Add-AdPermission to a mailbox

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Kevin Hopcroft Kevin Hopcroft 2 years, 2 months ago.

  • Author
    Posts
  • #19046
    Profile photo of Phil Marcotte
    Phil Marcotte
    Participant

    Hi,

    New to powershell here and would like some help

    I am trying to run a script that accepts input from a user to permissions on a mailbox for an Exchange server 2010.
    The part for the fullAccess permission works well, but when I try to set SendAs permission, I just can't seem to get it to work.

    Here is my script:

    $Mailbox=Read-Host [string]:: "What's the mailbox you want to change permissions on ?"
    $username=Read-Host [string]:: "What user do you want to give access to ?"
    $accessType=Read-Host [string]:: "What kind of Access do you want to give to the user ? 1=Full Access, 2=Send As"
    While ($accessType -ge 3)
    {
    Write-Host "This is not a valid choice, please enter either 1 or 2"
    $accessType=Read-Host [string]:: "What kind of Access do you want to give to the user ? 1=Full Access, 2=Send As"
    }
    If ($accessType -eq 1)
    { Get-Mailbox -Identity $Mailbox
    Add-MailboxPermission $Mailbox -User $username -AccessRights FullAccess
    Pause
    }elseif ($accessType -eq 2)
    { Get-Mailbox -Identity $Mailbox
    Add-ADPermission $Mailbox -User $username -AccessRights ExtendedRight -ExtendedRights "Send As"
    Pause
    }

    whatever I enter in my $mailbox variable doesn't seem to go through, I receive this message:
    The operation couldn't be performed because object "$Mailbox" couldn't be found on dc.

    What kind of info should I pass in my variable to make it go work.
    Any kind of help would be greatly appreciated

    Thanks

  • #19074
    Profile photo of Kevin Hopcroft
    Kevin Hopcroft
    Participant

    Hi Phil

    This script works for me without any amendments. $Mailbox should either be the samaccountname, alias or displayname of the mailbox, but not in quotes (even if the displayname has spaces in it).

  • #19075
    Profile photo of Kevin Hopcroft
    Kevin Hopcroft
    Participant

    I would also change the script to utilise Powershell functionality, like parameters and the options they bring like validation and whether input is required or optional. This saves writing loops validating input. . Using this way you can either run the script and you will be prompted for the inputs, or you can specify them upfront.
    i.e. if your script is call MailboxPermissions.ps1, you can just run that and be prompted for each variable in turn or run it like this
    MailboxPermissions.ps1 -Mailbox [i]{mailbox1}[/i] -Username [i]{user1}[/i] -AccessType FullAccess

    Param (
    [Parameter(Mandatory=$true,HelpMessage="What's the mailbox you want to change permissions on ?")]
    [string]$Mailbox,
    [Parameter(Mandatory = $true,HelpMessage="What user do you want to give access to ?")]
    [string]$Username,
    [Parameter(Mandatory = $true,HelpMessage = "What kind of Access do you want to give to the user ? Full Access or Send As")]
    [ValidateSet('FullAccess', 'SendAs')]
    [string]$AccessType
    )

    If ($accessType -eq 'FullAccess')
    {
    Get-Mailbox -Identity $Mailbox
    Add-MailboxPermission $Mailbox -User $username -AccessRights FullAccess
    }
    else
    {
    Get-Mailbox -Identity $Mailbox
    Add-ADPermission $Mailbox -User $username -AccessRights ExtendedRight -ExtendedRights "Send As"
    }

You must be logged in to reply to this topic.