Solved

Schedule Exchange mailbox permissions?

Posted on 2014-11-07
11
86 Views
Last Modified: 2014-11-13
Exchange Server 2010 - soon upgrading to 2013

So I get mad requests all the time in my environment for temporary mailbox permissions.
"Hey Tuesday Bob needs mailbox access to Susan"
"Hey Thursday, Susan needs access to Bob"

These requests are so annoying and it's a nightmare trying to add mailbox and send-as permissions manually every time.
I use Powershell and a csv file to help process it (identity, user columns, and adding permissions).

But is there a way to automate the processing of a script that will remove their permissions?

is there another program or web-based feature that makes scheduling easier for mailbox permission processing and permission-removal processing?
0
Comment
Question by:garryshape
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
11 Comments
 
LVL 11

Expert Comment

by:Joe Klimis
ID: 40434730
Hi

I have created the following, but i have been unable to test it as I don't currently have access to a suitable environment.

The script requires 3 parameters and can be invoked in the following way

 & '.\scriptname.ps1' -TargetMailbox sharedmbxUser -user managerMbxUser -Retraction 21-dec-2014

Open in new window


The script will
add the permissions
and create a scheduled job which will remove the permissions on the allotted date.

you will need to update "YourDomain\YourUser"  with suitable credentials, and will need to be created on an exchange server , or workstation with the tools installed.

let me know how you get on

Regards
Joe


#
#
#
Param([string]$TargetMailbox =$(throw "TargetMailbox ? "),
[string]$user =$(throw "User to give Access to. "),
[datetime]$Retraction = (get-date).adddays(30) #  remove after 30 days by default
)
#
#  set credentials to be used.
#
$creds = Get-Credential YourDomain\YourUser

#
# Adding Exchange Snap In to execute Exchange CmdLets in this script
#
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

# add the permissions to the mailbox
Add-MailboxPermission    -Identity $TargetMailbox -User $user -AccessRights Fullaccess -InheritanceType all

#
# create a scheduled job and the specified date ti remove the permissions.
#
$RemoveCmd = "Remove-MailboxPermission -Identity $TargetMailbox -User $user -AccessRights Fullaccess -InheritanceType all"
$trigger = New-JobTrigger -Once -At $retraction

#
# setup the scheduled job
#
$sjo = New-ScheduledJobOption -RunElevated
$del_mailbox_perms={
param ([string]$removeCmd)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; invoke-expression $removeCmd"
}
#$name = "$(get-date $Retraction -format 'yyyymmdd')"
$name = "MailBox_Permission_remove_$($user)_from_$($Targetmailbox)"
Register-ScheduledJob -Name $name -ArgumentList $removeCmd -ScriptBlock $del_mailbox_perms   -Trigger $trigger `
 -Credential $creds `
 -ScheduledJobOption $sjo
 

Open in new window

0
 

Author Comment

by:garryshape
ID: 40438836
Hi Joe, thanks, I'm assuming the code at the bottom is what would be saved as the scriptname.ps1 in your example, right?
0
 

Author Comment

by:garryshape
ID: 40438874
Yeah it looks like the New-JobTrigger won't work for me because I'm on Exchange 2010. Don't think I can upgrade to Powershell 3 or 4 on that server.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:garryshape
ID: 40438988
Do you know how then, I could with a GUI script running these two commands:    
	Add-MailboxPermission $Identity -User $User -Access "FullAccess" -confirm: $false
	Add-ADPermission -Identity $Identity -User $User -AccessRights ExtendedRight -ExtendedRights "send as"

Open in new window


output the commands into the output console window so I can tell if they worked or not?
The commands run when I click the button I made to process it in the GUI (winforms), but I'm not sure how to get the output shown into the console.
0
 

Author Comment

by:garryshape
ID: 40438998
I tried appending -verbose but it's way too much information
0
 

Author Comment

by:garryshape
ID: 40438999
It looks like the output types for the cmdlets are ADAcePresentationObject and MailboxAcePresentationObject
0
 

Author Comment

by:garryshape
ID: 40439008
I guess I could append "| select IsValid" to get the boolean true/false and write-host or change GUI accordingly?
0
 

Author Comment

by:garryshape
ID: 40439013
Hi disregard I used a Try Catch and it worked
0
 
LVL 11

Accepted Solution

by:
Joe Klimis earned 500 total points
ID: 40439458
Hi

The easy way to build a gui is to use the Admin Script editor , it allows you to build windows forms using a gui tool , and generates the Powershell for you .

