Solved

HTA or Powershell - Delivery option (send on behalf) and full mailbox access to generic mailbox

Posted on 2014-04-14
20
549 Views
Last Modified: 2014-06-20
Hi Team,

seeking for your help in script HTA or PowerShell..
Looking for an script to grant genric mailbox access.

Scenario:
User should given access to the delivery option (send on behalf) and full mailbox access to generic mailbox.

Is it possible to have this done in  HTA or PowerShell?

Here input will be
Generic account's email address
User's samaccountname

Input should prompt.

Exchange 2007

Thanks in advance,
Prem
0
Comment
Question by:Premkumar Yogeswaran
  • 10
  • 4
  • 3
  • +1
20 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
Comment Utility
Try this  (untested)
set-mailbox "genericMailboxName" -GrantSendOnBehalfTo "username"
Add-mailboxpermission -identity genericMailboxName -user username -accessright Fullaccess

For details: refer: http://technet.microsoft.com/en-us/library/a9aacbf5-5e6c-47ef-95d6-e24547e95d01.aspx
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi Raheman,

Thanks for your reply, am looking for the powershell script which will prompt for input
or HTA script which will be easy for input in GUI..
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
Comment Utility
$genericMailboxName=Read-host "Enter Generic Mailbox name: "
$username = Read-host "Enter username: "
set-mailbox $genericMailboxName -GrantSendOnBehalfTo $username
Add-mailboxpermission -identity $genericMailboxName -user $username -accessright Fullaccess
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured


Also , kindly let me know do you find any issue in the below script or something could be modified for better execution?

Thanks,
Prem

# Mailbox Access

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Dear PowerShell experts,

Kindly help me to modify with my script with below requirement

I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured

Thanks,
Prem
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
For writing text to a file, just use "Some text" | Out-File C:\PathTo\File.txt -Append. You might want to write another function managing both output to the screen and the file, to make it much easier; but keep in mind you cannot use colours in files (of course).
0
 
LVL 16

Assisted Solution

by:Enphyniti
Enphyniti earned 200 total points
Comment Utility
Try this:

# Mailbox Access

$logFile = "X:\path\to\log.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
                write "user" $UsersamID "was granted access to Generic Mailbox" $GenricMail | out-file -append $logfile
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UsersamID "access to" $GenricMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
            	write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}
                                            

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi Qlemo & Enphyniti,

Thanks for your input, let me try and come back to you...

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi,

After adding the output statement, i am getting this error, earlier, my script executed without error.

Kindly find the error below: Also let me know the option to add the date to the log..

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Mailbox_Final_1.PS1:23 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParseEx
   ception
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Dear Expert,
Kindly find my updated script with output attributes, am am getting above mentioned error

#Mailbox access permission

$logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User email or SamID')
)

$genericmail = $Gemail

$genericDN = (get-mailbox $genericmail).distinguishedname
$genericG = (get-mailbox $genericmail).samaccountname
$genericY = (get-mailbox $genericmail)

$SendList = $genericY.GrantSendOnBehalfTo

$UserG = (get-mailbox $UserID).samaccountname
$UserY = (get-mailbox $UserID)

$SendList2 = $SendList + $UserY

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genericG + "`""
            $user = Get-mailbox -Filter $FilterStrng
          
        #If generic mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UserG "Has been granted access to generic Mailbox" $genericmail -ForegroundColor Green
                write "user" $UserG "was granted access to Generic Mailbox" $GenericMail | out-file -append $logfile

                #Grant Full mailbox permission to generic mailbox
		        Add-mailboxpermission -identity $genericDN -user $UserG -accessright Fullaccess
                              
                #Grant send on behalf to generic mailbox
		        set-mailbox $genericDN -GrantSendOnBehalfTo $SendList2
                         
        }
        else
            {
                write-host "Generic mailbox" $genericmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UserG "access to" $GenericMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox" "-" $_ -ForegroundColor red
                write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($genericmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
        

Open in new window


Error occured:

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Copy of Mailbox_Final_1.PS1:30 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Please post the complete code, as this seems to be an error caused somewhere before the shown statement.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi Qlemo,

I have posted the complete script and error above to your comment.
with new error
0
 
LVL 16

Expert Comment

by:Enphyniti
Comment Utility
Your missing a quote at the end of your logfile definition.
0
 
LVL 16

Expert Comment

by:Enphyniti
Comment Utility
*You're.

wish I could edit on mobile...
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Correct (line 3).
You should also move the logfile definition past the PARAM clause.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi Enphyniti & Qlemo,

Thank you missed to notice that.. :)  i will check and update you..

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
Comment Utility
Hi Enphyniti & Qlemo,

Sorry for my delay in response.
My script is working great now...

Before closing this question, i have last query. looking for your help..
In the below funtion, we are testing whether One of the input is exist or not, it is possible to modify this function to check both the input (Genric mailbox and the usre mailbox) is present or not?

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng


Thanks,
Prem
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 300 total points
Comment Utility
Your request doesn't make sense. You are already requesting the mailbox info of both accounts, so no LDAP search required at all. Just check for the corresponding mailbox vars to contain anything.
The simplified script checking for both accounts is:
PARAM(
[string] $GenericMail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID      = $(Read-Host -Prompt 'User email or SamID')
)

function Write-Log ([String] $text, [String] $FgColor)
{
  $logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt"
  
  Write-Host -ForegroundColor $FgColor $test
  Out-File $logfile -Append -InputObject $text 
}

$GenUser = get-mailbox $GenericMail
$User    = get-mailbox $UserID

if (!$User  ) { Write-Log "User $UserID has no mailbox" "Red" }
if (!GenUser) { Write-Log "Generic mailbox $GenericMail not found" "Red" }
if ($User -and $GenUser) {
  Add-MailBoxPermission $GenUser.DistinguisedName -user $User.SamAccountName -AccessRights FullAccess
  Set-MailBox $GenUser.DistinguisedName -GrantSendOnBehalfTo ($GenUser.GrantSendOnBehalfTo + $User)
  Write-Log "User $UserID was grantd access to generic mailbox $GenericMail" "Green"
}

Open in new window

0
 
LVL 17

Author Closing Comment

by:Premkumar Yogeswaran
Comment Utility
Thanks guys... Sorry for the delay...
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article will help you understand what HashTables are and how to use them in PowerShell.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now