Exchange Server Mailbox Management (OnPremise): Difference between revisions
Line 259: | Line 259: | ||
====Input Parameters==== | ====Input Parameters==== | ||
* <code> | * <code>Identity</code> '''MANDATORY''' - Specifies the mailbox where you want to assign permissions to the user | ||
* <code>UserName</code> '''MANDATORY''' - Specifies who gets the permissions on the mailbox. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups | * <code>UserName</code> '''MANDATORY''' - Specifies who gets the permissions on the mailbox. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups | ||
* <code>AccessRights</code> '''MANDATORY''' - Specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner ChangePermission DeleteItem ExternalAccount FullAccess ReadPermission | * <code>AccessRights</code> '''MANDATORY''' - Specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner ChangePermission DeleteItem ExternalAccount FullAccess ReadPermission | ||
* <code>InheritanceType</code> - Specifies how permissions are inherited by folders in the mailbox | * <code>InheritanceType</code> - Specifies how permissions are inherited by folders in the mailbox | ||
* <code>AutoMapping</code> - Specifies whether to enable or disable the auto-mapping feature in Microsoft Outlook that uses Autodiscover to automatically open other mailboxes for the user. | * <code>AutoMapping</code> - Specifies whether to enable or disable the auto-mapping feature in Microsoft Outlook that uses Autodiscover to automatically open other mailboxes for the user. | ||
====Output Parameters==== | ====Output Parameters==== |
Revision as of 17:08, 6 October 2021
Home > Administration > IT Operations Management > ITOM Package Library > Exchange Server Mailbox Management (OnPremise) | Index |
IntroductionThis package provides operations for On-Premise Exchange server mailbox management, supported for use on Exchange Server version 2016 and above. |
|
Target Environment Requirements
Script Execution Machine Requirements
- This package utilises Exchange Server PowerShell CmdLets provided by the Exchange Management Shell, which requires installation on the target device. See the Install Exchange Management Tools document for more information
- If the script execution policy on the machine executing these operations is restricted, this will need to be updated to something less restrictive. If this is the case, you can use the Set Execution Policy operation within the Windows Management package to update the Execution Policy on the target device before performing any other operations.
KeySafe Configuration
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges on the target.
To configure your Target Machine account authentication in KeySafe:
- In the Admin console, navigate to: System > Security > KeySafe;
- Click on + then select
Username + Password
; - Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
- Optionally add a description;
- Populate the Username field with the domain/local account username for the account being used on the target machine;
- Populate the Password field with the password for the above account;
- Select Create Key to save.
Once you have created your KeySafe Key, you can then use it when creating IT Automation Jobs from this package. See screenshots to the right for examples.
Package Operations
The Exchange Server Mailbox Management (OnPremise) package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Rubooks.
Get Mailbox Details
Returns the specified mailbox's properties
Input Parameters
Identity
MANDATORY - Specifies the mailbox that you want to view. You can use any value that uniquely identifies the mailbox.
Output Parameters
Name
Type
Alias
EmailAddress
DistinguishedName
Database
ForwardingAddress
ForwardingSMTPAddress
DeliverToMailboxAndForward
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Create New Mailbox
Enables the creation of a user mailbox and linked Active Directory user account at the same time.
Input Parameters
UserPrincipalName
MANDATORY - Specifies the logon name for the user account. The UPN uses an email address format: username@domain. Typically, the domain value is the domain where the user account resides.MailboxName
MANDATORY - The unique name of the mailbox.FirstName
- Specifies the user's first name.Lastname
- Specifies the user's last name.DisplayName
- Specifies the display name of the mailbox. The display name is visible in the Exchange admin center, in address lists, and in Outlook.Password
MANDATORY - Specifies the password for the mailbox (the user account that's associated with the mailbox).ResetPassword
- Specify if the user is required to change their password the next time they log on to their mailbox.OrganisationalUnit
- Specifies the location in Active Directory where the new mailbox is created.Database
- Specifies the mailbox database that contains the mailbox. You can use any value that uniquely identifies the database.
Output Parameters
Name
Alias
EmailAddress
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Remove Mailbox
Enables the Deletion of a mailbox and the associated Active Directory user account.
