Exchange Powershell

Powershell – Shared Mailbox Part 2 – Grant User Full and Send-As Rights

Mit nachfolgendem Powershell Script kann ein User ausgewählt werden, welcher auf ein oderer mehrere Shared Mailbox(en) Full Access und Send-As berechtigt werden kann.

Angepasst werden muss die $searchbase variable

Benutzung des Scripts auf eigene Verantwortung!

# Grant Full Access and Send As Permissions for a User on Shared Mailbox
$searchbase = "OU=UsersOU,DC=domain,DC=local"

# Import needed Module an and Prefix "O365" because on prem and Exchange Online Modules are loded in the same ps session
  Write-Host "Import Exchange Online Powershell Module - You need to enter your cloud admin credentials" -ForegroundColor Green
  Import-Module -DisableNameChecking $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
  $EXOSession = New-ExoPSSession
  Import-PSSession -DisableNameChecking $EXOSession -Prefix O365

# Let select the user which need access to the full mailbox
  Write-Host "Select User which needs access to the Shared Mailbox - Select only one User" -ForegroundColor Green
  start-sleep 2
  $user = Get-ADUser -Filter * -SearchBase $searchbase -Properties EmailAddress | where {$_.EmailAddress -ne $null} | Out-GridView -PassThru

# Select Shared Mailbox (you can select multiple) on which User needs Full Access and grant permissions
  Write-Host "Select Shared Mailbox on which User needs FullAccess rights" -ForegroundColor Green
  start-sleep 2
  $sharedmbx = Get-O365Mailbox -RecipientTypeDetails SharedMailbox | Out-GridView -PassThru

  foreach ($mbx in $sharedmbx[0]) {
   # Read Send-As rights on the Mailbox, neede later to display those users
    $sendasusers = Get-O365Mailbox -Identity $mbx.PrimarySmtpAddress | Get-O365RecipientPermission | where {$_.AccessRights -eq "SendAs" -and $_.Trustee -notmatch "SELF"}
   # Set Full Access Permissions
    Add-O365MailboxPermission -Identity $mbx.PrimarySmtpAddress -User $user.EmailAddress -AccessRights FullAccess
    Write-Host ""

   # Display Users with Sends-As rights and as if those rights are needed for this user as well
    Write-Host "Following Users have also Send-As Permissions on the Mailbox $mbx" -ForegroundColor Green
    $sendasusers | ft Identity,Trustee,AccessRights
    Write-Host ""
    $username = $user.name
    $needsendas = Read-Host "Grant User $username also Send-As rights? Type Yes or No..."
     if ($needsendas -eq "yes") {
      Add-O365RecipientPermission -Identity $mbx.Name -AccessRights SendAs -Trustee $user.Name
     }
     else {
      Write-Host "No Send-AS rights set for this user"
     }

  }

  Read-Host "Done... Press Enter to close this window"