切换到宽版
  • 11969阅读
  • 1回复

[求助]使用脚本操作Exchange 2007相关权限 [复制链接]

上一主题 下一主题
 
只看楼主 倒序阅读 0楼  发表于: 2011-03-19
— 本帖被 YOYO 从 Exchange 脚本中心 移动到本区(2015-06-25) —
  • 脚本环境:PowerShell
  • 适合版本:Exchange 2007
  • 适用平台:
使用此脚本可以添加,删除,或为Exchange2007邮箱列表权限。


#File: Mailbox-Permissions.ps1
#Purpose: Add, Remove, or List permissions for Exchange 2007 mailboxes
#
#Author: Paul Frankovich
#Original Date: November 22, 2010
#Last Update: Janurary 20, 2011
#Version: 2.2
#Revision: Updated Parameters to be more user friendly and added Get-Help functionality


<#
.SYNOPSIS
Add, Remove, or List permissions for an Exchange 2007 mailbox
.DESCRIPTION
This script can be used to add, remove, or list all permissions
for an Exchange 2007 mailbox. It requires both the Quest Active
Roles Server Snapin and the Microsoft Exchange Managment Snapin
to execute and will not run if these conditions are not meant.
It is recommended that this script be run in the Exchange
Management Shell with the Quest Active Roles Server snapin
loaded.
.EXAMPLE
.\Mailbox-Permissions -Mailbox "Shared Mailbox" -List
List all the share permissions for a given mailbox
.EXAMPLE
.\Mailbox-Permissions "Shared Mailbox" -User ABC123 -Add
Add user ABC123 to the selected shared mailbox. This example omits
the -mailbox label for the mailbox.
.EXAMPLE
.\Mailbox-Permissions -Mailbox SharedMailbox -User ABC123 -Remove
Removes user ABC123 from the slected shared mailbox. This example
uses SamAccountName instead of Display Name
.EXAMPLE
.\Mailbox-Permissions "Shared Mailbox" ABC123 -add
Adds user ABC to the scelected mailbox. This example omits the
-mailbox and -user labels on these paramaters
.INPUTS
None
.OUTPUTS
Only to Host
.NOTES
The only modification that this script should require to work in
any enterprise is the $user = "DOMAIN\" + $user in the AddPermissions
and RemovePermissions fuctions. No other modifications should be
required.
.LINK
None
#>


Param
    (
        [parameter(Mandatory=$true,
                    Position=0,
                    HelpMessage="Enter mailbox display name or samaccountname.")]
        [alias("mb","mail","box")]
        [string]        
        $mailbox,
        [parameter(Position=1)]
        [string]
        $user,
        [switch]$add,[switch]$remove,[switch]$list)


$ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue
$WarningPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue


Function Version
{
    Write-Host "Mailbox-Permissions.ps1 Version 2.2 by Paul Frankovich   Jan 20, 2011"
    Write-Host
}


Function Check-Snapin
{
    If ((Get-PSSnapin 'Quest.activeroles.ADManagement') -eq $Null)
    {
        Write-Host "This Script requires Quest ActiveRoles Management Shell"
        Write-Host "http://www.quest.com/powershell/activeroles-server.aspx"
        Write-Host
        exit 0
    }


    If ((Get-PSSnapIn 'Microsoft.Exchange.Management.PowerShell.Admin') -eq $Null)
    {
        Write-Host "This Script requires Microsoft Exchange Management Shell"
        Write-Host "and should be run from within that enviroment"
        Write-Host
        exit 0
    }
}


Function Check-ValidEntry($ToCheck)
{
    If (-not ((Get-QADUser $ToCheck) -or (Get-QADGroup $ToCheck)))
            {
                Write-Host "$ToCheck Doesn't Exist. Exiting. . ."
                Write-Host
                exit 0
            }
}


Function ListPermissions
{
    $Mailbox + "`n" + "================================="
    Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
    if (!$?)
    {
        ErrorTrap
    }
    Write-Host
}


Function AddPermissions
{
    $User = "DOMAIN\" + $User
    $Mailbox + "`n" + "=================================="
    Add-MailboxPermission -Identity $Mailbox -User $User -AccessRights 'FullAccess' | FT User, AccessRights -auto
    if (!$?)
    {
        ErrorTrap
    }
    Add-ADPermission -Identity $Mailbox -User $User -ExtendedRights Send-As | Out-Null
    Add-ADpermission -Identity $Mailbox -User $user -AccessRights ReadProperty,GenericExecute,WriteProperty | Out-Null
    Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
    Write-Host
}


Function RemovePermissions
{
    $User = "DOMIAN\" + $User
    $Mailbox + "`n" + "=================================="
    Remove-MailboxPermission -Identity $Mailbox -User $User -InheritanceType 'All' -AccessRights 'FullAccess' | FT User, AccessRights -auto
    if (!$?)
    {
        ErrorTrap
    }
    Remove-ADPermission -Identity $Mailbox -User $User -ExtendedRights 'send-as' -ChildObjectTypes $null -InheritedObjectType $null -Properties $null
    Remove-ADpermission -Identity $Mailbox -User $user -AccessRights ReadProperty,GenericExecute,WriteProperty
    Get-MailboxPermission $Mailbox | ?{$_.isinherited -ne $TRUE} | FT User, AccessRights -auto
    Write-Host
}


Function ErrorTrap()
{
    if($error[0].categoryinfo.Reason -eq "MapiAccessDeniedException")
    {
        Write-Host "Access Denied: Please enusre you have required access rights."
        exit 0
    }
    elseif($error[0].categoryinfo.Reason -eq "ManagementObjectNotFoundException")
    {
        Write-Host "$($Mailbox.toupper()) was not found. Typically this is due to an incomplete mailbox name. Please check mailbox name and ensure you are using the full display name or sam account name"
    }
    else
    {
        Write-Host $error[0].categoryinfo.Reason
        exit 0
    }      
}


#Script Mainline
Version


Check-Snapin


If ((-not($list)) -and (-not($add)) -and (-not($remove)))
    {
        Get-Help .\Mailbox-Permissions.ps1
        exit 0
    }


Check-ValidEntry $Mailbox


If ($list)
    {ListPermissions}


If ($add)
    {
        Check-ValidEntry $User
        AddPermissions
    }


If ($remove)
    {
        Check-ValidEntry $User
        RemovePermissions
    }

分享到
只看该作者 1楼  发表于: 2011-05-29
此帖必火!
快速回复
限60 字节
 
上一个 下一个