Falcor Posted March 17, 2014 Share Posted March 17, 2014 (edited) Hi All,We had a little bug go through our Exchange Server that really hosed our permissions on all mailboxes. I have everything working now, but am looking for a way to systematically clean up permissions.For instance: NT Authority\Self is allowed FullAccess on all mailboxes...this is good. This allows each user full access to their own mailbox. On top of this, each user is listed ALSO with FullAccess permissions on their own mailboxes. This is unnecessary due to the NT Authority\Self permission.If I were to use the Exchange Management Console to remove each user from their mailbox, EMC would actually remove their access entirely by stipulating a DENY - not good.What I am looking to do is use PowerShell to run a loop. So that you may better understand what I am trying to do:1. Get-Mailbox2. Enumerate username associated with mailbox and assign $username variable3. Remove-MailboxPermission –user $username –AccessRight FullAccessOnce the entire command is piped:Get-Mailbox | $username = user | Remove-MailboxPermission -user $username -AccessRight FullAccess Thus, it would remove the users' full-access permissions only from their own mailbox.Can anyone help me accomplish this? I have searched and searched, but still come up empty.Thanks! Edited March 17, 2014 by Falcor Link to comment Share on other sites More sharing options...
Falcor Posted March 17, 2014 Author Share Posted March 17, 2014 So far what I've come up with on my own...which does NOT work is:Get-Mailbox | Foreach-Object{ $username = Select-Object Alias Remove-MailboxPermission -user $username -AccessRight FullAccess}This is the error I get, which doesn't help me in the least:Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently. + CategoryInfo : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException + FullyQualifiedErrorId : RemotePipelineExecutionFailedCannot bind argument to parameter 'User' because it is null. + CategoryInfo : InvalidData: ( [Remove-MailboxPermission], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Remove-MailboxPermissionAny ideas? Link to comment Share on other sites More sharing options...
Falcor Posted June 13, 2014 Author Share Posted June 13, 2014 Still? No one? Link to comment Share on other sites More sharing options...
aviv00 Posted July 17, 2014 Share Posted July 17, 2014 get-mail | gmget the property of usersthen $p = (get-mail).user_property foreach ($pp in $p) { remove-MailboxPermission -user $pp -AccessRight FullAccess } Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now