The company I am employed by runs an Exchange 2007 SP1 environment and handles a large number of customer service inquiries for various different things. One thing the users have taken a liking to is having generic user accounts set up for mailboxes for each of these business areas they service that they attach to their Outlook clients. There is a very large number of these. Typically, the users will be provided Full Mailbox Access and Send As permission. I have been using EMS to handle these permissions changes, which was a welcome switch compared to doing it in EMC. Here is a very basic example script: Add-MailboxPermission "Generic Mailbox One" -User "DOMAIN\Group One" -AccessRights "FullAccess" Add-MailboxPermission "Generic Mailbox One" -User "DOMAIN\Group Two" -AccessRights "FullAccess" Add-MailboxPermission "Generic Mailbox Two" -User "DOMAIN\Group One" -AccessRights "FullAccess" Add-MailboxPermission "Generic Mailbox Two" -User "DOMAIN\Group Two" -AccessRights "FullAccess" Add-ADPermission "Generic Mailbox One" -User "DOMAIN\Group One" -ExtendedRights "Send As" Add-ADPermission "Generic Mailbox One" -User "DOMAIN\Group Two" -ExtendedRights "Send As" Add-ADPermission "Generic Mailbox Two" -User "DOMAIN\Group One" -ExtendedRights "Send As" Add-ADPermission "Generic Mailbox Two" -User "DOMAIN\Group Two" -ExtendedRights "Send As" This works well enough, but imagine adding twenty more mailboxes and another group or two. It gets unwieldy real fast to the point where the tedium of editing all the mailbox and group names over and over becomes maddening. What I was hoping to do is create a PowerShell script that has something like this: Add-MailboxPermission $Mailbox -User $User -AccessRights "FullAccess" Add-ADPermission $Mailbox -User $User -ExtendedRights "Send As" I would want to be able to supply a list of mailboxes and users or groups (either via the command line or inside the PS1 file itself, I don't really care either way) and have it loop through these two commands for each mailbox and user/group combination. While I'm comfortable using PowerShell commands to administrate Exchange, I am not a programmer and don't know how to write a script that would do this parsing and looping, and possibly grabbing inputted parameters from the command line.

Try this:Create an Excel spreadsheet, with 2 columns. Label them "Mailbox" and "User".Put in the mailbox and user or group names in the appropriate columns.Save it as a .csv (c:\perms.csv for this example).Now:$perms = import-csv c:\perms.csv$perms | foreach-object {Add-MailboxPermission $_.Mailbox -User $_.User -AccessRights "FullAccess"Add-ADPermission $_.Mailbox -User $_.User -ExtendedRights "Send As"} I will take your problems into my head and into my hands, but I will not take them into my stomach.

Wow, that looks ridiculously simple. I had no idea it might be so easy! I'll give it a shot. Thanks.

