Created
October 2, 2018 22:24
-
-
Save jkbryan/433f6d7ff72db99b610bbf1428dbe617 to your computer and use it in GitHub Desktop.
mailbox-delegation.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Main juicy bit of this script that actually does the delegation work with EWS was taken from here: | |
# http://gsexdev.blogspot.com/2009/04/add-delegates-to-mailbox-with.html | |
# The rest cobbled together by Jon Bryan 19/07/11 | |
# Tasks, Notes and Contacts delegation added to the EWS script bit - note that Journal delegation is not provided, but can be quickly added! | |
$SavedEA=$Global:ErrorActionPreference | |
$Global:ErrorActionPreference="SilentlyContinue" | |
write-host "Exchange management snap-in loading... if not already loaded" | |
write-host "" | |
Add-PSSnapin -Name Microsoft.Exchange.Management.Powershell.E2010 | |
write-host "Exchange management snap-in loaded" | |
write-host "" | |
$Logging_File="C:\Logging\DelegationLogging.txt" | |
$dateTime = Get-Date | |
$usertoDelegate = Read-Host " Give samAccountName of user whose mailbox is to be delegated" | |
if ($usertoDelegate -eq "") | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host "" | |
if (Get-Mailbox $usertoDelegate) | |
{ | |
$mbtoDelegate = Get-Mailbox $usertoDelegate | Select-Object PrimarySmtpAddress | |
$mbtoDelegate = $mbtoDelegate.PrimarySmtpAddress | |
} | |
Else | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$userdelegatetoAdd = Read-Host " Give samAccountName of user to provide delegated access" | |
if ($userdelegatetoAdd -eq "") | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host "" | |
if (Get-Mailbox $userdelegatetoAdd) | |
{ | |
$delegatetoAdd = Get-Mailbox $userdelegatetoAdd | Select-Object PrimarySmtpAddress | |
$delegatetoAdd = $delegatetoAdd.PrimarySmtpAddress | |
} | |
Else | |
{ | |
Write-Host "Supply valid samAccountName!" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
write-host " Permissions defined:" | |
write-host " None - None - XD" | |
write-host " Reviewer - Can Read items" | |
write-host " Author - Can Read and Create items" | |
write-host " Editor - Can Read, Create and Modify items" | |
write-host "" | |
write-host " Note: The delegate must have Editor permissions on the Calendar folder" | |
Write-Host " to be able to receive copies of meeting messages." | |
write-host "" | |
$QCalendarFolderPermissionLevel = Read-Host " Calendar Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QCalendarFolderPermissionLevel) | |
{ | |
"n" {$strCalendarFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strCalendarFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strCalendarFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strCalendarFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QInboxFolderPermissionLevel = Read-Host " Inbox Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QInboxFolderPermissionLevel) | |
{ | |
"n" {$strInboxFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strInboxFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strInboxFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strInboxFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QTasksFolderPermissionLevel = Read-Host " Tasks Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QTasksFolderPermissionLevel) | |
{ | |
"n" {$strTasksFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strTasksFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strTasksFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strTasksFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QContactsFolderPermissionLevel = Read-Host " Contacts Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QContactsFolderPermissionLevel) | |
{ | |
"n" {$strContactsFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strContactsFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strContactsFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strContactsFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QNotesFolderPermissionLevel = Read-Host " Notes Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]" | |
write-host "" | |
$boolValid="false" | |
switch ($QNotesFolderPermissionLevel) | |
{ | |
"n" {$strNotesFolderPermissionLevel = "None"; $boolValid = "True"} | |
"r" {$strNotesFolderPermissionLevel = "Reviewer"; $boolValid = "True"} | |
"a" {$strNotesFolderPermissionLevel = "Author"; $boolValid = "True"} | |
"e" {$strNotesFolderPermissionLevel = "Editor"; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QViewPrivateItems = Read-Host " View Private Items? [(Y)Yes/(N)No]" | |
write-host "" | |
$boolValid="false" | |
switch ($QViewPrivateItems) | |
{ | |
"y" {$strViewPrivateItems = $true; $boolValid = "True"} | |
"n" {$strViewPrivateItems = $false; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$QReceiveCopiesOfMeetingMessages = Read-Host " Receive Copies Of Meeting Messages? [(Y)Yes/(N)No]" | |
