Bulk Remove Delegates in User Mailbox

This topic contains 12 replies, has 4 voices, and was last updated by Profile photo of Michael Michael 6 months, 1 week ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #35723
    Profile photo of Michael
    Michael
    Participant

    Hi all,

    I have been working on a task that goes into all the mailboxes in an OU i.e. Disabled Users to see if there are any delegates granted to the mailbox and if so remove them.

    I have found a script i found on someone's blog to do it but I'm looking for a bulk task.

    $GetListOfDisabledUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit "Disabled Accounts")
    $Delegates = $GetListOfDisabledUsers | Get-MailboxFolderPermission | Select FolderName, User | Export-Csv "C:\Temp\Export.csv" -NoTypeInformation
    $Users = import-csv "c:\temp\export.csv"

    ForEach($Mailbox in (Get-MailboxFolderStatistics $GetListOfDisabledUsers | Where { $_.FolderPath.Contains("/Inbox") -eq $True -and $_.User -ne "Default" -and $_.User -ne "Anonymous"} ))
    {
    $Mailboxname = "$($GetListOfDisabledUsers):" + $Mailbox.FolderPath.Replace("/","\");
    Remove-MailboxFolderPermission $MailboxName -User $User -confirm:$false
    }

    I have tried received the following message.

    Cannot process argument transformation on parameter 'Identity'. Cannot convert the "System.Collections.ArrayList" value of type "System.Collections.ArrayList" to type
    "Microsoft.Exchange.Configuration.Tasks.GeneralMailboxOrMailUserIdParameter".
    + CategoryInfo : InvalidData: (:) [Get-MailboxFolderStatistics], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MailboxFolderStatistics
    + PSComputerName : ex01.domain.local

    Thanks for your help in advance.

    #35726

    Hi

    I had a little bit different approach but if you do not need export csv files this will do, but export can be added to following. I haven't tried the remove command but it should work.

    It goes through all users mailbox folders and searches other users than Default and Anonymous, if there's a hit, it deletes it.

    $allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts')
    
    ForEach ($user in $allUsers) {
    
    $allFolders = (Get-MailboxFolderStatistics -Identity $user).Name
    
        ForEach ($Folder in $allFolders) {
    
            $mailFolder = $user+':\'+$Folder
    
            $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName
    
            # Uncomment following if you want to see folder strugture running on screen
            #$mailFolder
    
                ForEach ($gUser in $GrantedUsers) {
    
                    if (-not (($gUser -eq 'Default') -or ($gUser -eq 'Anonymous'))) {
    
                        Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser
    
                    } # if (-not (($gUser -eq 'Default') -or ($gUser -eq 'Anonymous')))
    
                } # ForEach ($gUser in $GrantedUsers)
    
        } # ForEach ($Folder in $allFolders)
    
    } # ForEach ($user in $allUsers)
    
    #35728
    Profile photo of Aapeli Hietikko
    Aapeli Hietikko
    Participant

    Heippa Jarkko,

    Your if is ugly. Please fix it.

    As we chatted, I found few alternative ways to do it as you wanted to do it in the first place.

    $guser = 'aapeli'
    $matchToUsers = @('default','anonymous','Jarkko')
    
    if (-not ($guser -in $matchToUsers)) {$guser}
    if (-not ($matchToUsers -match $gUser)) {$guser}
    
    #35729

    Hi

    Haha, yes I have fixed it now.

    $allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts')
    
    $matchToUsers = @('Default', 'Anonymous')
    
    ForEach ($user in $allUsers) {
    
    $allFolders = (Get-MailboxFolderStatistics -Identity $user).Name
    
        ForEach ($Folder in $allFolders) {
    
            $mailFolder = $user+':\'+$Folder
    
            $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName
    
            # Uncomment following if you want to see folder strugture running on screen
            #$mailFolder
    
                ForEach ($gUser in $GrantedUsers) {
    
                    if (-not ($gUser -in $matchToUsers)) {
    
                        Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser
                        
                    } # if (-not ($gUser -in $matchToUsers))
    
                } # ForEach ($gUser in $GrantedUsers)
    
        } # ForEach ($Folder in $allFolders)
    
    } # ForEach ($user in $allUsers)
    
    #35824
    Profile photo of Michael
    Michael
    Participant

    Thanks all.

    You guys are awesome. I was thinking it is easy to do and realized it's harder than first though. But you guys make it so easy to do.

    Thanks again for your help. Will definitely post the outcome.

    #35832
    Profile photo of Mikey Mike
    Mikey Mike
    Participant

    Hi Jarkko and Aapeli,

    I tried running the script and it received the following error. I trying a couple of combination but still provide me the same outcome.

