?
Solved

HTA or Powershell - Delivery option (send on behalf) and full mailbox access to generic mailbox

Posted on 2014-04-14
20
Medium Priority
?
591 Views
Last Modified: 2014-06-20
Hi Team,

seeking for your help in script HTA or PowerShell..
Looking for an script to grant genric mailbox access.

Scenario:
User should given access to the delivery option (send on behalf) and full mailbox access to generic mailbox.

Is it possible to have this done in  HTA or PowerShell?

Here input will be
Generic account's email address
User's samaccountname

Input should prompt.

Exchange 2007

Thanks in advance,
Prem
0
Comment
Question by:Premkumar Yogeswaran
  • 10
  • 4
  • 3
  • +1
19 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40000217
Try this  (untested)
set-mailbox "genericMailboxName" -GrantSendOnBehalfTo "username"
Add-mailboxpermission -identity genericMailboxName -user username -accessright Fullaccess

For details: refer: http://technet.microsoft.com/en-us/library/a9aacbf5-5e6c-47ef-95d6-e24547e95d01.aspx
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40001254
Hi Raheman,

Thanks for your reply, am looking for the powershell script which will prompt for input
or HTA script which will be easy for input in GUI..
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40002322
$genericMailboxName=Read-host "Enter Generic Mailbox name: "
$username = Read-host "Enter username: "
set-mailbox $genericMailboxName -GrantSendOnBehalfTo $username
Add-mailboxpermission -identity $genericMailboxName -user $username -accessright Fullaccess
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40003664
I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured


Also , kindly let me know do you find any issue in the below script or something could be modified for better execution?

Thanks,
Prem

# Mailbox Access

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40008448
Dear PowerShell experts,

Kindly help me to modify with my script with below requirement

I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured

Thanks,
Prem
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40008891
For writing text to a file, just use "Some text" | Out-File C:\PathTo\File.txt -Append. You might want to write another function managing both output to the screen and the file, to make it much easier; but keep in mind you cannot use colours in files (of course).
0
 
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 800 total points
ID: 40009063
Try this:

# Mailbox Access

$logFile = "X:\path\to\log.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
                write "user" $UsersamID "was granted access to Generic Mailbox" $GenricMail | out-file -append $logfile
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UsersamID "access to" $GenricMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
            	write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}
                                            

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009955
Hi Qlemo & Enphyniti,

Thanks for your input, let me try and come back to you...

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009968
Hi,

After adding the output statement, i am getting this error, earlier, my script executed without error.

Kindly find the error below: Also let me know the option to add the date to the log..

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Mailbox_Final_1.PS1:23 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParseEx
   ception
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010094
Dear Expert,
Kindly find my updated script with output attributes, am am getting above mentioned error

#Mailbox access permission

$logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User email or SamID')
)

$genericmail = $Gemail

$genericDN = (get-mailbox $genericmail).distinguishedname
$genericG = (get-mailbox $genericmail).samaccountname
$genericY = (get-mailbox $genericmail)

$SendList = $genericY.GrantSendOnBehalfTo

$UserG = (get-mailbox $UserID).samaccountname
$UserY = (get-mailbox $UserID)

$SendList2 = $SendList + $UserY

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genericG + "`""
            $user = Get-mailbox -Filter $FilterStrng
          
        #If generic mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UserG "Has been granted access to generic Mailbox" $genericmail -ForegroundColor Green
                write "user" $UserG "was granted access to Generic Mailbox" $GenericMail | out-file -append $logfile

                #Grant Full mailbox permission to generic mailbox
		        Add-mailboxpermission -identity $genericDN -user $UserG -accessright Fullaccess
                              
                #Grant send on behalf to generic mailbox
		        set-mailbox $genericDN -GrantSendOnBehalfTo $SendList2
                         
        }
        else
            {
                write-host "Generic mailbox" $genericmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UserG "access to" $GenericMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox" "-" $_ -ForegroundColor red
                write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($genericmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
        

Open in new window


Error occured:

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Copy of Mailbox_Final_1.PS1:30 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40010097
Please post the complete code, as this seems to be an error caused somewhere before the shown statement.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010103
Hi Qlemo,

I have posted the complete script and error above to your comment.
with new error
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40010272
Your missing a quote at the end of your logfile definition.
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40010360
*You're.

wish I could edit on mobile...
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40010389
Correct (line 3).
You should also move the logfile definition past the PARAM clause.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40011030
Hi Enphyniti & Qlemo,

Thank you missed to notice that.. :)  i will check and update you..

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40054673
Hi Enphyniti & Qlemo,

Sorry for my delay in response.
My script is working great now...

Before closing this question, i have last query. looking for your help..
In the below funtion, we are testing whether One of the input is exist or not, it is possible to modify this function to check both the input (Genric mailbox and the usre mailbox) is present or not?

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng


Thanks,
Prem
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1200 total points
ID: 40135249
Your request doesn't make sense. You are already requesting the mailbox info of both accounts, so no LDAP search required at all. Just check for the corresponding mailbox vars to contain anything.
The simplified script checking for both accounts is:
PARAM(
[string] $GenericMail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID      = $(Read-Host -Prompt 'User email or SamID')
)

function Write-Log ([String] $text, [String] $FgColor)
{
  $logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt"
  
  Write-Host -ForegroundColor $FgColor $test
  Out-File $logfile -Append -InputObject $text 
}

$GenUser = get-mailbox $GenericMail
$User    = get-mailbox $UserID

if (!$User  ) { Write-Log "User $UserID has no mailbox" "Red" }
if (!GenUser) { Write-Log "Generic mailbox $GenericMail not found" "Red" }
if ($User -and $GenUser) {
  Add-MailBoxPermission $GenUser.DistinguisedName -user $User.SamAccountName -AccessRights FullAccess
  Set-MailBox $GenUser.DistinguisedName -GrantSendOnBehalfTo ($GenUser.GrantSendOnBehalfTo + $User)
  Write-Log "User $UserID was grantd access to generic mailbox $GenericMail" "Green"
}

Open in new window

0
 
LVL 17

Author Closing Comment

by:Premkumar Yogeswaran
ID: 40148870
Thanks guys... Sorry for the delay...
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question