Automating Exchange Shell With Ansible Via Powershell.

Lets take a look at how I've been automating Exchange Shell via Powershell using Ansible.

I have Exchange Shell installed so that Office 365 email accounts can be created.

I need to run the following commands :-

Enable-Remotemailbox?test.user?-RemoteRoutingAddress?test.user@0365.com

set-remotemailbox test.user -Emailaddresspolicyenabled $false

Set-remotemailbox test.user -primarysmtpaddress [email protected]

 Set-remotemailbox $username -Emailaddresses @{Remove="[email protected]"}        

• I need to create the user in 0365.
• Untick the "Automatically update email addresses based on the email address policy applied to this recipient", to allow me to override the default policy.
• Change the default email address.
• Remove the default email address created by the default policy. This is partly a workaround due to an ongoing service migration.

Exchange Shell

The above commands work direct in Exchange Shell, however I need a way of getting to Exchange Shell from Powershell, to allow me to use the win_shell module in Ansible. With this module I can see the output of the sent commands.

This can be achieved with the following command.

Add-PSSnapin?Microsoft.Exchange.Management.PowerShell.SnapIn        

So In Powershell our full code would look like this.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

Enable-Remotemailbox test.user -RemoteRoutingAddress [email protected]

set-remotemailbox test.user -Emailaddresspolicyenabled $false

Set-remotemailbox test.user -primarysmtpaddress [email protected]

 Set-remotemailbox $username -Emailaddresses @{Remove="[email protected]"}        

This allows Powershell to invoke Exchange Shell and pass the relevant commands that are native in Exchange Shell.

Obviously we need to pass in variables, and those variables are in Ansible, which in turn creates an "Escaping" problem, due to special characters and double quotes. Here's the most efficient way I have found to handle this, If you know of others please comment, I'm certainly no Powershell expert.

Note in the snippet below I have instantiated some variables for brevity, in the real world code they are passed from another role.

---
- name: Email Creation Via Exchange Shell
  hosts: localhost
  gather_facts: no
 
  vars:
    _name: test.user
    _O365_domain: '@O365.com'
    _default_email: new.com

- set_fact:
    _joined_O365: "{{ _name }}{{ _O365_domain}}"
    _default_email: "{{ _name }}@{{ _default_email }}"
    _remove_email: "{{ _name }}@old.com"
 
- name: Create Email Using Exchange Management Shell
  ansible.windows.win_shell: |
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
    Enable-Remotemailbox "{{ _name }}" -RemoteRoutingAddress "{{ _joined_O365 }}"
    set-remotemailbox "{{ _name }}" -Emailaddresspolicyenabled $false
    Set-remotemailbox "{{ _name }}" -primarysmtpaddress "{{ _default_email }}"        

The first section above is just simple variable swapping, Powershell doesn't mandate single or double quotes in this instance, even though the documentation states the use of " ".

However things change in the next snippet. The command needs the following characters @, { } and " " in the syntax and these are mandatory.

- name: Remove Default Email
  ansible.windows.win_powershell:
    script: |
      $username = '{{ _name }}'
      $remove = '{{ _remove_email }}'
      Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
      Set-remotemailbox $username -Emailaddresses @{Remove="$remove"}
        

This is where I've amended things. I found it cleaner instead of trying to escape quotes to simply create variables in Powershell that reference the Ansible variables.

This allows me to keep the same formatting and is easily readable to Microsoft engineers.

Hope this has been of some use for those having similar issues with Powershell.