Extract users from AD group and add them to Mailbox
Question
I want to make a powershell script to extract an AD group and add the members to a specific mailbox. In that group is a group that i dont want to extract (doNotExtract). That is what i have so far:
Import-Module ActiveDirectory
$csv = @"
Mailbox,GroupName
Mailbox1,Group1
"@ | ConvertFrom-Csv
$ExcludedUsers = Get-ADGroupMember -Identity "doNotExtract" -Recursive | Select-Object -ExpandProperty SamAccountName
$csv | ForEach-Object {
$mailbox = $_.Mailbox
Get-ADGroupMember -Identity $_.GroupName -Recursive |
Where-Object { ($ExcludedUsers -notcontains $_.SamAccountName) -and ($_.objectclass -eq 'user') } |
ForEach-Object {
Add-MailboxPermission -Identity $mailbox -User $_.SamAccountName -AccessRights FullAccess -InheritanceType All
}
}
In the AD group are the following objects:
doNotExtract
User1
User2
I then start the script in the exchange management shell. But then it adds only User1 and User2 doesnt gets fullaccess on Mailbox1.
And i cant find the problem in the script...
3 answers
solution1
1 ACCPTED 2017-03-03 11:30:34
在这种情况下,错误是User2也在donotextract组中。
solution2
0 2017-03-03 10:41:56
I have experienced with Exchange Online that using SamAccountName doesn't always work smoothly. Have you tried using UserPrincipalName as input for Add-MailboxPermission instead of SamAccountName ?
I was also wondering why you extract members of an AD group and give them full access to a mailbox? Why don't you instead give the AD group itself full access to the mailbox?
solution3
0 2017-03-03 11:31:39
As @4c74356b41 mentioned User2 was in the group "doNotExtract". It then doesnt adds him to the Mailbox because this group is excluded.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.