I guess it was too simple. No worky. At least not how I was hoping. I created two mailboxes: "Test Mailbox 1" and "Test Mailbox 2". I opened Excel and put two columns as you said, one headed "Mailbox" and the other headed "User". In the first column, I listed the two test mailboxes and in the second, I listed five real user's UPNs. I get a bunch of errors (show below) when running the script. The end result is that the first user listed has Full Mailbox Access and Send As permission on Test Mailbox 1 and the second user listed has Full Mailbox Access and Send As permission on Test Mailbox 2. The remaining users were not added to either mailbox. I suppose I could list each mailbox five times in the left column and have the five users listed twice (once for each mailbox) and that would work with your script, but I was hoping to eliminate all repetition. Just a list of users or groups and a list of mailboxes and apply both permissions for all people or groups for all mailboxes. Here is the output after running the script: -------- ---- ------------ ----------- ---- fw.local/Test... DOMAIN\user1 {FullAccess} False False AccessRights : {ExtendedRight} ExtendedRights : {Send-As} ChildObjectTypes : InheritedObjectType : Properties : IsValid : True Deny : False InheritanceType : All User : DOMAIN\user1 Identity : domain.local/Test/Test Mailbox 1 IsInherited : False ObjectState : Unchanged fw.local/Test... DOMAIN\user2 {FullAccess} False False AccessRights : {ExtendedRight} ExtendedRights : {Send-As} ChildObjectTypes : InheritedObjectType : Properties : IsValid : True Deny : False InheritanceType : All User DOMAIN\user2 Identity : domain.local/Test/Test Mailbox 2 IsInherited : False ObjectState : Unchanged Add-MailboxPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:3 char:22 + Add-MailboxPermission <<<< $_.Mailbox -User $_.User -AccessRights "FullAcces s" Add-ADPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:4 char:17 + Add-ADPermission <<<< $_.Mailbox -User $_.User -ExtendedRights "Send As" Add-MailboxPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:3 char:22 + Add-MailboxPermission <<<< $_.Mailbox -User $_.User -AccessRights "FullAcces s" Add-ADPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:4 char:17 + Add-ADPermission <<<< $_.Mailbox -User $_.User -ExtendedRights "Send As" Add-MailboxPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:3 char:22 + Add-MailboxPermission <<<< $_.Mailbox -User $_.User -AccessRights "FullAcces s" Add-ADPermission : A parameter cannot be found that matches parameter name ''. At C:\add_mailbox_permissions.ps1:4 char:17 + Add-ADPermission <<<< $_.Mailbox -User $_.User -ExtendedRights "Send As"

Ah. I misunderstood.Try this:$mailboxes = "mailbox1","mailbox2",mailbox3","mailbox4","mailbox5"$users = "user1","user2","user3","user4","user5"foreach ($mailbox in $mailboxes){foreach ($user in $users){Add-MailboxPermission $Mailbox -User $User -AccessRights "FullAccess"Add-ADPermission $Mailbox -User $User -ExtendedRights "Send As"}} If you want to keep the users and mailboxes in .txt files, you can substitute:$mailboxes = get-content mailboxes.txt$users = get-content users.txtin place of the list in the script.I will take your problems into my head and into my hands, but I will not take them into my stomach.

That worked perfectly. I love it. Now I know it's possible to somehow combine your idea from your first script with using the CSV file for the lists and the second script that does exactly what I was looking for. I'll have to play around with that. Thanks for your help.

Powershell is good stuff :)I will take your problems into my head and into my hands, but I will not take them into my stomach.

Here's one way to use the .csv$perms = import-csv c:\perms.csv$mailboxes = @()$users = @()$perms | foreach-object {if ($_.mailbox){$mailboxes += $_.mailbox}if ($_.user_{$users += $_.user}}foreach ($mailbox in $mailboxes){foreach ($user in $users){Add-MailboxPermission $Mailbox -User $User -AccessRights "FullAccess"Add-ADPermission $Mailbox -User $User -ExtendedRights "Send As"}} I will take your problems into my head and into my hands, but I will not take them into my stomach.

