Having issues with remove-mailboxPermission and Add-MailboxPermission. I receive the following error:
The Command Get-Mailbox works however the rest does not (note: I've edited out our DNS)
#PowerShell script to add access to an email and not map
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get-Mailbox davidb#aaa.com
Remove-MailboxPermission -Identity davidb#aaa.com -User AshleyD#aaa.com -AccessRights FullAccess
Add-MailboxPermission -Identity davidb#aaa.com -User AshleyD#aaa.com -AccessRights FullAccess -AutoMapping:$false
Remove-PSSession $Session
The error "A term _____ is not recognized as the name of a cmdlet..." can be misleading. If your syntax is correct it usually means that you don't have sufficient permission to run that commandlet.
You can use this guide to find out which specific permission you need to run each cmdlet:
https://learn.microsoft.com/en-us/powershell/exchange/exchange-server/find-exchange-cmdlet-permissions?view=exchange-ps
You may be wondering "why doesn't it just tell me that I don't have permission?" It makes a little more sense when you understand why you get this error. Remember that your session can't see(for lack of a better term) parameters or commandlets you don't have permissions for. So depending on what you are trying to do PowerShell may tell you "thats not a valid command" or "thats not a valid parameter", when in fact those are valid commmands and parameters, your session just can't see them if you don't have access to run it. This will also happen if you are connected to a wrong URI in your O365 PowerShell session(e.g. the compliance uri instead of the outlook uri)
EDIT: This site says you need to be a member of the "Organization Management" group in order to run these cmdlets.
Related
I was trying to get read the AuditLogs from Office 365 via PowerShell, so we can analyse usage and have the data automatically be updated:
# Create/Import remote session (no errors, no warnings)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking -AllowClobber
Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -ResultSize 5000 # <- Fails here
Error:
Search-UnifiedAuditLog : The term 'Search-UnifiedAuditLog' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Was that cmdlet removed or did I miss something?
If this no longer works is there another way to get the audit logs automatically?
I appearently was missing some access rights to Exchange, which meant certain commands were hidden for me.
I am using the following Syntax, to Migrate user`s and create O365 mailboxes in our organization:
# Mailbox Migration Script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Enable-RemoteMailbox -Identity user.name -PrimarySmtpAddress user.name#company.com -RemoteRoutingAddress user.name#company365.mail.onmicrosoft.com
sleep 30
# After the initial script has done running, run the following:
Get-RemoteMailbox user.name|Set-RemoteMailbox -EmailAddressPolicyEnabled:$true
Everything works ok , but what i would like to do is to convert this, so the data is being read from a CSV file instead so that the actual wont have to be touched.
Im guessing this should be with the import-csv, unfortunately i don`t know what the rest of the syntax should be.
The exact data i need to acquire via csv is the following:
-Identity user.name
-PrimarySmtpAddress user.name#company.com
-RemoteRoutingAddress user.name#company365.mail.onmicrosoft.com
Each part of the data should be acquired from a column in the CSV.
Please assist with creating this script.
Thanks a bunch , in advance to all.
You're right -- Import-CSV is the ticket here.
$ExchangeData = Import-CSV -path C:\MyExchangeData.csv
# Access the data to IMPORT each user.
# Assumes the CSV has "Email, UserName, RemoteEmail" as headers.
foreach ($user in $ExchangeData) {
Enable-RemoteMailbox -Identity $user.UserName -PrimarySmtpAddress $user.Email -RemoteRoutingAddress $user.RemoteEmail
}
I'm trying to automate a powershell script which gathers data from O365. I've got a special limited user setup with the privileges required on O365 and also with local logon allowed on the server so that I can "run-as" that user (which I do for all the scripts below. I have verified different, expected errors when running as other users).
The script works fine interactively when credentials are set like this and the session opened:
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
However, if I create the credentials file for automation with:
Get-Credential | Export-Clixml -Path C:\batch\${env:USERNAME}_cred.xml
And then access from the script via:
$cred = Import-Clixml -Path C:\batch\${env:USERNAME}_cred.xml
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic –AllowRedirection
The credential file load appears to succeed. I then get "Access Denied" on the session open, and then of course the rest of the script fails due to the session being null. I'm cutting and pasting the password in all cases (plus have tried many, MANY times including hand typing) so I don't think it's a simple typo issue. Seems more like something I'm fundamentally misunderstanding about powershell. Ultimately I'd like to not just have the credentials automated, but also have it run from task scheduler if there's any special settings above and beyond that I also need.
I don't see anything wrong from your code from PowerShell perspective. I have tested the way you are creating credentials within a company domain and I was able to create new session by importing credential XML file that was created by exporting the credentials the way you did. I then assume it might be MS Exchange related.
I can suggest alternatives for you to try:
# First we need to get the encrypted password:
$TempCred = Get-Credential
# provide credentials to the prompt
# now the encryption to be saved in a file
$TempCred.Password | ConvertFrom-SecureString | Set-Content C:\mypass.txt
This was the encrypted version of your password is saved as a text.
In your automation script you can now do this:
$username = "yourusername"
$password = Get-Content C:\mypass.txt | ConvertTo-SecureString
$cred = New-Object System.Management.Automation.PsCredential($username, $password)
$session = New-PSSession -Credential $cred .....