Input Parameters
Identity
MANDATORY - Identifies the mailbox that you want to remove. You can use any value that uniquely identifies the mailbox.Permanent
- specifies whether to permanently delete the mailbox from the mailbox database.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Enable Mailbox
Creates a mailbox for an existing user who doesn't already have an associated mailbox.
Input Parameters
Identity
MANDATORY - AD Account Identity
Output Parameters
Name
Alias
EmailAddress
DistinguishedName
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Create New Room Mailbox
Enables the creation of an Exchange Room mailbox and linked Active Directory user account at the same time.
Input Parameters
MailboxName
MANDATORY - Specifies the unique name of the mailbox. The maximum length is 64 characters.UserPrincipalName
- The logon name for the user account. The UPN uses an email address format: username@domain.FirstName
- Specifies the user's first name.Surname
- Specifies the user's last name.DisplayName
- Specifies the display name of the mailbox. The display name is visible in the Exchange admin center, in address lists, and in Outlook.OrganisationalUnit
- Specifies the location in Active Directory where the new mailbox is created.Alias
- Specifies the Exchange alias (also known as the mail nickname) for the recipient.Database
- Specifies the mailbox database that contains the mailbox.
Output Parameters
Name
Alias
EmailAddress
DistinguishedName
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Create Equipment Mailbox
Enables the creation of an Exchange Equipment mailbox and linked Active Directory user account at the same time.
Input Parameters
MailboxName
MANDATORY - Specifies the unique name of the mailbox. The maximum length is 64 characters.UserPrincipalName
- The logon name for the user account. The UPN uses an email address format: username@domain.FirstName
- Specifies the user's first name.Surname
- Specifies the user's last name.DisplayName
- Specifies the display name of the mailbox. The display name is visible in the Exchange admin center, in address lists, and in Outlook.OrganisationalUnit
- Specifies the location in Active Directory where the new mailbox is created.Alias
- Specifies the Exchange alias (also known as the mail nickname) for the recipient.Database
- Specifies the mailbox database that contains the mailbox.
Output Parameters
Name
Alias
EmailAddress
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Set SMTP Forwarding
Enable SMTP Forwarding and how messages are delivered and forwarded.
Input Parameters
MailboxName
MANDATORY - Specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox..ForwardingSMTPAddress
MANDATORY - Specifies a forwarding SMTP address for messages that are sent to this mailbox. Typically, you use this parameter to specify external email addresses that aren't validated.DeliverAndForward
- Specifies the message delivery behavior when a forwarding address is specified by the ForwardingAddress or ForwardingSmtpAddress parameters. Valid values are: $true: Messages are delivered to this mailbox and forwarded to the specified recipient or email address. $false: If a forwarding recipient or email address is configured, messages are delivered only to the specified recipient or email address, and messages aren't delivered to this mailbox. If no forwarding recipient or email address is configured, messages are delivered only to this mailbox.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Set Mailbox Forwarding
Enable Internal Mail Forwarding and how messages are delivered and forwarded.
Input Parameters
MailboxName
MANDATORY - Specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.ForwardingMailbox
MANDATORY - Specifies a forwarding address in your organization for messages that are sent to this mailbox. You can use any value that uniquely identifies the internal recipient.DeliverAndForward
- Specifies the message delivery behavior when a forwarding address is specified by the ForwardingAddress or ForwardingSmtpAddress parameters. Valid values are: $true: Messages are delivered to this mailbox and forwarded to the specified recipient or email address. $false: If a forwarding recipient or email address is configured, messages are delivered only to the specified recipient or email address, and messages aren't delivered to this mailbox. If no forwarding recipient or email address is configured, messages are delivered only to this mailbox.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Remove SMTP Forwarding
Disable SMTP Forwarding
Input Parameters
MailboxName
MANDATORY - Specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.DeliverAndForward
- Specifies the message delivery behavior when a forwarding address is specified by the ForwardingAddress or ForwardingSmtpAddress parameters.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Remove Mailbox Forwarding
Disable Internal Mail Forwarding
Input Parameters
MailboxName
MANDATORY - Specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.DeliverAndForward
- Specifies the message delivery behavior when a forwarding address is specified by the ForwardingAddress or ForwardingSmtpAddress parameters.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Add Mailbox Permission
Use to add permissions to a mailbox, from the following list:
ChangeOwner, ChangePermission, DeleteItem, ExternalAccount FullAccess, ReadPermission
Input Parameters
Identity
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies who gets the permissions on the mailbox. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groupsAccessRights
MANDATORY - Specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner ChangePermission DeleteItem ExternalAccount FullAccess ReadPermissionInheritanceType
- Specifies how permissions are inherited by folders in the mailboxAutoMapping
- Specifies whether to enable or disable the auto-mapping feature in Microsoft Outlook that uses Autodiscover to automatically open other mailboxes for the user.
