Powershell and Lotus Notes pt3

Continuing on couple of my previos Lotus Notes and Powershell (pt1,pt2) posts..


Our Lotus Notes isn’t connected to AD, so everything must be done separately from AD. Users, groups, ACL, and so on. Couple of days ago, I had an request that one mail group in Lotus must be identical to one AD group. So, this request could bring me a lot of manual work.
Since I already have a script which can manipulate with users in LN, why wouldn’t I try to automatize the process of comparing the groups and populate LN with users from AD.

Lets start with runing the powershell in 32bit mode

#open powershell in 32bit mode
#Start-Process $Env:WINDIR\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
#or ISE
#Start-Process $Env:WINDIR\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
if([Environment]::Is64BitProcess -eq $true)
                    {
                    write-output "64bit NO GO" 
                    BREAK
                    } 
            else {
                        write-output "32bit OK"
                        } #because you have a 64-bit PowerShell

Declare some variables and connect to Lotus Server. I needed unconditional transfer from AD group to LN group, so the easiest way was to delete/empty the LN group and then populate it.

$strUserView = '$VIMPeople' #Group name for list of People
$strGroupView = '$VIMGroups'#Group name for list of Groups
$DomServer = "SERVER/LN"  
$DomDBPath = "names.nsf" #mailbox that contains users, groups.. etc..
$pwd4NotesDB = "Passw0rd"
$AdGroup = "AD_Group1"
$LNGroup = "LN_MailGroup1"



$DomSession = New-Object -ComObject Lotus.NotesSession #Use LN COM class
$DomSession.Initialize($pwd4NotesDB) #This is when Lotus asks for your password when you open it
$DomDatabase = $DomSession.GetDatabase($DomServer,$DomDBPath) #Initialize Database
                      
$DomGroupView  = $DomDatabase.GetView($strGroupView)
$DomGrp = $DomGroupView.GetDocumentByKey("$LNGroup") #Get group from Group List

#Now we save members to Array and prepare MaxArry to handle For loop
$userGrp = $DomGrp.GetFirstItem("members") #For text Append
$Array = @($userGrp.Values) #GetValues and save to array

If ($Array -ne $nul) #If any members, empty the LN group
    {
                            Write-Output 'Delete members'
                            $Array=""
                            $DomGrp.ReplaceItemValue("Members",$Array)
                            $DomGrp.Save('False','True')

    }

So the next thing is to get users from AD group. This is quite strightforward.

#region Domain Users
####DOMAIN GROUP MEMBERS
 $users = Get-Adgroupmember $AdGroup |Get-ADuser -Properties Name,mail |select Name,mail
 $returnObj = @()
                            
foreach ($user in $users)
    {
        $EndUser = ($user.name).Replace('Š','S').Replace('š','s').Replace('Č','C').Replace('č','c').Replace('ć','c').Replace('Ć','C').Replace('Ž','Z').Replace('ž','z').Replace('Đ','D').Replace('đ','d') #replace diacritic characters
        $EndUser = "$EndUser/LN"
        
        $obj = New-Object psobject -Property @{Name =$EndUser
                                        Mail = $user.mail}
        $returnObj += $obj | select Name,mail
    }

$UsersFromAD= $returnObj |Select-Object Name,Mail |Sort-Object Name

#endregion

Now we must get all the users in LN and compare mail addresses. Well this was a problem, because some users have two (some more) last names. And somewhere those users have minus between them, somewhere there is just space.

#region Lotus

$DomUserView  = $DomDatabase.GetView($strUserView) #Initialize View
$Counterf = $DomUserView.GetFirstDocument()
$returnObj1 = @()
While ($CounterF -ne $nul) {

            $DomNexDocument = $DomUserView.GetNextDocument($CounterF)
            $DomeLoopAddress = $CounterF.GetItemValue("InternetAddress") #GetSubject
            $DomeLoopFirstName = $CounterF.GetItemValue("FirstName")
            $DomeLoopFLastName = $CounterF.GetItemValue("LastName")
            $obj1 = New-Object psobject -Property @{FirstName =$DomeLoopFirstName
                                                    LastName = $DomeLoopFLastName
                                                    Mail = $DomeLoopAddress}
            $returnObj1 += $obj1 | select FirstName,LastName,mail
            $CounterF = $DomNexDocument 
}
$UsersfromLotus = $returnObj1 |Select-Object FirstName,LastName,Mail 

#endregion Lotus
$Users2Group = $UsersfromLotus |?{$UsersFromAD.mail -contains $_.mail} #get users from lotus where in ADgroup
$Users2GroupTEst = $UsersFromAD |?{$UsersfromLotus.mail -notcontains $_.mail} #get users from ADgroup where cannot find in Lotus
 IF ($Users2GroupTest)
    {
    Write-output "User $Users2GroupTEst not transfered to group"
    #Do something if user not found /send mail / save Event
    }

foreach ($user2Group in $Users2Group)
{
#combine FirstName and LastName from Lotus, because it can be different from AD user FirstName and LasName
$FirstName = $user2group.FirstName
$LastName = $user2group.LastName
$UserCombine = "$FirstName $LastName/LN"
                    $userGrp.AppendToTextList($UserCombine) #Add users to end of members list
                    $DomGrp.Save('False','True') #Save Group
            #this works finaly :)
            }

This is besically copy/paste of users from AD groups to Lotus Groups. Now you can put this script into Task scheduler or some other automatization software, and keep the groups in sync.

