locked
Powershell to check delegate permissions and add if not present RRS feed

  • Question

  • I'm wanting powershell to check all our mail enabled Office365 accounts for mailbox delegation > Sendas. If the result is negative and the user's account doesn't already contain a specific user, i would like powershell to add the user to the account.

    This is required for our MFDs around our place so users are able to scan documents to their email accounts.

    I'm think i know where to start but not sure to do the "if not exist then" statement.

    Thanks

    Thursday, December 13, 2018 1:01 PM

Answers

  • Someone has helped me out on another forum and provided me with:

    $allMailboxes = Get-mailbox -ResultSize unlimited
    
    $SendAs = Get-RecipientPermission -ResultSize unlimited | where {$_.Trustee -eq "sendas@Fullemail.address"} | select identity
    
    $woSendAs = Compare-Object -ReferenceObject $SendAs -DifferenceObject $allMailboxes -Property identity -PassThru
    Which i can confirm it works. From here i have been able to run what i need to run.

    • Proposed as answer by Niko.Cheng Tuesday, December 18, 2018 12:59 AM
    • Marked as answer by Timbo343 Tuesday, December 18, 2018 9:32 AM
    Monday, December 17, 2018 2:37 PM

All replies

  • I think i have the correct script but i need to reverse it so that it shows the accounts that DO NOT have the user Sendas in the Trustee

    Get-mailbox | Get-RecipientPermission -Trustee Sendas

    This obviously lists the accounts with Sendas listed as a Trustee. How do i show those accounts that DO NOT have this user listed?

    Thursday, December 13, 2018 2:05 PM
  • Hi Timbo343,

    Try the following command and check if any helps:

    It will list all mailboxes which have been assigned other account "SendAs" permission, but do not contain a specify account "sendas@yourdomain.com":

    Get-RecipientPermission | ? {$_.Trustee -ne "NT AUTHORITY\SELF" -and $_.Trustee -ne "NULL SID" -and $_.trustee -ne "Sendas@yourdomain.com"}


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, December 14, 2018 7:21 AM
  • I've tried that, instead it displays any other SendAs access permissions baring the user "Sendas". If there are other users that have Sendas permissions, it displays those. 

    I feel we need the permissions for each mailbox and then recursive check for sendas perms for the "sendas" account - if they are missing return the mailbox identity but i'm not sure how to write that in a command.

    I have a command $Sendas = get-mailbox -ResultSize unlimited | Get-RecipientPermission -Trustee sendas | Select Identity, trustee which shows the user "sendas" associated with those accounts so now i need a command to state which mailboxes do not contain "sendas" and display them.

    • Edited by Timbo343 Friday, December 14, 2018 7:54 AM
    Friday, December 14, 2018 7:38 AM
  • Someone has helped me out on another forum and provided me with:

    $allMailboxes = Get-mailbox -ResultSize unlimited
    
    $SendAs = Get-RecipientPermission -ResultSize unlimited | where {$_.Trustee -eq "sendas@Fullemail.address"} | select identity
    
    $woSendAs = Compare-Object -ReferenceObject $SendAs -DifferenceObject $allMailboxes -Property identity -PassThru
    Which i can confirm it works. From here i have been able to run what i need to run.

    • Proposed as answer by Niko.Cheng Tuesday, December 18, 2018 12:59 AM
    • Marked as answer by Timbo343 Tuesday, December 18, 2018 9:32 AM
    Monday, December 17, 2018 2:37 PM
  • Hi Timbo343,

    Great, and thanks for your kindly sharing, do you mind marking it as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well. 


    Thanks for your understanding.

    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.



    • Edited by Niko.Cheng Tuesday, December 18, 2018 12:59 AM
    Tuesday, December 18, 2018 12:58 AM