Script Repository

Grant mailbox permissions to users predefined in a multivalued property

January 19, 2022

The script grants Full Access and Send As permissions to the users whose DNs are stored in a multivalued attribute. The script can be executed in a custom command, business rule or scheduled task.

In the script, the $fullAccessUsersAttribute variable specifies the LDAP name of the property where DNs of delegates are preserved.

Edit Remove
$fullAccessUsersAttribute = "adm-CustomAttributeTextMultiValue1" # TODO: modify me

# Get DNs of full access users
$fullAccessUserDNs = $Context.TargetObject.GetEx($fullAccessUsersAttribute)

# Create an instance of the AdmExchangeMailboxParameters class
$mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"
$sendAs = $mailboxParams.SendAs
$sendAs.OverrideOldValues = $False
$mailboxRights = $mailboxParams.MailboxRights

foreach ($fullAccessUserDN in $fullAccessUserDNs)
    # Get SID of full access user
    $fullAccessUser = $Context.BindToObjectByDN($fullAccessUserDN)
    $fullAccessUserSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($fullAccessUser.Get("ObjectSid"), 0)

    $objReference = New-Object "Softerra.Adaxes.Adsi.AdmObjectReference"
    $objReference.ObjectSid = $fullAccessUserSid
    # Set Send As delegates
    $sendAs.Add("ADS_PROPERTY_APPEND", $objReference)
    # Set the Full Mailbox Access permission
    $permission = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxPermission"
    $permission.AllowedRights = "ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS"
    $permission.Trustee = $objReference
    $permissionModification = 
        New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxRightsModification"
    $permissionModification.Operation = "ADS_PROPERTY_APPEND"
    $permissionModification.Permission = $permission

$mailboxParams.SendAs = $sendAs
$mailboxParams.MailboxRights = $mailboxRights

# Save changes
$Context.TargetObject.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")

Comments ( 0 )
No results found.
Leave a comment