Enable Exchange ActiveSync on a Mailbox with PowerShell

Exchange 2007 brought some changes to managing mailboxes, most notably, the removal of Exchange tabs from Active Directory. In Exchange 2003, to enable Exchange ActiveSync for a mailbox, you would simply open the ADUC properties for a user, click the Exchange Features tab, click Exchange ActiveSync, and then click Enable.

Today, with Exchange 2007 and Exchange 2010, the function isn’t quite as easily found, but it’s much easier to use. On any machine with the Exchange Management Tools loaded, fire up the Exchange Management Shell (this won’t work in your regular PowerShell terminal) and type the following, replacing “Firstname Lastname” with the user’s first and last name, or their user ID, in quotes.

 Get-Mailbox "Firstname Lastname" | Set-CASMailbox -ActiveSyncEnabled $true

Exchange Full-Access and Send-As mailbox permissions with Powershell

All tasks in Exchange Server 2007 or Exchange Server 2010 can be done in the Exchange Management Shell. So you are also able to give the Send-As permission and the Full-access permission via the Exchange Management Shell.

Send-As permissions

If you want to give the user Pete Peterson the Send-As permission for the John Johnson Mailbox you can use the following command line:

get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “pete.peterson@msexchangeblog.nl” -ExtendedRights Send-As

If you want to give the Active Directory group SendAsGroup the Send-As permission for the John Johnson Mailbox you can use the same command line:

get-user -identity “john.johnson@msexchangeblog.nl” | Add-ADPermission -User “SendAsGroup” -ExtendedRights Send-As

Full-Access permission

To be able to give an user or group the Exchange mailbox Full-Access permission, you need to use two separate command lines. First you need to remove the Deny FullAccess permissions on the account. After the deny permission is removed you need to give the user or group the FullAccess permission on the Exchange Mailbox.

If you want to give the user Pete Peterson the Full-Access permission for the John Johnson Mailbox you can use the following command lines:

get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “pete.peterson@msexchangeblog.nl” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’

get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”pete.peterson@msexchangeblog.nl” -AccessRights ‘FullAccess’

If you want to give the Active Directory group FullAccessGroup the Send-As permission for the John Johnson Mailbox you can use the same command lines:

get-user -identity “john.johnson@msexchangeblog.nl” |Remove-MailboxPermission -User “FullAccessGroup” -Deny -InheritanceType ‘All’ -AccessRights ‘FullAccess’

get-user -identity “john.johnson@msexchangeblog.nl” | Add-MailboxPermission -User ”FullAccessGroup” -AccessRights ‘FullAccess’

(Source : http://www.msexchangeblog.nl/2010/10/22/exchange-full-access-and-send-as-mailbox-permissions-with-powershell/ )

Disable/Enable a Mailbox – Change user account while saving mails

Sometimes you have to change a whole account but transfer the mailbox database.

There are two ways to do that :

1 – Creating the new account, creating an export of the mailbox using pst files, importing this pst file into the new mailbox

Using that method, the person which will do that will have all access to the user’s mails, not really secure..

2 (the best one) :

Using this little script 🙂

#Getting all mandatory informations about the old username
$OlduserDatabase=(Get-mailbox $olduser).Database.ToString()
$OlduserDisplayName=(Get-mailbox $olduser).DisplayName.ToString()

#Disabling and cleaning the mailbox/database
Disable-Mailbox $Olduser -confirm:$false
Clean-MailboxDatabase $OlduserDatabase
$domainusername=”$onedomain$newuser”

#Getting the mailboxdatabase of the old user
$disconnectedMailbox=Get-DisconnectedMailbox $OlduserDisplayName
$disconnectedMailbox |
Foreach-Object{
Connect-Mailbox -Identity $_.StoreMailboxIdentity -Database $OlduserDatabase -User $domainusername -Alias $newuser
}
#Here we go !
return “New user $newuser has been succesfully made”

 

Get all permissions on a mailbox

If you want to get all users that have rights on a mailbox, just try this little script :

Get-Mailbox $mailbox | Get-MailboxPermission | where {($_.user.tostring() -ne “NT AUTHORITYSELF”) -and ($_.IsInherited -eq $false)}

Really simple but… really useful !

Deleting mails/meetings in a mailbox

When you have an application mailbox that automatically send meeting request to people, so many items could be really heavy.

Here is a little tips to delete all previous meeting automatically (due to a scheduled task) :

#Calculating J-1 date
$ddate=get-date -uformat %m/%d/%Y
$ddate=$ddate.AddDays(-1)
#Adding rights on the mailbox (do it Once)
Get-Mailbox “application.mailbox” | Add-MailboxPermission -User $localu -AccessRights Fullaccess -InheritanceType all
#Deleting old meeting/mails
Get-Mailbox “application.mailbox” | Export-Mailbox -EndDate $ddate -DeleteContent

That could be really… really usefull !