• State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 7245 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to add users to a shared mailbox using Set-QADObject @{'edsva-MsExch-SharedMailboxUsers'='user'}

Jacob R
over 5 years ago

Hello all,

I am currently scripting the creation of a shared mailbox using PowerShell and am running into a roadblock. I can create the new object without an issue, all included information is included however I cannot seem to add any users to the shared mailbox using the attribute edsva-MsExch-SharedMailboxUsers. When I attempt to add a user to this attribute I will get either a Binary error or a SID error message and cannot seem to get passed it. One thing to note here is that if I pass a null value through, it does accept it and removes all user's from the shared mailbox, any other value I attempt to add will fail however. Having issues at this point:

Attempting to run:

Set-QADObject domain\RES-Object -ObjectAttributes @{'edsva-MsExch-SharedMailboxUsers'="user"}

Error messages:

Set-QADObject : Administrative Policy returned an error.
Destination array is not long enough to copy all the required data. Check array length and offset.
Parameter name: binaryForm

Set-QADObject : Administrative Policy returned an error.
SIDs with revision other than '1' are not supported.
Parameter name: binaryForm

Set-QADObject : Exception has been thrown by the target of an invocation.
At line:1 char:1

Any help or insight with this issue would be greatly appreciated!

Thank you,

Jacob.

  • 0 over 5 years ago

    The edsva-MsExch-SharedMailboxUsers attribute requires objectSID identifiers in base64 format.

    What are you passing to this attribute?

  • 0 over 5 years ago in reply to Terrance.Crombie

    I have tried to use the SID and the username, is there a tutorial on how to convert the objectSID to base64?

  • 0 over 5 years ago in reply to Jacob R

    You might be able to use "AelitaEDM.EDMOctetString". You can search the ARS SDK for this to see some examples.

    This could be a very crude sample of its use:

    $user = get-qaduser -Proxy ralph.lamb
    $user.objectsid
    S-1-5-21-3526727257-1611177410-1221295922-4119
    $usersid = $user.objectsid
    $os = New-Object -ComObject "AelitaEDM.EDMOctetString"
    $os.Set($usersid)
    $userBase64 = $os.GetBase64String()
    $userBase64
    AAEFIf1SZyclBxYRF3QQ/yISlZICQRk=
    You could also maybe use:
    $userOctetStr = $os.GetOctetString()
  • 0 over 5 years ago in reply to Richard.Lambert

    I was able to convert to base64 in a couple of ways:

    Connect-QADService -Proxy

    $ownsid = (Get-QADUser domain\user).objectsid
    $Bytes = [System.Text.Encoding]::Unicode.GetBytes($ownsid)
    $EncodedText =[Convert]::ToBase64String($Bytes)
    $EncodedText

    $ownsid = (Get-QADUser domain\user).objectsid
    $owncon = [System.Text.Encoding]::UTF8.GetBytes("$ownsid")
    $ownadd64 = [System.Convert]::ToBase64String($owncon)
    $ownadd64

    These both produce results but I still get an error message when trying to set the value:

    Set-QADObject domain\resource -ObjectAttributes @{'edsva-MsExch-SharedMailboxUsers'="$ownadd64"}

    Set-QADObject : Administrative Policy returned an error.
    SIDs with revision other than '1' are not supported.
    Parameter name: binaryForm

    Richard, I also tried to convert to base64 using your method but get stuck on this line:

    $os.Set($usersid)

    With error message:

    Value does not fall within the expected range.
    At line:1 char:1
    + $os.Set($usersid)
    + ~~~~~~~~~~~~~~~~~
    + CategoryInfo : OperationStopped: (:) [], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException

    Any other suggestions on how to get this to pass to edsva-MsExch-SharedMailboxUsers properly?

  • +1 over 5 years ago in reply to Jacob R

    I've been looking at this a little more and maybe the Set line needs to be: $os.SetSidString($usersid)

    I've noticed that the output of GetBase64String() is different between using "$os.Set" and "$os.SetSidString".

    See if using $os.SetSidString($usersid) produces different results for you when getting the output of $os.GetBase64String().

  • 0 over 5 years ago in reply to Richard.Lambert

    I was finally able to set this up and get the Set-QADUser command to work properly with the edsva-MsExch-SharedMailboxUsers attribute when using the "SetSidString" and "GetBase64String". Hopefully you are seeing the same?

  • 0 over 5 years ago in reply to Richard.Lambert

    I was able to get this working when converting with your method to base64 from the SID. I then created an array of all of the users I wanted to add and passed it through after adding .Split(",") and it worked perfectly!

    $users64 = @()

     $usersid = (get-qadobject "domain\object1").objectsid
    $os = New-Object -ComObject "AelitaEDM.EDMOctetString"
    $os.SetSidString($usersid)
    $users64 += $os.GetBase64String()

     $usersid = (get-qadobject "domain\object2").objectsid
    $os = New-Object -ComObject "AelitaEDM.EDMOctetString"
    $os.SetSidString($usersid)
    $users64 += $os.GetBase64String()

     $usersid = (get-qadobject "domain\object3").objectsid
    $os = New-Object -ComObject "AelitaEDM.EDMOctetString"
    $os.SetSidString($usersid)
    $users64 += $os.GetBase64String()

    Set-QADObject domain\object -objectattributes 'edsva-MsExch-SharedMailboxUsers'=$users64.Split(",")

    Thank you for your assistance Richard, much appreciated!