We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Grant Full Access to manager for all subordinates' mailboxes

February 18, 2021 Views: 2024

This script provides a manager with full access to mailboxes of all his/her subordinates. To provide access to subordinates' mailboxes, you can create a custom command that runs the script. For more information, see Create a Custom Command.

Edit Remove
PowerShell
function GetAllSubordinates($directReportDN, $subordinateDNs, $mailboxParams)
{
    if($subordinateDNs.Contains($directReportDN))
    {
        return
    }

    $subordinateDNs.Add($directReportDN) | Out-Null
    
    # Bind to subordinate
    $user = $Context.BindToObjectByDN($directReportDN)
    
    # Check whether the user has mailbox
    if ($user.RecipientType -ieq "ADM_EXCHANGERECIPIENTTYPE_MAILBOXENABLED")
    {
        # Save the 'Full Mailbox Access' permission for the target user 
        # into the current subordinate mailbox
        $user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
    }
    
    # Try to get subordinates of the current subordinate
    try
    {
        $directReportDNs = $user.GetEx("directReports")
    }
    catch
    {
        return
    }
    
    foreach ($directReportDN in $directReportDNs)
    {
        GetAllSubordinates $directReportDN $subordinateDNs $mailboxParams
    }
}

# Get direct subordinates
try
{
    $directReportDNs = $Context.TargetObject.GetEx("directReports")
}
catch
{
    $Context.LogMessage("The user doesn't have any direct reports.", "Warning") # TODO: modify me
    return
}

# Create 'Full Mailbox Access' permission for the target user
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$mailboxRights = $mailboxParams.MailboxRights

$objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
$objReference.ObjectDN = "%distinguishedName%"

$permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"(
    "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS",
    0,
    $objReference)

$permissionModification = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
$permissionModification.Operation = "ADS_PROPERTY_APPEND"
$permissionModification.Permission = $permission

$mailboxRights.AddModification($permissionModification)
$mailboxParams.MailboxRights = $mailboxRights

# Set the 'Full Mailbox Access' permission on all the subordinate's mailboxes
$subordinateDNs = New-Object "System.Collections.Generic.HashSet[String]"
foreach ($directReportDN in $directReportDNs)
{
    GetAllSubordinates $directReportDN $subordinateDNs $mailboxParams
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers