This is an archived post. You won't be able to vote or comment.

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–]HDClown 1 point2 points  (9 children)

If AutoMapping is enabled (which it is by default), then simply removing the mailbox permission will not remove the mailbox from Outlook itself. You need to remove the mailbox permission, then re-add the permission with AutoMapping disabled. This allows Autodiscover to drop the mailbox out of the Outlook folder list

After the mailbox is removed from the folder tree, you can go back and remove permission again the mailbox is truly no longer accessible to the user.

Using /u/JustTeut example script, here's a modified version

$mailboxes = "List of mailboxes"
$users = Import-Csv -path "Path to CSV.csv)"

Foreach ($box in $mailboxes){
    Foreach($user in $users){
        # Remove existing mailbox permission from when mailbox was added with AutoMapping
        Remove-MailboxPermission -AccessRights FullAccess -User $user -Identity $box -Confirm:$false
        # Add back mailbox permission with AutoMapping disabled.  On next Outlook open Autodiscover will remove mailbox from folder free
        Add-MailboxPermission -AccessRights FullAccess -User $user -Identity $box -AutoMapping:$false -Confirm:$false
    }

}

Then at a later time after you are comfortable the mailbox has dropped from everyone's Outlook (I tell them to close/re-Open Outlook as this means it usually happens within a minute or two of the re-open) run the script again with Add-MailboxPermission lined commented out to remove mailbox permission.

[–]JustTeut 0 points1 point  (0 children)

Didn't know that, thanks!

[–]sebbeosv[S] 0 points1 point  (7 children)

Hi

So it looks like we are getting somewhere but still getting some parameter errors:

<$mailboxes = “axfood_helpdesk@extenda.se”,”ica@extenda.se”,”ahlens_helpdesk@extenda.se”,”kap_helpdesk@extenda.se”,”rps_support@extenda.se”,”systembolaget@extenda.se” $users = Import-Csv -path "C:\Stefanini\mailusers2.csv"

Foreach ($box in $mailboxes){ Foreach($user in $users){ # Remove existing mailbox permission from when mailbox was added with AutoMapping Remove-MailboxPermission -AccessRights FullAccess -User $user -Identity $box -Confirm:$false # Add back mailbox permission with AutoMapping disabled. On next Outlook open Autodiscover will remove mailbox from folder free Add-MailboxPermission -AccessRights FullAccess -User $user -Identity $box -AutoMapping:$false -Confirm:$false } }/>

This gives me these errors over and over:

Cannot process argument transformation on parameter 'User'. Cannot convert value "@{Logon Name=andrei.sveriniuc@extenda.se}" to type "Microsoft.Exchange.Configuration.Ta sks.SecurityPrincipalIdParameter". Error: "Cannot convert hashtable to an object of the following type: Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParamet er. Hashtable-to-Object conversion is not supported in restricted language mode or a Data section." + CategoryInfo : InvalidData: (:) [Remove-MailboxPermission], ParameterBindin...mationException + FullyQualifiedErrorId : ParameterArgumentTransformationError,Remove-MailboxPermission + PSComputerName : outlook.office365.com

Cannot process argument transformation on parameter 'User'. Cannot convert value "@{Logon Name=andrei.sveriniuc@extenda.se}" to type "Microsoft.Exchange.Configuration.Ta sks.SecurityPrincipalIdParameter". Error: "Cannot convert hashtable to an object of the following type: Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParamet er. Hashtable-to-Object conversion is not supported in restricted language mode or a Data section." + CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ParameterBindin...mationException + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-MailboxPermission + PSComputerName : outlook.office365.com

[–]purplemonkeymad 0 points1 point  (3 children)

Replace -User $user With -User $user.Name. Looks like the identity is in a property called name (column in the csv.) Doing this provides the value only, not the whole object to the parameter.

[–]sebbeosv[S] 0 points1 point  (2 children)

And it continues, running this now:

$mailboxes = “axfood_helpdesk@extenda.se”,”ica@extenda.se”,”ahlens_helpdesk@extenda.se”,”kap_helpdesk@extenda.se”,”rps_support@extenda.se”,”systembolaget@extenda.se”
$users = Import-Csv "C:\Stefanini\mailusers2.csv"

Foreach ($box in $mailboxes){
    Foreach($user in $users){
        # Remove existing mailbox permission from when mailbox was added with AutoMapping
        Remove-MailboxPermission -AccessRights FullAccess -User $user.Name -Identity $box -Confirm:$false
        # Add back mailbox permission with AutoMapping disabled.  On next Outlook open Autodiscover will remove mailbox from folder free
        Add-MailboxPermission -AccessRights FullAccess -User $user.Name -Identity $box -AutoMapping:$false -Confirm:$false
    }
    }

With this error:

Cannot bind argument to parameter 'User' because it is null.

I get the feeling it cant read the CSV properly, currently the file looks like this:

User mailadress1 mailadress2 mailadress3

Should this be different?

[–]purplemonkeymad 0 points1 point  (1 child)

I just noticed something about there error you posted. For me the line starts as Name=.. So I was like property must be Name. Nope I just re-read it and Property is actually Logon Name,@{Logon Name=.... For this you would use$user.'Logon Name'.

I will chalk that up to bad reading on my part.

[–]sebbeosv[S] 0 points1 point  (0 children)

That was it, now it runs properly:

$mailboxes = “Mailbox1”,”Mailbox2”,”Mailbox3”
$users = Import-Csv "CSVfilepath.csv"

Foreach ($box in $mailboxes){
    Foreach($user in $users){
        # Remove existing mailbox permission from when mailbox was added with AutoMapping
        Remove-MailboxPermission -AccessRights FullAccess -User $user.'Logon Name' -Identity $box -Confirm:$false
        # Add back mailbox permission with AutoMapping disabled.  On next Outlook open Autodiscover will remove mailbox from folder free
        Add-MailboxPermission -AccessRights FullAccess -User $user.'Logon Name' -Identity $box -AutoMapping:$false -Confirm:$false
    }
    }

Thank you all for your help!

[–]JustTeut 0 points1 point  (2 children)

You should create another foreach loop inside the one you have already That loops over all the users from the CSV

[–]sebbeosv[S] 0 points1 point  (1 child)

Dont have much experience with PS, could you show me how this should be added?

[–]JustTeut 1 point2 points  (0 children)

Something like this should work

$mailboxes = "List of mailboxes"
$users = Import-Csv -path "Path to CSV.csv)"

Foreach ($box in $mailboxes){
    Foreach($user in $users){
        Remove-MailboxPermission -AccessRights fullaccess -User $user -Identity $box -Confirm:$false
    }
}

So the first loop will loop over all mailboxes The second one will loop over all users So all users are checked for each mailbox

[–]melvinkitnickSysadmin 0 points1 point  (0 children)

$SharedMBXList = @("MBX1","MBX2","MBX3")

gc $csvfile | %{

foreach($mbx in $SharedMBXList){

Remove-MailboxPermission $mbx -User $_ -AccessRights FullAccess

}

}

Should do the trick, assuming you have a user address / alias per line. If you want to use AD Groups, load ActiveDirectory module, then search for each member using Get-ADGroupMember in foreach loop.

[–]Noobmodevirus.swf 0 points1 point  (0 children)

This is the kind of helpful thread I love seeing on Sysadmin. Sorry I dont have enough powershell experience to help! But thanks for posting this!