Hi, I keep encountering timing issues when using powershell with exchange. My current case is with the add-mailboxPermission cmdlet. If I try to make multiple permission changes to a single mailbox, only one of the changes will actually apply. e.g. If I run: Add-MailboxPermission -identity 'Mailbox11' -User 'mailbox Group11' -AccessRights FullAccess Add-MailboxPermission -identity 'Mailbox11' -User 'Security Team' -AccessRights FullAccess, ChangePermission One or the other will apply, but never both. If I put a sleep command between those two lines, both will work correctly. ([System.Threading.Thread]::Sleep(5000)) I've also tried using a loop like this: $users = 'Mailbox Group11','Security Team' |foreach-object {Add-MailboxPermission -Identity 'Mailbox11' -AccessRights fullaccess -user $_} Again, only one of the groups being added to the mailbox actually applies, the other change gets dropped. What is the correct way to resolve this issue? How can I make the shell wait for exchange to apply each change before moving to the next step? Using the sleep command is not satisfactory as I'm having to guess how long exchange might take - and I know from experience that the delay varies.

Can you run this command and check it Add-MailboxPermission -identity 'Mailbox11' -User 'Security Team' -AccessRights FullAccess, ChangePermission -WhatIf There is no other parameters to be passed to commit the second access rights

On Fri, 15 Jul 2011 01:22:09 +0000, Zustiur wrote: > > >Hi, > >I keep encountering timing issues when using powershell with exchange. My current case is with the add-mailboxPermission cmdlet. If I try to make multiple permission changes to a single mailbox, only one of the changes will actually apply. > >e.g. If I run: Add-MailboxPermission -identity 'Mailbox11' -User 'mailbox Group11' -AccessRights FullAccess Add-MailboxPermission -identity 'Mailbox11' -User 'Security Team' -AccessRights FullAccess, ChangePermission > >One or the other will apply, but never both. If I put a sleep command between those two lines, both will work correctly. ([System.Threading.Thread]::Sleep(5000)) > >I've also tried using a loop like this: $users = 'Mailbox Group11','Security Team' |foreach-object {Add-MailboxPermission -Identity 'Mailbox11' -AccessRights fullaccess -user $_} > >Again, only one of the groups being added to the mailbox actually applies, the other change gets dropped. > >What is the correct way to resolve this issue? How can I make the shell wait for exchange to apply each change before moving to the next step? Using the sleep command is not satisfactory as I'm having to guess how long exchange might take - and I know from experience that the delay varies. If you have more than one DC in the domain use the "-DomainController <dc-name>" parameter on the cmdlets. If you don't then you have no control over which DC is going to be used. In your case, I'd guess that you made to changes in rapid succession to the same object on different DCs and the most recent change is the one that "stuck". This should work: Add-MailboxPermission -identity 'Mailbox11' -User 'mailbox Group11' -AccessRights FullAccess -DomainController DC1 Add-MailboxPermission -identity 'Mailbox11' -User 'Security Team' -AccessRights FullAccess, ChangePermission -DomainController DC1 --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Zustiur, Any updates? By the way, please also try to add two groups together using EMC(Manage Full Access Permission) to test.

The results of -WhatIf are as follows: What if: Adding Mailbox Permission on 'Mailbox11' for User 'mailbox Group 11' with AccessRights ''FullAccess''. What if: Adding Mailbox Permission on 'Mailbox11' for User 'Security Team' with AccessRights ''FullAccess', 'ChangePermission''.

Actually... Using EMC I have exactly the same problem - I can add multiple groups simultaneously and only one will actually apply. I note that the code supplied by EMC is the same except that it uses DN rather than display name for the identity. Add-MailboxPermission -Identity 'CN=Mailbox11,OU=Common Mailboxes,OU=DOJ Exchange,DC=intranet,DC=justice,DC=wa,DC=gov,DC=au' -User 'JUSTICE\mailbox Group11' -AccessRights 'FullAccess' I've tested this under different login credentials, and using a different work station, just to eliminate those causes.

After testing the other two suggestions, I tried this - Appending the -DomainController switch works perfectly. Thank you!! I would appreciate it if someone were to test on an entirely different network to see if EMC and powershell display this behaviour across the board, or if it's just our particular network. For reference there are 3 DCs on the same network segment as my workstation. It should also be noted that we're running Exchange 2007, not Exchange 2010. If I'm right in suspecting that this isn't isolated to my environment, then I intend to report it as an actual issue to Microsoft.