Thanks. You actually have an error there with the second underscore in line 8 but it was easy enough to spot and correct. Is there someplace I can learn PowerShell scripting? All the examples I'm finding on the Internet of PowerShell scripts are ridiculously simple and don't help me sort out some of the more complicated things I'm trying to do. For instance, now I'm trying to create a nice script where I just have to fill out a few details in a CSV file for a set of users and be able to run a script that creates a mail-enabled user. I want to just supply the first name, last name, middle initial, city, SAM account name, and mailbox database. The CN, Exchange alias, OU, and UPN will be created from those variables. But I'm having trouble with the combinations. For instance, for the -Name attribute of the New-Mailbox command, instead of creating a field in the CSV file just for the CN of the user account, I want to just use the FirstName and LastName variables. I want to use something like: New-Mailbox -Name "$_.FirstName $_.LastName" But I get an error that it exceeds the maximum length for the value. I found out why. If I do Write-Host "$_.FirstName $_.LastName", I get: @{FirstName=Test; MI=; LastName=Mailbox1; City=New York; SamAccountName=testma ilbox1; Database=EXCHNAGE\MB001\Mailbox001}.FirstName @{FirstName=Test; MI=; LastN ame=Mailbox1; City=New York; SamAccountName=testmailbox1; Database=EXCHANGE\MB00 1\Mailbox001}.LastName I can't figure out how to put the first name and last name together as a single attribute response. If I do single quotes, it just returns the variable names themselves as text. If I do no quotes, it doesn't like the space in between the names. I also am having trouble with our Exchange alias. We do "FirstName.LastName" as our Exchange alias. When I try Write-Host $_.FirstName.$_.LastName, I just get a blank line. If I try Write-Host "$_.FirstName.$_.LastName", I get output similar to the above where it is returning all the info from the CSV file as a hash table. If I try Write-Host "${_.FirstName}.${_LastName}", I just get a period. Also, I know I'm going to have the trouble with the UPN. We do firstname.lastname@domain.local. So I want to use .ToLower() in there after the $_.FirstName and $_.LastName variables to get the name to lowercase. I know I'm going to have trouble figuring out how to do the variable for first name, .ToLower(), period, variable for last name, .ToLower(), and then the string for the domain suffix. If you could help me with this too it would be much appreciated but I'm finding what I really need is some sort of good resource where I can really learn this.

That's kind of an idosycracy of working with strings referenced as a property of an object. Theres a couple of ways around it. $first = $_.FirstName$last = $_.LastNameNew-Mailbox -Name "$first $last"or New-Mailbox -Name "$($_.FirstName) $($_.LastName)"Try this for your UPN:"$($_.FirstName.tolower()).$($_.LastName.toloser())@domain.com" I'd start here for learning resources: http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx

Thanks for the resource and the suggestions. I used the second one and it worked perfectly. My only hangup now is the SAM account name. Our format is "first seven of last name + first initial". For duplicates, it is "first six of last name + first two letters of first name". I figured there has to be a way to parse the FirstName and LastName variables so I wouldn't have to specify the SAM account name at all and get it down to just the first name, last name, middle initial, city, and database. And there is. I found the SubString() method. So far I came up with this: $_.LastName.ToLower().SubString(0,7)$_.FirstName.ToLower().SubString(0,1) The problem is, it sticks a space in there. I end up with "mailbox t" (from first name "Test" and last name "Mailbox1"). Any idea how to do this in such a way that would eliminate the space?

I'm not sure why you're getting the space, unless it's picking it up from the data, but this should remedy it.($_.LastName.ToLower().SubString(0,7)$_.FirstName.ToLower().SubString(0,1)).replace(" ","")

I double-checked my data. No space preceding the first name "Test" and the last name is "Mailbox1" and it's picking out "mailbox" so that's clearly not where it is coming from. Anyway I tried yours and I get this: Unexpected token '_' in expression or statement. At C:\create_users.ps1:6 char:51 + Write-Host ($_.LastName.ToLower().SubString(0,7)$_. <<<< FirstName.ToLower(). SubString(0,1)).replace(" ","")

Try it this way: Write-Host $($($_.LastName.ToLower().SubString(0,7))($($_. FirstName.ToLower().SubString(0,1))).replace(" ",""))or $sam = ($_.LastName.ToLower().SubString(0,7)($_. FirstName.ToLower().SubString(0,1)).replace(" ","")$sam

Interesting. If I do Write-Host $_.LastName.ToLower().SubString(0,7)$_.FirstName.ToLower().SubString(0,1), it doesn't complain and spits out ("mailbox t") but if I try to set it to a variable, I get a similar error as above where it doesn't like that second underscore.

