Adaxes

Add full mailbox access functionality

0 votes

Ive developed a powershellscript that is able to add this functionality, feel free to improve or use.

Iv'e used the msExchExtensionCustomAttribute3 and then renamed the attribute in Adaxes to "Full Mailbox Access". Also it uses samAccountName as user identifier, you could also implement adaxes module, but Im more comfy with MS modules.

There is no sync with the regular exchange management list of full mailbox access and the attributes list, and I intended to to this only because I didnt want to wait til the next adaxes update with better exchange support.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
import-module activedirectory

if ($Context.IsPropertyModified("msExchExtensionCustomAttribute3"))
  {

    $OldAccessList  = Get-ADUser -identity %sAMAccountName% -properties "msExchExtensionCustomAttribute3"  | Select-Object msExchExtensionCustomAttribute3
    $NewAccessList = $Context.GetModifiedPropertyValues("msExchExtensionCustomAttribute3");

    foreach ($account in $OldAccessList.msExchExtensionCustomAttribute3)
    {

        if ($newAccessList -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
         {
             $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
            $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress
            Remove-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -InheritanceType 'All' -ExtendedRights 'send-as' -Confirm:$false
            Remove-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -Confirm:$false
            $Context.LogMessage("Removed FullMailboxAccess to" + ": " + $account, "Information")

        }

        else {}

    }

    if ($NewAccessList -ne $NULL)
        {

            foreach ($account in $NewAccessList)
             {

                   # Check if samAccountName Exists in AD. If not, Cancel Edit.              
                   if((Get-ADUser -f {samAccountName -eq $account}) -eq $NULL) 
                   {

                      $Context.Cancel("Following account does not exist: " + $account);
                      return;
                   }

                 if ($OldAccessList.msExchExtensionCustomAttribute3 -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
                    {

                    $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
                    $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress

                            Add-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -InheritanceType All
                            Add-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -Extendedrights "Send As"
                            $Context.LogMessage("Added FullMailboxAccess to" + ": " + $SamId.SamAccountName, "Information")
                    }   

                 else{}

              }
        }    

}
by (20 points)

1 Answer

0 votes
by (18.0k points)

Hello,

Thank you for sharing the script. We really appreciate it!

0

Starting from Adaxes 2013.1, Adaxes allows you to grant the Full Access permission for a mailbox using the built-in functionality.

In the Administration Console:

In the Web Interface.

Also, you can grant rights other than Full Access, for example, Send As or Send on Behalf Of.

With Adaxes Business Rules. Custom Commands and Scheduled Tasks, you can grant rights for a mailbox automatically, using the Modify Exchange Properties action. For more details, see Example 10 in the Automate Exchange Mailbox Configuration Tutorial.

by (216k points)

Related questions

0 votes
0 answers
PS Script: Add Security group with full access to mailbox

Hi, I'm currently working with setting up a new Adaxes solution for a customer at my company. The customer needs a solution that can add a security group with full ... help me out here :-) That would be greatly appreciated. Best Regards, Kristoffer Høie.

asked Jun 29, 2016 by krihoie (20 points)
0 votes
1 answer
Is it possible to select multiple users and give them full access to the mailbox?

Hi Everyone I want to create a custom command where I can select multiple users and then select a mailbox and give them full access to the mailbox. Is there a way to do it? Thank you for help

asked Nov 2, 2021 by Sandberg94 (340 points)
0 votes
1 answer
Automate an Email to Users with Full mailbox access

Is is possiable to send Automate an email to go out to the users of a delegated mailbox? We give Full Access and Send As access of disabled accounts to thier replacements for 30days ... then send a email to each one of them? Adaxes version: 2017.2 3.8.14823.0

asked Oct 28, 2019 by hgletifer (1.3k points)
0 votes
1 answer
Create a report about a user and the number of mailboxes with Full Access permission.

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6, 2022 by Sandberg94 (340 points)
0 votes
1 answer
How to I delegate Send As permission and Full Access permission to a defined user during Deprovision?

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active ... to leave the question 'blank', which means that no one gets access to the mailbox.

asked Apr 22, 2020 by RayBilyk (240 points)
3,548 questions
3,238 answers
8,232 comments
547,810 users