We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Grant mailbox permissions to multiple trustees

January 18, 2024 Views: 625

The script grants mailbox permissions to the accounts specified in the Directory object picker parameter of a custom command over the mailbox of the target account. To run the script, create custom command.

Script 1: Grant Send on Behalf permission

Parameters:

  • $paramName - Specifies the name of the Directory object picker parameter used to select the accounts that will be granted the Send on Behalf Of permission. The name must start with the param- prefix.
  • $separator - Specifies a value that will be used to separate values of the parameter whose name is specified in the $paramName variable (e.g. semilocon). The separator should not be a comma as it is used in distinguished names (DNs).
Edit Remove
PowerShell
$paramName = "param-MyParam" # TODO: modify me
$separator = ";" # TODO: modify me 

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendOnBehalfOf = $mailboxParams.GrantSendOnBehalfTo
$sendOnBehalfOf.OverrideOldValues = $False

# Get delegates DNs
$delegatesDNs = $Context.GetParameterValue($paramName).Split($separator)

foreach ($delegateDN in $delegatesDNs)
{
    # Create object reference
    $objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
    $objReference.ObjectDN = $delegateDN
    
    # Add delegate to 'Send On Behalf Of'
    $sendOnBehalfOf.Add("ADS_PROPERTY_APPEND", $objReference)
}

#Save changes
$mailboxParams.GrantSendOnBehalfTo = $sendOnBehalfOf
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

Script 2: Grant Full Access permission

Parameters:

  • $paramName - Specifies the name of the Directory object picker parameter used to select the accounts that will be granted the Full Access permission. The name must start with the param- prefix.
  • $separator - Specifies a value that will be used to separate values of the parameter whose name is specified in the $paramName variable (e.g. semilocon). The separator should not be a comma as it is used in distinguished names (DNs).
Edit Remove
PowerShell
$paramName = "param-myParam" # TODO: modify me
$separator = ";" # TODO: modify me

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendOnBehalfOf = $mailboxParams.GrantSendOnBehalfTo
$sendOnBehalfOf.OverrideOldValues = $False

# Get delegates DNs
$delegatesDNs = $Context.GetParameterValue($paramName).Split($separator)

$mailboxRights = $mailboxParams.MailboxRights

foreach ($delegateDN in $delegatesDNs)
{
    # Create object reference
    $objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
    $objReference.ObjectDN = $delegateDN
    
    # Create permission
    $permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"
    $permission.AllowedRights = "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS"
    $permission.Trustee = $objReference
    
    # Add permission modification
    $permissionModification = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
    $permissionModification.Operation = "ADS_PROPERTY_APPEND"
    $permissionModification.Permission = $permission
    
    $mailboxRights.AddModification($permissionModification)
}

# Save changes
$mailboxParams.MailboxRights = $mailboxRights
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers