Hi Everyone,

  I have created the following powershell script to create a new mailbox-enabled user in Exchange 2007:

($Private:secureString = ConvertTo-SecureString "Hello" -AsPlainText -Force) | foreach {New-mailbox -UserPrincipalName chris@contoso.com -alias chris -Name ChrisAshton -OrganizationalUnit aod -FirstName Chris -LastName Ashton -DisplayName "Chris Ashton" -Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" -Password $secureString}

   Now this creates a user in my Exchange 2007 Server store with the specific Mailbox Store GUID of cd747c5d-aa8e-4f81-a136-ea4ff89e2896. Now the issue I am having is when I port this to a C# application I have developed. When I execute the same script through the following code:

        ExchangeManagementShellWrapper ems = ExchangeManagementShellWrapper.Instance;
        ICollection results;

        results = ems.RunspaceInvoke("($Private:secureString = ConvertTo-SecureString \"password\" -AsPlainText -Force) | foreach {New-mailbox -UserPrincipalName chris@contoso.com -alias chris -Name ChrisAshton -OrganizationalUnit aod -FirstName Chris -LastName Ashton -DisplayName \"Chris Ashton\" -Database \"cd747c5d-aa8e-4f81-a136-ea4ff89e2896\" -Password $secureString}");
        //results = ems.RunspaceInvoke("$input | New-mailbox -UserPrincipalName chris@contoso.com -alias chris -database 'delaprv2\\resellers\\resellers' -Name ChrisAshton -OrganizationalUnit aod -password -FirstName Chris -LastName Ashton -DisplayName ChrisAshton", secString.ToString());

        foreach (PSObject item in results)
        {
            TextBox5.Text = item.Members["Name"].Value.ToString();
        }

   It yields the following error:

Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" was not found. Please make sure you have typed it correctly.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException: Database "cd747c5d-aa8e-4f81-a136-ea4ff89e2896" was not found. Please make sure you have typed it correctly.

Now mind you that I can execute any other Exchange 2007 Powershell command without any issues through this same code and the script I am using works flawlessly in powershell. Why can it find the database in powershell but not in the C# application which have been executed off the same server? Any suggestions are greatly appreciated.

-Timothy

loxschpen:

Why can it find the database in powershell but not in the C# application which have been executed off the same server?

Different identities during code execution?

Seems your "C# application" is a web-application ;-). So, code is executed under identity of application pool (Network Service by default). If is true, then it is shouldn't be a surprise to have such error ;-)

Thanks for the reply. No this application is not running as a web based application or as a web service. Its a WCF. If it were a permissions issue, I would be getting:

 Access to the address list service on all Exchange 2007 servers has been denied.

This would be because that Exchange 2007 and Powershell do not allow impersonated accounts to be run. The only way to run these are to use the old school DOTNET remoting or the WCF (Which I have done the latter). The issues only occurs when I execute the service from my Application Server (even though I have installed Powershell and Exchange 2007 ESM on it).

Any other thoughts on what it may be?

Well ...

If you read you error message carefully, you will see that it says "An unhandled exception occurred during the execution of the current web request." Just try to change change DefaultAppPool identity to you account and try it again.

Dimitri,

   Thank you for your reply. That was one of the first things I had done. Although when I change the process to start up as an administrative account that we use to create exchange, that particular web pool fails to start up (I created an isolated pool just for this process). I will do some more research and see what it will take to get this service account running in my pool. Thanks for the tip and I will let you know what my findings conclude.

 -Timothy

Dear

i'm trying to execute Exchange PS command in asp.net

it's working fine when i run this command from my local machine

this is url http://localhost:1975/meABC/test.aspx

but wehn i run this code inside the server i got this error http://me.ABC.com.sa/test.aspx

Server Error in '/PS_Enable' Application.

Database "ABCCNTMSG02\ABCCNTMSG02-SG7\ABCCNTMSG02-DB7" was not found. Please make sure you have typed it correctly.

here is my code

http://forums.asp.net/p/1272317/2408799.aspx

one i change DefaultAppPool identity to my account and try to browse web site

I got error Service Unavaliable

Plz help me to to solve this issue so i can sleep good

Thanks in advance

Well I have good news and bad news for you.