Suggestion 1: Error Unexpected token '(' in expression or statement. At C:\create_users.ps1:7 char:54 + Write-Host $($($_.LastName.ToLower().SubString(0,7))($ <<<< ($_. FirstName.To Lower().SubString(0,1))).replace(" ","")) Suggestion 2: Error Unexpected token '(' in expression or statement. At C:\create_users.ps1:8 char:47 + $sam = ($_.LastName.ToLower().SubString(0,7)($ <<<< _. FirstName.ToLower().S ubString(0,1)).replace(" ","")

Ah. Forgot the concatenation operator, I think.$sam = ($_.LastName.ToLower().SubString(0,7)+$_. FirstName.ToLower().SubString(0,1)).replace(" ","")

Yeah I just started looking into the + operator. But this particular usage isn't working either: Unexpected token '.' in expression or statement. At C:\create_users.ps1:8 char:50 + $sam = ($_.LastName.ToLower().SubString(0,7)+$_. <<<< FirstName.ToLower().S ubString(0,1)).replace(" ","")

Okay. Let's separate the evals a little better.$sam = (($_.LastName.ToLower().SubString(0,7)) + ($_. FirstName.ToLower().SubString(0,1))).replace(" ","")

Wow, it really wants to put a space in there. I did this: Write-Host $_.LastName.ToLower().SubString(0,7).Trim()$_.FirstName.ToLower().SubString(0,1).Trim() The Trim function is supposed to remove empty spaces at the beginning and end of strings. It still returns "mailbox t"!!! Maddening!

Okay. Let's separate the evals a little better. $sam = (($_.LastName.ToLower().SubString(0,7)) + ($_. FirstName.ToLower().SubString(0,1))).replace(" ","") Unexpected token '.' in expression or statement. At C:\create_users.ps1:8 char:55 + $sam = (($_.LastName.ToLower().SubString(0,7)) + ($_. <<<< FirstName.ToLowe r().SubString(0,1))).replace(" ","")

I finally found something that works. I wish there was a way to do it in one line, but oh well. $sam1 = $_.LastName.ToLower().SubString(0,7) $sam2 = $_.FirstName.ToLower().SubString(0,1) $sam = $sam1+$sam2 $sam Result? "mailboxt"!

I just did a little testing, and you may be better off using $_.lastname.tolower()[0..7] instead of .substring(0,7).Substring doesn't like hitting a lastname with less than 7 characters. The array slicing doesn't care.

Actually, that array slice should be [0..6] to give you 7 characters.

Good point. I did see that the SubString() method doesn't like getting less characters than you are asking it to give you. I tried your method, but I guess I'm not sure how to use it when I need to specifiy the -SamAccountName parameter for the New-Mailbox cmdlet. I don't get: mailboxt I get: m a i l b o x t

You can set $ofs to "", and re-cast as string to fix that. PS E:\> $a = "mailboxt"PS E:\> $a[0..6]mailboxPS E:\> [string]$a[0..6]m a i l b o xPS E:\> $ofs="";[string]$a[0..6]mailboxPS E:\>Kind of a pain, but maybe easier that testing for lenght before using substring(),

Hm. Yeah, I'll have to hash all this stuff out. My goal is to ultimately have a script that completely automates this, including the situations where there would be a duplicate SAM account name and also automatically selecting a mailbox database. Heh, I've got a long way to go, but I know it can be done. Thank you.

Yep. You're going to have to create a samaccountname string from the csv, then try to do a get-user on that to see if it works. If it does, you need to re-factor your new samaccountname and retry.

You didn't include the -HorizontalOutput:$True parameter. Just kidding.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "Scott W. Sander" wrote in message news:fca220c4-2c57-44a7-b9d1-3d7dad709dc3...Good point. I did see that the SubString() method doesn't like getting less characters than you are asking it to give you. I tried your method, but I guess I'm not sure how to use it when I need to specifiy the -SamAccountName parameter for the New-Mailbox cmdlet.I don't get:mailboxtI get:mailboxt Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."