Issue with Get-MailboxPermissions and Identity

I am trying to write a PS script that will allow our Help Desk and Desktop Support to gather Exchange data without having to ask our Exchange dept for it. I’m having a weird problem when I run the Get-MailboxPermission cmdlet - it thinks my list of Delegates (GrantSendOnBehalfTo field) is an array, and it throws the following error when I run it:
ERROR: Cannot process argument transformation on parameter ‘Identity’. Cannot convert the “System.Collections.ArrayList” value of type “System.Collections.ArrayList”
ERROR: to type “Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter”.

I will post the function where it is called. I’m using a csv file to store the user and Distribution List data, so it won’t have to get all user data at once, which takes a long time. The issue seems to be when I get the list of Delegates for a specific user ID, where I split it (it’s just a field with a semicolon separating each userID . Any help would be appreciated.

I couldn’t find where to post the code, so here it is:

function Get-UserDelegatesAndPermissions
{
param
(
[parameter(Mandatory = $true)]
[string]$userID

)

$userDataFile = 'C:\Users\ABC1234\Documents\My PS Projects\ExchangeOnline-Explorer\UserMailboxData_10-9-21_ver2.csv'
$allUserData = Import-Csv $userDataFile

$distributionListFile = 'C:\Users\ABC1234\Documents\My PS Projects\ExchangeOnline-Explorer\DistributionList_10-10-21.csv'
$distributionList = Import-Csv $distributionListFile | select Identity

$userInfo = $allUserData | ? { $_.Identity -eq $userID } 
$delegateList = [string[]]($userInfo.GrantSendOnBehalfTo -split '; ')

$delegateInfo = @()
$delegateInfo = New-Object System.Management.Automation.PSObject
$delegateInfo | Add-Member -MemberType NoteProperty "UserName" -Value $userInfo.DisplayName

foreach ($delegate in $delegateList)
{
	
	#check if Identity is a DL
	
	if($distributionList.Identity -contains $delegate) #Delegate is Distribution List
	{
		$delegateInfo | Add-Member -MemberType NoteProperty "Delegate Name" -Value $delegate + " (Distribution List)"
	}
	else
	{
		$delegateNameInfo = $allUserData | ? { $_.Identity -eq $delegate } | select Identity, DisplayName, UserPrincipalName
		$delegateInfo | Add-Member -MemberType NoteProperty "User with access to mailbox" -Value $delegateNameInfo.DisplayName
		
		#check for FullAccess permissions
		$upn = $delegateNameInfo.UserPrincipalName
		$delegateAccessRights = Get-MailboxPermission $userID -User $delegate.Identity | select AccessRights
		#$delegateAccessRights = (Get-MailboxPermission $userID | ? { $_.User -like ($delegateNameInfo.Identity) }).AccessRights
		if($delegateAccessRights -ne $null)
		{
			#Delegate has permissions to user's root of Mailbox
			$delegateInfo | Add-Member -MemberType NoteProperty "Access Rights To Mailbox" -Value $delegateAccessRights
		}
		else
		{
			#no access to user's root of mailbox
			
		}
		#get Delegate permissions to Inbox and Calendar
		$delegatePermissionsInbox = Get-MailboxFolderPermission $userID':\Inbox' -User $delegate.Identity | select AccessRights
		$delegatePermissionsCalendar = Get-MailboxFolderPermission $userID':\Calendar' -User $delegate.Identity | select AccessRights, SharingPermissionFlags
		$delegateInfo | Add-Member -MemberType NoteProperty "Delegate's Inbox Permissions" -Value $delegatePermissionsInbox
		$delegateInfo | Add-Member -MemberType NoteProperty "Delegate's Calendar Permissions" -Value $delegatePermissionsCalendar
		
	}
}
return $delegateInfo

}

Brian

Almost there, you just need to make sure all your code and errors is posted between the backticks when you click the </> button.

From the error, I’m not sure it’s the list of delegates that’s the problem, I think it’s the $userId.

ERROR: Cannot process argument transformation on parameter ‘Identity’. Cannot convert the “System.Collections.ArrayList” value of type “System.Collections.ArrayList”
ERROR: to type “Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter”.

This problem is because your parameter is declared as accepting an array

param (
    [parameter(Mandatory = $true)]
    [string[]]$userID
)

This causes it to always be an array, even if it contains only a single value.

Thanks. I finally noticed that earlier. I was planning on allowing the user to enter multiple user IDs, but decided not to and forgot to change it back to a string.

Brian Embree