Good luck

Powershell and Lotus Notes pt2

To continue my journey (PS and LN pt1) in PS scripting on Lotus Notes, I wanted to see if it is possible to manipulate groups members in LN. Well, it is possible, and I will show you how I did it.

As you remeber from my last post, If you want to connect to Lotus Notes via PS, you must start powershell or PS ISE in 32bit mode.

#open powershell in 32bit mode
#Start-Process $Env:WINDIR\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
#or ISE
#Start-Process $Env:WINDIR\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
if([Environment]::Is64BitProcess -eq $true)
                    {
                    write-output "64bit NO GO" 
                    BREAK
                    } 
            else {
                        write-output "32bit OK"
                        } #because you have a 64-bit PowerShell

We are going to try this on a test group called #LN_TEST_GRP and the user we are going to add/remove from this group is CN=User TEST/O=LNDS

#Parameters
$strUserView = '$VIMGroups'  #System name for groups view in names.nsf
$DomServer = "SERVER/LN" 
$DomDBPath = "names.nsf" #mailbox that contains users, groups.. etc..
$pwd4NotesDB = "Passw0rd" 

$User = "CN=User TEST/O=LNDS"
$LNGroup = "#LN_TEST_GRP"
$Insert = 0 #1 for insert user
$Delete = 0 #1 for delete user
$Array = "" #Set Array to empty

#This part is for testing insert/delete - manually set values
$delete=0
$Insert=0
#

$DomSession = New-Object -ComObject Lotus.NotesSession #Use LN COM class
$DomSession.Initialize($pwd4NotesDB) #This is when Lotus asks for your password when you open it
$DomDatabase = $DomSession.GetDatabase($DomServer,$DomDBPath) #Initialize Database
$DomGroupView  = $DomDatabase.GetView($strGroupView) #Initialize View

$DomGrp = $DomGroupView.GetDocumentByKey("$LNGroup") #Get group from Group List
#Now we save members to Array and prepare MaxArry to handle For loop
$userGrp = $DomGrp.GetFirstItem("members") #For text Append
$Array = @($userGrp.Values) #GetValues and save to array
$MaxArray = $Array | measure -Maximum #GetMaxOf Array
$MaxArray = $MaxArray.Count #GetMaxOf Array

Now, when we got this sorted, the next step is manipulating group members. First we will add the user, then we are going to remove it from group.

The process of insert is very straightforward, If user is not on the member list, add the user to the end of that same list.

#INSERT USER INTO GROUP DOCUMENT
IF ($Insert -eq 1) # IF INSERT IS 1 
{
        IF (($userGrp.values -contains $User))
            {
                "******************User Exists - EXIT****************"
            }
        else
            {
                "******************User NotExist - INS****************"
                IF (($User -ne $nul) -and ($LNGroup -ne $nul))
                    {
                    $userGrp.AppendToTextList($User) #Add user to end of members list
                    $DomGrp.Save('False','True') #Save Group
                    }
            }
}

The process of deleting user from members list is little more complicated than insert. We input members to array, find user that needs to be deleted and replace the user with “”, then we cleanup the array, and finally we replace members value in LN group document with that new array.

#REMOVE USER FROM GROUP DOCUMENT
IF ($Delete-eq 1) # IF DELETE IS 1 
{    
        
        IF (($userGrp.values -contains $User))
            {
                "*******************User exists - DEL****************"
               IF (($User -ne $nul) -and ($LNGroup -ne $nul))
                    {

                            for ($i=0; $i -lt $MaxArray; $i++) #FOR Loop
                            {
                                IF ($array[$i] -eq $User) #IF user is in the list
                                {
                                $array[$i] = "" #Set "" for that user
                                $Array = $Array | Where { -not [string]::IsNullOrWhiteSpace($_) }     #Clean Array of blank spaces
                                }
                            }
                            #$Array
                            $Array=$Array.Trim() #Array Trim
                            $DomGrp.ReplaceItemValue("Members",$Array) #Replace Members list with our new array without the specific user
                            $DomGrp.Save('False','True') #Save Group document
                    } 
            }
        else
            {
                
                   "*******************User NotExists - EXIT****************"
   
            }
  }

So, this should cover the basics in adding and removing users from Lotus Notes.

Good Luck