write-host "" | |
$boolValid="false" | |
switch ($QReceiveCopiesOfMeetingMessages) | |
{ | |
"y" {$strReceiveCopiesOfMeetingMessages = $true; $boolValid = "True"} | |
"n" {$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True"} | |
"" {$boolValid = "False"} | |
} | |
if ($strCalendarFolderPermissionLevel -eq "Author" -or $strCalendarFolderPermissionLevel -eq "Reviewer") | |
{ | |
Write-Host " The delegate must have Editor permissions on the Calendar folder to be able to receive copies of meeting messages." | |
Write-Host " " | |
Write-Host " Resetting value for 'Receive Copies Of Meeting Messages' to FALSE!" | |
$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True" | |
} | |
if ($boolValid -ne "True") | |
{ | |
Write-Host "No valid permission set provided! Script Quitting!" | |
Write-Host "" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
} | |
$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.1\Microsoft.Exchange.WebServices.dll" | |
[void][Reflection.Assembly]::LoadFile($dllpath) | |
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1) | |
$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent() | |
$RequestorUserName = $windowsIdentity.Name | |
$sidbind = "LDAP://" | |
$aceuser = [ADSI]$sidbind | |
$service.AutodiscoverUrl($aceuser.mail.ToString()) | |
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate); | |
$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate) | |
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd) | |
$dgUser.ViewPrivateItems = $strViewPrivateItems | |
$dgUser.ReceiveCopiesOfMeetingMessages = $strReceiveCopiesOfMeetingMessages | |
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strCalendarFolderPermissionLevel | |
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strInboxFolderPermissionLevel | |
$dgUser.Permissions.TasksFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strTasksFolderPermissionLevel | |
$dgUser.Permissions.ContactsFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strContactsFolderPermissionLevel | |
$dgUser.Permissions.NotesFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strNotesFolderPermissionLevel | |
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1 | |
$dgArray[0] = $dgUser | |
$service.RemoveDelegates($mbMailbox,"$delegatetoAdd") | |
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray); | |
Add-content $Logging_File "=================================================================" | |
Add-Content $Logging_File $dateTime | |
Add-Content $Logging_File "Requestor: $RequestorUserName" | |
Add-content $Logging_File "Delegated Mailbox: $mbMailbox" | |
Add-content $Logging_File "Delegate: $delegatetoAdd" | |
Add-content $Logging_File "Permissions: " | |
Add-content $Logging_File "Calendar: $strCalendarFolderPermissionLevel" | |
Add-content $Logging_File "Inbox: $strInboxFolderPermissionLevel" | |
Add-content $Logging_File "Tasks: $strTasksFolderPermissionLevel" | |
Add-content $Logging_File "Contacts: $strContactsFolderPermissionLevel" | |
Add-content $Logging_File "Notes: $strNotesFolderPermissionLevel" | |
Add-content $Logging_File "View Private Items: $strViewPrivateItems" | |
Add-content $Logging_File "Receive Copies Of Meeting Messages: $strReceiveCopiesOfMeetingMessages" | |
$quit=Read-Host "Press CR to quit (CR=Exit) " | |
if ($quit -eq "") {Break} | |
A piece of another management script that runs after the user provisioning process, to set default calendar visibility: | |
if (Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")}) | |
{ | |
# Write-host User Default already has Reviewer permissions on the calendar of $samAccountName | |
} | |
Else | |
{ | |
# Start looping to set the perms again and again every 30 seconds until it has been done or $i=60 - i.e. 30 minutes have passed - in which case something has really gone wrong! | |
Do | |
{ | |
Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default | |
Start-Sleep -s 30 | |
$i=$i+1 | |
} | |
Until ((Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")}) -or ($i -eq 60)) | |
# If $i=60, then something went wrong, so send a mail alerting to this... | |
if($i -eq 60) | |
{ | |
$strMail=$strMail + "`r`n !!!! Failed to set Calendar Reviewer Permissions on mailbox " + $samAccountName + ";" + $strForName + $strSurName + "!!!!" #`r`n Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default" | |
$SendMail="True" | |
} | |
# If $i is less than 60, the operation completed so write to the log file... | |
if($i -lt 60) | |
{ | |
$strMail=$strMail + "`r`n Account Added, Calendar Reviewer Permissions granted to Default user, on mailbox " + $samAccountName + ";" + $strForName + $strSurName | |
Add-Content $objTransLogFile """$date"",""$time"",""New mailbox added - calendar permissions set"",""$samAccountName""" | |
$SendMail="True" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment