I've recently been tasked with changing all owners of shared mailboxes in two Organizational Unit's permissions from ReadAccess to FullAccess. Is there a way to do this? I'm trying to give an idea of close to what I'm trying to accomplish. Any help would be much appreciated.

I've updated the script a bit. I'm not receiving errors at this point, but I'm also not seeing any fullaccess permissions added to the objects with readaccess.

$mailboxes1 =@(get-mailbox -organizationalunit "OU/ConferenceRooms" -resultsize unlimited | where {

($_.IsInherited -eq $false) -and -not ($_.User -like NT AUTHORITY\SELF) })
$mailboxes2 = @(get-mailbox -organizationalunit "OU/SpaMailboxes" -resultsize unlimited | where {

($_.IsInherited -eq $false) -and -not ($_.User -like NT AUTHORITY\SELF) })

$mailboxes = $mailboxes1 + $mailboxes2
$mailboxescount = $mailboxes.count
for ($i=0; $i -lt $mailboxescount; $i++)
{
$CurrentMailbox = $mailboxes[$i]
 $currentmailboxreadpermissions = $CurrentMailbox | Get-mailboxpermission | where {$_.AccessRights -eq 'ReadPermissions'}
$currentmailboxreadpermissions = @($CurrentMailbox | Get-mailboxpermission | where {$_.AccessRights -eq 'ReadPermissions'})
$currentmailboxreadpermissionscount = $currentmailboxreadpermissions.count
for ($j=0; $j -lt $currentmailboxreadpermissionscount; $j++)
{
$currentidentity = $currentmailboxreadpermissions.identity
Add-mailboxPermission -AccessRights FullAccess -user $currentidentity
}
}

• Edited by James Teague 10 hours 38 minutes ago update

Update. I haven't seen assistance on this thread but thanks Pahuff for your help outside of TechNet land! Here is the nearly working script.

The problem is the user property still seems incorrect.

Error:

Applying FullAccess to Conf - TestConference for user
+
Cannot bind argument to parameter 'User' because it is null.
    + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

Applying SendAs to Conf - TestConference for user
+
Cannot bind argument to parameter 'User' because it is null.
    + CategoryInfo          : InvalidData: (:) [Add-ADPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-ADPermission

Method invocation failed because [Microsoft.Exchange.Data.Directory.Management.Mailbox] doesn't contain a method named 'op_Addition'.
At C:\Users\svcEntVault\Desktop\readtofull2.ps1:15 char:28
+             Write-Output ($mailbox + <<<<  " with permissioned user " + $($owner.User.SecurityIdentifier.Value) + " looks to be a SID, not a user.
Skipping...");
    + CategoryInfo          : InvalidOperation: (op_Addition:String) [], RuntimeException

$Confs = get-mailbox -organizationalunit "Domain/Messaging Resources/ConferenceRooms" -resultsize unlimited;

$Spas = get-mailbox -organizationalunit "Domain/Messaging Resources/SpaMailboxes" -resultsize unlimited;

$mailboxes = $Confs + $Spas;

foreach ($mailbox in
$mailboxes) {

$owners
= Get-MailboxPermission -Identity $mailbox.Identity | ? {$_.AccessRights -like
'*ReadPermission*' -and

$_.User -notlike
"NT AUTHORITY\SELF" -and $_.IsInherited -eq $False};

foreach
($owner in $owners) {

if($owner.User.RawIdentity
-ne $owner.User.SecurityIdentifier) {

Write-Output
"Applying FullAccess to $mailbox for user " +
$($owner.User.RawIdentity);

Add-MailboxPermission
-Identity $mailbox.Identity -User $owner.User.RawIdentity -AccessRights

FullAccess;

Write-Output
"Applying SendAs to $mailbox for user " + $($owner.User.RawIdentity);

Add-ADPermission
-Identity $mailbox.Identity -User $owner.User.RawIdentity -AccessRights

ExtendedRight
-Extendedrights "Send As";

}
else {

Write-Output
($mailbox + " with permissioned user " +
$($owner.User.SecurityIdentifier.Value) + "

looks to be a SID,
not a user. Skipping...");

}

}

}

• Edited by James Teague 9 hours 23 minutes ago edit