I'm currently working on a script to change some Mailboxfolderpermissions in Exchange 2010.
The basic functions work, I can read out the current permission-status and I can set permissions, but the cmdlet Set-Mailboxfolderpermission does not correctly set the permissions.
For example:
Set-MailboxFolderPermission -Identity Owner:\Calendar -User TargetUser -AccessRights Contributor
This results in a custom named setting, where nothing changed in relation to the previous setting.
Same thing when I substitute Contributor with the explicit permissions FolderVisible, CreateItems.
Update:
I just tried to use the cmdlet from the shell and there it works.
To test whether the internal output is right, I printed the permissions on the shell and everything was fine.
Right now I'm wondering even more.
What is the point here? Is it a bug, am I to frustrated to see the right way out of my problem?
I use the below - just be certain to use the UPN & Set permission - Set doesn't always work - You could just first remove the current & then add a different permission:
Remove-MailboxFolderPermission -identity "Owner#something.com:\calendar" -User targetUser#something.com
Add-MailboxFolderPermission -identity "Owner#something.com:\calendar" -User targetUser#something.com -AccessRights owner
Related
Does someone know if it is possible to add a time period to this Powershell command:
Add-MailboxPermission -Identity user01#domain.com -User user02#domain.com -AccessRights FullAccess -InheritanceType All
So is there a way so I can give user02 accessright for the Mailbox of user01 from lets say 2022/11/20 up to 2022/11/25?
No. The Add-MailboxPermission cmdlet does not accept any date-range parameters:
https://learn.microsoft.com/en-us/powershell/module/exchange/add-mailboxpermission?view=exchange-ps
You could write a script to check the current date and run the appropriate Add- and Remove-MailboxPermission commands at the appropriate time.
(An alternate - but messy - approach is to create a temporary user account with access, setting an expiration date on the user account. You'll need to mop up the account and permissions afterwards, though.)
I know how to set group policy to add a logon script to every user using GUI but I wanted to know how can this be done using Powershell commands(or maybe with python).
Currently, the only real way to set a GPO setting via powershell requires that you know the registry key you're changing (all GPO settings resolve to registry entries), but be aware that settings done like this won't show up with the nice descriptions in the group policy gui tools:
Get-GPO -Name 'Logon Scripts' | Set-GPRegistryValue -Context User -Key 'HKEY_CURRENT_USER\path\to\key' -Value 'Foo.bat'
Generally, the better way to do what you want is to set the AD User's ScriptPath property instead:
Get-ADUser $user | Set-ADUser -ScriptPath 'Foo.bat'
I have a created a custom power shell activity to delete users from a group in A.D.
In the execution command i have given the code like,
Remove-ADGroupMember -Identity "Cab-Approval" -Members Williams,James.Anderson,Jaffer.Hamzad
So, when i clikced on Test Inputs it is giving error like,
enter image description here
SO what is this error, and how to over come this. Can some one help me here
Regards,
Vijay
Welcome to Stack Overflow! Be sure to read the FAQs on how to format your questions. Posting an image is discouraged as we're not able to easily digest it as oppose to pre-formated code blocks. A link to the FAQ for asking is here
That said, it looks like from your error message that you're either running the script remotely or running it from a non-interactive shell. The reason you're receiving this error is because Remove-ADGroupMember prompts you for an Are you sure? response.
You can do the following to mitigate this:
Remove-ADGroupMember -Identity "Cab-Approval" -Members Williams,James.Anderson,Jaffer.Hamzad -Force
The -Force switch will ignore the prompts.
I want to be able to set an email forward in Exchange Powershell O365
I'm trying
Set-Mailbox -Identity emailaddress -DeliverToMailboxAndForward $true -ForwardingSMTPAddress forwardingaddress
but getting
A parameter cannot be found that matches parameter name
'DeliverToMailboxAndForward'.
Do I need to load a snap-in? I can't find any help about this.
You forgot your $'s my friend
Set-Mailbox -Identity $emailaddress -DeliverToMailboxAndForward $true -ForwardingSMTPAddress $forwardingaddress
Also something to look out for when using Exchange Online PSSession (and maybe regular Exchange PSSession) is that it uses the JEA functionality of PowerShell. JEA is Just Enough Administration it actually looks at what roles the account used to connect to the PowerShell Session has and it ONLY gives you the commands that account has the roles to do. I'm not sure if it goes to the level of removing parameters from functions you only have partial access to do. For the missing Cmdlet part though I ran into this while beating my head against the wall writing a batch migration utility come to find out SysAdmin never gave me the permission to do batch migration. As soon as They gave me the permission and I imported the PSSession again BAM Cmdlet was there.
Hope that helps.
I am trying to write a powershell script to add and remove members from a distribution list which is present in the active directory.I tried a command for adding members to the distribution list which is like:
ADD-DistributionGroupmember -identity "staff" -member "johnevans#contoso.com"
but when i try to execute this command i get an error saying that add-distributiongroupmember is an invalid command.
so,can anyone provide me a powershell script to add and remove members from the distribution list which is present in the active directory.
Add-DistributionGroupMember is an Exchange cmdlet, and requires the Exchange management snapin, or a remote Exchange management session.
You can accomplish the same thing using the ActiveDirectory module and Add-ADGroupMember, but you won't be able to use the user's email address as the member identity to add. Exchange will work with that as an identity reference, but the native AD cmdlets won't.
You need Exchange Powershell module: http://blogs.technet.com/b/heyscriptingguy/archive/2012/01/23/learn-how-to-use-powershell-to-run-exchange-server-commands-remotely.aspx
If you want to do it without the Exchange cmdlets, this works I tested it:
$groupIdentity = "My Group"
$userEmailAddress = "johnevans#contoso.com"
Add-ADGroupMember -Identity $groupIdentity -Member (Get-ADUser -Filter {mail -eq $userEmailAddress})