Mailbox delegation

This code sample retrieves the following permissions on a mailbox:

  • Send As delegates
  • Send on Behalf Of delegates
  • Users with Full Access permission
  • Mailbox owner
  • Mailbox rights

In the below code sample, the $mailboxParams variable represents properties of an Exchange mailbox. To retrieve the properties, use the IAdmExchangeMailParametersOps::GetMailParameters method.

 How
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the user
$userDN = "CN=John Smith,CN=Users,DC=domain,DC=com"
$user = $service.OpenObject("Adaxes://$userDN", $null, $null, 0)

# Get Exchange properties
$mailboxParams = $user.GetMailParameters()
# The $mailboxParams variable represents properties of an Exchange mailbox

# Send As
$sendAs = $mailboxParams.SendAs
if ($sendAs.Count -eq 0)
{
    Write-Host "Send As: Not delegated"
}
else
{
    Write-Host "Send As:"
    for ($i = 0; $i -lt $sendAs.Count; $i++)
    {
        $object = $sendAs.GetItem($i, [ref]"ADS_PROPERTY_NONE")
        Write-host "`t" $object.DisplayName
    }
}

# Send on Behalf Of
$sendOnBehalfOf = $mailboxParams.GrantSendOnBehalfTo
if ($sendOnBehalfOf.Count -eq 0)
{
    Write-Host "Send on Behalf Of: Not delegated"
}
else
{
    Write-Host "Send on Behalf Of:"
    for ($i = 0; $i -lt $sendOnBehalfOf.Count; $i++)
    {
        $object = $sendOnBehalfOf.GetItem($i, [ref]"ADS_PROPERTY_NONE")
        Write-host "`t" $object.DisplayName
    }
}

# Get 'Mailbox Rights'
$mailboxRights = $mailboxParams.MailboxRights

# Full Access
$fullAccess = $mailboxParams.MailboxRights.GetTrusteesGrantedRights(
    "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS")
if ($fullAccess.Length -eq 0)
{
    Write-Host "Full Access: Not delegated"
}
else
{
    Write-Host "Full Access:"
    foreach ($object in $fullAccess)
    {
        Write-host "`t" $object.DisplayName
    }
}

# Mailbox owner
Write-Host "Mailbox owner:" $mailboxRights.Owner

# Mailbox Permissions
$mailboxPermissions = $mailboxRights.GetPermissions()
Write-Host "Mailbox rights:"
foreach($mailboxPermission in $mailboxPermissions)
{
    # Trustee
    Write-Host "`tTrustee:" $mailboxPermission.Trustee
    
    # Allowed rights
    Write-Host "`tAllowed rights:" $mailboxPermission.AllowedRights
    
    # Inherited allowed rights
    Write-Host "`tInherited allowed rights:" $mailboxPermission.InheritedAllowedRights
    
    # Denied rights
    Write-Host "`tDenied rights:" $mailboxPermission.DeniedRights
    
    # Inherited denied rights
    Write-Host "`tInherited denied rights" $mailboxPermission.InheritedDeniedRights
    Write-Host
}

See also