Tuesday, August 20, 2013

Lotus Notes and Powershell - Retrieve the ACL of a database

Did you know you can easily access Lotus Domino objects through Powershell? All you have to do is create a COM object in a 32bit Powershell session and off you go.

In this simple example I'll show you how to retrieve the Access Control List of a database.

To open the 32bit version of Powershell ISE on a 64bit machine run the Powershell_ise.exe from C:\Windows\SysWOW64\WindowsPowerShell\v1.0

First you need to create a COM object and initialize the Lotus Notes session. Initializing the session will ask for your Lotus Notes password

$notes = New-Object -ComObject Lotus.NotesSession
$notes.Initialize()

Next we'll define a few variables

$Server = "YourDominoMailServer"
$Folder = "FolderWhereTheDatabaseResides"
$database = "yourNsfFile"

A Notes database can be retrieved using the GetDatabase method

$NotesDatabase = $notes.GetDatabase($Server,"$Folder\$Database")

The ACL of that database can be retrieved using the ACL property of the NotesDatabase class

$ACL = $NotesDatabase.ACL

To examine all entries you will have to retrieve the first entry by using the GetFirstEntry method and go to the next one by using the GetNextEntry method of the NotesACL class.

$Firstentry = $ACL.GetFirstEntry()

While ($Firstentry -ne $null)
    {
        Write-Output $firstentry.name
        $Nextentry = $ACL.GetNextEntry($firstentry)
        $Firstentry = $Nextentry
    }

Above outputs the ACL entries.

This is just to show you the principle on how to retrieve the entries. To get some usefull output we'll create a PsObject and add all relevant properties.

$Firstentry = $ACL.GetFirstEntry()

   While ($Firstentry -ne $null)
            {
                Switch ($firstentry.level)
                {
                    0 { $AccesLevel = "No access" }
                    1 { $AccesLevel = "Depositor access" }              
                    2 { $AccesLevel = "Reader access" }
                    3 { $AccesLevel = "Author" }
                    4 { $AccesLevel = "Editor access" }
                    5 { $AccesLevel = "Designer access" }
                    6 { $AccesLevel = "Manager access" }
                }

                $NewObject = New-Object PsObject -Property @{
                    Database = $database
                    User = $Firstentry.name
                    Accesslevel = $AccesLevel }
 
                $Nextentry = $ACL.GetNextEntry($Firstentry)
                $Firstentry = $Nextentry
     
                $Collection += $NewObject
            }

Because the access level property is an integer we use the Switch statement. We create the PsObject, add it to a collection and set our $Firstentry variable to the next entry (Off course you can do this in one step $Firstentry = $ACL.GetNextEntry($Firstentry) .

And... that's about all there is to it!

Poured in a function it looks like this

# Run in 32bit PowerShell session

Function GET-DominoACL

{
[CmdletBinding()]
param(
$Server = "YourDominoMailServer",
$Folder = "FolderWhereTheDatabaseResides",
[Parameter (Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)][String[]]$databases )

    Begin 

    {
    $ErrorActionPreference = "SilentlyContinue"

    $notes = New-Object -ComObject Lotus.NotesSession

    $notes.Initialize()
    Write-Verbose "Lotus Notes session initialized"
    $Collection = @()
    }

    Process 

    {
        Foreach ($database in $databases)
        {
        $NotesDatabase = $notes.GetDatabase($Server,"$Folder\$Database")
        Write-Verbose "Database is $folder\$Database"
        $ACL = $NotesDatabase.ACL
        $Firstentry = $ACL.GetFirstEntry()
        Write-Verbose "firstentry is $Firstentry.name"

            While ($Firstentry -ne $null)

            {
                Switch ($firstentry.level)
                {
                    0 { $AccesLevel = "No access" }
                    1 { $AccesLevel = "Depositor access" }                
                    2 { $AccesLevel = "Reader access" }
                    3 { $AccesLevel = "Author" }
                    4 { $AccesLevel = "Editor access" }
                    5 { $AccesLevel = "Designer access" }
                    6 { $AccesLevel = "Manager access" }
                }

                $NewObject = New-Object PsObject -Property @{

                    Database = $database
                    User = $Firstentry.name
                    Accesslevel = $AccesLevel }
    
                $Firstentry = $ACL.GetNextEntry($Firstentry)
        
                $Collection += $NewObject
                Write-Verbose "$NewObject added to the collection" 
            }
        }
    }
    
    End 
    {
    $Collection
    }

}#EndFunction



You can play around with all Domino classes... just make sure you don't mess things up :-). I use this page as a reference.

Should you have any remarks or questions... let me know.

Have fun! Grts.




2 comments:

My Blog List