I am not sure if this works in your case, it worked in my company domain. Once again it worked for me the XML version too. I am just providing alternatives to try if you are not keen to find out as to why the XML way did not work.
I was able to get this working, in my environment at least, by including a call to Import-PSSession:
$Credential = Import-Clixml -Path D:\Modules\O365Credentials.xml
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Get-Mailbox
Does the account in question have MFA enabled? If so, you might try this.
This script:
Downloads Exchange Online Remote PowerShell Module
Installs Exchange Online PowerShell Module
Connects Exchange Online PowerShell using MFA
Or, you can perform these manually. More information, including a detailed walk-through, is available here:
https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/
I want to share other peoples Office 365 calendars with me, with different access rights for testing. I have Exchange admin rights so that I can poke around in the Office365 Exchange config.
With https://theitbros.com/add-calendar-permissions-in-office-365-via-powershell/ as inspiration and some help from https://social.technet.microsoft.com/Forums/office/en-US/d59a04ec-3d9d-40c1-8937-fedfba79b888/assigned-reviewer-access-rights-through-powershell-but-can-create-calendar-appointments?forum=Exch2016PS I have done the following
Start Powershell as admin
Log into Office365:$LiveCred = Get-Credential
Create a new session:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import the Office365 session:
Import-PSSession $Session
Query the mailbox folder statistics with Get-MailboxFolderStatistics, but filter on 'identity':
Get-MailboxFolderStatistics b#tdomain.onmicrosoft.com | fl identity
This shows names for these 'Identities' and tells me that the calendar in Dutch is called Agenda.
Update the permissions for those folders:
Add-MailboxFolderPermission -Identity t#tdomain.onmicrosoft.com:\Agenda -user jandoggen#tdomain.onmicrosoft.com -AccessRights PublishingEditor
Add-MailboxFolderPermission -Identity i#tdomain.onmicrosoft.com:\Agenda -user jandoggen#tdomain.onmicrosoft.com -AccessRights Editor
Add-MailboxFolderPermission -Identity b#tdomain.onmicrosoft.com:\Agenda -user jandoggen#tdomain.onmicrosoft.com -AccessRights Reviewer
If I now verify the permissions with
Get-MailboxFolderPermission t#tdomain.onmicrosoft.com:\Agenda
Get-MailboxFolderPermission i#tdomain.onmicrosoft.com:\Agenda
Get-MailboxFolderPermission b#tdomain.onmicrosoft.com:\Agenda
... I see access rights {PublishingEditor}, {Editor} and {Reviewer}:
However, in OWA (Outlook Web Access) I can still create appointments in b's calendar, where it says {Reviewer}.
What am I overlooking?
First: it looks like giving PublishingEditor gives you the rights needed to Create/Remove items. I suggest digging into AccessRights.. More here: https://social.technet.microsoft.com/Forums/en-US/105ccad6-4d36-4c6b-a2e1-8cc890fde9fb/addmailboxpermission-accessrights-definition?forum=exchangesvrgeneral
Specifically, this:
Second: Are you Dutch by any chance? I have never seen the ':\agenda' switch used before. From what I have found, only when using the Dutch language 'pack' should you use ':\agenda'.
Please try those same commands, but use ':\calendar' instead of ':\agenda'. I am not sure if this will have any affect, but it is a good start.
Found here: http://www.vdberge.com/kennisbank/a-quick-way-to-set-calendar-permissions-using-powershell/
Add-MailboxFolderPermission -Identity t#tdomain.onmicrosoft.com:\Calendar -user jandoggen#tdomain.onmicrosoft.com -AccessRights PublishingEditor, Editor, Reviewer
Third: it looks like the permissions you are assigning do not make sense. Please review access rights and the permissions that encompasses them.
How do you avoid all of the unwanted console output when doing Import-PSSession? I'm writing a script to monitor some stuff in Exchange and it needs to drop into our monitoring system and only produce very specific output, but whenever I import my Exchange session it produce
WARNING: Some imported command names include unapproved verbs which
might make them less discoverable. Use the Verbose parameter for more
detail or type Get-Verb to see the list of approved verbs.
I've tried:
$Session=(Import-PSSession(New-PSSession -ConfigurationName Microsoft.Exchange \
-ConnectionUri http://CasServer/PowerShell/ -Authentication Kerberos \
-Credential $Cred -AllowClobber -WarningAction:SilentlyContinue)
It still displays the unwanted text. I've also tried -ErrorAction:SilentlyContinue; doesn't work.
You can use the following switch to suppress the warning, if specifying all the cmdlets you want to use isn't feasible:
-DisableNameChecking
Example:
Import-PSSession $session -DisableNameChecking
I think better solution is to read the output of the Import-PSSession into variable such as:
$output = Import-PSSession $session -AllowClobber
Then you can read the $output and see if it is a warning, error etc.
But don't use -WarningAction:SilentlyContinue or -ErrorAction:SilentlyContinue because you'll never see if it is oK or not
You are setting -WarningAction on Import-PSSession. Warning you get smells like Import-Module (that Import-PSSession calls behind the scenes).
You may change $WarningPreference global variable to SilentlyContinue for the life of your script. That would silent the warning you get.
you can try pipe to | out null
Another option:
Import-PSSession $session 3> $null