The script grants mailbox permissions to the accounts specified in the Directory object picker parameter of a custom command over the mailbox of the target account. To run the script, create custom command.
Script 1: Grant Send on Behalf permission
Parameters:
- $paramName - Specifies the name of the Directory object picker parameter used to select the accounts that will be granted the Send on Behalf Of permission. The name must start with the param- prefix.
- $separator - Specifies a value that will be used to separate values of the parameter whose name is specified in the $paramName variable (e.g. semilocon). The separator should not be a comma as it is used in distinguished names (DNs).
PowerShell
$paramName = "param-MyParam" # TODO: modify me
$separator = ";" # TODO: modify me
# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendOnBehalfOf = $mailboxParams.GrantSendOnBehalfTo
$sendOnBehalfOf.OverrideOldValues = $False
# Get delegates DNs
$delegatesDNs = $Context.GetParameterValue($paramName).Split($separator)
foreach ($delegateDN in $delegatesDNs)
{
# Create object reference
$objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
$objReference.ObjectDN = $delegateDN
# Add delegate to 'Send On Behalf Of'
$sendOnBehalfOf.Add("ADS_PROPERTY_APPEND", $objReference)
}
#Save changes
$mailboxParams.GrantSendOnBehalfTo = $sendOnBehalfOf
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")Script 2: Grant Full Access permission
Parameters:
- $paramName - Specifies the name of the Directory object picker parameter used to select the accounts that will be granted the Full Access permission. The name must start with the param- prefix.
- $separator - Specifies a value that will be used to separate values of the parameter whose name is specified in the $paramName variable (e.g. semilocon). The separator should not be a comma as it is used in distinguished names (DNs).
PowerShell
$paramName = "param-myParam" # TODO: modify me
$separator = ";" # TODO: modify me
# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendOnBehalfOf = $mailboxParams.GrantSendOnBehalfTo
$sendOnBehalfOf.OverrideOldValues = $False
# Get delegates DNs
$delegatesDNs = $Context.GetParameterValue($paramName).Split($separator)
$mailboxRights = $mailboxParams.MailboxRights
foreach ($delegateDN in $delegatesDNs)
{
# Create object reference
$objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
$objReference.ObjectDN = $delegateDN
# Create permission
$permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"
$permission.AllowedRights = "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS"
$permission.Trustee = $objReference
# Add permission modification
$permissionModification = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
$permissionModification.Operation = "ADS_PROPERTY_APPEND"
$permissionModification.Permission = $permission
$mailboxRights.AddModification($permissionModification)
}
# Save changes
$mailboxParams.MailboxRights = $mailboxRights
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")