Using PowerShell with Exchange Online

Kind of a weird way to (re)start my blog, but here we go.

I've started doing some IT stuff at work. The learning curve is fairly steep, as I don't know what the hell I'm doing. However, there are some successes; and I'm taking a moment to brag a little because I'm proud of my accomplishments. (I'm sure I'll have, like, 200 failures later on, so things will kind of balance out in the end.)

I've been doing some work with Exchange Online and PowerShell. Specifically, I've been adjusting permissions for the shared folders in Exchange, as well as migrating mailboxes from former employees to current employees. As it turns out, neither of these two things can be done through the Exchange Admin Console (EAC). So on we go to PowerShell.

Access Exchange Online with PowerShell

To get access to Exchange with PowerShell, you first have to provide the proper credentials. Start by opening PowerShell as an administrator. Then configure PowerShell to run signed scripts with the following code (you only need to do this once on your computer, not every time you connect):

Set-ExecutionPolicy RemoteSigned

Now use the following code to set your credentials:

$UserCredential=Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

You need to run the following code at the end of your session to disconnect PowerShell:

Remove-PSSession $Session

Make sure you have administrative permissions on your Exchange credentials! One of the problems I had when I was first connecting was that Exchange told me I didn't have the right permissions. When you're connecting to Exchange Online, it's just like logging in through the Microsoft web portal: it doesn't know what your local credentials are. Be sure to use your full e-mail address as your login so Exchange can recognize you correctly.

You can read about this process at this TechNet article: https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Setting Shared Folder Permissions

Now that we're in, we can start setting the shared folder permissions.

Normally the folder permissions propagate -- e.g. permissions on a child folder inherit from the parent folder. This wasn't happening with our shared folder structure, and permissions were a mess as a result. It turns out that this inheritance holds true for any new folders created, but folders already in existence have to have their permissions set manually. This wasn't too much of a problem for us, with our dozen-or-so folders; but who wants to manually change 100 folders? No one.

You can start by using the Get-PublicFolder cmdlet to get the names of a set of public folders:

Get-PublicFolder -Identity "{path of folder root}" -Recurse

The path of the root folder should include the opening backslash; setting the root path as just a backslash will list everything.

Want just a particular folder? Remove the -Recurse parameter. Want just the children of a folder? Add the -GetChildren parameter.

You can read more about this cmdlet in this TechNet article: https://technet.microsoft.com/en-us/library/aa997615(v=exchg.160).aspx

You can use the cmdlet Get-PublicFolderClientPermission to get the permissions on a shared folder:

Get-PublicFolderClientPermission -Identity "{path to folder}"

Want to find the permissions for a specific user? Add the -User {username} parameter.

You can read more about this cmdlet at this TechNet Article: https://technet.microsoft.com/en-us/library/bb124365(v=exchg.160).aspx

With no recurse parameter, it's going to take a long time to check those permissions. Good thing PowerShell lets you pipe the output from one cmdlet into another. This code will give you the full permissions on all your shared folders:

Get-PublicFolder -Identity "\" -Recurse | Get-PublicFolderClientPermission

Finally, after all this information, we can use the Add-PublicFolderClientPermission cmdlet to set or change the permissions on the public folders:

Add-PublicFolderClientPermission -Identity "{path to folder}" -User {username} -AccessRights {access rights}

You can read about this cmdlet and the different access rights at this TechNet article: https://technet.microsoft.com/en-us/library/bb124743(v=exchg.160).aspx

Again, if you want to set the same permissions on a number of folders, you can pipe the cmdlets together:

get-PublicFolder -Identity "\" -Recurse | Add-PublicFolderClientPermission -User {username} -AccessRights {access rights}

Move Exchange Mailbox from One User to Another

There are lots of ways to do this. Microsoft recommends you export the .pst and import it into the new person's mailbox. This also lets you back up the .pst, which is a great idea. You can close down the old mailbox and add it to the new person through the EAC using permissions. I had the luxury of walking over to my coworker's desk and making changes, but what if you want to set things up as another folder and you want to do it over the network? You can use the Search-Mailbox cmdlet:

Search-Mailbox –Identity "{old mailbox ID}" -TargetMailbox "{new mailbox ID}" -TargetFolder "{folder name}" -LogLevel Full

You can read more about this cmdlet here: https://technet.microsoft.com/en-us/library/dd298173(v=exchg.160).aspx

More PowerShell lessons in the days ahead, I'm sure.

Add a comment

HTML code is displayed as text and web addresses are automatically converted.

Add ping

Trackback URL : http://www.staffen.ca/blog/index.php?trackback/3

Page top