Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

HTA or Powershell - Delivery option (send on behalf) and full mailbox access to generic mailbox

Posted on 2014-04-14
20
Medium Priority
?
586 Views
Last Modified: 2014-06-20
Hi Team,

seeking for your help in script HTA or PowerShell..
Looking for an script to grant genric mailbox access.

Scenario:
User should given access to the delivery option (send on behalf) and full mailbox access to generic mailbox.

Is it possible to have this done in  HTA or PowerShell?

Here input will be
Generic account's email address
User's samaccountname

Input should prompt.

Exchange 2007

Thanks in advance,
Prem
0
Comment
Question by:Premkumar Yogeswaran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
  • 3
  • +1
20 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40000217
Try this  (untested)
set-mailbox "genericMailboxName" -GrantSendOnBehalfTo "username"
Add-mailboxpermission -identity genericMailboxName -user username -accessright Fullaccess

For details: refer: http://technet.microsoft.com/en-us/library/a9aacbf5-5e6c-47ef-95d6-e24547e95d01.aspx
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40001254
Hi Raheman,

Thanks for your reply, am looking for the powershell script which will prompt for input
or HTA script which will be easy for input in GUI..
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40002322
$genericMailboxName=Read-host "Enter Generic Mailbox name: "
$username = Read-host "Enter username: "
set-mailbox $genericMailboxName -GrantSendOnBehalfTo $username
Add-mailboxpermission -identity $genericMailboxName -user $username -accessright Fullaccess
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40003664
I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured


Also , kindly let me know do you find any issue in the below script or something could be modified for better execution?

Thanks,
Prem

# Mailbox Access

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40008448
Dear PowerShell experts,

Kindly help me to modify with my script with below requirement

I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured

Thanks,
Prem
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40008891
For writing text to a file, just use "Some text" | Out-File C:\PathTo\File.txt -Append. You might want to write another function managing both output to the screen and the file, to make it much easier; but keep in mind you cannot use colours in files (of course).
0
 
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 800 total points
ID: 40009063
Try this:

# Mailbox Access

$logFile = "X:\path\to\log.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
                write "user" $UsersamID "was granted access to Generic Mailbox" $GenricMail | out-file -append $logfile
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UsersamID "access to" $GenricMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
            	write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}
                                            

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009955
Hi Qlemo & Enphyniti,

Thanks for your input, let me try and come back to you...

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009968
Hi,

After adding the output statement, i am getting this error, earlier, my script executed without error.

Kindly find the error below: Also let me know the option to add the date to the log..

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Mailbox_Final_1.PS1:23 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParseEx
   ception
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010094
Dear Expert,
Kindly find my updated script with output attributes, am am getting above mentioned error

#Mailbox access permission

$logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User email or SamID')
)

$genericmail = $Gemail

$genericDN = (get-mailbox $genericmail).distinguishedname
$genericG = (get-mailbox $genericmail).samaccountname
$genericY = (get-mailbox $genericmail)

$SendList = $genericY.GrantSendOnBehalfTo

$UserG = (get-mailbox $UserID).samaccountname
$UserY = (get-mailbox $UserID)

$SendList2 = $SendList + $UserY

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genericG + "`""
            $user = Get-mailbox -Filter $FilterStrng
          
        #If generic mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UserG "Has been granted access to generic Mailbox" $genericmail -ForegroundColor Green
                write "user" $UserG "was granted access to Generic Mailbox" $GenericMail | out-file -append $logfile

                #Grant Full mailbox permission to generic mailbox
		        Add-mailboxpermission -identity $genericDN -user $UserG -accessright Fullaccess
                              
                #Grant send on behalf to generic mailbox
		        set-mailbox $genericDN -GrantSendOnBehalfTo $SendList2
                         
        }
        else
            {
                write-host "Generic mailbox" $genericmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UserG "access to" $GenericMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox" "-" $_ -ForegroundColor red
                write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($genericmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
        

Open in new window


Error occured:

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Copy of Mailbox_Final_1.PS1:30 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40010097
Please post the complete code, as this seems to be an error caused somewhere before the shown statement.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010103
Hi Qlemo,

I have posted the complete script and error above to your comment.
with new error
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40010272
Your missing a quote at the end of your logfile definition.
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40010360
*You're.

wish I could edit on mobile...
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40010389
Correct (line 3).
You should also move the logfile definition past the PARAM clause.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40011030
Hi Enphyniti & Qlemo,

Thank you missed to notice that.. :)  i will check and update you..

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40054673
Hi Enphyniti & Qlemo,

Sorry for my delay in response.
My script is working great now...

Before closing this question, i have last query. looking for your help..
In the below funtion, we are testing whether One of the input is exist or not, it is possible to modify this function to check both the input (Genric mailbox and the usre mailbox) is present or not?

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng


Thanks,
Prem
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1200 total points
ID: 40135249
Your request doesn't make sense. You are already requesting the mailbox info of both accounts, so no LDAP search required at all. Just check for the corresponding mailbox vars to contain anything.
The simplified script checking for both accounts is:
PARAM(
[string] $GenericMail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID      = $(Read-Host -Prompt 'User email or SamID')
)

function Write-Log ([String] $text, [String] $FgColor)
{
  $logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt"
  
  Write-Host -ForegroundColor $FgColor $test
  Out-File $logfile -Append -InputObject $text 
}

$GenUser = get-mailbox $GenericMail
$User    = get-mailbox $UserID

if (!$User  ) { Write-Log "User $UserID has no mailbox" "Red" }
if (!GenUser) { Write-Log "Generic mailbox $GenericMail not found" "Red" }
if ($User -and $GenUser) {
  Add-MailBoxPermission $GenUser.DistinguisedName -user $User.SamAccountName -AccessRights FullAccess
  Set-MailBox $GenUser.DistinguisedName -GrantSendOnBehalfTo ($GenUser.GrantSendOnBehalfTo + $User)
  Write-Log "User $UserID was grantd access to generic mailbox $GenericMail" "Green"
}

Open in new window

0
 
LVL 17

Author Closing Comment

by:Premkumar Yogeswaran
ID: 40148870
Thanks guys... Sorry for the delay...
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question