I'm using PowerShell commandlets to extract MailboxFolderPermissions.
I'm using Get-MailboxfolderStatistics to get list of folders for particular mailbox and then Get-MailboxfolderPermission to get permissions for all available folders.
All is working fine for mailboxes hosted locally on Exchange server I'm connected to.
But in the same domain there is another Exchange server and mailboxes hosted on it are also listed when invoking Get-Mailbox on the first one.
When I try to run Get-MailboxfolderStatistics or Get-MailboxfolderPermission for such "remote" mailbox I'm getting en error:
For Get-MailboxFolderStatistics cmdlet:
Unable to retrieve mailbox folder statistics for mailbox xxxxxxx#xxxxxx.local. Failure: Error code -2146233088 occurred with message Cannot open mailbox /o=xxxxxxxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH2013/cn=Microsoft System Attendant..
+ CategoryInfo: ReadError: (:) [Get-MailboxFolderStatistics],MailboxFolderStatisticsException
+ FullyQualifiedErrorId : BE037E6,Microsoft.Exchange.Management.Tasks.GetMailboxFolderStatistics
+ PSComputerName: xxxxxxxxxxx
For Get-MailboxFolderPermission cmdlet:
Cannot open mailbox /o=xxxxxxxx/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH2013/cn=Microsoft System Attendant.
+ CategoryInfo: NotSpecified: (0:Int32) [Get-MailboxFolderPermission], ConnectionFailedTransientException
+ FullyQualifiedErrorId : A44BD817,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission
+ PSComputerName: xxxxxxxxxxx
Does anyone know what could the cause of above errors?
Is it possible to list permissions for remote mailbox folders?
Any help is really appreciated.
connect remote exchange server via ps session https://technet.microsoft.com/en-us/library/dd335083(v=exchg.160).aspx
Related
I've been trying to solve this problem for days and at least narrowed it down. I'm writing a script for my company with a user interface that allows my colleagues to easily create a new Active Directory user based on a template user, create a new mailbox and add Calendar permissions to their Manager.
Everything is working except for adding the Calendar permissions.
We are running two Exchange Servers, let's call them Exchange1 and Exchange2. Enabling the mailbox based on the AD user works fine but when I get to the step of adding calendar permissions I get this error:
The mailbox /o=COMPANY/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCHANGE2/cn=Microsoft System
Attendant kann nicht geöffnet werden.
+ CategoryInfo : NotSpecified: (:) [Add-MailboxFolderPermission], MailboxUnavailableException
+ FullyQualifiedErrorId : [Server=EXCHANGE1,RequestId=4f818454-7ffc-4fd9-b57d-594bedd7fab6,TimeStamp=15.10.2020 14:11:32] [FailureCategory=Cmd
let-MailboxUnavailableException] 676ABDB0,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
+ PSComputerName : EXCHANGE1
The command I'm trying to run:
Enable-Mailbox -Identity $ADUser
$EmailCalendar = $Email + ":\Calendar"
Add-MailboxFolderPermission -Identity $EmailCalendar -User $Manager -AccessRights Editor
I'm really new to using Powershell administrating Exchange servers, so I'm kind of at my troubleshooting end. It doesn't matter if I connect to EXCHANGE1 or EXCHANGE2, the error message stays the same and I'm having trouble understand why the mailbox is unavailable.
Any help is appreciate:)
To start, I am using Windows 7, I am a full adminstrator on this machine
I have tried other machines and ran as an administrator as well
I am only a sharepoint site collection admin
In powershell we connect to Sharepoint online. during this process, if I use Connect-PnPOnline -Url $masterSiteUrl -useweblogin, I get prompted for a username, however the next screen is blank and stays there.
when I do a view source of that page I get
d>Redirecting....myshn.net/certcheck" method="POST">
I do have scripting enabled and sometimes I get a certificate issue, I have clicked "Install Certificate" although I am not sure what it did, but it still doesnt work
Ive also tried -SPOManagementShell and -ClearTokenCache
and get the following error
Connect-PnPOnline : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Connect-PnPOnline -Url $masterSiteUrl -useweblogin -spoManagementShel ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Connect-PnPOnline], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,SharePointPnP.PowerShell.Commands.Base.ConnectOnline
See this:
Connect to all Office 365 services in a single Windows PowerShell
and this...
Connect to all Office 365 Services PowerShell - Supports MFA too
Using our All-in-One PowerShell script, you can connect to all Office
365 Services using a single cmdlet. It supports both MFA and non-MFA
account -Exchange Online -Azure AD -SharePoint Online -Skype for
Business Online -Security & Compliance Center -Teams
Download: ConnectO365Services.ps1
O365_Logon 1.1
O365 logon cmdlets to assist IT administrators. In this module, there
are several cmdlets that simplify the process of logging onto various
O365 components.
