Hello, I was wondering if anyone can help as i am quite still learning powershell.

I have different "security groups" that has full access to different shared mailboxes. Since group access does not auto-map for users in office365, the idea is to make users have direct access to those shared mailboxes rather than using groups. I configured the script below but its not working when using variables. If i type in the mailbox and usergroup directly, it works.

  $MailBoxes= Get-Mailbox | select name | Sort-Object DisplayName  
  $directPermissions= Get-MailboxPermission $mailboxes | `
  Where IsInherited -EQ $false| Where User -NotIn ( "NT AUTHORITY\SELF", "FullAccessAdmin" )| `
  %{ Get-Recipient $_ . User -ErrorAction Ignore| Select DisplayName ,PrimarySmtpAddress , RecipientType} 
  $DL = Get-DistributionGroupMember $directpermissions | Select-Object -ExpandProperty Name
ForEach ($Member in $DL )
{
Add-MailboxPermission -Identity $mailboxes  -User $member -AccessRights FullAccess -InheritanceType All
}  Remove-MailboxPermission -Identity $mailboxes -user mynewgroup -AccessRights Fullaccess -InheritanceType all
 

I was wondering if there is someone who can help have a look at the script and tell me where i went wrong

• Edited by vintagevintage 17 hours 23 minutes ago

Hi,

well the first irregularity is in the first line:

You select only the Name Property but thereafter sort with another property. Given what I have seen otherwise from the script, you'll probably want to drop the select entirely or expand the name.

Same when calling Get-Recipient. Why select it, rather than use the entire object?

Also, you may want to filter to make sure, only groups get removed. As it is, all permissions from users with explicit, direct access would also get removed.

Cheers,
Fred

You might be better off writing a script to do the auto-mapping.  Granting access using user accounts usually ends up eventually causing problems from having ACEs with orphan SIDs in the ACL.