Script Repository


Check if Full Access permissions are modified

February 24, 2021
339

The script checks whether Full Access permissions are modified for a mailbox. To run the script, use the If PowerShell script returns true condition in a business rule triggering Before/After modifying a user/modifying Exchange proeprties of a user.

Edit Remove
PowerShell
$Context.ConditionIsMet = $False

# Check whether mailbox rights are modified
$modifiedMailboxParams = $Context.Action.MailParameters

if (-not($modifiedMailboxParams.MailboxRightsModificationEnabled))
{
    return # Mailbox rights are not modified
}

# Check modifications
$modifiedMailboxRights = $modifiedMailboxParams.MailboxRights
$modifications = $modifiedMailboxRights.GetModifications()
if ($modifications.Length -ne 0)
{
    $fullAccessFlag = [Softerra.Adaxes.Interop.Adsi.Exchange.ADM_EXCHANGE_MAILBOX_RIGHTS_ENUM]::ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS
    foreach ($modification in $modifications)
    {
        $permissions = $modification.Permission
        if ($permissions.AllowedRights -band $fullAccessFlag -or 
            $permissions.InheritedAllowedRights -band $fullAccessFlag -or
            $permissions.DeniedRights -band $fullAccessFlag -or
            $permissions.InheritedDeniedRights -band $fullAccessFlag)
        {
            $Context.ConditionIsMet = $True
            return
        }
    }
    return
}

# Compare current permissions with modified
$mailboxParams = $Context.TargetObject.GetMailParameters()
$fullAccess = New-Object "System.Collections.Generic.HashSet[System.Object]"
$modifiedFullAccess = New-Object "System.Collections.Generic.HashSet[System.Object]"
$mailboxParams.MailboxRights.GetTrusteesGrantedRights("ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS") | %%{[void]$fullAccess.Add($_)}
$modifiedMailboxParams.MailboxRights.GetTrusteesGrantedRights("ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS") | %%{[void]$modifiedFullAccess.Add($_)}

$Context.ConditionIsMet = -not($fullAccess.SetEquals($modifiedFullAccess))


Comments ( 0 )
No results found.
Leave a comment