?
Solved

Create 1 PS script from 2 to accomplish a task

Posted on 2011-10-12
2
Medium Priority
?
343 Views
Last Modified: 2012-05-12
EE User "GusGallows" came up with this script that would grant managers full mailbox access to their Direct Reports:

$users = get-user -resultsize unlimited
foreach ($user in $users)
{
	$manUserDN = $user.DistinguishedName
	$directReports = @($user.DirectReports)
	if ($directReports -ne $Null)
	{
		foreach ($directReport in $directReports)
		{
			$drUserdn = $directReport.DistinguishedName
			Add-MailboxPermission $drUserDN -User $manUserDN -AccessRights:FullAccess
		}
	}
}

Open in new window



The issue I think I'm going to run into is the auto-opening of the direct reports mailboxes in each manager's Outlook since apparently this environment is setup to do so.

There is another script here this is supposed to turn off the auto-mapping of accessible mailboxes:

<#
    .SYNOPSIS
    Adds Mailbox Permissions without Auto-Mapping in Outlook
    .DESCRIPTION
    Performs the same functions as Add-MailboxPermission with the added 
    extra that it does not automatically add the Mailbox to Outlook 2007 
    and 2010. 
    For more help use Get-Help Add-MailboxPermission
    #>
param(
     $Identity,
     [Alias('db')]
     [Switch]
     $Debug,
     [Alias('wv')]
     $WarningVariable,
     [Alias('cf')]
     [Switch]
     $Confirm,
     $Instance,
     $AccessRights,
     [Alias('ea')]
     $ErrorAction,
     [Switch]
     $IgnoreDefaultScope,
     $DomainController,
     [Alias('wi')]
     [Switch]
     $WhatIf,
     [Alias('ob')]
     $OutBuffer,
     [Alias('wa')]
     $WarningAction,
     $Owner,
     $InheritanceType,
     $User,
     [Alias('ov')]
     $OutVariable,
     [Alias('vb')]
     [Switch]
     $Verbose,
     [Switch]
     $Deny,
     [Alias('ev')]
     $ErrorVariable,
     [Switch]
     $AsJob)

if ($DomainController)
{
    # Domain Controller was set. Get the Mailbox we are adding permissions for first so we have it's LDAP DN
    $Mailbox = Get-Mailbox $Identity -DomainController $DomainController
    if (!$Mailbox)
    {
        throw "Could not find Mailbox $($Identity)"
    }
    # Add the permission
    $Result = Add-MailboxPermission @PSBoundParameters
} else {
    # Domain Controller was not set. Get the Mailbox we are adding permissions for first so we have it's LDAP DN and a domain controller name
    $Mailbox = Get-Mailbox $Identity
    if (!$Mailbox)
    {
        throw "Could not find Mailbox $($Identity)"
    }
    # Set the domain controller
    $DomainController = $Mailbox.OriginatingServer
    # Add the permission
    $Result = Add-MailboxPermission @PSBoundParameters -DomainController $DomainController
}    
if ($Result)
{
    # If the mailbox permission was successfully added, remove the auto mapping using ADSI
    $LDAPUser=[ADSI]"LDAP://$($DomainController)/$($Mailbox.DistinguishedName)"
    $LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $User).DistinguishedName))
    $LDAPUser.SetInfo()
    # Output the result of Add-MailboxPermission like the normal command would
    $Result
}

Open in new window

source: http://www.stevieg.org/2011/02/disable-exchange-2010-sp1s-auto-shared-mailbox-mapping/


Is there a way to edit and combine these scripts as to create one script that will:
Give all Managers full access to their Direct Reports but also turn off the auto-opening of the Direct Reports mailboxes for them.

We have a developed add-on for Outlook that will allow users to Open a mailbox from the ribbon menu so the auto-opening would be unnecessary...
0
Comment
Question by:garryshape
2 Comments
 
LVL 11

Accepted Solution

by:
stefor earned 2000 total points
ID: 36962283
Based on the provided scripts this should be working.

$users = get-user -resultsize unlimited
foreach ($user in $users)
{
        $manUserDN = $user.DistinguishedName
        $directReports = @($user.DirectReports)
        if ($directReports -ne $Null)
        {
                foreach ($directReport in $directReports)
                {
						$drUserdn = $directReport.DistinguishedName
						Add-MailboxPermission $drUserDN -User $manUserDN -AccessRights:FullAccess
						$Mailbox = Get-Mailbox $drUserDN
						$DomainController = $Mailbox.OriginatingServer
							$LDAPUser=[ADSI]"LDAP://$($DomainController)/$($Mailbox.DistinguishedName)"
							$LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $manUserDN).DistinguishedName))
							$LDAPUser.SetInfo()

                }
        }
}

Open in new window

0
 

Author Closing Comment

by:garryshape
ID: 36971648
THANK YOU!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month14 days, 11 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question