Author Posts

March 15, 2016 at 1:52 am

Hi

I am doing a migration for DomainA to DomainB. Currently All user mail mailbox are in DomainA on a Exchange 2010 Server.

We are mirgrating all the users to DomainB.

Is there a way to run the following comands against all users mailboxes in DomainA based on the user name of each user?

The comands are

Add-MailboxPermission "User Name1" -User "DomainB.com\UName1" -AccessRights FullAccess
Add-ADPermission "User Name1" -User "DomainB.com\UName1" -Extendedrights "Send As"

Thanks

Jules

March 16, 2016 at 7:16 am

Sure – you'd need to get all the mailboxes, then numerate them (ForEach), and then run the command against each, in turn.

March 16, 2016 at 8:17 am

Thank you for that

Do you have an example?

Thanks

Jules

March 16, 2016 at 8:58 am

I have tried this but get an error file not found

$SearchBase="OU=UK,OU=Company,DC=Domain,DC=local" #Definition of OU containing groups I want to change
$searchScope=1 #Depends how deep you want to search : 0 – means Base,1 – means one level, 2 – means subtree
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString('dd-MMM-yyyy_HH-mm-ss')
$Dir="C:\scripts\"
$FileName="Exchange"
$FileName="$Dir$FileName-$CurrentDate.txt"

Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName | ft -HideTableHeaders > $FileName

foreach ($i in $FileName){
Add-MailboxPermission $i -User "NewDomain.com\$1" -AccessRights FullAccess
Add-ADPermission $i -User "NewDomain.com\$1" -Extendedrights "Send As"

March 16, 2016 at 10:01 am

The problem is that you're formatting the results, using FT. That renders something for the screen, not something you can then use elsewhere.

$FileName = Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName

Would put a list of objects into $FileName, which each contained a samAccountName property.

In this:

foreach ($i in $FileName){

You would want to reference $i.sameAccountName, not just $i.

I also notice in your loop that:

Add-MailboxPermission $i -User "NewDomain.com\$1" -AccessRights FullAccess
Add-ADPermission $i -User "NewDomain.com\$1" -Extendedrights "Send As"

You didn't close the } for the loop. Also, you're referencing $1, not $i. You'd probably want $($i.samAccountName) if the goal is to insert the samAccountName. Otherwise, I'm not entirely sure what $1 is meant to refer to, as I don't see the variable defined elsewhere in your code.

It looks like you've got some experience with batch files, and you're running into some extremely common "gotchas" in PowerShell. Consider reviewing our "Gotchas" list (on the Resources menu), and consider working through "Learn PowerShell in a Month of Lunches." There's a certain amount of background information that would make this go a lot quicker for you.

March 17, 2016 at 6:33 am

Thank you for your advise, I will look at that.

I have made some changes


$SearchBase="OU=UK,OU=OwenMumford,DC=woodstock,DC=local" #Definition of OU containing groups I want to change
$searchScope=1 #Depends how deep you want to search : 0 – means Base,1 – means one level, 2 – means subtree
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString('dd-MMM-yyyy_HH-mm-ss')
$Dir="C:\scripts\"
$FileName="Exchange"
$FileName="$Dir$FileName-$CurrentDate.txt"

$FileName = Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName

foreach ($i in $FileName){
Add-MailboxPermission $i -User "OwenMumford.com\$($i.samAccountName)" -AccessRights FullAccess
Add-ADPermission $i -User "OwenMumford.com\$($i.samAccountName)" -Extendedrights "Send As"

}

and I get the error:

Cannot bind argument to parameter 'Identity' because it is null.
+ CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

Cannot bind argument to parameter 'Identity' because it is null.
+ CategoryInfo : InvalidData: (:) [Add-ADPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-ADPermission

THanks

Jules

March 17, 2016 at 6:38 am

So, again: $i contains a user object. You need to reference $i.samAccountName. You should also explicitly use parameter names on Add-MailboxPermission and Add-ADPermission. Right now, you're passing $i, not $i.samAccountName, and you're passing it positionally, which is forcing the cmdlet to try and figure out what you mean. And it's guessing wrong, which is why it isn't working.