问题描述
我正在开发一种解决方案,用户不能使用Outlook Web Access通过网页擦除在Exchange 2010中注册的移动设备.我已经在开发机器上安装了Exchange管理工具,并且应用程序池使用的身份具有执行命令所必需的权限(分配的角色组收件人管理").我正在使用以下代码执行擦拭
I'm working on a solution where users can wipe mobile devices registered with Exchange 2010, through a webpage, using Outlook Web Access is not an option.I've installed Exchange Management Tools on my dev machine and the app pool is using an identity that has the necessary rights to perform the commands (assigned role group "Recipient Management"). I'm using the following code to perform the wipes
string deviceId = "deviceid";
string username = "username";
RunspaceConfiguration rsConfig = RunspaceConfiguration.Create();
PSSnapInException snapInException = null;
PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.E2010", out snapInException);
if(snapInException != null)
throw snapInException;
using(var runspace = RunspaceFactory.CreateRunspace(new MyPowershellHost(), rsConfig))
{
runspace.Open();
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(@". ""C:\Program files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1""");
pipeline.Commands.AddScript("Connect-ExchangeServer -auto");
pipeline.Invoke();
}
ActiveSyncDeviceConfiguration actualDevice;
using(var pipeline = runspace.CreatePipeline())
{
pipeline.Commands.AddScript(string.Format("Get-ActiveSyncDeviceStatistics -Mailbox {0}", username));
var result = pipeline.Invoke();
actualDevice = result.Select(x => x.BaseObject as ActiveSyncDeviceConfiguration).Where(x => x.DeviceID.EndsWith(deviceId)).SingleOrDefault();
}
if(actualDevice != null)
{
var identity = actualDevice.Identity as ADObjectId;
using(var pipeline = runspace.CreatePipeline())
{
var cmd = new Command("Clear-ActiveSyncDevice");
cmd.Parameters.Add("Identity", identity.DistinguishedName);
pipeline.Commands.Add(cmd);
pipeline.Invoke();
}
}
}
当用户帐户被添加为计算机上的本地管理员并且也登录到Windows时,我可以使它工作.我可以接受,如果用户必须是本地管理员,但是对于服务器应用程序来说,使用户不断登录是不切实际的.MyPowershellHost类只是一个基本的主机实现,因为它与UI交互,因此可以运行RemoteExchange.ps1脚本.
I can get this working when the user account is added as a local administrator on the machine and also is logged onto windows. I can accept if the user has to be local administrator but having the user constantly logged in is not practical for a server application.The MyPowershellHost class is just a basic host implementation to allow the RemoteExchange.ps1 script to run since it's interacting with the UI.
我不知道用户是否需要额外的特权,或者我做错了.
I can't figure out if the user need extra privilegies or I'm just doing it wrong.
推荐答案
您遇到的关键问题之一就是连接到Exchange的方式.您无需像控制台那样加载管理工具脚本,只需使用PowerShell远程处理即可.您甚至不需要在Web服务器上安装管理工具.
One of the key issues you'll be having is the way that you're connecting to Exchange. You don't need to load the management tools script like the console does, you just use the PowerShell remoting. You don't even need the management tools installed on the web server.
此外,Exchange 2010不支持直接加载管理单元.
Also, loading the snap-in directly is unsupported by Exchange 2010.
请参见 http://technet.microsoft.com/en-us/library/dd297932.aspx 了解详情.
示例代码:
using (var ps = PowerShell.Create()) {
ps.AddScript("$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI 'http://[host]/PowerShell/' ; Import-PSSession -Session $session");
ps.Invoke();
// ... further powershell pipelines - now connected to Exchange and cmdlets are loaded
}
您还应该研究发送一个空的 PSDataCollection
到调用了 Complete()
的 Invoke
.这将阻止Powershell管道阻止输入请求,这将使您的Web服务器进程挂起.
You should also investigate sending an empty PSDataCollection
to Invoke
that has had Complete()
called on it. This will stop the Powershell pipeline from blocking on an input request, something that will hang your webserver process.
var psInput = new PSDataCollection<PSObject>();
psInput.Complete();
这篇关于从ASP.NET应用程序调用Exchange ActiveSync cmdlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!