Welcome to Port3101.org : Your BES Connection Mark forums read | View Forum Leaders
Port3101.org : Your BES Connection



Reply
LinkBack Thread Tools Display Modes
Automating Policy Change
 
  #1 (permalink)  
Old 07-31-2009, 10:39 AM
RadHaz75's Avatar
BES Expert
 
Join Date: May 2009
Location: Philadelphia, PA
Posts: 98
Default Automating Policy Change

I need to be able to read in an SMTP address and change the user's IT Policy. The problem is using the BRK you have to find which BES server the user is on.

Does anyone have a script or a good way of using the -find command in the BRK to determine which BES a user is on (not just for policy changes, but to be able to do anything to a specific user then).
__________________
Two months ago, I saw a provocative movie on cable TV. It was called The Net, with that girl from the bus.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 08-03-2009, 12:34 PM
RadHaz75's Avatar
BES Expert
 
Join Date: May 2009
Location: Philadelphia, PA
Posts: 98
Default

nudgy wudgy?
__________________
Two months ago, I saw a provocative movie on cable TV. It was called The Net, with that girl from the bus.
Reply With Quote
  #3 (permalink)  
Old 08-03-2009, 06:55 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default

pudgy bunny? Unfortunately you'd have to do some regular expression parsing to do what you're looking to do.
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
  #4 (permalink)  
Old 08-05-2009, 11:37 AM
rsk rsk is offline
BES Activated
 
Join Date: May 2009
Posts: 1
Default

Why not just edit SQL directly and change the policyID ?
Reply With Quote
  #5 (permalink)  
Old 08-05-2009, 12:59 PM
RadHaz75's Avatar
BES Expert
 
Join Date: May 2009
Location: Philadelphia, PA
Posts: 98
Default

Quote:
Why not just edit SQL directly and change the policyID ?
because you shouldn't be editing users at the database level.

in any event i think i may have figured it out. it could probably be done a lot better but it works for me. it queries AD to see if the smtp address exists, then finds the user on the bes, if they are found, it will take the bes they are on and set their policy. you need to specify your AD server at the top, your ad path about a quarter of the way down and some of the BRK commands twice towards the bottom.

put into a txt file called users2enable.txt SMTP addresses, one per line.

------------------------------------------------------------

'On Error Resume Next
Const ADS_UF_ACCOUNTDISABLE = 2
'quit if using wscript
strScriptHost = LCase(Wscript.FullName)
If Right(strScriptHost, 11) = "wscript.exe" Then
Wscript.Echo "You must run this script from cscript."
Wscript.Quit
End if

varinputfile = ".\users2enable.txt" 'file should a be a listing of users SMTP addresses 1 per line
strDC = "ACTIVE DIRECTORY SERVER TO QUERY" 'AD server to query
'file to log the output to
strLogPath = ".\BesPolicy Change-" & Month(Now) & "." & Day(Now) & "." & Year(Now) & "-" & Hour(Now) & "."& Minute(Now) & "." & Second(Now) & ".xls"

Set objFSO = CreateObject("Scripting.FileSystemObject")
'check for BESUserAdminClient.exe
Set strBESUAC = objFSO.GetFile("./BESUserAdminClient.exe")
Set objFSO = CreateObject("Scripting.FileSystemObject")
' error code if the file isn't there
If Err <> 0 Then
Wscript.Echo "BESUserAdminClient.exe not found"
WScript.Quit
End If


Set File = objFSO.GetFile(varInputFile)
' error code if the file isn't there
If Err <> 0 Then
Wscript.echo "Data file not found - " & varInputFile
WScript.Quit
End If

' open the file to be read
Set TextStream = File.OpenAsTextStream(1)

'read in each line
i=0
wscript.echo "reading in " & varInputFile
Do While Not TextStream.AtEndOfStream
' creates an array variable for each line. first line is array(0) not array(1)
ReDim Preserve arylines(i)
arylines(i) = Trim(TextStream.ReadLine)
'wscript.echo arylines(i)
' increase the line number
i = i + 1
Loop
' close file
TextStream.Close
objFSO = ""

wscript.echo " Opening the log file - " & strLogPath
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strLogPath, 2, True, 0)
If Err.Number <> 0 Then
On Error GoTo 0
WScript.Echo "File " & strLogPath & " cannot be opened"
Set objFSO = Nothing
WScript.Quit
End If


'Write column headers for output file
objFile.Writeline "Primary SMTP Address Status"

'Setup connections To AD
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

'Create Commands
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.properties("Page size") = 100000
objCommand.Properties("Cache Results") = True

For Each strSMTP In arylines
intRowCounter = intRowCounter + 1

' Retrieve Distinguished Name and CN for Groups.
strQuery = "<GC://" & strDC & "/dc=YOURCOMPANY,dc=com>;(&(objectCategory=person)(objectClass=user)(mail=" & strSMTP & "));adspath;subtree"

'WScript.Echo strQuery
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100000
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = True

'Execute query and put into a Record Set
Set objRecordSet = objCommand.Execute
If objRecordSet.bof And objRecordset.eof Then
'SMTP Not Found
objFile.Writeline strSMTP & " " & "User does not exist in AD"
wscript.echo strSMTP & " " & " - User does not exist in AD"
Else
Set objUser = GetObject(objRecordSet.Fields(0).Value)

'call the BESChangePolicy Fn
strPolicyStatus = fnBESChangePolicy(strSMTP)
objFile.Writeline strSMTP & " " & strPolicyStatus

End If

Next

Function fnFindServer(PatternToMatch, StringToSearch)

