Grant Full Access rights to a mailbox in Office 365

Not all Office 365 customers have a hybrid scenario deployed in their environment. The hybrid server provides the ability to perform administrative tasks in Office 365 via the familiar EMC GUI (Exchange Management Console).

But tenant administrators who don’t have a Hybrid server (and thus no EMC) must rely on PowerShell to perform some basic administrative tasks. This can be confusing to someone not used to PowerShell or command-line-based administration.

One of the most frequently asked questions is:

“How do I give <user 1> access to <mailbox a>?”

The first step is making sure you have the prerequisites installed on your workstation.

Second, connect PowerShell to the service using your tenant credentials. I’ve previously posted a useful script to help simplify that process.

Next, run the following command:

Add-MailboxPermission -Identity <Mailbox A> -User <User 1> -AccessRights FullAccess -InheritanceType All

  • <Mailbox A> is the alias of the mailbox to which you want to grant someone access rights
  • <User 1> is the alias of the mailbox for the user to whom you want to grant these rights

Exchange supports AutoMapping within the Outlook and OWA clients. AutoMapping is enabled by default. Therefore, when User A has FullAccess rights to Mailbox B, Mailbox B will show up in User A’s Outlook client or OWA automatically, without having to manually add it to their profile as was once previously required.

If User A only has FullAccess rights to a couple of other mailboxes this is a great feature. However, since AutoMapping utilizes Outlook’s cached mode, this can become cumbersome for users who have FullAccess rights to many mailboxes (like administrators).

To prevent AutoMapping, you have two options:

  1. Tack on the
    –AutoMapping:$False
    parameter at the end of the
    Add-MailboxPermission
    commandlet to prevent Outlook from using the AutoMapping feature.
  2. Instead of granting FullAccess rights to an individual user, grant it to a new security group and add that user to the security group. AutoMapping is not supported when FullAccess is granted through security groups.
Advertisements

Daily Sent Items Report with PowerShell

elow is a PowerShell script I wrote recently for a customer that wanted daily emailed reports of all messages sent from a specified email address.

The script is called Generate-DailySendReports.ps1 and takes command line parameters as input.

The script uses command-line parameters as input:

  • SenderSMTP (Required) – This is the sender smtp address you want to search the logs for.
  • Days (optional) – This is how many days back in time you want to search. The default is 1 day which will cause the script to search back n-1 days.
  • SMTPServer (optional) – This is the SMTP server you want to use to send the resulting email. By default, it will use the local host the script is running against. So if you’re not running this script from an Exchange server, you’ll want to supply this value or the script will fail to send the report.
  • ReportRecipient (Required) – What email address(es) do you want to send the report to. Separate addresses by a comma without spaces (i.e. user1@contoso.com,user2@fabrikam.com)
  • ReportSender (optional) – What email address do you want the report sent from? By default it will send from Reports@<logged-in-user-domain>
  • TransportServer (optional) – What transport server(s) do you want to search through? By default, it will only search the local server the script is running on. So, if you’re not running this script from an Exchange server, you’ll want to specify which server’s logs to search.

When the script runs, if it finds results it generates a CSV file of selected fields from the transport logs; specifically, it includes ClientIP, ServerIP, ConnectorID, MessageID, Recipients (expands this list if multiple) and MessageSubject. It then attaches this CSV file to a new email message that it sends to the email addresses you provide in the ReportRecipient parameter.

Copy the script below and save to a file named Generate-DailySendReports.ps1

# ===================================================

#

# This PowerShell script does the following:

# 1. Generates a CSV report for Messages Sent

# from a specified email address going back

# a specified number of days.

# 3. Sends an email with the resulting CSV file

# as an attachment

#

# Written by: David Smith

# Last modified: 11/21/2012

# Notes:

#

# ===================================================

 

#——-Establish variables

[CmdletBinding()]

Param(

[Parameter(Mandatory=$True)]

[string]$SenderSMTP,

 

[Parameter(Mandatory=$false)]

[int]$Days=1,

 

[Parameter(Mandatory=$false)]

[string]$SMTPServer=$env:COMPUTERNAME,

 

[Parameter(Mandatory=$true)]

[array]$ReportRecipient,

 

[Parameter(Mandatory=$false)]

[string]$ReportSender=(“Reports@”
+ $env:USERDNSDOMAIN
),


 

[Parameter(Mandatory=$false)]

[string]$TransportServer=$env:COMPUTERNAME

)

 

 

Add-PSSnapin
Microsoft.Exchange.Management.PowerShell.E2010
-ErrorAction
SilentlyContinue

$Date
= (get-date).AddDays($Days)

$ReportSubject
= ($SenderSMTP Sent Items Report – “
+ $date.ToShortDateString() +
” to “
+
[string](Get-Date).ToShortDateString())

 

#——-Generage the report results

$SentMessages
=
Get-MessageTrackingLog
-Start
$date
-Sender
$SenderSMTP
-EventId
SEND
-ResultSize
Unlimited
-Server
$TransportServer

$CountSentMessages
= ($SentMessages
|
Measure-Object).Count

 

#——-Determine the Body of the message and attachment

if ($SentMessages
-eq
$null)

{$ReportMessage
=
“0 Messages sent from $SenderToCheck since $date

Send-MailMessage
-From
$ReportSender
-To
$ReportRecipient
-Subject
$ReportSubject
-Body
$ReportMessage
-SmtpServer
$SMTPServer}

Else

{$ReportMessage
=
$CountSentMessages Messages Sent from $SenderSMTP since $date

$SentMessages
|
Select
TimeStamp, ClientIP, ServerIP, ConnectorID, MessageID, {$_.Recipients},
MessageSubject
|
Export-Csv
-NoTypeInformation
.SentItemsReport.csv

Send-MailMessage
-From
$ReportSender
-To
$ReportRecipient
-Subject
$ReportSubject
-Body
$ReportMessage
-Attachment
.SentItemsReport.csv
-SmtpServer
$SMTPServer}

 

 

 


 

Super-Simple Script for connecting to Office 365 via PowerShell

One of the repetitive menial tasks of being an Office 365 consultant is connecting to the remote PowerShell session for different clients.  I thought I’d share a little script I wrote to help simplify this task for me.  It’s not ground-breaking code but I find it useful as have some of my clients.

The script prompts you for your credentials, establishes the session and then also imports the MSOnline module for running those related commands.

Simply save the code snippit below to a new text file (I call mine Connect-Office365.ps1) and place it in your home directory so it’s quickly available when you launch PowerShell.

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Import-Module MSOnline
Connect-MsolService -Credential $LiveCred