Отличие этих скриптов в том, что они получают список папок я почтовом ящике и продавливают на них права.
Скрипт для добавления прав на папки в ящике:
[CmdletBinding()]
param (
[Parameter( Mandatory=$true)]
[string]$Mailbox,
[Parameter( Mandatory=$true)]
[string]$User,
[Parameter( Mandatory=$true)]
[string]$Access
)
$exclusions = @("/Sync Issues",
"/Sync Issues/Conflicts",
"/Sync Issues/Local Failures",
"/Sync Issues/Server Failures",
"/Recoverable Items",
"/Deletions",
"/Purges",
"/Versions"
)
#Add Exchange 2010 snapin if not already loaded in the PowerShell session
if (!(Get-PSSnapin | where {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"}))
{
try
{
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction STOP
}
catch
{
#Snapin was not loaded
Write-Warning $_.Exception.Message
EXIT
}
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto -AllowClobber
}
#Set scope to include entire forest
if (!(Get-ADServerSettings).ViewEntireForest)
{
Set-ADServerSettings -ViewEntireForest $true -WarningAction SilentlyContinue
}
$mailboxfolders = @(Get-MailboxFolderStatistics $Mailbox | Where {!($exclusions -icontains $_.FolderPath)} | Select FolderPath)
foreach ($mailboxfolder in $mailboxfolders)
{
$folder = $mailboxfolder.FolderPath.Replace("/","\")
if ($folder -match "Top of Information Store")
{
$folder = $folder.Replace(“\Top of Information Store”,”\”)
}
$identity = "$($mailbox):$folder"
Write-Host "Adding $user to $identity with $access permissions"
try
{
Add-MailboxFolderPermission -Identity $identity -User $user -AccessRights $Access -ErrorAction STOP
}
catch
{
Write-Warning $_.Exception.Message
}
}Скрипт для удаления прав с папок ящика:
[CmdletBinding()]
param (
[Parameter( Mandatory=$true)]
[string]$Mailbox,
[Parameter( Mandatory=$true)]
[string]$User
)
$exclusions = @("/Sync Issues",
"/Sync Issues/Conflicts",
"/Sync Issues/Local Failures",
"/Sync Issues/Server Failures",
"/Recoverable Items",
"/Deletions",
"/Purges",
"/Versions"
)
#Add Exchange 2010 snapin if not already loaded in the PowerShell session
if (!(Get-PSSnapin | where {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"}))
{
try
{
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction STOP
}
catch
{
#Snapin was not loaded
Write-Warning $_.Exception.Message
EXIT
}
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto -AllowClobber
}
#Set scope to include entire forest
if (!(Get-ADServerSettings).ViewEntireForest)
{
Set-ADServerSettings -ViewEntireForest $true -WarningAction SilentlyContinue
}
$mailboxfolders = @(Get-MailboxFolderStatistics $Mailbox | Where {!($exclusions -icontains $_.FolderPath)} | Select FolderPath)
foreach ($mailboxfolder in $mailboxfolders)
{
$folder = $mailboxfolder.FolderPath.Replace("/","\")
if ($folder -match "Top of Information Store")
{
$folder = $folder.Replace(“\Top of Information Store”,”\”)
}
$identity = "$($mailbox):$folder"
Write-Host "Checking $identity for permissions for user $user"
if (Get-MailboxFolderPermission -Identity $identity -User $user -ErrorAction SilentlyContinue)
{
try
{
Remove-MailboxFolderPermission -Identity $identity -User $User -Confirm:$false -ErrorAction STOP
Write-Host -ForegroundColor Green "Removed!"
}
catch
{
Write-Warning $_.Exception.Message
}
}
}