Skip to content

Instantly share code, notes, and snippets.

@jkbryan jkbryan/mailbox-delegation.ps1
Created Oct 2, 2018

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
mailbox-delegation.ps1
Raw
mailbox-delegation.ps1
# Main juicy bit of this script that actually does the delegation work with EWS was taken from here:
# http://gsexdev.blogspot.com/2009/04/add-delegates-to-mailbox-with.html
# The rest cobbled together by Jon Bryan 19/07/11
# Tasks, Notes and Contacts delegation added to the EWS script bit - note that Journal delegation is not provided, but can be quickly added!
$SavedEA=$Global:ErrorActionPreference
$Global:ErrorActionPreference="SilentlyContinue"
write-host "Exchange management snap-in loading... if not already loaded"
write-host ""
Add-PSSnapin -Name Microsoft.Exchange.Management.Powershell.E2010
write-host "Exchange management snap-in loaded"
write-host ""
$Logging_File="C:\Logging\DelegationLogging.txt"
$dateTime = Get-Date
$usertoDelegate = Read-Host " Give samAccountName of user whose mailbox is to be delegated"
if ($usertoDelegate -eq "")
{
Write-Host "Supply valid samAccountName!"
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
write-host ""
if (Get-Mailbox $usertoDelegate)
{
$mbtoDelegate = Get-Mailbox $usertoDelegate | Select-Object PrimarySmtpAddress
$mbtoDelegate = $mbtoDelegate.PrimarySmtpAddress
}
Else
{
Write-Host "Supply valid samAccountName!"
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$userdelegatetoAdd = Read-Host " Give samAccountName of user to provide delegated access"
if ($userdelegatetoAdd -eq "")
{
Write-Host "Supply valid samAccountName!"
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
write-host ""
if (Get-Mailbox $userdelegatetoAdd)
{
$delegatetoAdd = Get-Mailbox $userdelegatetoAdd | Select-Object PrimarySmtpAddress
$delegatetoAdd = $delegatetoAdd.PrimarySmtpAddress
}
Else
{
Write-Host "Supply valid samAccountName!"
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
write-host " Permissions defined:"
write-host " None - None - XD"
write-host " Reviewer - Can Read items"
write-host " Author - Can Read and Create items"
write-host " Editor - Can Read, Create and Modify items"
write-host ""
write-host " Note: The delegate must have Editor permissions on the Calendar folder"
Write-Host " to be able to receive copies of meeting messages."
write-host ""
$QCalendarFolderPermissionLevel = Read-Host " Calendar Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]"
write-host ""
$boolValid="false"
switch ($QCalendarFolderPermissionLevel)
{
"n" {$strCalendarFolderPermissionLevel = "None"; $boolValid = "True"}
"r" {$strCalendarFolderPermissionLevel = "Reviewer"; $boolValid = "True"}
"a" {$strCalendarFolderPermissionLevel = "Author"; $boolValid = "True"}
"e" {$strCalendarFolderPermissionLevel = "Editor"; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QInboxFolderPermissionLevel = Read-Host " Inbox Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]"
write-host ""
$boolValid="false"
switch ($QInboxFolderPermissionLevel)
{
"n" {$strInboxFolderPermissionLevel = "None"; $boolValid = "True"}
"r" {$strInboxFolderPermissionLevel = "Reviewer"; $boolValid = "True"}
"a" {$strInboxFolderPermissionLevel = "Author"; $boolValid = "True"}
"e" {$strInboxFolderPermissionLevel = "Editor"; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QTasksFolderPermissionLevel = Read-Host " Tasks Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]"
write-host ""
$boolValid="false"
switch ($QTasksFolderPermissionLevel)
{
"n" {$strTasksFolderPermissionLevel = "None"; $boolValid = "True"}
"r" {$strTasksFolderPermissionLevel = "Reviewer"; $boolValid = "True"}
"a" {$strTasksFolderPermissionLevel = "Author"; $boolValid = "True"}
"e" {$strTasksFolderPermissionLevel = "Editor"; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QContactsFolderPermissionLevel = Read-Host " Contacts Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]"
write-host ""
$boolValid="false"
switch ($QContactsFolderPermissionLevel)
{
"n" {$strContactsFolderPermissionLevel = "None"; $boolValid = "True"}
"r" {$strContactsFolderPermissionLevel = "Reviewer"; $boolValid = "True"}
"a" {$strContactsFolderPermissionLevel = "Author"; $boolValid = "True"}
"e" {$strContactsFolderPermissionLevel = "Editor"; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QNotesFolderPermissionLevel = Read-Host " Notes Permission Level [(N)None, (R)Reviewer, (A)Author or (E)Editor]"
write-host ""
$boolValid="false"
switch ($QNotesFolderPermissionLevel)
{
"n" {$strNotesFolderPermissionLevel = "None"; $boolValid = "True"}
"r" {$strNotesFolderPermissionLevel = "Reviewer"; $boolValid = "True"}
"a" {$strNotesFolderPermissionLevel = "Author"; $boolValid = "True"}
"e" {$strNotesFolderPermissionLevel = "Editor"; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QViewPrivateItems = Read-Host " View Private Items? [(Y)Yes/(N)No]"
write-host ""
$boolValid="false"
switch ($QViewPrivateItems)
{
"y" {$strViewPrivateItems = $true; $boolValid = "True"}
