Solved

HTA or Powershell - Delivery option (send on behalf) and full mailbox access to generic mailbox

Posted on 2014-04-14
20
573 Views
Last Modified: 2014-06-20
Hi Team,

seeking for your help in script HTA or PowerShell..
Looking for an script to grant genric mailbox access.

Scenario:
User should given access to the delivery option (send on behalf) and full mailbox access to generic mailbox.

Is it possible to have this done in  HTA or PowerShell?

Here input will be
Generic account's email address
User's samaccountname

Input should prompt.

Exchange 2007

Thanks in advance,
Prem
0
Comment
Question by:Premkumar Yogeswaran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
  • 3
  • +1
20 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40000217
Try this  (untested)
set-mailbox "genericMailboxName" -GrantSendOnBehalfTo "username"
Add-mailboxpermission -identity genericMailboxName -user username -accessright Fullaccess

For details: refer: http://technet.microsoft.com/en-us/library/a9aacbf5-5e6c-47ef-95d6-e24547e95d01.aspx
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40001254
Hi Raheman,

Thanks for your reply, am looking for the powershell script which will prompt for input
or HTA script which will be easy for input in GUI..
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 40002322
$genericMailboxName=Read-host "Enter Generic Mailbox name: "
$username = Read-host "Enter username: "
set-mailbox $genericMailboxName -GrantSendOnBehalfTo $username
Add-mailboxpermission -identity $genericMailboxName -user $username -accessright Fullaccess
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40003664
I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured


Also , kindly let me know do you find any issue in the below script or something could be modified for better execution?

Thanks,
Prem

# Mailbox Access

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40008448
Dear PowerShell experts,

Kindly help me to modify with my script with below requirement

I have almost created a script to achieve my requirement.
Looking for some modification in this script to store the output in a location and it should append on every execution

Output example:
Date
Generic Mailbox name
Access to User
Success or Failure
Or the error message occured

Thanks,
Prem
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40008891
For writing text to a file, just use "Some text" | Out-File C:\PathTo\File.txt -Append. You might want to write another function managing both output to the screen and the file, to make it much easier; but keep in mind you cannot use colours in files (of course).
0
 
LVL 16

Assisted Solution

by:Enphyniti
Enphyniti earned 200 total points
ID: 40009063
Try this:

# Mailbox Access

$logFile = "X:\path\to\log.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User SamID')
)

$Genricmail = $Gemail
$UsersamID = $UserID

$genricDN = (get-mailbox $Genricmail).distinguishedname
$genricsamID = (get-mailbox $Genricmail).samaccountname

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng
          
        #If Genric mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UsersamID "Has been granted access to Genric Mailbox" $Genricmail -ForegroundColor Green
                write "user" $UsersamID "was granted access to Generic Mailbox" $GenricMail | out-file -append $logfile
              
                #Grant send on behalf and Full mailbox permission to Genric mailbox
		set-mailbox $Genricmail -GrantSendOnBehalfTo $usersamID
		Add-mailboxpermission -identity $genericDN -user $UsersamID -accessright Fullaccess 
         
        }
        else
            {
                write-host "Generic mailbox" $Genricmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UsersamID "access to" $GenricMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox "-" $_ -ForegroundColor red
            	write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($Genricmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
         
}
                                            

Open in new window

0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009955
Hi Qlemo & Enphyniti,

Thanks for your input, let me try and come back to you...

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40009968
Hi,

After adding the output statement, i am getting this error, earlier, my script executed without error.

Kindly find the error below: Also let me know the option to add the date to the log..

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Mailbox_Final_1.PS1:23 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParseEx
   ception
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010094
Dear Expert,
Kindly find my updated script with output attributes, am am getting above mentioned error

#Mailbox access permission

$logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt

PARAM(
[string] $Gemail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID = $(Read-Host -Prompt 'User email or SamID')
)

$genericmail = $Gemail

$genericDN = (get-mailbox $genericmail).distinguishedname
$genericG = (get-mailbox $genericmail).samaccountname
$genericY = (get-mailbox $genericmail)

$SendList = $genericY.GrantSendOnBehalfTo

$UserG = (get-mailbox $UserID).samaccountname
$UserY = (get-mailbox $UserID)

$SendList2 = $SendList + $UserY

#Mailbox access permission
Function MBAccess {
Param($mailboxaccess)

