0 votes

Ive developed a powershellscript that is able to add this functionality, feel free to improve or use.

Iv'e used the msExchExtensionCustomAttribute3 and then renamed the attribute in Adaxes to "Full Mailbox Access". Also it uses samAccountName as user identifier, you could also implement adaxes module, but Im more comfy with MS modules.

There is no sync with the regular exchange management list of full mailbox access and the attributes list, and I intended to to this only because I didnt want to wait til the next adaxes update with better exchange support.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
import-module activedirectory

if ($Context.IsPropertyModified("msExchExtensionCustomAttribute3"))
  {

    $OldAccessList  = Get-ADUser -identity %sAMAccountName% -properties "msExchExtensionCustomAttribute3"  | Select-Object msExchExtensionCustomAttribute3
    $NewAccessList = $Context.GetModifiedPropertyValues("msExchExtensionCustomAttribute3");

    foreach ($account in $OldAccessList.msExchExtensionCustomAttribute3)
    {

        if ($newAccessList -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
         {
             $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
            $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress
            Remove-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -InheritanceType 'All' -ExtendedRights 'send-as' -Confirm:$false
            Remove-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -Confirm:$false
            $Context.LogMessage("Removed FullMailboxAccess to" + ": " + $account, "Information")

        }

        else {}

    }

    if ($NewAccessList -ne $NULL)
        {

            foreach ($account in $NewAccessList)
             {

                   # Check if samAccountName Exists in AD. If not, Cancel Edit.              
                   if((Get-ADUser -f {samAccountName -eq $account}) -eq $NULL) 
                   {

                      $Context.Cancel("Following account does not exist: " + $account);
                      return;
                   }

                 if ($OldAccessList.msExchExtensionCustomAttribute3 -notcontains $account -and (Get-ADUser -Filter {samAccountName -eq $account}) -ne $NULL)
                    {

                    $CurrentUser = Get-ADUser -Identity %sAMAccountName% | Select-Object DistinguishedName, SamAccountName
                    $SamId = Get-Mailbox -identity $account  | Select-Object DistinguishedName, SamAccountName, PrimarySMTPAddress

                            Add-MailboxPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -AccessRight FullAccess -InheritanceType All
                            Add-ADPermission -Identity $CurrentUser.DistinguishedName -User $SamId.DistinguishedName -Extendedrights "Send As"
                            $Context.LogMessage("Added FullMailboxAccess to" + ": " + $SamId.SamAccountName, "Information")
                    }   

                 else{}

              }
        }    

}
by (20 points)

1 Answer

0 votes
by (18.0k points)

Hello,

Thank you for sharing the script. We really appreciate it!

0

Starting from Adaxes 2013.1, Adaxes allows you to grant the Full Access permission for a mailbox using the built-in functionality.

In the Administration Console:

In the Web Interface.

Also, you can grant rights other than Full Access, for example, Send As or Send on Behalf Of.

With Adaxes Business Rules. Custom Commands and Scheduled Tasks, you can grant rights for a mailbox automatically, using the Modify Exchange Properties action. For more details, see Example 10 in the Automate Exchange Mailbox Configuration Tutorial.

Related questions

0 votes
0 answers

Hi, I'm currently working with setting up a new Adaxes solution for a customer at my company. The customer needs a solution that can add a security group with full ... help me out here :-) That would be greatly appreciated. Best Regards, Kristoffer Høie.

asked Jun 29, 2016 by krihoie (20 points)
0 votes
1 answer

Hi Everyone I want to create a custom command where I can select multiple users and then select a mailbox and give them full access to the mailbox. Is there a way to do it? Thank you for help

asked Nov 2, 2021 by Sandberg94 (320 points)
0 votes
1 answer

Is is possiable to send Automate an email to go out to the users of a delegated mailbox? We give Full Access and Send As access of disabled accounts to thier replacements for 30days ... then send a email to each one of them? Adaxes version: 2017.2 3.8.14823.0

asked Oct 28, 2019 by hgletifer (1.3k points)
0 votes
1 answer

Hallo Everyone I've seen the Report for Exchange Mailboxes with OU, Send on Behalf, Full Rights and Send As Rights: https://www.adaxes.com/questions/ ... . Example: User: Peter.Steinmann Identity: Which Mailboxes AccessRights: FullAccess Kind regards,

asked Jul 6 by Sandberg94 (320 points)
0 votes
1 answer

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active ... to leave the question 'blank', which means that no one gets access to the mailbox.

asked Apr 22, 2020 by RayBilyk (220 points)
2,884 questions
2,604 answers
6,762 comments
119,154 users