Dieses kleine Script setzt Berechtigungen für alle Postfächer innerhalb einer Datenbank auf einem Ordner im Postfach. So lässt sich beispielsweise einem Benutzer “Chef”, Leserechte auf alle Ordner „Kalender” für alle Benutzer in einer Postfach Datenbank geben. Die Rechte die sich setzen lassen stehen weiter unten:
# Written by Frank Zoechling
# www.frankysweb.declear-host
write-host „Bitte Postfach Datenbank angeben:“
write-host „“
$database = read-host „Datenbank“
write-host „“
write-host „Bitte Ordner im Postfach angeben (Beispiel: Kalender):“
write-host „“
$MailboxFolder = read-host „Postfach Ordner“
write-host „“
write-host „Bitte Benutzer angeben, der Berechtigung auf den Ordner erhalten soll:“
write-host „“
$accessuser = read-host „Benutzer“
write-host „“
write-host „Bitte Berechtigung für den Benutzer angeben“
write-host „(siehe auch https://www.frankysweb.de/?p=1165)”
write-host „“
$accessright = read-host „Berechtigung“
write-host „“
#——————————-$mailboxes = get-mailbox -database „$database“ -resultsize Unlimited
foreach ($mailbox in $mailboxes)
{
$alias = $mailbox.Alias
$aliasandfolder = $alias + „:\“ + $mailboxfolder
set-mailboxfolderpermission $aliasandfolder -user $accessuser -accessrights $accessright
}
Simply copy the script into a file with the extension .ps1 (example: set-folderrightsondatabase.ps1) and start it via the Exchange Management Shell.
These authorizations can be assigned:
- ReadItems (read items in the folder)
- CreateItems (create items)
- EditOwnedItems (Edit own items)
- DeleteOwnedItems (delete own items)
- EditAllItems (Edit all items)
- DeleteAllItems (delete all items)
- CreateSubFolders (user can create subfolders)
- FolderOwner (user may view and move the folder, but not read items)
- FolderContact (user is the contact for the folder)
- FolderVisible (folder is visible, elements may not be read)
The roles each consist of a set of authorizations and assign several rights to a user:
- Owner (CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
- PublishingEditor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
- Editor (CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems)
- PublishingAuthor (CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems)
- Author (CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems)
- NonEditingAuthor (CreateItems, ReadItems, FolderVisible)
- Reviewer (ReadItems, FolderVisible)
- Contributor (CreateItems, FolderVisible)