Output Parameters
Identity
User
AccessRights
IsInherited
InheritanceType
Deny
ObjectState
IsValid
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Remove Mailbox Permission
Use to remove mailbox permissions, from the following list:
ChangeOwner, ChangePermission, DeleteItem, ExternalAccount FullAccess, ReadPermission
Input Parameters
Identity
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies whose permissions are being removed from the specified mailbox. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groupsAccessRights
MANDATORY - Specifies the permission that you want to remove from the user on the mailbox. Valid values are: FullAccess SendAs ExternalAccount DeleteItem ReadPermission ChangePermission ChangeOwnerInheritanceType
- Specifies whether permissions are inherited to folders within the mailbox.
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Add Mailbox Send As Permission
Set the Send As permission for a user on the specified mailbox
Input Parameters
Identy
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies who gets the permissions on the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups
Output Parameters
User
Identity
Deny
InheritanceType
ExtendedRights
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Remove Mailbox Send As Permission
Remove the Send As permission for a user on the specified mailbox
Input Parameters
Identity
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies who gets the permissions on the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Add Mailbox Send On Behalf Permission
Set the Send On Behalf permission for a user on the specified mailbox
Input Parameters
Identity
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies who gets the permissions on the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Remove Mailbox Send On Behalf Permission
Remove the Send On Behalf permission for a user on the specified mailbox
Input Parameters
Identy
MANDATORY - Specifies the mailbox where you want to assign permissions to the userUserName
MANDATORY - Specifies who gets the permissions on the Active Directory object. You can specify the following types of users or groups (security principals) for this parameter: Mailbox users Mail users Security groups
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Move Mailbox To Another Database
Begin the process of an asynchronous mailbox or personal archive move. The operation will probe the process and finish once the mailbox has is moved. A configurable timeout defaulted to 1 hour allows the operation to exit, leaving the move process still running. The outcome will be a warning in the event of a timeout,
Input Parameters
Identy
MANDATORY - Specifies the mailbox where you want to assign permissions to the userTargetDB
MANDATORY - Specifies the destination mailbox database for the mailbox. You can use any value that uniquely identifies the database. For example: Name Distinguished name (DN) GUID
Output Parameters
ExchangeGuid
MailboxIdentity
DisplayName
RecipienttypeDetails
SourceDatabase
TargetDatabase
TotalMailboxSize
TotalMailboxItemCount
OverallDuration
Status
StatusDetail
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operationwarnings
Disable Mailbox
Removes the mailbox's Exchange attributes from Active Directory. The mailbox isn't deleted and can be reconnected to its user later by using the Connect Mailbox operation.
Input Parameters
Identity
MANDATORY - Specifies the mailbox that you want to disable. You can use any value that uniquely identifies the mailboxDomainController
- Specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN
Output Parameters
outcome
MANDATORY The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation
Connect Mailbox
Connects disconnected mailboxes to existing user accounts that don't already have mailboxes.
Be aware that linking a mailbox to an existing user account gives them full access to the mailbox and all mail in the mailbox.
Input Parameters
Identity
MANDATORY - Specifies the mailbox that you want to connect to a user account. This parameter doesn't specify an Active Directory object. You can use the following values to identify the mailbox: [Display name, GUID, LegacyExchangeDN]Database
MANDATORY - Specifies the Exchange database that contains the mailbox that you want to connect. You can use any value that uniquely identifies the database.User
MANDATORY - Specifies the user object in Active Directory that you want to connect the mailbox to. You can use any value that uniquely identifies the user.DomainController
- specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN)Equipment
- Required to connect equipment mailboxesRoom
- Required to connect room mailboxesShared
- Required to connect shared mailboxes
Output Parameters
outcome
The outcome of the operation (OK/FAIL)errors
Any errors returned by the operation