Solved

Exchange Powershell - grant full mailbox access and Send As - import csv?

Posted on 2012-04-10
6
5,061 Views
Last Modified: 2012-04-18
I can't find this one powershell script I found online a while ago, so was checking here to see if anyone has a script similar to what I'm looking for;

I want to be able to grant full mailbox permissions for a few different users to the same few mailboxes.

So for example, I have mailbox 1, mailbox 2, mailbox 3, mailbox 4.
What I'm trying to do is grant John, Bob, Sally, Rick and Jason all full mailbox access and SendAs access to those mailboxes (1 -4).

Would this have to be done by having a 2 column CSV file and what would the script/commands be?

These are the 2 commands I have from another script;

Add-MailboxPermission $mailbox -User $employee -AccessRights:FullAccess -confirm: $false
Add-ADPermission -Identity $mailbox -User $employee -AccessRights ExtendedRight -ExtendedRights "send as"

Open in new window

0
Comment
Question by:garryshape
  • 4
  • 2
6 Comments
 

Author Comment

by:garryshape
ID: 37828056
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 37828086
having csv like:

user, mailbox
john,<johnmailbox>
bob, <bobmailbox>

make sure to have the headers in the csv file (user, mailbox)

the following script will do what u want:
Import-Csv c:\scripts\test.txt | foreach {
Add-MailboxPermission $_.mailbox -User $_.user -AccessRights:FullAccess -confirm: $false
Add-ADPermission -Identity $_.mailbox -User $_.user -AccessRights ExtendedRight -ExtendedRights "send as"
}

Open in new window

0
 

Author Comment

by:garryshape
ID: 37828199
Thanks sedgwick, yes that seems to work. Now all I have to do is add usernames instead of manually typing each command.

One other question to complement this code, do you know how I could then add the command to remove the mailbox automapping in this script for the users who were just granted the access?

Something like this?

$Thelist = Import-csv “C:\thelist.csv”
ForEach($theobject in $thelist) {$theMBDN = (Get-Mailbox $theobject.themailbox).distinguishedname;
Add-ADPermission $thembDN -Extendedrights “Send As” -User $theobject.theuser;
Add-MailboxPermission $thembDN -Accessrights “FullAccess” -User $theobject.theuser
}

# Remove the auto-mapping of the new granted mailboxes

$DomainController = $Mailbox.OriginatingServer
$LDAPUser=[ADSI]"LDAP://$($DomainController)/$($TheUser)"
$LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $TheMailbox)))
$LDAPUser.SetInfo()

Open in new window

0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:garryshape
ID: 37828231
or will the -AutoMapping:$false work for the Add-MailboxPermission command?
0
 

Author Comment

by:garryshape
ID: 37828286
I'm sorry, I mean this. Would this work?

$Thelist = Import-csv “H:\MailboxAccess.csv”
ForEach($theobject in $thelist) {$theMBDN = (Get-Mailbox $theobject.themailbox).distinguishedname;
Add-ADPermission $thembDN -Extendedrights “Send As” -User $theobject.theuser;
Add-MailboxPermission $thembDN -Accessrights “FullAccess” -User $theobject.theuser 
}

# Remove the auto-mapping of the mailbox from the user's account
$DomainController = $TheMailbox.OriginatingServer
$LDAPUser=[ADSI]"LDAP://$($DomainController)/$($TheMailbox.DistinguishedName)"
$LDAPUser.msExchDelegateListLink.Remove(((Get-Mailbox $TheUser).DistinguishedName))
$LDAPUser.SetInfo()

Open in new window

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 37831227
i think u missed something cause my code reads list of users, u don't have to run the script for each one separately.

read my post again, i described how the csv should look like with the headers and stuff.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
This video discusses moving either the default database or any database to a new volume.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question