PowerShell Script $exception not working

Simon_Eastwood · November 14, 2023, 9:13pm

I have a script as follows but I need to run it against domain A and then against domain B and not a UserPrincipal name it works with $Exception = @(“simon.e@A-DOMAIN.org.uk”, “adam.c@B-DOMAIN.org.uk”) The script runs against domain A and B simultaneously with no issues.

But not using $Exception = @(“@A-DOMAIN.org.uk”) or $Exception = @(“@B-DOMAIN.org.uk”) how do I correct this the full script is below as I am new to this can anyone point out my mistakes

<#
    .SYNOPSIS
    PrepareAndSetDefaultCalendarPermissionsForAllUsers.ps1

    .DESCRIPTION
    Set default calendar permissions for all user mailboxes including exception for users.

    The script works for:
    -Exchange On-Premises (Run Exchange Management Shell)
    -Exchange Online (Connect to Exchange Online PowerShell)

    .LINK
    # Script Exclusions

    .NOTES
    # Exclude users that you don’t want the script to run against. Add them in line 36, 37, 38. If you don’t need this feature, comment out lines 36, 37, 38, 53, 54, 55, 56 and 80.
    # Calendars are not always set in the English language. For example, in The Netherlands, it’s named Agenda. The script will check for the calendar names defined in line 44.
    # Change permission that you want to set for all the users in line 39.
    # Note: The -WhatIf parameter is added in the script on line 66. If you run the script, nothing will happen in the environment. Instead, you get an output showing what will happen.
   
    .CHANGELOG
    # Line 36, 37, 38 Option enabled
    # -WhatIf parameter Active
#>

# Start transcript
Start-Transcript -Path "C:\temp\Set-DefCalPermissions01.log" -Append

# Set scope to entire forest. Cmdlet only available for Exchange on-premises.
#Set-ADServerSettings -ViewEntireForest $true

# Get all user mailboxes
$Users = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox

# Users exception (add the UserPrincipalName)
# $Exception = @("*@A-DOMAIN.org.uk")
# $Exception = @("*@B-DOMAIN.org.uk")
# $Exception = @("simon.e@A-DOMAIN.org.uk", "adam.c@B-DOMAIN.org.uk")

# Permissions
$Permission = "LimitedDetails"

# Calendar name languages
$FolderCalendars = @("Agenda", "Calendar", "Calendrier", "Kalender", "日历")

# Loop through each user
foreach ($User in $Users) {

    # Get calendar in every user mailbox
    $Calendars = (Get-MailboxFolderStatistics $User.UserPrincipalName -FolderScope Calendar)

    # Leave permissions if user is exception
    # if ($Exception -Contains ($User.UserPrincipalName)) {
       # Write-Host "$User is an exception, don't touch permissions" -ForegroundColor Red
    # }
    # else {

        # Loop through each user calendar
        foreach ($Calendar in $Calendars) {
            $CalendarName = $Calendar.Name

            # Check if calendar exist
            if ($FolderCalendars -Contains $CalendarName) {
                $Cal = "$($User.UserPrincipalName):\$CalendarName"
                $CurrentMailFolderPermission = Get-MailboxFolderPermission -Identity $Cal -User Default
                
                # Set calendar permission / Remove -WhatIf parameter after testing
                Set-MailboxFolderPermission -Identity $Cal -User Default -AccessRights $Permission -WarningAction:SilentlyContinue -WhatIf
                
                # Write output
                if ($CurrentMailFolderPermission.AccessRights -eq "$Permission") {
                    Write-Host $User.DisplayName already has the permission $CurrentMailFolderPermission.AccessRights -ForegroundColor Yellow
                }
                else {
                    Write-Host $User.DisplayName added permissions $Permission -ForegroundColor Green
                }
            }
        }
    }
# }

Stop-Transcript

matt-bloomfield · November 14, 2023, 9:48pm

Hi, welcome to the forum

From what you describe, this command:

$Users = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox

Gets all users, with both domains. Essentially, you want to filter $Users so that it contains only users in one domain or the other. Best practice is to filter in the query if possible, but I don’t think you can filter on domain with Get-Mailbox (happy to be corrected), so you’ll have to used Where-Object.

As you’re filtering on only one thing, you don’t need an array @().

# Pretend results from Get-Mailbox

$Users = @(
    'buffy@A-DOMAIN.org.uk'
    'willow@A-DOMAIN.org.uk'
    'xander@A-DOMAIN.org.uk'
    'giles@B-DOMAIN.org.uk'
    'spike@B-DOMAIN.org.uk'
    'dru@B-DOMAIN.org.uk'
    'tara@B-DOMAIN.org.uk'
)

# Output users in domain B only
$Exception = '@A-DOMAIN.org.uk'
$Users = $Users | Where-Object { $_ -notmatch $Exception }
$Users

Depending on how many users you have, it may be inefficient to get all users twice and then filter so you may want to assign the filtered results to a different variable so that you can work with $Users more than once.

# Pretend results from Get-Mailbox

$Users = @(
    'buffy@A-DOMAIN.org.uk'
    'willow@A-DOMAIN.org.uk'
    'xander@A-DOMAIN.org.uk'
    'giles@B-DOMAIN.org.uk'
    'spike@B-DOMAIN.org.uk'
    'dru@B-DOMAIN.org.uk'
    'tara@B-DOMAIN.org.uk'
)

# Output users in domain B only
Write-Host 'Domain B users:'
$Exception = '@A-DOMAIN.org.uk'
$UserList = $Users | Where-Object { $_ -notmatch $Exception }
$UserList

# Output users in domain A only
Write-Host 'Domain A users:'
$Exception = '@B-DOMAIN.org.uk'
$UserList = $Users | Where-Object { $_ -notmatch $Exception }
$UserList

Olaf · November 14, 2023, 9:54pm

Since Get-Mailbox has a parameter -DomainController you could use this to target a particular domain.

Another way of filtering - if you have a lot of domains to filter - could be to remove the local part from the domain part of the email address with a calculated property and then use -in or -contains or -notin or -noitcontains against the complete list of exception domains.

Something like this …

$Users = 
ConvertFrom-Csv -InputObject @'
"email"
"buffy@A-DOMAIN.org.uk"
"willow@A-DOMAIN.org.uk"
"xander@A-DOMAIN.org.uk"
"giles@B-DOMAIN.org.uk"
"spike@B-DOMAIN.org.uk"
"dru@B-DOMAIN.org.uk"
"tara@B-DOMAIN.org.uk"
"willow@C-DOMAIN.org.uk"
"xander@C-DOMAIN.org.uk"
"giles@C-DOMAIN.org.uk"
"spike@C-DOMAIN.org.uk"
'@

# Output users not in domain A or B
$ExceptionList = @(
    '@A-DOMAIN.org.uk'
    '@C-DOMAIN.org.uk'
)

$Users | 
Select-Object -Property *,
@{
    Name       = 'Domain';
    Expression = {
        ($_.email -split '(@)')[1..2] -join ''
    }
} |
Where-Object -Property Domain -NotIn -Value $ExceptionList