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genericG + "`""
            $user = Get-mailbox -Filter $FilterStrng
          
        #If generic mailbox exist, proceed with access permission
        if ($user -ne $null)
        {
                write-host "user" $UserG "Has been granted access to generic Mailbox" $genericmail -ForegroundColor Green
                write "user" $UserG "was granted access to Generic Mailbox" $GenericMail | out-file -append $logfile

                #Grant Full mailbox permission to generic mailbox
		        Add-mailboxpermission -identity $genericDN -user $UserG -accessright Fullaccess
                              
                #Grant send on behalf to generic mailbox
		        set-mailbox $genericDN -GrantSendOnBehalfTo $SendList2
                         
        }
        else
            {
                write-host "Generic mailbox" $genericmail "does not exist, please check" -ForegroundColor Red
                write "Attempt to grant" $UserG "access to" $GenericMail "failed" | out-file -append $logfile
            }
	}
        catch
        {
            	write-host "There was a problem in providing the access permission to Generic mailbox" "-" $_ -ForegroundColor red
                write "There was a problem in providing the access permission to Generic mailbox "-" $_ | out-file -append $logfile
        }
    }
        if ($genericmail -like '*') 
        {
            #Call the function to grant mailbox access
            MBAccess
        }
        

Open in new window


Error occured:

Unexpected token 'samAccountName' in expression or statement.
At C:\temp\Copy of Copy of Mailbox_Final_1.PS1:30 char:43
+             $FilterStrng = "samAccountName <<<<  -like `"" + $genericG + "`""
    + CategoryInfo          : ParserError: (samAccountName:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Regards,
Prem
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40010097
Please post the complete code, as this seems to be an error caused somewhere before the shown statement.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40010103
Hi Qlemo,

I have posted the complete script and error above to your comment.
with new error
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 40010272
Your missing a quote at the end of your logfile definition.
0
 
LVL 16

Expert Comment

by:Enphyniti
ID: 40010360
*You're.

wish I could edit on mobile...
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40010389
Correct (line 3).
You should also move the logfile definition past the PARAM clause.
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40011030
Hi Enphyniti & Qlemo,

Thank you missed to notice that.. :)  i will check and update you..

Cheers,
Prem
0
 
LVL 17

Author Comment

by:Premkumar Yogeswaran
ID: 40054673
Hi Enphyniti & Qlemo,

Sorry for my delay in response.
My script is working great now...

Before closing this question, i have last query. looking for your help..
In the below funtion, we are testing whether One of the input is exist or not, it is possible to modify this function to check both the input (Genric mailbox and the usre mailbox) is present or not?

 try
        {
            #Check if user already exists
            $FilterStrng = "samAccountName -like `"" + $genricsamID + "`""
            $user = Get-ADUser -Filter $FilterStrng


Thanks,
Prem
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 300 total points
ID: 40135249
Your request doesn't make sense. You are already requesting the mailbox info of both accounts, so no LDAP search required at all. Just check for the corresponding mailbox vars to contain anything.
The simplified script checking for both accounts is:
PARAM(
[string] $GenericMail = $(Read-Host -Prompt 'Generic Mailbox Email'),
[string] $UserID      = $(Read-Host -Prompt 'User email or SamID')
)

function Write-Log ([String] $text, [String] $FgColor)
{
  $logFile = "C:\temp\MailboxAccess_Log\MBAccesslog.txt"
  
  Write-Host -ForegroundColor $FgColor $test
  Out-File $logfile -Append -InputObject $text 
}

$GenUser = get-mailbox $GenericMail
$User    = get-mailbox $UserID

if (!$User  ) { Write-Log "User $UserID has no mailbox" "Red" }
if (!GenUser) { Write-Log "Generic mailbox $GenericMail not found" "Red" }
if ($User -and $GenUser) {
  Add-MailBoxPermission $GenUser.DistinguisedName -user $User.SamAccountName -AccessRights FullAccess
  Set-MailBox $GenUser.DistinguisedName -GrantSendOnBehalfTo ($GenUser.GrantSendOnBehalfTo + $User)
  Write-Log "User $UserID was grantd access to generic mailbox $GenericMail" "Green"
}

Open in new window

0
 
LVL 17

Author Closing Comment

by:Premkumar Yogeswaran
ID: 40148870
Thanks guys... Sorry for the delay...
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question