All Collections
Connectors
Exchange
Exchange Powershell Scripts for On Premise Engine and Access Rights
Exchange Powershell Scripts for On Premise Engine and Access Rights
Updated over a week ago

The following are useful powershell scripts when configuring the SigParser mailbox monitoring.

These commands must be either run on the Exchange server or use a remote shell to the server.

Granting SigParser Mailbox Access to other mailboxes

You can use this command to grant the SigParser mailbox user access to another mailbox with the access rights for reading all the email and meetings. SigParser requires FullAccess because there isn't a permission set with less access that grants the right level of access to Calendar, Contacts and Events.

Add-MailboxPermission -Identity "Steven Cool" -User "SigParser" -AccessRights FullAccess -InheritanceType All

Grant Multiple Mailboxes Permission using a CSV

You can use this to grant the permission to multiple mailboxes.

# Read the CSV file containing the mailbox mappings $csvData = Import-Csv -Path "C:\PATH\mailboxlist.csv" # Loop through each row in the CSV foreach ($row in $csvData) {     $sourceMailbox = $row.SourceMailbox        # Grant full access permission     try {         Add-MailboxPermission -Identity $sourceMailbox -User "DELEGATE_USER" -AccessRights FullAccess -InheritanceType All         Write-Host "Successfully granted full access for delegate user to $sourceMailbox."     } catch {         Write-Host "Failed to grant full access to $sourceMailbox. Error: $_"     } }

Replace the following (keep the quotes in the script):

  • EXCHANGE_ADMIN_USER with a user who has admin access to Exchange

  • C:\PATH\mailboxlist.csv with the path to your CSV file

  • DELEGATE_USER with the user who will have read access to Exchange mailboxes

Please note:

  • You might need to run this script as an administrator.

  • Make sure you're connected to Exchange (on-premises or online). Uncomment the Import-Module and Connect-ExchangeOnline lines as needed, and supply your username.

  • The script doesn't include error checking beyond basic try/catch. You might want to add additional error checks based on your requirements.

  • Always test on a small scale before running any script that makes bulk changes.

  • Remember to replace C:\path\to\MailboxList.csv with the path to your actual CSV file.

Grant Multiple Mailboxes Permission using an existing Group

If you have a group that already exists and you want to grant the access rights this script can do that.

foreach($member in Get-DistributionGroupMember -Identity "GROUP_NAME") {     Write-Output -InputObject $member     $name = $member.Name         try { Add-MailboxPermission -Identity $name -User "DELEGATE_USER" -AccessRights FullAccess -InheritanceType All Write-Host "Successfully granted full access for delegated user to $sourceMailbox." } catch { Write-Host "Failed to grant full access to $sourceMailbox. Error: $_"     }      }

Replace the following (keep the quotes in the script):

  • EXCHANGE_ADMIN_USER with a user who has admin access to Exchange

  • GROUP_NAME with the group that contains the mailboxes to be scanned by SigParser

  • DELEGATE_USER with the user who will have read access to Exchange mailboxes

Generate mailboxes.txt file AND assign permissions

This will combine the above scripts into one script. 

Remove-Item -Path C:\sigparser\mailboxes.txt foreach($member in Get-DistributionGroupMember -Identity "GROUP_NAME") {     Write-Output -InputObject $member     $name = $member.Name     Add-Content C:\sigparser\mailboxes.txt "$name"        try { Add-MailboxPermission -Identity $name -User "DELEGATE_USER" -AccessRights FullAccess -InheritanceType All Write-Host "Successfully granted full access for delegated user to $name." } catch { Write-Host "Failed to grant full access to $name. Error: $_"     }      }

Replace the following (keep the quotes in the script):

  • EXCHANGE_ADMIN_USER with a user who has admin access to Exchange

  • GROUP_NAME with the group that contains the mailboxes to be scanned by SigParser

  • DELEGATE_USER with the user who will have read access to Exchange mailboxes

Generate mailboxes.txt file and assign permission using nested Groups

In case you have a group with nested groups this script will go thru those groups and run the commands needed to grant access.

function getMembership($group) {         $searchGroup = Get-DistributionGroupMember $group -ResultSize Unlimited         foreach ($member in $searchGroup) {             if ($member.RecipientTypeDetails-match "Group" -and $member.DisplayName -ne "") {                 $childGroupName = $member.DisplayName                 Write-Host "Fetching members of child group $childGroupNam"                 getMembership($member.DisplayName)             }                        else {                 if ($member.Name -ne "") {                     if (! $members.Contains($member.Name) ) {                         $members.Add($member.Name) >$null                         }                     }                 }             }         } $members = New-Object System.Collections.ArrayList Write-Host "Fetching members of group and sub-groups" getMembership("GROUP_NAME") Write-Host "Create file" Remove-Item -Path C:\sigparser\mailboxes.txt foreach($member in $members) {     Write-Host "$member"     $name = $member      Add-Content C:\sigparser\mailboxes.txt "$name"        try {         Add-MailboxPermission -Identity $name -User "DELEGATE_USER" -AccessRights FullAccess -InheritanceType All         Write-Host "Successfully granted full access for delegated user to $name."     } catch {         Write-Host "Failed to grant full access to $name. Error: $_"     }      }

  • Be sure to replace GROUP_NAME and DELEGATED_USER and EXCHANGE_ADMIN_USER .

  • If you have multiple groups then repeat the call to getMembership("GROUP_NAME") multiple times for each group.


โ€‹

Related Articles
Exchange
Powershell add mailboxes to group automatically
Microsoft 365 Setup On Premise Engine Setup
Exchange On Premise Engine Setup
Office 365 Admin - Security Group Connection
Did this answer your question?