The script grants Full Access and Send As permissions to the users whose DNs are stored in a multivalued attribute. The script can be executed in a custom command, business rule or scheduled task.
In the script, the $fullAccessUsersAttribute variable specifies the LDAP name of the property where DNs of delegates are preserved.
PowerShell
$fullAccessUsersAttribute = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
# Get DNs of delegates
try
{
$fullAccessUserDNs = $Context.TargetObject.GetEx($fullAccessUsersAttribute)
}
catch
{
$Context.LogMessage("Property $fullAccessUsersAttribute is empty.", "Warning")
return
}
# Create an instance of the 'AdmExchangeMailboxParameters' class.
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendAs = $mailboxParams.SendAs
$sendAs.OverrideOldValues = $False
$mailboxRights = $mailboxParams.MailboxRights
foreach ($fullAccessUserDN in $fullAccessUserDNs)
{
# Get delegate SID.
$fullAccessUser = $Context.BindToObjectByDN($fullAccessUserDN)
$fullAccessUserSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($fullAccessUser.Get("ObjectSid"), 0)
$objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
$objReference.ObjectSid = $fullAccessUserSid
# Set Send As delegates.
$sendAs.Add("ADS_PROPERTY_APPEND", $objReference)
# Set the Full Access permissions.
$permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"
$permission.AllowedRights = "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS"
$permission.Trustee = $objReference
$permissionModification =
New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
$permissionModification.Operation = "ADS_PROPERTY_APPEND"
$permissionModification.Permission = $permission
$mailboxRights.AddModification($permissionModification)
}
$mailboxParams.SendAs = $sendAs
$mailboxParams.MailboxRights = $mailboxRights
# Save changes
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")