Script repository

Copy permissions between mailboxes

February 15, 2023 Views: 3324
Copying and Moving Exchange Microsoft 365 (Office 365) Security User Accounts

The script copies Send As, Send On Behalf Of and Mailbox Rights permissions of a mailbox to the mailbox of the current user. The source mailbox is specified via a certain property of the user account. To enable users to select a target mailbox in Active Directory, the property must support the DN syntax. For example, you can use Assistant, Secretary or See Also. The script must be executed by a Business Rule triggered after modifying the property.

The script copies permissions both in Exchange On-Premises and Exchange Online.

Parameter:

  • $sourceUserDNAttribute - sets the property that is used to specify the source user.
Edit Remove
PowerShell
$sourceUserDNAttribute = "assistant" # TODO: modify me

# Get source mailbox DN
try
{
    $sourceUserDN = $Context.TargetObject.Get($sourceUserDNAttribute)
}
catch
{
    $Context.LogMessage("Source user not specified", "Warning")
    return
}

$sourceUser = $Context.BindToObjectByDN($sourceUserDN)
if ($sourceUser.RecipientType -ne "ADM_EXCHANGERECIPIENTTYPE_MAILBOXENABLED")
{
    $Context.LogMessage("The specified user does not have a mailbox", "Warning")

    # Clear the attribute
    $Context.TargetObject.Put($sourceUserDNAttribute, $NULL)
    $Context.TargetObject.SetInfo()
    return
}

if ($sourceUser.RecipientLocation -ne $Context.TargetObject.RecipientLocation)
{
    $Context.LogMessage("Target mailbox and source mailbox are hosted in different Exchange Organizations", "Warning")

    # Clear the attribute
    $Context.TargetObject.Put($sourceUserDNAttribute, $NULL)
    $Context.TargetObject.SetInfo()
    return
}

# Get source mailbox Exchange Properties
$sourceMailboxParams = $sourceUser.GetMailParameters()

# Create an empty instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

# Copy Send As permissions
$mailboxParams.SendAs = $sourceMailboxParams.SendAs

# Copy Send on Behalf Of permissions
$mailboxParams.GrantSendOnBehalfTo = $sourceMailboxParams.GrantSendOnBehalfTo

# Copy Mailbox Rights
$mailboxParams.MailboxRights = $sourceMailboxParams.MailboxRights

# Save the changes
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

# Clear attribute
$Context.TargetObject.Put($sourceUserDNAttribute, $NULL)
$Context.TargetObject.SetInfo()

Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers