We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Grant mailbox permissions to users predefined in a multivalued property

September 14, 2023 Views: 640

The script grants Full Access and Send As permissions to the users whose DNs are stored in a multivalued attribute. The script can be executed in a custom command, business rule or scheduled task.

In the script, the $fullAccessUsersAttribute variable specifies the LDAP name of the property where DNs of delegates are preserved.

Edit Remove
PowerShell
$fullAccessUsersAttribute = "adm-CustomAttributeTextMultiValue1" # TODO: modify me

# Get DNs of delegates
try
{
    $fullAccessUserDNs = $Context.TargetObject.GetEx($fullAccessUsersAttribute)
}
catch
{
    $Context.LogMessage("Property $fullAccessUsersAttribute is empty.", "Warning")
    return
}

# Create an instance of the 'AdmExchangeMailboxParameters' class.
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendAs = $mailboxParams.SendAs
$sendAs.OverrideOldValues = $False
$mailboxRights = $mailboxParams.MailboxRights

foreach ($fullAccessUserDN in $fullAccessUserDNs)
{
    # Get delegate SID.
    $fullAccessUser = $Context.BindToObjectByDN($fullAccessUserDN)
    $fullAccessUserSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($fullAccessUser.Get("ObjectSid"), 0)

    $objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
    $objReference.ObjectSid = $fullAccessUserSid
    
    # Set Send As delegates.
    $sendAs.Add("ADS_PROPERTY_APPEND", $objReference)
    
    # Set the Full Access permissions.
    $permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"
    $permission.AllowedRights = "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS"
    $permission.Trustee = $objReference
    
    $permissionModification = 
        New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
    $permissionModification.Operation = "ADS_PROPERTY_APPEND"
    $permissionModification.Permission = $permission
    
    $mailboxRights.AddModification($permissionModification)
}

$mailboxParams.SendAs = $sendAs
$mailboxParams.MailboxRights = $mailboxRights

# Save changes
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers