Tuesday, June 30, 2015

Exchange 2010 ADD/Remove Access to ServiceAccount based on Distribution List

Hi Readers,

Just sharing a script that has been writen recently to provide full access to serviceaccount on mailboxes that are part of distribution list.

Added some intelligent logic to it so that if user is added or removed from the group, access is also added & removed. You can say incremental processing.

This logic of incremental processing I first got it from  MVP Francois-Xavier (http://www.lazywinadmin.com/2013/11/update-powershell-monitor-and-report.html)

Download/Extract the ZIP file  from below link & edit the .ps1 file

https://gallery.technet.microsoft.com/scriptcenter/Exchange-2010-ADDRemove-4d8bbbf6



For logs recycling:

$dir= "C:\Scripts\AdGpFAccess\logs"  #script path

$limit = (Get-Date).AddDays(-30)  # Recycle logs after 30 days

For error reporting on email: (you can remove the email code if you want)

$smtpServer = "smtpserver"

$fromadd = "DoNotReply@labtest.com"

$email1 = "vikass@labtest.com"

Define Service account that would be provided full access  distribution group members.

$serviceacct = "serviceaccount"
$group = "Distributiongroup"

On first run nothing will happen, just a csv file will be created, remove all the rows except the header.

Now running it again will provide full access to service account on all mailboxes that are members of the DL.

On subsequent run only members added or removed will be taken care only.





###################################################################### 
#               Author: Vikas Sukhija 
#               Date:- 06/16/2015 
#        Reviewer:- 
#               Description:- Add full Access to service account  
#               to particular group members. 
###################################################################### 
 
$date1 = get-date -format d 
$date1 = $date1.ToString().Replace("/","-"
$dir"C:\Scripts\AdGpFAccess\logs" 
$limit = (Get-Date).AddDays(-30) 
 
$logs = ".\Logs" + "\" + "Processed_" + $date1 + "_.log" 
 
$smtpServer = "smtpserver" 
$fromadd = "DoNotReply@labtest.com" 
$email1 = "vikass@labtest.com" 
 
Start-Transcript -Path $logs 
 
######Add Exchange Shell########################################## 
 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchangeserver.labtest.com/PowerShell/ -Authentication Kerberos 
import-pssession $session 
 
 
$serviceacct = "serviceaccount" 
 
$group = "Distributiongroup" 
 
################################### 
 
$groupmem = get-distributiongroupmember $group 
 
$Statefile = "$($group)-Name.csv" 
 
 
# If the file doesn't exist, create oit 
   If (!(Test-Path $Statefile)){   
                $groupmem | select Name,PrimarySMTPAddress | Export-csv $Statefile -NoTypeInformation  
                } 
 
# Check Changes 
$Changes =  Compare-Object $groupmem $(Import-Csv $StateFile-Property Name |  
                Select-Object Name, 
                    @{n='State';e={ 
                        If ($_.SideIndicator -eq "=>"){ 
                            "Removed" } Else { "Added" } 
                        } 
                    } 
 
$Changes | foreach-object{ 
          
    if($_.state -eq "Added") { 
 
         Write-host "Full access to $serviceacct will be granted on "$_.Name"" -foregroundcolor green 
    ADD-MailboxPermission -Identity $_.Name -User $serviceacct -AccessRights FullAccess -AutoMapping $false 
    } 
     
        if($_.state -eq "Removed") { 
        $userid = "$_.Name" 
        Write-host "Full access to $serviceacct will be removed on "$_.Name"" -foregroundcolor Red 
    Remove-MailboxPermission -Identity $_.Name -User $serviceacct -AccessRights FullAccess -confirm:$false 
    } 
      } 
 
$groupmem | select Name,PrimarySMTPAddress | Export-csv $StateFile -NoTypeInformation 
 
###########################Recycle########################################## 
 
$path = $dir  
  
Get-ChildItem -Path $path  | Where-Object {   
$_.CreationTime -lt $limit } | Remove-Item -recurse -Force  
 
#######################Report Error######################################### 
if ($error -ne $null
      { 
#SMTP Relay address 
$msg = new-object Net.Mail.MailMessage 
$smtp = new-object Net.Mail.SmtpClient($smtpServer
 
#Mail sender 
$msg.From = $fromadd 
#mail recipient 
$msg.To.Add($email1
$msg.Subject = "DL Full Access Script Error" 
$msg.Body = $error 
$smtp.Send($msg
$error.clear() 
       } 
  else 
 
      { 
    Write-host "no errors till now" 
      } 
 
 
stop-transcript 
 
########################################################################## 
 
 





Regards

Sukhija Vikas

http://msexchange.me

No comments:

Post a Comment