Author Posts

February 25, 2016 at 9:47 pm

Hi all,

I have been working on a task that goes into all the mailboxes in an OU i.e. Disabled Users to see if there are any delegates granted to the mailbox and if so remove them.

I have found a script i found on someone's blog to do it but I'm looking for a bulk task.

$GetListOfDisabledUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit "Disabled Accounts")
$Delegates = $GetListOfDisabledUsers | Get-MailboxFolderPermission | Select FolderName, User | Export-Csv "C:\Temp\Export.csv" -NoTypeInformation
$Users = import-csv "c:\temp\export.csv"

ForEach($Mailbox in (Get-MailboxFolderStatistics $GetListOfDisabledUsers | Where { $_.FolderPath.Contains("/Inbox") -eq $True -and $_.User -ne "Default" -and $_.User -ne "Anonymous"} ))
{
$Mailboxname = "$($GetListOfDisabledUsers):" + $Mailbox.FolderPath.Replace("/","\");
Remove-MailboxFolderPermission $MailboxName -User $User -confirm:$false
}

I have tried received the following message.

Cannot process argument transformation on parameter 'Identity'. Cannot convert the "System.Collections.ArrayList" value of type "System.Collections.ArrayList" to type
"Microsoft.Exchange.Configuration.Tasks.GeneralMailboxOrMailUserIdParameter".
+ CategoryInfo : InvalidData: (:) [Get-MailboxFolderStatistics], ParameterBindin...mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MailboxFolderStatistics
+ PSComputerName : ex01.domain.local

Thanks for your help in advance.

February 26, 2016 at 12:18 am

Hi

I had a little bit different approach but if you do not need export csv files this will do, but export can be added to following. I haven't tried the remove command but it should work.

It goes through all users mailbox folders and searches other users than Default and Anonymous, if there's a hit, it deletes it.

$allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts')

ForEach ($user in $allUsers) {

$allFolders = (Get-MailboxFolderStatistics -Identity $user).Name

    ForEach ($Folder in $allFolders) {

        $mailFolder = $user+':\'+$Folder

        $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName

        # Uncomment following if you want to see folder strugture running on screen
        #$mailFolder

            ForEach ($gUser in $GrantedUsers) {

                if (-not (($gUser -eq 'Default') -or ($gUser -eq 'Anonymous'))) {

                    Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser

                } # if (-not (($gUser -eq 'Default') -or ($gUser -eq 'Anonymous')))

            } # ForEach ($gUser in $GrantedUsers)

    } # ForEach ($Folder in $allFolders)

} # ForEach ($user in $allUsers)

February 26, 2016 at 12:51 am

Heippa Jarkko,

Your if is ugly. Please fix it.

As we chatted, I found few alternative ways to do it as you wanted to do it in the first place.

$guser = 'aapeli'
$matchToUsers = @('default','anonymous','Jarkko')

if (-not ($guser -in $matchToUsers)) {$guser}
if (-not ($matchToUsers -match $gUser)) {$guser}

February 26, 2016 at 12:52 am

Hi

Haha, yes I have fixed it now.

$allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts')

$matchToUsers = @('Default', 'Anonymous')

ForEach ($user in $allUsers) {

$allFolders = (Get-MailboxFolderStatistics -Identity $user).Name

    ForEach ($Folder in $allFolders) {

        $mailFolder = $user+':\'+$Folder

        $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName

        # Uncomment following if you want to see folder strugture running on screen
        #$mailFolder

            ForEach ($gUser in $GrantedUsers) {

                if (-not ($gUser -in $matchToUsers)) {

                    Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser
                    
                } # if (-not ($gUser -in $matchToUsers))

            } # ForEach ($gUser in $GrantedUsers)

    } # ForEach ($Folder in $allFolders)

} # ForEach ($user in $allUsers)

February 29, 2016 at 1:59 pm

Thanks all.

You guys are awesome. I was thinking it is easy to do and realized it's harder than first though. But you guys make it so easy to do.

Thanks again for your help. Will definitely post the outcome.

February 29, 2016 at 6:51 pm

Hi Jarkko and Aapeli,

I tried running the script and it received the following error. I trying a couple of combination but still provide me the same outcome.

