mailbox-delegation.ps1
# Main juicy bit of this script that actually does the delegation work with EWS was taken from here: | |
# http://gsexdev.blogspot.com/2009/04/add-delegates-to-mailbox-with.html | |
# The rest cobbled together by Jon Bryan 19/07/11 | |
# Tasks, Notes and Contacts delegation added to the EWS script bit - note that Journal delegation is not provided, but can be quickly added! | |
$SavedEA=$Global:ErrorActionPreference | |
$Global:ErrorActionPreference="SilentlyContinue" | |
write-host "Exchange management snap-in loading... if not already loaded" | |
write-host "" | |
Add-PSSnapin -Name Microsoft.Exchange.Management.Powershell.E2010 | |
write-host "Exchange management snap-in loaded" | |
write-host "" | |
$Logging_File="C:\Logging\DelegationLogging.txt" | |
$dateTime = Get-Date | |
$usertoDelegate = Read-Host " Give samAccountName of user whose mailbox is to be delegated" | |
if ($usertoDelegate -eq "") | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host "" | |
if (Get-Mailbox $usertoDelegate) | |
{ | |
$mbtoDelegate = Get-Mailbox $usertoDelegate | Select-Object PrimarySmtpAddress | |
$mbtoDelegate = $mbtoDelegate.PrimarySmtpAddress | |
} | |
Else | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$userdelegatetoAdd = Read-Host " Give samAccountName of user to provide delegated access" | |
if ($userdelegatetoAdd -eq "") | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host "" | |
if (Get-Mailbox $userdelegatetoAdd) | |
{ | |
$delegatetoAdd = Get-Mailbox $userdelegatetoAdd | Select-Object PrimarySmtpAddress | |
$delegatetoAdd = $delegatetoAdd.PrimarySmtpAddress | |
} | |
Else | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host " Permissions defined:" | |
write-host " None - None - XD" | |
write-host " Reviewer - Can Read items" | |
write-host " Author - Can Read and Create items" | |
write-host " Editor - Can Read, Create and Modify items" | |
write-host "" | |
write-host " Note: The delegate must have Editor permissions on the Calendar folder" | |
Write-Host " to be able to receive copies of meeting messages." | |
write-host "" | |
$QCalendarFolderPermissionLevel = Read-Host " Calendar Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QCalendarFolderPermissionLevel) | |
{ | |
"n" {$strCalendarFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strCalendarFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strCalendarFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strCalendarFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QInboxFolderPermissionLevel = Read-Host " Inbox Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QInboxFolderPermissionLevel) | |
{ | |
"n" {$strInboxFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strInboxFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strInboxFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strInboxFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QTasksFolderPermissionLevel = Read-Host " Tasks Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QTasksFolderPermissionLevel) | |
{ | |
"n" {$strTasksFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strTasksFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strTasksFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strTasksFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QContactsFolderPermissionLevel = Read-Host " Contacts Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QContactsFolderPermissionLevel) | |
{ | |
"n" {$strContactsFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strContactsFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strContactsFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strContactsFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QNotesFolderPermissionLevel = Read-Host " Notes Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QNotesFolderPermissionLevel) | |
{ | |
"n" {$strNotesFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strNotesFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strNotesFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strNotesFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QViewPrivateItems = Read-Host " View Private Items? [(Y)Yes/(N)No]" | |
write-host "" | |
$boolValid="false" | |
switch ($QViewPrivateItems) | |
{ | |
"y" {$strViewPrivateItems = $true; $boolValid = "True"} | |
"n" {$strViewPrivateItems = $false; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QReceiveCopiesOfMeetingMessages = Read-Host " Receive Copies Of Meeting Messages? [(Y)Yes/(N)No]" | |
write-host "" | |
$boolValid="false" | |
