ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}

    IT Discussion
    3
    9
    1081
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Grey
      Grey last edited by

      $user = read-host -Prompt "Add a user for send/full/send as! Who are we adding? (Ex: username)"
      $mailbox = Read-Host -Prompt "Which mailbox? (Mail alias, ex: sharedAlias)"
      $name = get-aduser $user |Select-Object -expandproperty name
      $sendas = get-mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}
      Add-MailboxPermission -AccessRights FullAccess -Identity $mailbox -User $user -InheritanceType All -confirm
      Add-ADPermission $name -User $mailbox -Extendedrights "Send As"
      Add-MailboxFolderPermission -identity $mailbox':\' -user $user -AccessRights PublishingAuthor
      set-mailbox $mailbox -grantsendonbehalfto $sendas
      

      I'm working to debug this and I'm at the lastactionable portion, set-mailbox $mailbox -grantsendonbehalfto $sendas, and that's where it throws an error. It needs the output of $sendas to look like @{Add="<value1>", "<value2>", "<value3>"} so I was going to use add-member or out-string but neither has worked for me so far. I'm on day two of this BS and could use some help from anyone has any ideas on a different method?

      1 Reply Last reply Reply Quote 0
      • NerdyDad
        NerdyDad last edited by

        Instead of set-mailbox have you considered trying Add-ADPermission?

        I know at face value, it looks misleading, but check the TechNet article out:

        https://technet.microsoft.com/en-us/library/bb124403(v=exchg.141).aspx

        Add-ADPermission -Identity "Ellen Adams" -User AaronPainter -AccessRights ExtendedRight -ExtendedRights "send as"

        1 Reply Last reply Reply Quote 0
        • NerdyDad
          NerdyDad last edited by

          So, here I would try:

          Add-ADPermission -Identity $mailbox -User $sendas -AccessRights ExtendedRight -ExtendedRights "send as"

          Grey 1 Reply Last reply Reply Quote 0
          • Grey
            Grey @NerdyDad last edited by

            @nerdydad said in Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}:

            So, here I would try:

            Add-ADPermission -Identity $mailbox -User $sendas -AccessRights ExtendedRight -ExtendedRights "send as"

            I saw that, and the script has the option you mention. For full usage, each mailbox 'needs' send as, full access and send on behalf of. The send on behalf of item only seems to be able to be set through set-mailbox.

            1 Reply Last reply Reply Quote 0
            • Grey
              Grey last edited by

              https://blogs.technet.microsoft.com/manjubn/2012/10/02/grantsendonbehalfto-permissions-for-mailbox-overwrites-existing-permission/ has some more detail on the problem. The issue I have is creating the array dynamically, pulled from the list of people that have 'fullaccess' already.

              1 Reply Last reply Reply Quote 0
              • NerdyDad
                NerdyDad last edited by

                ~Have you considered upgrading to 2016 Exchange server?~

                Grey 1 Reply Last reply Reply Quote 0
                • Grey
                  Grey @NerdyDad last edited by

                  @nerdydad said in Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}:

                  ~Have you considered upgrading to 2016 Exchange server?~

                  I tried. Management has this 0 downtime thing and won't let me do things. It's a little infuriating.

                  NerdyDad 1 Reply Last reply Reply Quote 0
                  • Dashrender
                    Dashrender last edited by

                    @grey said in Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}:

                    $sendas = get-mailbox $mailbox | Get-MailboxPermission | where {$.user.tostring() -ne "NT AUTHORITY\SELF" -and $.IsInherited -eq $false}

                    This is where you're reading into an array the list of users who already have permission, right?

                    Looks like you need to use -grantsendonbehalfto $($a.grantsendonbehalfto) to pull out the usernames only

                    1 Reply Last reply Reply Quote 0
                    • NerdyDad
                      NerdyDad @Grey last edited by

                      @grey said in Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}:

                      @nerdydad said in Exchange 2010 PS: output to @{Add="<value1>", "<value2>", "<value3>"}:

                      ~Have you considered upgrading to 2016 Exchange server?~

                      I tried. Management has this 0 downtime thing and won't let me do things. It's a little infuriating.

                      Sounds like an entirely different thread.

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post