Exchange Powershell - grant full mailbox access and Send As - import csv?

I can't find this one powershell script I found online a while ago, so was checking here to see if anyone has a script similar to what I'm looking for;

I want to be able to grant full mailbox permissions for a few different users to the same few mailboxes.

So for example, I have mailbox 1, mailbox 2, mailbox 3, mailbox 4.
What I'm trying to do is grant John, Bob, Sally, Rick and Jason all full mailbox access and SendAs access to those mailboxes (1 -4).

Would this have to be done by having a 2 column CSV file and what would the script/commands be?

These are the 2 commands I have from another script;

Add-MailboxPermission $mailbox -User $employee -AccessRights:FullAccess -confirm: $false
Add-ADPermission -Identity $mailbox -User $employee -AccessRights ExtendedRight -ExtendedRights "send as"

Open in new window

garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Meir RivkinFull stack Software EngineerCommented:
having csv like:

user, mailbox
john,<johnmailbox>
bob, <bobmailbox>

make sure to have the headers in the csv file (user, mailbox)

the following script will do what u want:
Import-Csv c:\scripts\test.txt | foreach {
Add-MailboxPermission $_.mailbox -User $_.user -AccessRights:FullAccess -confirm: $false
Add-ADPermission -Identity $_.mailbox -User $_.user -AccessRights ExtendedRight -ExtendedRights "send as"
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Thanks sedgwick, yes that seems to work. Now all I have to do is add usernames instead of manually typing each command.

One other question to complement this code, do you know how I could then add the command to remove the mailbox automapping in this script for the users who were just granted the access?

Something like this?

$Thelist = Import-csv “C:\thelist.csv”
ForEach($theobject in $thelist) {$theMBDN = (Get-Mailbox $theobject.themailbox).distinguishedname;
Add-ADPermission $thembDN -Extendedrights “Send As” -User $theobject.theuser;
Add-MailboxPermission $thembDN -Accessrights “FullAccess” -User $theobject.theuser
}

# Remove the auto-mapping of the new granted mailboxes

$DomainController = $Mailbox.OriginatingServer
$LDAPUser=[ADSI]"LDAP://$($DomainController)/$($TheUser)"
$LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $TheMailbox)))
$LDAPUser.SetInfo()

Open in new window

0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

garryshapeAuthor Commented:
or will the -AutoMapping:$false work for the Add-MailboxPermission command?
0
garryshapeAuthor Commented:
I'm sorry, I mean this. Would this work?

$Thelist = Import-csv “H:\MailboxAccess.csv”
ForEach($theobject in $thelist) {$theMBDN = (Get-Mailbox $theobject.themailbox).distinguishedname;
Add-ADPermission $thembDN -Extendedrights “Send As” -User $theobject.theuser;
Add-MailboxPermission $thembDN -Accessrights “FullAccess” -User $theobject.theuser 
}

# Remove the auto-mapping of the mailbox from the user's account
$DomainController = $TheMailbox.OriginatingServer
$LDAPUser=[ADSI]"LDAP://$($DomainController)/$($TheMailbox.DistinguishedName)"
$LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $TheUser).DistinguishedName))
$LDAPUser.SetInfo()

Open in new window

0
Meir RivkinFull stack Software EngineerCommented:
i think u missed something cause my code reads list of users, u don't have to run the script for each one separately.

read my post again, i described how the csv should look like with the headers and stuff.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.