[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

remove-mailbox permission in c# returns Error in script

Posted on 2011-03-10
10
Medium Priority
?
1,576 Views
Last Modified: 2012-05-11
hi,

i am using Exchange server 2007 with service pack 1

i need to run the exchange shell command remove-mailbox permission through c#

all the shell command are successfully executed except this one

remove-MailboxPermission -identity $user -user “Domain Admins” -Deny -InheritanceType 'All' -AccessRights FullAccess

this command results in an error :

Error in script : Cannot invoke this function because the current host does not implement it.

how to run shell script using c#
http://www.codeproject.com/KB/cs/HowToRunPowerShell.aspx

do i need some updated version of exchange server service pack ?
 or higher version of shell ?
or any change in script ?

also remove-MailboxPermission command get executed successfully in shell without any errors
but the results are not reflected in corresponding Exchange management console


0
Comment
Question by:davinder101
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 26

Expert Comment

by:Tony J
ID: 35110678
Could you post the PowerShell script part of it?

Remember to obfuscate server names etc if necessary.

A quick google (I'm not a C# programmer but pretty good with PowerShell) suggests it should work but can fail if there are any write-host commands in the PowerShell script.
0
 

Author Comment

by:davinder101
ID: 35125100
i need to add mail box permission
for that privious permission need to removed.

here is the script....

Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
{
remove-MailboxPermission -identity $user -user “Domain Admins” -Deny -InheritanceType 'All' -AccessRights FullAccess
add-MailboxPermission -identity $user -user “Domain Admins” -AccessRights FullAccess

remove-MailboxPermission -identity $user -user “Administrator” -Deny -InheritanceType 'All' -AccessRights FullAccess
add-MailboxPermission -identity $user -user “Administrator” -AccessRights FullAccess
}
0
 

Author Comment

by:davinder101
ID: 35127213
this script runs fine with powershell script editor but it pops up a dialog box stating
are you sure you want to perform this action. having option yes,yestoall,,no,notoall,suspended.
when selected yes or yestoall the scripts works fine as expected.

but when this script is run via code . it generates the error message

Error in script : Cannot invoke this function because the current host does not implement it.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 26

Accepted Solution

by:
Tony J earned 2000 total points
ID: 35127432
Ok I _think_ it's because of the requirement to respond to a prompt in your script - when the exchange management shell (PowerShell) tries to display the Yes/No/All prompt, it has no mechanism to do so, akin to the write-host command that I previously mentioned.

Try altering your script to the following:


Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
$userAccounts = get-mailbox -resultsize unlimited
ForEach ($user in $userAccounts)
{
remove-MailboxPermission  -identity $user -user “Domain Admins” -Deny -InheritanceType 'All' -AccessRights FullAccess -Confirm:$False
add-MailboxPermission -identity $user -user “Domain Admins” -AccessRights FullAccess

remove-MailboxPermission -identity $user -user “Administrator” -Deny -InheritanceType 'All' -AccessRights FullAccess
add-MailboxPermission -identity $user -user “Administrator” -AccessRights FullAccess -Confirm:$False
}

That should hopefully suppress the prompts and allow the script to execute.

Word of caution, although I'm sure you're aware - the -Confirm:$False effectively automatically answers "Y" and can be quite dangerous.

0
 

Author Comment

by:davinder101
ID: 35127667
hi it worked great and absolutely correctly .

why it is dangerours can you explain a little bit.
also
will it work if some other addpermission are set by the administrator or any other inheritance permission?
will it work or a clash can be there among access rights ?

0
 
LVL 26

Expert Comment

by:Tony J
ID: 35127715
Glad it worked.

It's dangerous in as much as if you run it against some of the commandlets, it will bypass the "Are you sure" question and just assume "Yes" to anything.

My advice would always be to test any scripts beforehand, if not in a lab environment (ideal) then against a test mailbox so at least anything lost is of no importance.

In terms of it working or not - kind of depends on the context of the user it's being run against. If you have full admin/exchange admin rights then it should be fine unless there are any explicit deny permissions set anywhere, but this tends to be uncommon.
0
 

Author Comment

by:davinder101
ID: 35127728
ok got it
can you tell me what changes i need to do in script
to run it on exchange 2010
i have tested this script it fails on 2010.
0
 

Author Comment

by:davinder101
ID: 35127787
also is it possible to do the same thing on exchange server 2003 ?
as shell is not present in 2003 ?
or
can i install 2007 shell tools to exchange 2003 ?
or
make an environment in 2003 as of exchange 2003 ?
or
it is not possible in exchange 2003 ?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 35127795
Hmm not sure off the top of my head, but to be fair that wasn't the original question.

May I politely suggest that you close this one, allocating me the points and open a new question with the details of why/how it's failing?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 35127834
Not at all possible in 2003 - no shell exists.

You're really digressing from the original question though, which I believe I answered in full.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question