Method invocation failed because [Microsoft.Exchange.Data.Directory.Management.Mailbox] doesn't contain a method named 'op_Addition'.
At line:6 char:30
+ $mailFolder = $user + <<<< ':\' + $Folder + CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException + FullyQualifiedErrorId : MethodNotFound Get-MailboxFolderPermission : The specified mailbox "$user" doesn't exist. At line:7 char:54 + $GrantedUsers = (Get-MailboxFolderPermission <<<< -Identity $mailFolder).User.DisplayName + CategoryInfo : NotSpecified: (0:Int32) [Get-MailboxFolderPermission], ManagementObjectNotFoundException + FullyQualifiedErrorId : 67AE9BD0,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

March 3, 2016 at 1:04 pm

Hi,
Did you fix that organizational unit? I think it should be like 'contoso.com/users/disabled users'

March 3, 2016 at 1:10 pm

Hi Mikey Mike

This is Onpremise Exchange query, but if needed, this can be modified to online/AD query quite easily, for example if you have AD OU that you move your tobedeleted AD Accounts, change first row to $allUsers = (Get-ADUser | where {$_.DistinguishedName -eq 'ADOUDisabledAccounts'}

March 6, 2016 at 2:22 pm

Hi Aapeli and Jarkko,

I have tried that initially before replying and it made no difference. The one thing that I noticed when I run each line by itself is that the

$GrantedUsers = (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName

Does not return any result if I replace $mailfolder with an individual user i.e.

$GrantedUsers = (Get-MailboxFolderPermission -Identity TestUser1).User.DisplayName
$GrantedUsers

Strange.

March 8, 2016 at 4:31 am

Hi Michael

Kind odd, I tried this on Exchange Online and OnPremise and both gives the same result, Default and Anonymous. Although this if (-not ($gUser -in $matchToUsers)) excludes those two users.

And you use correct mail address there?

March 8, 2016 at 2:30 pm

I did some tweaking with one of the guys here and this is what I got.

$Users = (get-mailbox -ResultSize unlimited -OrganizationalUnit "Disabled Accounts")
Foreach ($User in $Users)
{
$folders = Get-MailboxFolderStatistics $User | % {$_.folderpath} | % {$_.replace(“/”,”\”)}
$folderPermissions = $folders | %{ Get-MailboxFolderPermission “$($User):$_”}
}

$allFolders = (Get-MailboxFolderStatistics -Identity $user)
ForEach ($Folder in $allFolders)
{
$mailFolder = "$($User):\$($Folder)"
$GrantedUsers = (Get-MailboxFolderPermission -Identity $mailFolder)
ForEach ($gUser in $GrantedUsers)
{
$Username = $gUser.User.DisplayName

If (-not (($Username -eq "Default") -or ($UserName -eq "Anonymous")) )
{
Remove-MailboxFolderPermission -Identity $mailFolder -User $UserName -confirm:$false
}
}
}

From what I can see it's no difference to your script Jarkko so I'm scratching my head on this.

March 9, 2016 at 1:45 pm

Hi

I looked up those error but I also found out that on the first line there was not .userPrincipalName or .mail that gives us the mail address. I don't know where that has disappeared, I'm quite sure that it was there. The mail address is only thing that we need from users. Or instead of using get-mailbox we could use get-aduser command to get those users.

$allUsers = (Get-Mailbox -ResultSize Unlimited -OrganizationalUnit 'Disabled Accounts').userPrincipalName
#or with Get-AdUser
#$allUsers = (Get-AdUser -SearchBase 'Disabled Accounts').userPrincipalName

$matchToUsers = @('Default', 'Anonymous')

ForEach ($user in $allUsers) {

$allFolders = (Get-MailboxFolderStatistics -Identity $user).Name

    ForEach ($Folder in $allFolders) {

        $mailFolder = $user+':\'+$Folder

        $GrantedUsers =  (Get-MailboxFolderPermission -Identity $mailFolder).User.DisplayName

        # Uncomment following if you want to see folder strugture running on screen
        #$mailFolder

            ForEach ($gUser in $GrantedUsers) {

                if (-not ($gUser -in $matchToUsers)) {

                    Remove-MailboxFolderPermission -Identity $mailFolder -User $gUser
                    
                } # if (-not ($gUser -in $matchToUsers))

            } # ForEach ($gUser in $GrantedUsers)

    } # ForEach ($Folder in $allFolders)

} # ForEach ($user in $allUsers)

March 23, 2016 at 7:30 pm

Thanks Jarkko. It is working now.