Script to create Shared Mailboxes consistently

If you’ve followed the instructions for creating shared mailboxes using PowerShell you know its a little clugey.   However, since the parameters for setting one up is fairly consistent except for the name and who has access to it, I’ve created the following script that can be used to create them.

 
 

 
 

You must have the following components installed in order to run it.


PowerShell


Exchange 2007 Management Console and Shell


Quest ActiveRoles snap-in for Powershell (free download here)


PowerShell must be run in the context of a user account that has rights to create new objects in AD


You must set your PowerShell execution policy to Unrestricted (open PowerShell, type Set-ExecutionPolicy Unrestricted)

 
 

When you run the script from within PowerShell, it will perform the following:

 
 

1.    Check to make sure the Exchange & Quest Snap-ins are present and if not, add them

2.    Query the user for information about the new shared mailbox (name of the mailbox, etc).

3.    Based on the information provided, it will create the new mailbox in one of two OUs (Site1 or Site2)

4.    It will then create a new security group in AD with a MBX_ prefix and grant members of this group Full Access and Send-As rights to the new mailbox

5.    Log all of this in a log file found in the same folder as the script for troubleshooting purposes.

 
 

Once the script completes and creates the mailbox and security group, all you have to do to complete the process is use AD Users & Computers to add user accounts to the new security group to grant them access.

 
 

You’ll need to edit the script to fit your environment (OU paths and Exchange server names, etc)

 
 

The script…

 

 

# ===================================================

#

# This PowerShell script does the following:

# 1. Queries the user for information about a new shared mailbox

# 2. Creates a new shared mailbox based on that information

# 3. Creates an AD security group based on that information

# 4. Grants the new security group full access and send-as rights on the new shared mailbox.

#

# Written by: David Smith

# Last modified: 05/03/2010

# Notes:

#

# ===================================================

### Define functions

function

writetolog([string]$stringtowrite=“*”)

{


$datetime
= (Get-Date).datetime


Write-Host
$stringtowrite


Add-Content
$logfile
$datetime : $stringtowrite

}

 

### Setup the log file

 

[string]$logfilename =
‘create-sharedmailbox.log’

if (Test-Path
$logfilename) {Write-Host
“Log file exists.”;$logfile
=
$logfilename} Else {Write-Host
“Creating log file $logfilename;$logfile
=
New-Item
$logfilename
-Type
file}

writetolog
“===== Beginning new-sharedmailbox.ps1 =====”

 

### Add the Exchange 2007 Snap-ins if they aren’t already and prepare credentials

writetolog
“Checking Exchange 2007 Snapins”

if ((Add-PSSnapin
Microsoft.Exchange.Management.PowerShell.Admin
-ErrorAction
SilentlyContinue) -and (Add-PSSnapin
Microsoft.Exchange.Management.PowerShell.Support
-ErrorAction
SilentlyContinue))

{writetolog
“Added Exchange 2007 Snapins”}

 

Else

 

{writetolog
“Exchange 2007 Snapins present.”}

 

### Add the Quest Active-Roles Snap-ins if they aren’t already and prepare credentials

 

writetolog
“Checking Exchange 2007 Snapins”

 

if (Add-PSSnapin
Quest.ActiveRoles.ADManagement
-ErrorAction
SilentlyContinue)

 

{writetolog
“Added Quest Snapins”}

 

Else

 

{writetolog
“QuestSnapins present.”}

 

### Set the variables

 

[string]$HelpDeskTicket =
Read-Host
-prompt
“Enter HelpDesk #”

[string]$notesstring =
“Created per HelpDesk Ticket #”
+
$HelpDeskTicket

[string]$sharedmbxname =
Read-Host
-Prompt
“Enter New Shared Mailbox Name”

[string]$upn =
$sharedmbxname.Replace(” “,“”) + ‘@contoso.com’

[string]$secgrpname =
‘MBX_’
+
$sharedmbxname.Replace(” “,“”)

[string]$secgrpupn =
$secgrpname
+
‘@contoso.com’

$title
=
“Mailbox Server to host new mailbox:”

$message
=
“Should this new mailbox be placed in Site1 or Site2?”

$Site1
=
New-Object
System.Management.Automation.Host.ChoiceDescription
“&Site1”,
`”The
new
mailbox
will
be
created
in
Site1.”

$Site2 = New-Object System.Management.Automation.Host.ChoiceDescription “&Site2″, `”The new mailbox will be created in Site2.”

$options
=
[System.Management.Automation.Host.ChoiceDescription[]]($Site1, $Site2)

$result
=
$host.ui.PromptForChoice($title, $message, $options,
0)

 

switch

($result) {


0 {[string]$mbxOU =
‘contoso.com/SITES/Site1/Site1-Exchange Objects/Site1-Resource Accounts’


[string]$secgroupOU =
‘contoso.com/SITES/Site1/Site1-Groups/Site1-Security Groups’


[string]$mbxdatabase =
‘site1exchangesite1exchange-sg1site1exchange-db1’}


1 {[string]$mbxOU =
‘contoso.com/SITES/Site2/Site2-Exchange Objects/Site2-Resource Accounts’


[string]$secgroupOU =
‘contoso.com/SITES/Site2/Site2-Groups/Site2-Security Groups’


[string]$mbxdatabase =
‘site2exchangesite2exchange-sg1site2exchange-db1’} }

 

writetolog
“HelpDesk Ticket: $HelpDeskTicket

writetolog
“Shared Mailbox Name: $sharedmbxname

writetolog
“Security Group Name: $secgrpname

writetolog
“Mailbox OU: $mbxOU

writetolog
“Security Group OU: $secgroupou

writetolog
“Mailbox Database: $mbxdatabase

$newSharedMailbox
=
New-Mailbox
-Alias
$sharedmbxname.Replace(” “,“”) -Name
$sharedmbxname
-Database
$mbxdatabase
-OrganizationalUnit
$mbxOU
-Shared
-UserPrincipalName
$upn

Set-Mailbox
$newSharedMailbox
-ManagedFolderMailboxPolicy
‘Mailbox Policy Name’
-Confirm:$false

Set-User
$newSharedMailbox
-Notes
$notesstring

$newSecurityGroup
=
New-QADGroup
-ParentContainer
$secgroupOU
-Name
$secgrpname
-SamAccountName
$secgrpname

Get-Mailbox
$newSharedMailbox
|
Add-MailboxPermission
-User
$secgrpname
-AccessRights
‘FullAccess’

Get-Mailbox
$newSharedMailbox
|
Add-ADPermission
-User
$secgrpname
-ExtendedRights
Send-As

Write-Host
‘Use AD Users & Computers to add the users with access to this shared mailbox to the $secgrpname security group’

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s