I want to set an user mailbox to a shared mailbox with the command below:
Set-Mailbox user#domain.com -Type shared
I'm getting this error message back (Sorry for bad format):
The operation couldn't be performed because object 'user#domain.com' couldn't be found on
'server-vm-02.domain.com'.
+ CategoryInfo : NotSpecified: (:) [Set-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=SERVER-VM-37,RequestId=1f445bc7-6d4c-4443-a0b3-8a0617d8e83a,TimeStamp=22.05.201
12:11:51] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 96F1E1EA,Microsoft.Exchange.Management.Recip
ientTasks.SetMailbox
+ PSComputerName : server-vm-37.domain.com
I've tried it when the user is enabled and disabled in AD.
In the Portal Admin Center the Account is blocked, but in my oppinion it doesn't matter.
And yes I typed the address correctly, I typed instead of the address the name as well as the username, nothing worked.
Before doing a Set-Mailbox try a Get-Mailbox. Are you sure there is a mailbox under this UPN ? Are you on the Exchange Server or on your computer when you run this cmdlet ?
I would like to set Edge as an Assigned Access to a User.
I'm using the following PowerShell Command:
Set-AssignedAccess -AppUserModelId Microsoft.MicrosoftEdge -UserName xy
But I always get the following error (translated from German):
System error 1376 has occurred.
The specified local group does not exist.
New-CimInstance : A general error has occurred, for which
no specific error code is available.
C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\AssignedAccess\AssignedAccess.psm1:300
Zeichen:13
+ New-CimInstance -ClassName WEDL_AssignedAccess -Property ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (WEDL_AssignedAccess:CimInstance) [New-CimInstance], CimException
+ FullyQualifiedErrorId : MI RESULT 1,Microsoft.Management.Infrastructure.CimCmdlets.NewCimInstanceCommand
The local user exists, and the app exists too. I also logged in with the user I want to set the assignedaccess to make sure the profile is set u0p correctly
This happened on two different Windows 10 (build 14393) machines
I'm on PSVersion:
PS C:\WINDOWS\system32> $psversiontable.psversion.toString()
5.1.14393.1944
Does anybody know how to solve this?
Ran in to this yesterday. From what i could tell the "local group" thats referenced is actually the admin group.
I ran the following commands in an elevated powershell prompt:
Net localgroup administrators /add.
This creates a local Administrators group.
Net localgroup administratörer administrators /add.
This adds the administrators group to the local admin group (Administratörer is the Swedish localization of Administrators, use the local version depending on your country and replace it).
After this is done, run your previous commands.
Give it a try, hope it helps :)
//Chris
Set-AssignedAccess -UserName weakusername -AUMID Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
I'm using a script to create a folder on a remote server which is a filew server and a RODC.
When I run the script from a domain admin user the command complet successfuly. When I run with an account that is on the group that can administer the RODC I got an access denied.
$remotefolder = [scriptblock]::create("New-Item -Path d:\testfolder -type directory -Force ")
Invoke-Command -ComputerName server1 -ScriptBlock $remotefolder
I get this error:
[server1] Connecting to remote server server1 failed with the following error message : Access is denied.
For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (server1:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
As it's an RODC there's no local groups that I can add my users that need to run this script.
Is anybody know how I can stop getting this accessdenied ?
Update 12/12:
I tried the same script block on a domain member server only and I don't get the access denied message, the folder is created as it should. Any toughs on how I can get this script block running on a RODC without using a Domain admin user ?
You should probably read up on PSSessionConfiguration before you do this, so you understand the implications, starting with
help about_Session_Configurations
First, create a domain group called 'RODC PowerShell Users'. Put yourself in it, wait for replication, log off and on again. Check that you're in this group.
Second, from an elevated shell on the RODC, run this:
Set-PSSessionConfiguration microsoft.powershell -ShowSecurityDescriptorUI
(After the first, time you'll probably want to use -Force but it's useful to see what it's doing.) Hit Y when asked to confirm.
After a few seconds it will display the Permissions UI for http://schemas.microsoft.com/powershell/microsoft.powershell
Click Add, enter your group name in the dialog that appears, and click OK.
In the "Permissions for RODC PowerShell Remoting Access" box, start with Read and Execute. (You may need Write or Full Control, depending on what you want to do.)
Click OK.
Then enter Y in the PowerShell window to confirm you want to restart WinRM.
From your remote box, assuming you've already set up remoting on the RODC, you should now be able to run:
Invoke-Command -ComputerName server1 { $env:computername }