Its very cool and free and can be downloaded from

http://www.itninja.com/community/admin-script-editor


Here is one i created   you may find useful as an example. it just  does simple weight conversion.

#region Script Settings
#<ScriptSettings xmlns="http://tempuri.org/ScriptSettings.xsd">
#  <ScriptPackager>
#    <process>powershell.exe</process>
#    <arguments />
#    <extractdir>%TEMP%</extractdir>
#    <files />
#    <usedefaulticon>true</usedefaulticon>
#    <showinsystray>false</showinsystray>
#    <altcreds>false</altcreds>
#    <efs>true</efs>
#    <ntfs>true</ntfs>
#    <local>false</local>
#    <abortonfail>true</abortonfail>
#    <product />
#    <version>1.0.0.1</version>
#    <versionstring />
#    <comments />
#    <company />
#    <includeinterpreter>false</includeinterpreter>
#    <forcecomregistration>false</forcecomregistration>
#    <consolemode>false</consolemode>
#    <EnableChangelog>false</EnableChangelog>
#    <AutoBackup>false</AutoBackup>
#    <snapinforce>false</snapinforce>
#    <snapinshowprogress>false</snapinshowprogress>
#    <snapinautoadd>2</snapinautoadd>
#    <snapinpermanentpath />
#    <cpumode>1</cpumode>
#    <hidepsconsole>false</hidepsconsole>
#  </ScriptPackager>
#</ScriptSettings>
#endregion

#region ScriptForm Designer

#region Constructor

[void][System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")

