Running Powershell comand against all user mailboxes

Hi

I am doing a migration for DomainA to DomainB. Currently All user mail mailbox are in DomainA on a Exchange 2010 Server.

We are mirgrating all the users to DomainB.

Is there a way to run the following comands against all users mailboxes in DomainA based on the user name of each user?

The comands are

Add-MailboxPermission “User Name1” -User “DomainB.com\UName1” -AccessRights FullAccess
Add-ADPermission “User Name1” -User “DomainB.com\UName1” -Extendedrights “Send As”

Thanks

Jules

Sure - you’d need to get all the mailboxes, then numerate them (ForEach), and then run the command against each, in turn.

Thank you for that

Do you have an example?

Thanks

Jules

I have tried this but get an error file not found

$SearchBase=“OU=UK,OU=Company,DC=Domain,DC=local” #Definition of OU containing groups I want to change
$searchScope=1 #Depends how deep you want to search : 0 – means Base,1 – means one level, 2 – means subtree
$CurrentDate = Get-Date
$CurrentDate = $CurrentDate.ToString(‘dd-MMM-yyyy_HH-mm-ss’)
$Dir=“C:\scripts”
$FileName=“Exchange”
$FileName="$Dir$FileName-$CurrentDate.txt"

Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName | ft -HideTableHeaders > $FileName

foreach ($i in $FileName){
Add-MailboxPermission $i -User “NewDomain.com$1” -AccessRights FullAccess
Add-ADPermission $i -User “NewDomain.com$1” -Extendedrights “Send As”

The problem is that you’re formatting the results, using FT. That renders something for the screen, not something you can then use elsewhere.

$FileName = Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName

Would put a list of objects into $FileName, which each contained a samAccountName property.

In this:

foreach ($i in $FileName){

You would want to reference $i.sameAccountName, not just $i.

I also notice in your loop that:

Add-MailboxPermission $i -User "NewDomain.com\$1" -AccessRights FullAccess
Add-ADPermission $i -User "NewDomain.com\$1" -Extendedrights "Send As"

You didn’t close the } for the loop. Also, you’re referencing $1, not $i. You’d probably want $($i.samAccountName) if the goal is to insert the samAccountName. Otherwise, I’m not entirely sure what $1 is meant to refer to, as I don’t see the variable defined elsewhere in your code.

It looks like you’ve got some experience with batch files, and you’re running into some extremely common “gotchas” in PowerShell. Consider reviewing our “Gotchas” list (on the Resources menu), and consider working through “Learn PowerShell in a Month of Lunches.” There’s a certain amount of background information that would make this go a lot quicker for you.

Thank you for your advise, I will look at that.

I have made some changes

$SearchBase="OU=UK,OU=OwenMumford,DC=woodstock,DC=local" #Definition of OU containing groups I want to change $searchScope=1 #Depends how deep you want to search : 0 – means Base,1 – means one level, 2 – means subtree $CurrentDate = Get-Date $CurrentDate = $CurrentDate.ToString('dd-MMM-yyyy_HH-mm-ss') $Dir="C:\scripts\" $FileName="Exchange" $FileName="$Dir$FileName-$CurrentDate.txt"

$FileName = Get-ADUser -SearchBase $searchbase –searchscope $searchscope -Filter * | Select SamAccountName

foreach ($i in $FileName){
Add-MailboxPermission $i -User “OwenMumford.com$($i.samAccountName)” -AccessRights FullAccess
Add-ADPermission $i -User “OwenMumford.com$($i.samAccountName)” -Extendedrights “Send As”

}

and I get the error:

Cannot bind argument to parameter ‘Identity’ because it is null.
+ CategoryInfo : InvalidData: (:slight_smile: [Add-MailboxPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-MailboxPermission

Cannot bind argument to parameter ‘Identity’ because it is null.
+ CategoryInfo : InvalidData: (:slight_smile: [Add-ADPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-ADPermission

THanks

Jules

So, again: $i contains a user object. You need to reference $i.samAccountName. You should also explicitly use parameter names on Add-MailboxPermission and Add-ADPermission. Right now, you’re passing $i, not $i.samAccountName, and you’re passing it positionally, which is forcing the cmdlet to try and figure out what you mean. And it’s guessing wrong, which is why it isn’t working.