0 votes

Ive developed a powershellscript that is able to add this functionality, feel free to improve or use.

Iv'e used the msExchExtensionCustomAttribute3 and then renamed the attribute in Adaxes to "Full Mailbox Access". Also it uses samAccountName as user identifier, you could also implement adaxes module, but Im more comfy with MS modules.

There is no sync with the regular exchange management list of full mailbox access and the attributes list, and I intended to to this only because I didnt want to wait til the next adaxes update with better exchange support.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
import-module activedirectory

if ($Context.IsPropertyModified("msExchExtensionCustomAttribute3"))
  {

    $OldAccessList  = Get-ADUser -identity %sAMAccountName% -properties "msExchExtensionCustomAttribute3"  | Select-Object msExchExtensionCustomAttribute3
    $NewAccessList = $Context.GetModifiedPropertyValues("msExchExtensionCustomAttribute3");

    foreach ($account in $OldAccessList.msExchExtensionCustomAttribute3)
    {

        if ($newAccessList -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
         {
             $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
            $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress
            Remove-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -InheritanceType 'All' -ExtendedRights 'send-as' -Confirm:$false
            Remove-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -Confirm:$false
            $Context.LogMessage("Removed FullMailboxAccess to" + ": " + $account, "Information")

        }

        else {}

    }

    if ($NewAccessList -ne $NULL)
        {

            foreach ($account in $NewAccessList)
             {

                   # Check if samAccountName Exists in AD. If not, Cancel Edit.              
                   if((Get-ADUser -f {samAccountName -eq $account}) -eq $NULL) 
                   {

                      $Context.Cancel("Following account does not exist: " + $account);
                      return;
                   }

                 if ($OldAccessList.msExchExtensionCustomAttribute3 -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
                    {

                    $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
                    $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress

                            Add-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -InheritanceType All
                            Add-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -Extendedrights "Send As"
                            $Context.LogMessage("Added FullMailboxAccess to" + ": " + $SamId.SamAccountName, "Information")
                    }   

                 else{}

              }
        }    

}
by (250 points)

1 Answer

0 votes
by (19k points)

Hello,

Thank you for sharing the script. We really appreciate it!

0

Starting from Adaxes 2013.1, Adaxes allows you to grant the Full Access permission for a mailbox using the built-in functionality.

In the Administration Console:

In the Web Interface.

Also, you can grant rights other than Full Access, for example, Send As or Send on Behalf Of.

With Adaxes Business Rules. Custom Commands and Scheduled Tasks, you can grant rights for a mailbox automatically, using the Modify Exchange Properties action. For more details, see Example 10 in the Automate Exchange Mailbox Configuration Tutorial.

Related questions

0 votes
0 answers

Hi, I'm currently working with setting up a new Adaxes solution for a customer at my company. The customer needs a solution that can add a security group with full ... help me out here :-) That would be greatly appreciated. Best Regards, Kristoffer Høie.

asked Jun 29, 2016 by krihoie (250 points)
0 votes
1 answer

Is is possiable to send Automate an email to go out to the users of a delegated mailbox? We give Full Access and Send As access of disabled accounts to thier replacements for 30days ... then send a email to each one of them? Adaxes version: 2017.2 3.8.14823.0

asked Oct 28, 2019 by hgletifer (6.2k points)
0 votes
1 answer

Is it possible to change the date format in the email notifications sent from Adaxes from e.g. 01/01/2020 to 01 January 2020?

asked Jun 15 by peggleg (880 points)
0 votes
1 answer

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active ... to leave the question 'blank', which means that no one gets access to the mailbox.

asked Apr 22 by RayBilyk (480 points)
0 votes
1 answer

Is there any way to give users the ability to see the approvers for their requests without necessarily giving them full read access to those approvers properties?

asked Sep 25, 2019 by dotkickpra (280 points)
2,251 questions
2,011 answers
5,507 comments
25,299 users