PowerShell is enjoyable :)Copying Trade Full Entry and Ship As permissions to different customers

I used to be engaged on a consumer provisioning script for a buyer, and he requested if I may copy all Shared Mailbox permissions of a template consumer to the brand new consumer. (It was one thing that was shortly forgotten through the consumer creation course of) Positive, as a result of PowerShell 🙂 On this weblog put up, I’ll present you the best way to retrieve Full Entry permissions and replica them (Together with Ship As) to a different consumer.

How does the script work?

You possibly can run the script with three parameters:

• -SourceUser: that is the e-mail tackle of the consumer who already has the proper permissions on the Shared Mailboxes
• -TargetUser: you should utilize one electronic mail tackle or extra (Separated by a comma) to specify the customers who ought to get the identical permissions on the Shared Mailboxes because the SourceUser.
• -Automapping: This can be a $true or $false parameter (Boolean) that permits or disables the Automapping function of Trade (If enabled, Outlook will mechanically add the mailbox). The default worth within the script is $true.

After specifying the parameters, -SourceUser and -TargetUser are required, it should try to connect with Trade On-line (It’s going to set up the required ExchangeOnlineManagement module if wanted) and run by all Shared Mailboxes and verify if the SourceUser has entry and replica it to the TargetUser(s).

Observe: I all the time add each Full Entry and Ship As permissions when delegating entry to Shared Mailboxes

Operating the script

Within the instance beneath, I ran the script to repeat all of the permissions of the consumer adeleV@4lkspb.onmicrosoft.com to the customers HenriettaM@4lkspb.onmicrosoft.com and LynneR@4lkspb.onmicrosoft.com.

.Copy-EOL-SharedMailbox-Permissions.ps1 -SourceUser AdeleV@4lkspb.onmicrosoft.com -TargetUser HenriettaM@4lkspb.onmicrosoft.com, LynneR@4lkspb.onmicrosoft.com

The display output will probably be like this:

For those who re-run the script, or some permissions have been already current, it should show that as a warning:

The script

Beneath are the contents of the script. Copy it to c:scriptsCopy-EOL-SharedMailbox-Permissions.ps1, for instance.

[CmdletBinding()]
param (
    [Parameter(Mandatory = $true)][string]$SourceUser,
    [Parameter(Mandatory = $true)][string[]]$TargetUser,
    [Parameter(Mandatory = $false)][bool]$Automapping = $true
)

#Verify for Trade On-line Administration Module
if (Get-Module -Identify ExchangeOnlineManagement -ListAvailable) {
    Write-Host ("Trade On-line PowerShell module was discovered, persevering with script" ) -ForegroundColor Inexperienced
}
else {
    Write-Host ("Trade On-line PowerShell module was not discovered, putting in and persevering with script") -ForegroundColor Inexperienced
    attempt {
        Set up-Module -Identify ExchangeOnlineManagement -Scope CurrentUser -Drive:$true -Affirm:$false -ErrorAction Cease
    }
    catch {
        Write-Warning ("Error putting in Trade On-line PowerShell Module, exiting...")
        return
    }
}
#Connect with Trade On-line
Write-Host ("Connecting to Trade On-line, please enter the proper credentials") -ForegroundColor Inexperienced
attempt {
    Join-ExchangeOnline -ShowBanner:$false -ErrorAction Cease
    Write-Host ("Linked to Trade On-line, persevering with script...") -ForegroundColor Inexperienced
}
catch {
    Write-Warning ("Error connecting to Trade On-line, exiting...") 
    return
}

#Verify if Supply and TargetUser are legitimate
attempt {
    Get-Mailbox -Identification $SourceUser -ErrorAction Cease | Out-Null
    Write-Host ("Supply consumer {0} is legitimate, persevering with..." -f $SourceUser) -ForegroundColor Inexperienced
}
catch {
    Write-Warning ("Supply consumer {0} is just not legitimate, exiting..." -f $SourceUser)
    return
}

foreach ($consumer in $TargetUser) {
    attempt {
        Get-Mailbox -Identification $consumer -ErrorAction Cease | Out-Null
        Write-Host ("Supply consumer {0} is legitimate, persevering with..." -f $consumer) -ForegroundColor Inexperienced
    }
    catch {
        Write-Warning ("Supply consumer {0} is just not legitimate, exiting..." -f $consumer)
        return
    }
}

#Retrieve all Shared mailboxes that the supply consumer has permissions on
Write-Host ("Retrieving all Shared Mailboxes that {0} has Full Entry and Ship As permissions on and including them to the TargetUser(s)" -f $SourceUser) -ForegroundColor Inexperienced
$sharedmailboxes = Get-Mailbox | The place-Object RecipientTypeDetails -eq SharedMailbox | Type-Object Identify
foreach ($mailbox in $sharedmailboxes) {
    Write-Host ("- Checking Shared Mailbox {0} for permissions" -f $mailbox.Identify)
    foreach ($consumer in $TargetUser) {
        if ((Get-MailboxPermission $mailbox).consumer -contains $SourceUser) {
            if ((Get-MailboxPermission $mailbox).consumer -contains $consumer) {
                Write-Warning ("Specified consumer {0} already has entry, skipping..." -f $consumer)
            }
            else {
                attempt {
                    Add-MailboxPermission -Identification $mailbox -Consumer $consumer -AccessRights FullAccess -InheritanceType All -AutoMapping $Automapping -Affirm:$false -ErrorAction Cease | Out-Null
                    Add-RecipientPermission -Identification $mailbox.PrimarySmtpAddress -Trustee $consumer -AccessRights SendAs -Affirm:$false -ErrorAction Cease | Out-Null
                    Write-Host ("- Added Full Entry and Ship As permissions on {0} for {1}" -f $mailbox, $consumer) -ForegroundColor Inexperienced
                }
                catch {
                    Write-Warning ("Error setting Full Entry and Ship As permissions on {0}" -f $mailbox.Identify)
                }
            }
        }
    }
}

Obtain the script(s) from GitHub right here

Associated weblog put up