使用此脚本可以添加,删除,或为Exchange2007邮箱列表权限。
#File: Mailbox-Permissions.ps1
#Purpose: Add, Remove, or List permissions for Exchange 2007 mailboxes
#
#Author: Paul Frankovich
#Original Date: November 22, 2010
#Last Update: Janurary 20, 2011
#Version: 2.2
#Revision: Updated Parameters to be more user friendly and added Get-Help functionality
<#
.SYNOPSIS
Add, Remove, or List permissions for an Exchange 2007 mailbox
.DESCRIPTION
This script can be used to add, remove, or list all permissions
for an Exchange 2007 mailbox. It requires both the Quest Active
Roles Server Snapin and the Microsoft Exchange Managment Snapin
to execute and will not run if these conditions are not meant.
It is recommended that this script be run in the Exchange
Management Shell with the Quest Active Roles Server snapin
loaded.
.EXAMPLE
.\Mailbox-Permissions -Mailbox "Shared Mailbox" -List
List all the share permissions for a given mailbox
.EXAMPLE
.\Mailbox-Permissions "Shared Mailbox" -User ABC123 -Add
Add user ABC123 to the selected shared mailbox. This example omits
the -mailbox label for the mailbox.
.EXAMPLE
.\Mailbox-Permissions -Mailbox SharedMailbox -User ABC123 -Remove
Removes user ABC123 from the slected shared mailbox. This example
uses SamAccountName instead of Display Name
.EXAMPLE
.\Mailbox-Permissions "Shared Mailbox" ABC123 -add
Adds user ABC to the scelected mailbox. This example omits the
-mailbox and -user labels on these paramaters
.INPUTS
None
.OUTPUTS
Only to Host
.NOTES
The only modification that this script should require to work in
any enterprise is the $user = "DOMAIN\" + $user in the AddPermissions
and RemovePermissions fuctions. No other modifications should be
required.
.LINK
None
#>
Param
(
[parameter(Mandatory=$true,
Position=0,
HelpMessage="Enter mailbox display name or samaccountname.")]
[alias("mb","mail","box")]
[string]
$mailbox,
[parameter(Position=1)]
[string]
$user,
[switch]$add,[switch]$remove,[switch]$list)
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
$WarningPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
Function Version
{
Write-Host "Mailbox-Permissions.ps1 Version 2.2 by Paul Frankovich Jan 20, 2011"
Write-Host
}
Function Check-Snapin
{
If ((Get-PSSnapin 'Quest.activeroles.ADManagement') -eq $Null)
{
Write-Host "This Script requires Quest ActiveRoles Management Shell"
Write-Host "http://www.quest.com/powershell/activeroles-server.aspx"
Write-Host
exit 0
}
If ((Get-PSSnapIn 'Microsoft.Exchange.Management.PowerShell.Admin') -eq $Null)
{
Write-Host "This Script requires Microsoft Exchange Management Shell"
Write-Host "and should be run from within that enviroment"
Write-Host
exit 0
}
}
Function Check-ValidEntry($ToCheck)
{
If (-not ((Get-QADUser $ToCheck) -or (Get-QADGroup $ToCheck)))
{
Write-Host "$ToCheck Doesn't Exist. Exiting. . ."
Write-Host
exit 0
}
}
Function ListPermissions
{
$Mailbox + "`n" + "================================="
Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
if (!$?)
{
ErrorTrap
}
Write-Host
}
Function AddPermissions
{
$User = "DOMAIN\" + $User
$Mailbox + "`n" + "=================================="
Add-MailboxPermission -Identity $Mailbox -User $User -AccessRights 'FullAccess' | FT User, AccessRights -auto
if (!$?)
{
ErrorTrap
}
Add-ADPermission -Identity $Mailbox -User $User -ExtendedRights Send-As | Out-Null
Add-ADpermission -Identity $Mailbox -User $user -AccessRights ReadProperty,GenericExecute,WriteProperty | Out-Null
Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
Write-Host
}
Function RemovePermissions
{
$User = "DOMIAN\" + $User
$Mailbox + "`n" + "=================================="
Remove-MailboxPermission -Identity $Mailbox -User $User -InheritanceType 'All' -AccessRights 'FullAccess' | FT User, AccessRights -auto
if (!$?)
{
ErrorTrap
}
Remove-ADPermission -Identity $Mailbox -User $User -ExtendedRights 'send-as' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null
Remove-ADpermission -Identity $Mailbox -User $user -AccessRights ReadProperty,GenericExecute,WriteProperty
Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
Write-Host
}
Function ErrorTrap()
{
if($error[0].categoryinfo.Reason -eq "MapiAccessDeniedException")
{
Write-Host "Access Denied: Please enusre you have required access rights."
exit 0
}
elseif($error[0].categoryinfo.Reason -eq "ManagementObjectNotFoundException")
{
Write-Host "$($Mailbox.toupper()) was not found. Typically this is due to an incomplete mailbox name. Please check mailbox name and ensure you are using the full display name or sam account name"
}
else
{
Write-Host $error[0].categoryinfo.Reason
exit 0
}
}
#Script Mainline
Version
Check-Snapin
If ((-not($list)) -and (-not($add)) -and (-not($remove)))
{
Get-Help .\Mailbox-Permissions.ps1
exit 0
}
Check-ValidEntry $Mailbox
If ($list)
{ListPermissions}
If ($add)
{
Check-ValidEntry $User
AddPermissions
}
If ($remove)
{
Check-ValidEntry $User
RemovePermissions
}