First the bad: the fact of it all is that you CANNOT run the Exchange Management Shell from ANY ASP>NET application. Why is this you ask? Well our friends over at Microsoft have taken the ability to impersonate out of their new environment. I know I am in the same boat as you as I automated 3 companies with wonderful web services for Exchange 2000 and 2003 using CDOEXM....

SO what is the good new? Well its this, you can run your scripts under a NON impersonated account. So what I did was create a new service account for Exchange 2007 and then tested to made sure it worked.  Now that I had that account I created a new WCF Workflow library in VS2008. Once I did that I was able to install it in IIS 7 and run the WF as my new service account.

We can now get to work by taking an interface application via the web into our new WCF Workflow. Not only does the workflow make things nice and easy on programming, but custom error handling and even rollbacks are done for me. Now if something fails, I notify the user via an AJAX panel of the status of the job and dont let them submit the same one again until the issiues are fixed. This allowed me to teach the WF all about how to solve certain error codes making my applications moron proof.

 I am writing an article for the Code Project and DevX on it and I will have it posted out soon. Let me know if this helps you or what other direction you have gone down.

Regards,

Timothy

loxschpen:

First the bad: the fact of it all is that you CANNOT run the Exchange Management Shell from ANY ASP>NET application.

Hello;

That's not exactly true. See my posts on powershellcommunity.org:

http://powershellcommunity.org/Forums/tabid/54/forumid/3/postid/524/view/topic/Default.aspx
http://powershellcommunity.poshcode.org/505 - MailboxTasks.aspx
http://powershellcommunity.poshcode.org/506 - MailboxTasks.aspx.cs
http://powershellcommunity.poshcode.org/507 - MailboxConfirm.aspx
http://powershellcommunity.poshcode.org/508 - MailboxConfirm.aspx.cs
http://powershellcommunity.poshcode.org/509 - MailboxTaskResults.aspx
http://powershellcommunity.poshcode.org/510 - MailboxTaskResults.aspx.cs

Karl

Hi Karl,

   Actually you have done exactly what I said.

1.  You CANNOT use impresonation (we both agree)
2.  You have replaced an entire APP Pool with a Valid Services account (this goes along with statement #1).

  What you have done is created a massive vulnerability. If I hijeck and website running in your app pool, I can do some terrible things to your server and all servers in that domain. This would be a NONO on security best practices.

  However, if you dont care about security, this is a totally valid way of doing it. I recomend using WCF/WF since I can run that in a different security context while serving an application in an APP Pool. How is this different? Well if you hijack any of my web apps, they are running with no permissions that can hurt the server. I also control access to my WCF/WF through a security provider which has either customer certificates cut (which means you dont have a cert, you get no service) or some sort of service account.

  At the end of the day its all about how much risk you wish to expose yourself too.

Regards,

Timothy

I solved this issue with easy step

by adding the impersonation  user to identity in application pool

and add this user to WPG group in hosting system

WPG(Work Proccess Group)

that's it

Thanks for all to all answers

Hi NiNe9,

  Whiel this is a viable solution, you just opened your entire application pool (and any application in it) to hijacking. When you set the credentials on an app pool to anything other than the NETWORK SERVICE account, you run into issue on running outside of a protected context. This account exists for the sole reason if someone hijacks it, it has no other permissions outside the context of the areas it has been given permissions.

  I assume your account has admin rights into your exchange system and possibly to your AD. A savvy hacker can grab a hold of your server and own your network with minimal effort in this context. Now a safe way to implement this would be to implement this on a back end system that has no network connectivty to the internet and is isolated from the rest of your network.

  The safest manner is to use a layer of abstraction between you code and the process it runs in that the public can interface with. This is why I am pushing the WCF/WF solution so much, because it gives us just this and protects the rest of our network.

  But as always, if your willing to risk it, anything is acceptable.

 -Timothy

Dear loxschpen

Thanks for this nice advice for implementing this but i'm working this project in interanet not internet so that not be too risk coz if any problem we can know who hack our NT

thanks