Dim regEx, CurrentMatch, CurrentMatches

Set regEx = New RegExp
regEx.Pattern = PatternToMatch
regEx.IgnoreCase = True
regEx.Global = True
regEx.MultiLine = True
Set CurrentMatches = regEx.Execute(StringToSearch)

If CurrentMatches.Count >= 1 Then
Set CurrentMatch = CurrentMatches(0)
fnFindServer = CurrentMatch
Else
fnFindServer = ""
End If
Set regEx = Nothing

End Function

Function fnBESChangePolicy(strSMTP)

If fnBESFind(strSMTP) <> "" Then
'build the command to be run, change the capital words to your specific settings
strShellRun = ".\BESUserAdminClient.exe -p BRKPASS -n BESINSTANCETHEBRKISON -change -b " & fnBESFind(strSMTP) & " -u " & strSMTP & " -it_policy " & Chr(34) & "POLICY NAME" & Chr(34)
Set objShell = CreateObject("WScript.Shell")
'the command you wish to run
Set objWshScriptExec = objShell.Exec(strShellRun)
Set objStdOut = objWshScriptExec.StdOut
fnBESChangePolicy = "Policy Changed"
wscript.echo strSMTP & " " & " - Policy Changed"
Else
fnBESChangePolicy = "User does not exist on the BES"
wscript.echo strSMTP & " " & " - User does not exist on the BES"
End If

End Function

Function fnBESFind(strSMTP)

'build the command to be run, change the capital words to your specific settings
strShellRun = ".\BESUserAdminClient.exe -p BRKPASS -n BESINSTANCETHEBRKISON -find -u " & strSMTP

Set objShell = CreateObject("WScript.Shell")
'the command you wish to run
Set objWshScriptExec = objShell.Exec(strShellRun)
Set objStdOut = objWshScriptExec.StdOut

objRegEx = "[A-Z][A-Z][A-Z][A-Z][A-Z]BES[0-9][0-9]"
'google regular expressions to find out more about how to use them but this one will search for 5 letters A-Z, then the letters BES, then a 2 digit number
'so it would find something like ABCDEBES02. modify it to what your service name could be (or if you only have one server just card code the service name)

strSearchString = objStdOut.ReadLine
strSearchString = objStdOut.ReadLine
fnBESFind = fnFindServer(objRegEx, strSearchString)

End Function
__________________
Two months ago, I saw a provocative movie on cable TV. It was called The Net, with that girl from the bus.
Reply With Quote
  #6 (permalink)  
Old 08-05-2009, 09:04 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default

hahahah I knew you'd do this on your own
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
  #7 (permalink)  
Old 08-06-2009, 08:54 AM
RadHaz75's Avatar
BES Expert
 
Join Date: May 2009
Location: Philadelphia, PA
Posts: 98
Default

impatience usually overrules my laziness.
__________________
Two months ago, I saw a provocative movie on cable TV. It was called The Net, with that girl from the bus.
Reply With Quote
  #8 (permalink)  
Old 08-06-2009, 08:04 PM
hdawg's Avatar
Proprietor
 
Join Date: Nov 2008
Posts: 2,257
Blog Entries: 147
Default

I respect that attitude
__________________
http://blog.port3101.org/hdawg/
Reply With Quote
  #9 (permalink)  
Old 08-27-2009, 01:06 AM
Sp1d3rM@n's Avatar
BES Administrator
 
Join Date: Jul 2009
Location: Nowhere, USA
Posts: 46
Default

Pretty good.

I have similar routines to do this for remote wipe, deleting user, purge pending, setting EAP, moving, setting IT Policy etc.

But using the BESRK to find user is too slow a call. I use one line aliases that in turn use OSQL to get the info based on either SMTP or LegacyExchangeDN.

so I usually have a list of SMTP or LEDNs on the clipboard and have a big for loop reading the clipboard and pulling them off.

For say adding user... it checks address for proper BES environment based on domain and if SMTP not LEDN it verifies we have primary SMTP. Then as some of the larger domains have data centers elsewhere that we do not manage users for, it verifies by OU and Exchange server, and then verifies not disabled or hidden, checks a few other AD attributes, adds user via BESUserAdminClient call. Verifies adds by OSQL calls after all batched added and a slight delay to give time to process. Then it emails a custom activation email with EAP, exact date/time of EAP expiration, links to activation guides etc.
Reply With Quote
  #10 (permalink)  
Old 10-10-2010, 08:57 PM
BES Activated
 
Join Date: Feb 2009
Location: Sydney, Australia
Posts: 5
Default

I've wasted all morning trying to write a script like this only to have it fail again and again with:

[11:46:27] BESUserAdmin::main - Log Start
[11:46:28] BESUserAdmin::main - Error running client. Please check the following:
a. BlackBerry User Administration Service is running
b. Correct network address (or computer name) of where the service is running (i.e. -n <netw
ork address>)
c. Correct BES instance to administer (i.e. -b <BES instance>)

Turns out this is a known issue... anyone got any other ideas how I can achieve a similar goal without using this tool?
KB24399-BlackBerry User Administration client commands fail after Microsoft patch MS10-066 is installed
__________________
--
Burnsie

Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change BlackBerry PIN djelvin Cesspool of Uselessness 1 02-09-2010 09:03 AM
IT Policy to change reconciliation setting to prompt? GRiNCH Port 3101: The BES Admin Bar & Grill 2 07-20-2009 11:02 PM
Change Public IP of BES lokeshdee Port 3101: The BES Admin Bar & Grill 2 05-08-2009 07:33 PM
KB15788 - Policy logs grow rapidly and service books and IT policy won't send hdawg Featured BlackBerry KB Articles 0 04-16-2009 11:40 AM


All times are GMT -4. The time now is 05:52 PM.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.


 

SEO by vBSEO 3.3.2 PL2