web Access。 我已在我的开发计算机上安装了 Exchange 管理工具,并且应用程序池正在使用具有执行命令所需权限的标识(分配的角色组“收件人管理”)。我使用以下代码来执行擦除,
string deviceId = "deviceid";
string username = "username";
RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();
PSSnapInException snapInException = null;
PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.E2010", out snapInException);
if(snapInException != null)
throw snapInException;
using(var runspace = RunspaceFactory.CreateRunspace(new MyPowershellHost(), rsConfig))
{
runspace.Open();
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(@". ""C:\Program files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1""");
pipeline.Commands.AddScript("Connect-ExchangeServer -auto");
pipeline.Invoke();
}
ActiveSyncDeviceConfiguration actualDevice;
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(string.Format("Get-ActiveSyncDeviceStatistics -Mailbox {0}", username));
var result = pipeline.Invoke();
actualDevice = result.Select(x => x.BaseObject as ActiveSyncDeviceConfiguration).Where(x => x.DeviceID.EndsWith(deviceId)).SingleOrDefault();
}
if(actualDevice != null)
{
var identity = actualDevice.Identity as ADObjectId;
using(var pipeline = runspace.CreatePipeline())
{
var cmd = new Command("Clear-ActiveSyncDevice");
cmd.Parameters.Add("Identity", identity.DistinguishedName);
pipeline.Commands.Add(cmd);
pipeline.Invoke();
}
}
}
当用户帐户被添加为计算机上的本地管理员并且登录到 Windows 时,我可以使其工作。如果用户必须是本地管理员,我可以接受,但让用户不断登录对于服务器应用程序来说是不切实际的。 MyPowershellHost 类只是一个基本的主机实现,允许 RemoteExchange.ps1 脚本运行,因为它与 UI 交互。
我无法弄清楚用户是否需要额外的权限,或者我只是做错了。
I'm working on a solution where users can wipe mobile devices registered with Exchange 2010, through a webpage, using Outlook Web Access is not an option.
I've installed Exchange Management Tools on my dev machine and the app pool is using an identity that has the necessary rights to perform the commands (assigned role group "Recipient Management"). I'm using the following code to perform the wipes
string deviceId = "deviceid";
string username = "username";
RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();
PSSnapInException snapInException = null;
PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.E2010", out snapInException);
if(snapInException != null)
throw snapInException;
using(var runspace = RunspaceFactory.CreateRunspace(new MyPowershellHost(), rsConfig))
{
runspace.Open();
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(@". ""C:\Program files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1""");
pipeline.Commands.AddScript("Connect-ExchangeServer -auto");
pipeline.Invoke();
}
ActiveSyncDeviceConfiguration actualDevice;
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(string.Format("Get-ActiveSyncDeviceStatistics -Mailbox {0}", username));
var result = pipeline.Invoke();
actualDevice = result.Select(x => x.BaseObject as ActiveSyncDeviceConfiguration).Where(x => x.DeviceID.EndsWith(deviceId)).SingleOrDefault();
}
if(actualDevice != null)
{
var identity = actualDevice.Identity as ADObjectId;
using(var pipeline = runspace.CreatePipeline())
{
var cmd = new Command("Clear-ActiveSyncDevice");
cmd.Parameters.Add("Identity", identity.DistinguishedName);
pipeline.Commands.Add(cmd);
pipeline.Invoke();
}
}
}
I can get this working when the user account is added as a local administrator on the machine and also is logged onto windows. I can accept if the user has to be local administrator but having the user constantly logged in is not practical for a server application.
The MyPowershellHost class is just a basic host implementation to allow the RemoteExchange.ps1 script to run since it's interacting with the UI.
I can't figure out if the user need extra privilegies or I'm just doing it wrong.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您将遇到的关键问题之一是连接到 Exchange 的方式。您不需要像控制台那样加载管理工具脚本,只需使用 PowerShell 远程处理即可。您甚至不需要在 Web 服务器上安装管理工具。
此外,Exchange 2010 不支持直接加载管理单元。
请参阅 http:// technet.microsoft.com/en-us/library/dd297932.aspx 了解详细信息。
示例代码:
您还应该研究向已调用
Complete()的Invoke发送一个空的PSDataCollection。这将阻止 Powershell 管道阻塞输入请求,这会挂起您的 Web 服务器进程。One of the key issues you'll be having is the way that you're connecting to Exchange. You don't need to load the management tools script like the console does, you just use the PowerShell remoting. You don't even need the management tools installed on the web server.
Also, loading the snap-in directly is unsupported by Exchange 2010.
See http://technet.microsoft.com/en-us/library/dd297932.aspx for details.
Sample code:
You should also investigate sending an empty
PSDataCollectiontoInvokethat has hadComplete()called on it. This will stop the Powershell pipeline from blocking on an input request, something that will hang your webserver process.