#endregion

#region Post-Constructor Custom Code

#endregion

#region Form Creation
#Warning: It is recommended that changes inside this region be handled using the ScriptForm Designer.
#When working with the ScriptForm designer this region and any changes within may be overwritten.
#~~< Form1 >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$Form1 = New-Object System.Windows.Forms.Form
$Form1.ClientSize = New-Object System.Drawing.Size(287, 172)
$Form1.Text = "Weight Convert V1.0"
$Form1.BackColor = [System.Drawing.SystemColors]::InactiveCaption
#~~< RadioButtonLb >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$RadioButtonLb = New-Object System.Windows.Forms.RadioButton
$RadioButtonLb.Location = New-Object System.Drawing.Point(177, 63)
$RadioButtonLb.Size = New-Object System.Drawing.Size(104, 24)
$RadioButtonLb.TabIndex = 7
$RadioButtonLb.TabStop = $true
$RadioButtonLb.Text = "Pounds to KG"
$RadioButtonLb.UseVisualStyleBackColor = $true
$RadioButtonLb.add_Click({RadioButtonLbClick($RadioButtonLb)})
#~~< RadioButtonkg >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$RadioButtonkg = New-Object System.Windows.Forms.RadioButton
$RadioButtonkg.Location = New-Object System.Drawing.Point(177, 41)
$RadioButtonkg.Size = New-Object System.Drawing.Size(95, 24)
$RadioButtonkg.TabIndex = 6
$RadioButtonkg.TabStop = $true
$RadioButtonkg.Text = "kg to Pounds"
$RadioButtonkg.UseVisualStyleBackColor = $true
$RadioButtonkg.add_Click({RadioButtonkgClick($RadioButtonkg)})
#~~< TextBox2 >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$TextBox2 = New-Object System.Windows.Forms.TextBox
$TextBox2.Location = New-Object System.Drawing.Point(12, 109)
$TextBox2.ReadOnly = $true
$TextBox2.Size = New-Object System.Drawing.Size(131, 20)
$TextBox2.TabIndex = 4
$TextBox2.Text = ""
#~~< TextBox1 >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$TextBox1 = New-Object System.Windows.Forms.TextBox
$TextBox1.Location = New-Object System.Drawing.Point(7, 67)
$TextBox1.Size = New-Object System.Drawing.Size(136, 20)
$TextBox1.TabIndex = 3
$TextBox1.Text = ""
$TextBox1.add_TextChanged({TextBox1TextChanged($TextBox1)})
#~~< Label1 >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$Label1 = New-Object System.Windows.Forms.Label
$Label1.Location = New-Object System.Drawing.Point(33, 8)
$Label1.Size = New-Object System.Drawing.Size(150, 30)
$Label1.TabIndex = 2
$Label1.Text = "Powershell Converter"
#~~< btn_convert >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$btn_convert = New-Object System.Windows.Forms.Button
$btn_convert.Location = New-Object System.Drawing.Point(177, 93)
$btn_convert.Size = New-Object System.Drawing.Size(104, 36)
$btn_convert.TabIndex = 1
$btn_convert.Text = "Convert"
$btn_convert.UseVisualStyleBackColor = $true
$btn_convert.add_Click({Btn_convertClick($btn_convert)})
#~~< btn_quit >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$btn_quit = New-Object System.Windows.Forms.Button
$btn_quit.Location = New-Object System.Drawing.Point(177, 145)
$btn_quit.Size = New-Object System.Drawing.Size(75, 23)
$btn_quit.TabIndex = 0
$btn_quit.Text = "Quit"
$btn_quit.UseVisualStyleBackColor = $true
$btn_quit.add_Click({Btn_quitClick($btn_quit)})
$Form1.Controls.Add($RadioButtonLb)
$Form1.Controls.Add($RadioButtonkg)
$Form1.Controls.Add($TextBox2)
$Form1.Controls.Add($TextBox1)
$Form1.Controls.Add($Label1)
$Form1.Controls.Add($btn_convert)
$Form1.Controls.Add($btn_quit)

#endregion

#region Custom Code

#endregion

#region Event Loop

function Main{
	[System.Windows.Forms.Application]::EnableVisualStyles()
	[System.Windows.Forms.Application]::Run($Form1)
}

#endregion

#endregion

#region Event Handlers

function RadioButtonLbClick( $object ){
	$RadioButtonkg.checked=$false
	$RadioButtonLb.checked=$true
}

function RadioButtonkgClick( $object ){
	$RadioButtonkg.checked = $true
	$RadioButtonLb.checked = $false
}

function Btn_convertClick($object)
{
	if ($RadioButtonkg.checked )
	{ $TextBox2.Text = [single]($TextBox1.Text) * 2.2046226218 }
		
	else
	{ $TextBox2.Text = [single]($TextBox1.Text) / 2.2046226218  }
	

}

function Btn_quitClick( $object ){
$Form1.close()
}

function TextBox1TextChanged( $object ){

}

Main # This call must remain below all other event functions

#endregion

Open in new window

0
 

Author Comment

by:garryshape
ID: 40440774
Well I'm using Sapien but now they got rid of the free Community edition and want me to pay over $300 to be able to create more than 5 elements on a form lol.
0
 

Author Comment

by:garryshape
ID: 40441649
Thanks sorry one last question

For a combobox, I made the drop-down menu this command:

$displayNames = get-mailbox -ResultSize Unlimited | select Name | Sort Name
$ComboBox1.Items.AddRange($displayNames)

Open in new window


It loads ok but when I click the Combobox menu, I see all the display names, but everyone's display name has a "@{Name=" before their name, and a "}" at the end.
Do it looks like:
@{Name=John Smith}

instead of just John Smith like it should :( any ideas?
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question