(imported topic written by SystemAdmin)
Hello Everyone,
I am trying to run a Microsoft Exchange Management Shell command (Exchange Server 2007 64 bit, BigFix 7.2.5.22) which uses powershell through BigFix to failover Cluster A (active node) to Cluster B (passive node) and then reboot Cluster A, but I am running into an issue with permissions when trying to run the failover command. Since the BES Client runs as the local system account it does not have sufficient access in Exchange Management Shell to execute the command. If I run the command in the fixlet action script debugger logged in as a user account that is part of the exchange domain group in the administrators group the command works as intended.
I wanted to see if anyone had any ideas on how to get around this issue or if anyone else is running Exchange commands through BigFix and how. I do not want to modify the BES service account to run as another user. Also Microsoft does not recommend using Cluster Admin to failover the resources so I can not use cluster.exe /move command.
Below is the command I am trying to run without relevance substitution:
action uses wow64 redirection false
run C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -PSConsoleFile “D:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1” -command “Move-ClusteredMailboxServer -Identity:CLUSTERGROUPNAMEHERE -TargetMachine:SERVERXXX -MoveComment:”‘Getting ready for BigFix Reboot’" -Confirm:$false"
Command with relevance substitution:
action uses wow64 redirection false
run C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -PSConsoleFile “D:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1” -command “Move-ClusteredMailboxServer -Identity:{(string values of properties “Name” of (select objects (“Name FROM MSCluster_ResourceGroup”) of wmi “root\MSCluster”) whose (string value of property “Name” of it as string does not contain “Cluster Group” ))} -TargetMachine:{(string values of properties “Name” of (select objects (“Name FROM MSCluster_Node”) of wmi “root\MSCluster”) whose (string value of property “Name” of it as string does not contain computer name ))} -MoveComment:”‘Getting ready for BigFix Reboot’" -Confirm:$false"
Your feedback is greatly appreciated.