"n" {$strViewPrivateItems = $false; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$QReceiveCopiesOfMeetingMessages = Read-Host " Receive Copies Of Meeting Messages? [(Y)Yes/(N)No]"
write-host ""
$boolValid="false"
switch ($QReceiveCopiesOfMeetingMessages)
{
"y" {$strReceiveCopiesOfMeetingMessages = $true; $boolValid = "True"}
"n" {$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True"}
"" {$boolValid = "False"}
}
if ($strCalendarFolderPermissionLevel -eq "Author" -or $strCalendarFolderPermissionLevel -eq "Reviewer")
{
Write-Host " The delegate must have Editor permissions on the Calendar folder to be able to receive copies of meeting messages."
Write-Host " "
Write-Host " Resetting value for 'Receive Copies Of Meeting Messages' to FALSE!"
$strReceiveCopiesOfMeetingMessages = $false; $boolValid = "True"
}
if ($boolValid -ne "True")
{
Write-Host "No valid permission set provided! Script Quitting!"
Write-Host ""
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
}
$dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.1\Microsoft.Exchange.WebServices.dll"
[void][Reflection.Assembly]::LoadFile($dllpath)
$service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1)
$windowsIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$RequestorUserName = $windowsIdentity.Name
$sidbind = "LDAP://"
$aceuser = [ADSI]$sidbind
$service.AutodiscoverUrl($aceuser.mail.ToString())
$service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $mbtoDelegate);
$mbMailbox = new-object Microsoft.Exchange.WebServices.Data.Mailbox($mbtoDelegate)
$dgUser = new-object Microsoft.Exchange.WebServices.Data.DelegateUser($delegatetoAdd)
$dgUser.ViewPrivateItems = $strViewPrivateItems
$dgUser.ReceiveCopiesOfMeetingMessages = $strReceiveCopiesOfMeetingMessages
$dgUser.Permissions.CalendarFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strCalendarFolderPermissionLevel
$dgUser.Permissions.InboxFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strInboxFolderPermissionLevel
$dgUser.Permissions.TasksFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strTasksFolderPermissionLevel
$dgUser.Permissions.ContactsFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strContactsFolderPermissionLevel
$dgUser.Permissions.NotesFolderPermissionLevel = [Microsoft.Exchange.WebServices.Data.DelegateFolderPermissionLevel]::$strNotesFolderPermissionLevel
$dgArray = new-object Microsoft.Exchange.WebServices.Data.DelegateUser[] 1
$dgArray[0] = $dgUser
$service.RemoveDelegates($mbMailbox,"$delegatetoAdd")
$service.AddDelegates($mbMailbox, [Microsoft.Exchange.WebServices.Data.MeetingRequestsDeliveryScope]::DelegatesAndMe, $dgArray);
Add-content $Logging_File "================================================================="
Add-Content $Logging_File $dateTime
Add-Content $Logging_File "Requestor: $RequestorUserName"
Add-content $Logging_File "Delegated Mailbox: $mbMailbox"
Add-content $Logging_File "Delegate: $delegatetoAdd"
Add-content $Logging_File "Permissions: "
Add-content $Logging_File "Calendar: $strCalendarFolderPermissionLevel"
Add-content $Logging_File "Inbox: $strInboxFolderPermissionLevel"
Add-content $Logging_File "Tasks: $strTasksFolderPermissionLevel"
Add-content $Logging_File "Contacts: $strContactsFolderPermissionLevel"
Add-content $Logging_File "Notes: $strNotesFolderPermissionLevel"
Add-content $Logging_File "View Private Items: $strViewPrivateItems"
Add-content $Logging_File "Receive Copies Of Meeting Messages: $strReceiveCopiesOfMeetingMessages"
$quit=Read-Host "Press CR to quit (CR=Exit) "
if ($quit -eq "") {Break}
A piece of another management script that runs after the user provisioning process, to set default calendar visibility:
if (Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")})
{
# Write-host User Default already has Reviewer permissions on the calendar of $samAccountName
}
Else
{
# Start looping to set the perms again and again every 30 seconds until it has been done or $i=60 - i.e. 30 minutes have passed - in which case something has really gone wrong!
Do
{
Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default
Start-Sleep -s 30
$i=$i+1
}
Until ((Get-MailboxFolderPermission -identity "$samAccountName`:\Calendar" -user Default | Where-Object { ($_.AccessRights -like "*Reviewer*")}) -or ($i -eq 60))
# If $i=60, then something went wrong, so send a mail alerting to this...
if($i -eq 60)
{
$strMail=$strMail + "`r`n !!!! Failed to set Calendar Reviewer Permissions on mailbox " + $samAccountName + ";" + $strForName + $strSurName + "!!!!" #`r`n Set-MailboxFolderPermission -Identity "$samAccountName`:\Calendar" -AccessRights Reviewer -User Default"
$SendMail="True"
}
# If $i is less than 60, the operation completed so write to the log file...
if($i -lt 60)
{
$strMail=$strMail + "`r`n Account Added, Calendar Reviewer Permissions granted to Default user, on mailbox " + $samAccountName + ";" + $strForName + $strSurName
Add-Content $objTransLogFile """$date"",""$time"",""New mailbox added - calendar permissions set"",""$samAccountName"""
$SendMail="True"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.