switch ($QReceiveCopiesOfMeetingMessages) | |
{ | |
"y" {$strReceiveCopiesOfMeetingMessages = $true; $boolValid = "True"} | |
"n" {$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($strCalendarFolderPermissionLevel -eq "Author" -or $strCalendarFolderPermissionLevel -eq "Reviewer") | |
{ | |
Write-Host " The delegate must have Editor permissions on the Calendar folder to be able to receive copies of meeting messages." | |
Write-Host " " | |
Write-Host " Resetting value for 'Receive Copies Of Meeting Messages' to FALSE!" | |
$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True" | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.1\Microsoft.Exchange.WebServices.dll" | |
[void][Reflection.Assembly]::LoadFile($dllpath) | |
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1) | |
$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent() | |
$RequestorUserName = $windowsIdentity.Name | |
$sidbind = "LDAP://" | |
$aceuser = [ADSI]$sidbind | |
$service.AutodiscoverUrl($aceuser.mail.ToString()) | |
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate); | |
$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate) | |
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd) | |
$dgUser.ViewPrivateItems = $strViewPrivateItems | |
$dgUser.ReceiveCopiesOfMeetingMessages = $strReceiveCopiesOfMeetingMessages | |
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strCalendarFolderPermissionLevel | |
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strInboxFolderPermissionLevel | |
$dgUser.Permissions.TasksFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strTasksFolderPermissionLevel | |
$dgUser.Permissions.ContactsFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strContactsFolderPermissionLevel | |
$dgUser.Permissions.NotesFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strNotesFolderPermissionLevel | |
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1 | |
$dgArray[0] = $dgUser | |
$service.RemoveDelegates($mbMailbox,"$delegatetoAdd") | |
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray); | |
Add-content $Logging_File "=================================================================" | |
Add-Content $Logging_File $dateTime | |
Add-Content $Logging_File "Requestor: $RequestorUserName" | |
Add-content $Logging_File "Delegated Mailbox: $mbMailbox" | |
Add-content $Logging_File "Delegate: $delegatetoAdd" | |
Add-content $Logging_File "Permissions: " | |
Add-content $Logging_File "Calendar: $strCalendarFolderPermissionLevel" | |
Add-content $Logging_File "Inbox: $strInboxFolderPermissionLevel" | |
Add-content $Logging_File "Tasks: $strTasksFolderPermissionLevel" | |
Add-content $Logging_File "Contacts: $strContactsFolderPermissionLevel" | |
Add-content $Logging_File "Notes: $strNotesFolderPermissionLevel" | |
Add-content $Logging_File "View Private Items: $strViewPrivateItems" | |
Add-content $Logging_File "Receive Copies Of Meeting Messages: $strReceiveCopiesOfMeetingMessages" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
A piece of another management script that runs after the user provisioning process, to set default calendar visibility: | |
if (Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")}) | |
{ | |
# Write-host User Default already has Reviewer permissions on the calendar of $samAccountName | |
} | |
Else | |
{ | |
# Start looping to set the perms again and again every 30 seconds until it has been done or $i=60 - i.e. 30 minutes have passed - in which case something has really gone wrong! | |
Do | |
{ | |
Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default | |
Start-Sleep -s 30 | |
$i=$i+1 | |
} | |
Until ((Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")}) -or ($i -eq 60)) | |
# If $i=60, then something went wrong, so send a mail alerting to this... | |
if($i -eq 60) | |
{ | |
$strMail=$strMail + "`r`n !!!! Failed to set Calendar Reviewer Permissions on mailbox " + $samAccountName + ";" + $strForName + $strSurName + "!!!!" #`r`n Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default" | |
$SendMail="True" | |
} | |
# If $i is less than 60, the operation completed so write to the log file... | |
if($i -lt 60) | |
{ | |
$strMail=$strMail + "`r`n Account Added, Calendar Reviewer Permissions granted to Default user, on mailbox " + $samAccountName + ";" + $strForName + $strSurName | |
Add-Content $objTransLogFile """$date"",""$time"",""New mailbox added - calendar permissions set"",""$samAccountName""" | |
$SendMail="True" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment