Object-String-Complexity - Getting a String from CmdLet Get-MailBoxPermission

Welcome Forums General PowerShell Q&A Object-String-Complexity - Getting a String from CmdLet Get-MailBoxPermission

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
1 week, 6 days ago.

  • Author
    Posts
  • #180812

    Participant
    Topics: 1
    Replies: 1
    Points: 14
    Rank: Member

    Dear PowerShell community,

    my first question here. 🙂 I wrote the code below (it's a part of the whole code), but first let me tell you my problem:

    I need to get members of a mailbox. So it works fine until i have to work with the result, because I get all objects with permissions to use the mailbox. The company prefix result is COMPLUIS\, but COMPLUIS- is needed. So I do a forEach circuit to read the object once after once, format each object into string and replace the character in the suitable corresponding. But: PowerShell now delivers me the following result:

    User
    —-
    COMPLUIS-AnnonymousA

    User
    —-
    COMPLUIS\AnnonymousA

     

    Well, my question is: How it's possible to get the only needed vaule in $helpvar like COMPLUIS-AnnonymousA, nothing else, just a String, not an object?

    Thank you! 🙂

     

    $membersOfExchange =@()
    $membersOfExchange = Get-MailBoxPermission -Identity $var | Select-Object -Property User | Where-Object { $_.User -match "COMPLUIS" }

    foreach ($member in $membersOfExchange) {

    $helpvar = $member | Out-String
    $helpvar.replace("\","-")
    #$helpvar.replace("User","")
    #$helpvar.replace("----","")
    $helpvar
    read-host "STOP"

    Remove-MailboxPermission -Identity $var -User $helpvar -AccessRights FullAccess -InheritanceType All -Confirm:$false
    Remove-ADPermission -Identity $var -User $helpvar -ExtendedRight Send-As -InheritanceType All -Confirm:$false

    }

     

     

  • #180851

    Participant
    Topics: 6
    Replies: 97
    Points: 239
    Helping Hand
    Rank: Participant

    Each object in Powershell has a default output defined for it, (even it is the one inherited from the Object class), and that is what the console uses to determine how to dump the object to the console host. This same default is used when passing the object down the pipeline to something that requires a string as input, including Out-String. Since you are pushing $member to Out-String, that cmdlet is taking the default output for that object and converting it all to a single string. In this case, the default output of the Deserialized.Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject object created by the Get-MailboxPermission cmdlet is to dump all of the selected attributes to the console using a table format where the headers are the attribute names.

    PS C:\> Get-MailboxPermission user1
    
    Identity             User                 AccessRights                                                IsInherited Deny
    --------             ----                 ------------                                                ----------- ----
    domain.com/People... NT AUTHORITY\SELF    {FullAccess, ReadPermission}                                False       False
    ...
    ...
    

    In your code, each $member object in the foreach loop actually is an object with a User attribute, and when you dump it to the console, it includes the attribute header:

    PS C:\> $membersOfExchange[0] | Get-Member
    
    
       TypeName: Selected.System.Management.Automation.PSCustomObject
    
    Name        MemberType   Definition
    ----        ----------   ----------
    Equals      Method       bool Equals(System.Object obj)
    GetHashCode Method       int GetHashCode()
    GetType     Method       type GetType()
    ToString    Method       string ToString()
    User        NoteProperty string User=NT AUTHORITY\SELF
    
    PS C:\> $membersOfExchange[0]
    
    User
    ----
    NT AUTHORITY\SELF
    

    So, all of that to say that your "$helpvar = $member | Out-String" line is taking all of that text including the header and converting it to a single string of text and that is what messes up the rest of the script for you.

    How do you fix it?
    Don't convert the object to a string, and then reference the User attribute of the object.

    $membersOfExchange =@()
    $membersOfExchange = Get-MailBoxPermission -Identity $var | Select-Object -Property User
    foreach ($member in $membersOfExchange) {
        $helpvar = $member
        $helpvar.User.replace("\","-")
    }

    Also, you aren't assigning the output of the Replace function to any variable, so when you reference $helpvar after executing the Replace, you are actually looking at the variable without the changes. You need to assign the output to a variable and then use the new variable in your Remove-MailboxPermission and Remove-ADPermission cmdlets.

    $membersOfExchange =@()
    $membersOfExchange = Get-MailBoxPermission -Identity $var | Where-Object { $_.User -match "COMPLUIS" }
    foreach ($member in $membersOfExchange) {
        $helpvar = $member.User.Replace("\","-")
        Remove-MailboxPermission -Identity $var -User $helpvar -AccessRights FullAccess -InheritanceType All -Confirm:$false
        Remove-ADPermission -Identity $var -User $helpvar -ExtendedRight Send-As -InheritanceType All -Confirm:$false
    }

    EDIT: More information on the default output view mechanism: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/out-default?view=powershell-6. I was close, but not quite right on...

  • #181383

    Participant
    Topics: 1
    Replies: 1
    Points: 14
    Rank: Member

    Hello Charles D,

    thank you very much! You helped me so muck doing this right! Have a good day! 🙂

    Neschas

You must be logged in to reply to this topic.