Give Exchange Specific Recipient Admin Permissions (Powershell)

Gives Exchange Recipient Administrator Permission on a Specific OU to a Specific User or Group.


Download the Script


 


#################################
# Give-Exchange-Permissions.ps1 #
# Created By Assaf Miron        #
# Date : 06/11/07               #
#################################
Param(
      [String]$DomainName = "MyDomain.Com",
      [String]$UserName = Read-Host "Enter the User Name or Group Name to Whom you want to give Permissions to",
      [String]$OUName = Read-Host "Enter the OU Name to whom you want to give permissions on`nExample : OUName,ou=SubOU",
      [String]$XCHOrg = "MyDomain"
)

function IsHelpRequest
{
    param($argument)
    return ($argument -eq "-?" -or $argument -eq "-help");
}

# Function that displays the help related to this script following
# the same format provided by get-help or <cmdletcall> -?
Function Usage
{
@"

NAME:
`tGive-Exchange-Permissions.ps1 [-DomainName][-UserName][-OUName]

SYNOPSIS:
`tGives Exchange Recipient Administrator Permission on a Specific OU
`tto a Specific User or Group.

SYNTAX:
`tGive-Exchange-Permissions.ps1
`t`t[ -DomainName <Domain Suffix> ]
`t`t[ -UserName <User/Group to Give Permissions to> ]
`t`t[ -OUName <OU Path></OU> ]

PARAMETERS:
`t-DomainName
`t`tThe Domains Suffix
`t-UserName
`t`tThe User Name or Group Name that you want to give Permissions to
`t-OUName
`t`tThe OU Path that you want to give Permissions on

`t-------------------------- EXAMPLE 1 --------------------------

C:\PS> .\Give-Exchange-Permissions.ps1

`t-------------------------- EXAMPLE 2 --------------------------

C:\PS> .\Give-Exchange-Permissions.ps1 -DomainName "MyDomain.Com" -XCHOrg "ExchORG" -UserName "HRAdmins" -OUName "HR,ou=Users"

REMARKS:

"@
}


# Check for Usage Statement Request
$args | foreach { if (IsHelpRequest $_) { Usage; exit; } }
#################################
# Script starts here
#################################

$DomainName = $DomainName.Split(".")

$OUName = "ou="+$OUName

Add-ExchangeAdministrator -Identity $UserName -Role 'ViewOnlyAdmin'
 

Add-ADPermission –identity $OUName",dc="$DomainName[0]",dc="$DomainName[1] –user $UserName -AccessRights ReadProperty, WriteProperty -Properties Exchange-Information, Exchange-Personal-Information, legacyExchangeDN, displayName, adminDisplayName, displayNamePrintable, publicDelegates, garbageCollPeriod, textEncodedORAddress, showInAddressBook, proxyAddresses, mail
 

Add-ADPermission -identity $OUName",dc="$DomainName[0]",dc="$DomainName[1] -user $UserName -AccessRights GenericRead
 

Add-ADPermission -identity $OUName",dc="$DomainName[0]",dc="$DomainName[1] -user $UserName -AccessRights GenericAll –InheritanceType Descendents -InheritedObjectType msExchDynamicDistributionList
 

Add-ADPermission -identity $OUName",dc="$DomainName[0]",dc="$DomainName[1] -user $UserName -AccessRights CreateChild, DeleteChild -ChildObjectTypes msExchDynamicDistributionList

Add-ADPermission -Identity "CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN="$XCHOrg",CN=Microsoft Exchange,CN=Services,CN=Configuration,dc="$DomainName[0]",dc="$DomainName[1] -User $UserName -InheritedObjectType ms-Exch-Exchange-Server -ExtendedRights ms-Exch-Recipient-Update-Access -InheritanceType Descendents
 

Add-ADPermission –identity "CN=Address Lists Container,CN="$XCHOrg",CN=Microsoft Exchange,CN=Services,CN=Configuration,dc="$DomainName[0]",dc="$DomainName[1] –user $UserName -AccessRights WriteProperty -Properties msExchLastAppliedRecipientFilter, msExchRecipientFilterFlags
 

Add-ADPermission –identity "CN=Recipient Policies,CN="$XCHOrg",CN=Microsoft Exchange,CN=Services,CN=Configuration,dc="$DomainName[0]",dc="$DomainName[1] –user $UserName -AccessRights WriteProperty -Properties msExchLastAppliedRecipientFilter, msExchRecipientFilterFlags

Comments