Solved

How to change set-mailbox credentials

Posted on 2009-07-07
14
1,550 Views
Last Modified: 2012-06-21
Hi folks,

So, I can do this:

$c = Get-Credential
Get-Mailbox -DomainController dc.test.com -Credential $c username

and it works nicely.  However I can't do the same thing for Set-Mailbox!  There's no -Credential parameter.  How do I specify alternate credentials using Set-Mailbox?  
0
Comment
Question by:lacheur42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 6

Expert Comment

by:grandebob
ID: 24797170
We had to use add-adpermission with -accessrights and -extendrights options.
0
 
LVL 1

Author Comment

by:lacheur42
ID: 24797361
I don't really understand what that does - can you give me some syntax?
0
 
LVL 6

Expert Comment

by:grandebob
ID: 24797402
get-help add-adpermission would be a good place to start if you are planning on making scripts, which i think you are planning on. Below is a varient on a line in a script we use to give a user permissions to send as a different email address.

add-adpermission "user1@domain.com" -user "user2@domain.com -accessrights "GenericAll" -extendedrights "Send As"

Open in new window

0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 1

Author Comment

by:lacheur42
ID: 24797582
I'm thinking that's not what I need exactly.

I'm on a machine that belongs to one domain (A) and trying to modify my email account on another domain (B) - for get-mailbox, setting the credentials to my domain account on (B) works.

I'd prefer to avoid permanently adding permissions to my domain account (A) to modify my domain account (B), which it seems like you're suggesting (not sure if that would even work...).
0
 
LVL 6

Expert Comment

by:grandebob
ID: 24797688
Your original post didn't say anything about cross domains.

I think I see what you are getting at. Perhaps you can just open powershell using the credentials of the other domain by using the runas command?
0
 
LVL 1

Author Comment

by:lacheur42
ID: 24797972
Sorry - I thought it was going to be a simple answer.  

Yeah, I've tried doing that, but it keeps trying to grab the DC for the machine I'm on, even if I specify it:
Set-Mailbox -DomainController DC.B.com -SimpleDisplayName "First Last" flast

   Set-Mailbox : Active Directory server DC.A.com is not available. Error message: A local error occurred.

It's really irritating that the -credential parameter is missing, I don't get it!
0
 
LVL 1

Author Comment

by:lacheur42
ID: 24798934
Bumping the points.  Any other thoughts?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24802841

Hey :)

That does appear to be a bit of a pain. Have you considered approaching it with tools built for AD rather than those build for Exchange?

It would possibly be worth grabbing the Quest cmdlets for this:

http://www.quest.com/activeroles-server/arms.aspx

"Set-QADUser" does allow you to pass credentials via Connect-QADService. Usage combining Connect-QADService and Set-QADuser is in the examples towards the end of "Get-Help Set-QADUser -Full".

Then you could do something like this:

Set-QADUser "UniqueIdForUser" -ObjectAttributes @{displayNamePrintable='SomeValue'}

Chris
0
 
LVL 1

Author Comment

by:lacheur42
ID: 24805578
I have those installed, but I'm not clear on how I would use them to set mailbox-specific properties such as SimpleDisplayName.

Set-QADUser "UniqueIdForUser" -Credential $c -ObjectAttributes @{SimpleDisplayName='SomeValue'}

Doesn't throw an error, but it also doesn't change the value of SimpleDisplayName.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24806562

That's because what's called "Simple Display Name" in the GUI is called displayNamePrintable in the directory, hence it's inclusion in my example :)

Chris
0
 
LVL 1

Author Comment

by:lacheur42
ID: 24816751
Maybe I'm misunderstanding something, but it seems like you're saying the following should work.  It doesn't.

Thanks,
Erik
$c = Get-Credential
Set-QADUser "flast" -ObjectAttributes @{displayNamePrintable='First M Last'}
$mb = Get-Mailbox -DomainController chidc02.huronconsultinggroup.com -Credential $c flast
echo $mb.SimpleDisplayName

Open in new window

0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 24818124

Error messages?

This is what I mean.

Chris
# First set the attribute after authenticating the connection
 
$pw = Read-Host "Please enter password" -AsSecureString
Connect-QADService -Server "chidc02.huronconsulting.com" `
  -ConnectionAccount "SomeDomain\SomeUser" -ConnectionPassword $pw
Set-QADUser "SomeDomain\flast" -ObjectAttributes @{displayNamePrintable='First M Last'}
Disconnect-QADService
 
# Then read it back again
 
$c = Get-Credential
(Get-Mailbox "flast" -DomainController chidc02.huronconsultinggroup.com `
  -Credential $c).SimpleDisplayName

Open in new window

0
 
LVL 1

Author Comment

by:lacheur42
ID: 24819526
Ok, that totally works.  I was just running it as the account, not using the "Connect-QADService", and I wasn't getting an error, it just wasn't updating.  Using your method works like a charm.   In case anyone reads this, -Service not -Server

Thanks!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24821142

Oops sorry, not sure how I managed to put server in there, automatic typing I guess :)

Chris
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question