    Method invocation failed because [Microsoft.Exchange.Data.Directory.Management.Mailbox] doesn't contain a method named 'op_Addition'.
    At line:6 char:30
    + $mailFolder = $user + <<<< ':\' + $Folder + CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException + FullyQualifiedErrorId : MethodNotFound Get-MailboxFolderPermission : The specified mailbox "$user" doesn't exist. At line:7 char:54 + $GrantedUsers = (Get-MailboxFolderPermission <<<< -Identity $mailFolder).User.DisplayName + CategoryInfo : NotSpecified: (0:Int32) [Get-MailboxFolderPermission], ManagementObjectNotFoundException + FullyQualifiedErrorId : 67AE9BD0,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

    #36016
    Profile photo of Aapeli Hietikko
    Aapeli Hietikko
    Participant

    Hi,
    Did you fix that organizational unit? I think it should be like 'contoso.com/users/disabled users'

    #36017

    Hi Mikey Mike

    This is Onpremise Exchange query, but if needed, this can be modified to online/AD query quite easily, for example if you have AD OU that you move your tobedeleted AD Accounts, change first row to $allUsers = (Get-ADUser | where {$_.DistinguishedName -eq 'ADOUDisabledAccounts'}

    #36138
    Profile photo of Michael
    Michael
    Participant

    Hi Aapeli and Jarkko,

    I have tried that initially before replying and it made no difference. The one thing that I noticed when I run each line by itself is that the

    $GrantedUsers = (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName

    Does not return any result if I replace $mailfolder with an individual user i.e.

    $GrantedUsers = (Get-MailboxFolderPermission -Identity TestUser1).User.DisplayName
    $GrantedUsers

    Strange.

    #36239

    Hi Michael

    Kind odd, I tried this on Exchange Online and OnPremise and both gives the same result, Default and Anonymous. Although this if (-not ($gUser -in $matchToUsers)) excludes those two users.

    And you use correct mail address there?

    #36292
    Profile photo of Michael
    Michael
    Participant

    I did some tweaking with one of the guys here and this is what I got.

    $Users = (get-mailbox -ResultSize unlimited -OrganizationalUnit "Disabled Accounts")
    Foreach ($User in $Users)
    {
    $folders = Get-MailboxFolderStatistics $User | % {$_.folderpath} | % {$_.replace(“/”,”\”)}
    $folderPermissions = $folders | %{ Get-MailboxFolderPermission “$($User):$_”}
    }

    $allFolders = (Get-MailboxFolderStatistics -Identity $user)
    ForEach ($Folder in $allFolders)
    {
    $mailFolder = "$($User):\$($Folder)"
    $GrantedUsers = (Get-MailboxFolderPermission -Identity $mailFolder)
    ForEach ($gUser in $GrantedUsers)
    {
    $Username = $gUser.User.DisplayName

    If (-not (($Username -eq "Default") -or ($UserName -eq "Anonymous")) )
    {
    Remove-MailboxFolderPermission -Identity $mailFolder -User $UserName -confirm:$false
    }
    }
    }

    From what I can see it's no difference to your script Jarkko so I'm scratching my head on this.

    #36339

    Hi

    I looked up those error but I also found out that on the first line there was not .userPrincipalName or .mail that gives us the mail address. I don't know where that has disappeared, I'm quite sure that it was there. The mail address is only thing that we need from users. Or instead of using get-mailbox we could use get-aduser command to get those users.

    $allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts').userPrincipalName
    #or with Get-AdUser
    #$allUsers = (Get-AdUser -SearchBase 'Disabled Accounts').userPrincipalName
    
    $matchToUsers = @('Default', 'Anonymous')
    
    ForEach ($user in $allUsers) {
    
    $allFolders = (Get-MailboxFolderStatistics -Identity $user).Name
    
        ForEach ($Folder in $allFolders) {
    
            $mailFolder = $user+':\'+$Folder
    
            $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName
    
            # Uncomment following if you want to see folder strugture running on screen
            #$mailFolder
    
                ForEach ($gUser in $GrantedUsers) {
    
                    if (-not ($gUser -in $matchToUsers)) {
    
                        Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser
                        
                    } # if (-not ($gUser -in $matchToUsers))
    
                } # ForEach ($gUser in $GrantedUsers)
    
        } # ForEach ($Folder in $allFolders)
    
    } # ForEach ($user in $allUsers)
    
    #36929
    Profile photo of Michael
    Michael
    Participant

    Thanks Jarkko. It is working now.

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.