Script repository
The script checks whether Full Access permissions are modified for a mailbox. To execute the script, use the If PowerShell script returns true condition in a business rule with the corresponding triggering operation (e.g. Before/After modifying Exchange properties of a user). The script returns $true if Full Access permissions are modified.
$Context.ConditionIsMet = $False
# Check whether mailbox rights are modified.
$modifiedMailboxParams = $Context.Action.MailParameters
if (-not($modifiedMailboxParams.MailboxRightsModificationEnabled))
{
return
}
# Check modifications
$modifiedMailboxRights = $modifiedMailboxParams.MailboxRights
$modifications = $modifiedMailboxRights.GetModifications()
if ($modifications.Length -ne 0)
{
$fullAccessFlag = [Softerra.Adaxes.Interop.Adsi.Exchange.ADM_EXCHANGE_MAILBOX_RIGHTS_ENUM]::ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS
foreach ($modification in $modifications)
{
$permissions = $modification.Permission
if ($permissions.AllowedRights -band $fullAccessFlag -or
$permissions.InheritedAllowedRights -band $fullAccessFlag -or
$permissions.DeniedRights -band $fullAccessFlag -or
$permissions.InheritedDeniedRights -band $fullAccessFlag)
{
$Context.ConditionIsMet = $True
return
}
}
return
}
# Compare current permissions with modified.
$mailboxParams = $Context.TargetObject.GetMailParameters()
$fullAccess = New-Object "System.Collections.Generic.HashSet[System.Object]"
$modifiedFullAccess = New-Object "System.Collections.Generic.HashSet[System.Object]"
$mailboxParams.MailboxRights.GetTrusteesGrantedRights("ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS") | %%{[void]$fullAccess.Add($_)}
$modifiedMailboxParams.MailboxRights.GetTrusteesGrantedRights("ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS") | %%{[void]$modifiedFullAccess.Add($_)}
$Context.ConditionIsMet = -not($fullAccess.SetEquals($modifiedFullAccess))
Comments 0
You must be signed in to comment.