Powershell to Add O365 User to a Mailbox with Send As Permission & Add them to Security Group with Full Access

0

Trying to come up with a way to add users with send as right to a mailbox and also add them with full control rights to a security group. At the moment I'm doing it with the below command...

$User = "UserEmail"
$Mailbox = "MailboxEmail"
$MailboxAccess = "SecurityGroup"
Add-RecipientPermission -Identity $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$false
Add-DistributionGroupMember -Identity $MailboxAccess -Member $User -Confirm:$false -BypassSecurityGroupManagerCheck

But know this isn't the fastest way because I have to manually find the mailbox emails from O365 Admin Portal. Was trying something like the below...

$User = "UserEmail"
$Mailbox = Get-Mailbox -RecipientTypeDetails SharedMailbox -Anr *MailboxName* | Select-Object PrimarySmtpAddress
$MailboxAccess = Get-Group -Anr *SecurityGroupName* | Select-Object WindowsEmailAddress
Add-RecipientPermission -Identity $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True
Add-DistributionGroupMember -Identity $MailboxAccess -Member $User -Confirm:$True -BypassSecurityGroupManagerCheck

But that's failing because the cmdlets don't support piping. Pretty new to Powershell so any help/advice would be much appreciated.

Edit

Error message received when running is...

PS C:\WINDOWS\System32\WindowsPowerShell\v1.0> Add-RecipientPermission -Identity
 $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True
Cannot process argument transformation on parameter 'Identity'. Cannot convert
value "@{PrimarySmtpAddress=*EmailAddress*}" to type
"Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter". Error: "Cannot
convert hashtable to an object of the following type:
Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter.
Hashtable-to-Object conversion is not supported in restricted language mode or
a Data section."
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], Para
   meterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-Recipie
   ntPermission
    + PSComputerName        : outlook.office365.com

Also tried running it without the additional Select-Objects at the end and still get similar...

    PS C:\WINDOWS\System32\WindowsPowerShell\v1.0> Add-RecipientPermission -Identity  
 $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True  
Cannot process argument transformation on parameter 'Identity'. Cannot convert  
value "*EmailDisplayName*" to type  
"Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter". Error: "Cannot  
convert hashtable to an object of the following type:  
Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter.  
Hashtable-to-Object conversion is not supported in restricted language mode or  
a Data section."  
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], Para  
   meterBindin...mationException  
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-Recipie  
   ntPermission  
    + PSComputerName        : outlook.office365.com

Jim Thomas

Posted 2017-03-23T16:51:42.220

Reputation: 45

1Where does the second script fail? Could you please [edit] your question to include the error message you get? Thanks! – Ben N – 2017-03-23T16:55:40.040

Yeah no problem, that's been added. – Jim Thomas – 2017-03-24T09:35:03.507

Answers

0

Looking at the example shown in the TechNet page on Add-RecipientPermission, it appears that you can supply a simple string value for the -Identity parameter; it doesn't need a fancy object. The article also states (in the table of parameters) that you can use any name that uniquely identifies the principal, even the display name. The same goes for Add-DistributionGroupMember.

Therefore, you don't have to use Get-Mailbox or Get-Group to find the e-mail address of the recipient; you can just use your first script and supply the human-readable name.

If you do want to use those cmdlets, though, you need to get the plain e-mail address out of the one-property object returned by select. For example, you would supply $MailboxAccess.WindowsEmailAddress instead of just $MailboxAccess. You might even have to call ToString() on that value if it's yet another .NET object that doesn't automatically convert to something usable.

Ben N

Posted 2017-03-23T16:51:42.220

Reputation: 32 973

That worked a treat, cheers Ben! Used the second $MailboxAccess.WindowsEmailAddress option because when people are requesting these they don't always know the exact name so it's handy being able to use -Anr to search. – Jim Thomas – 2017-03-27T08:50:49.143

Asked: 2017-03-23T16:51:42.220

Viewed: 413 times

Active: 2017-03-24T14:28:54.657