If you’ve followed the instructions for creating shared mailboxes using PowerShell you know its a little clugey. However, since the parameters for setting one up is fairly consistent except for the name and who has access to it, I’ve created the following script that can be used to create them.
You must have the following components installed in order to run it.
· PowerShell
· Exchange 2007 Management Console and Shell
· Quest ActiveRoles snap-in for Powershell (free download here)
· PowerShell must be run in the context of a user account that has rights to create new objects in AD
· You must set your PowerShell execution policy to Unrestricted (open PowerShell, type Set-ExecutionPolicy Unrestricted)
When you run the script from within PowerShell, it will perform the following:
1. Check to make sure the Exchange & Quest Snap-ins are present and if not, add them
2. Query the user for information about the new shared mailbox (name of the mailbox, etc).
3. Based on the information provided, it will create the new mailbox in one of two OUs (Site1 or Site2)
4. It will then create a new security group in AD with a MBX_ prefix and grant members of this group Full Access and Send-As rights to the new mailbox
5. Log all of this in a log file found in the same folder as the script for troubleshooting purposes.
Once the script completes and creates the mailbox and security group, all you have to do to complete the process is use AD Users & Computers to add user accounts to the new security group to grant them access.
# ===================================================
#
# This PowerShell script does the following:
# 1. Queries the user for information about a new shared mailbox
# 2. Creates a new shared mailbox based on that information
# 3. Creates an AD security group based on that information
# 4. Grants the new security group full access and send-as rights on the new shared mailbox.
#
# Written by: David Smith
# Last modified: 05/03/2010
# Notes:
#
# ===================================================
### Define functions
function
writetolog([string]$stringtowrite="*"){
$datetime = (Get-Date).datetime Write-Host $stringtowrite Add-Content $logfile "$datetime : $stringtowrite"}
### Setup the log file
[
string]$logfilename = 'create-sharedmailbox.log'if
(Test-Path $logfilename) {Write-Host "Log file exists.";$logfile = $logfilename} Else {Write-Host "Creating log file $logfilename";$logfile = New-Item $logfilename -Type file}writetolog
"===== Beginning new-sharedmailbox.ps1 ====="
### Add the Exchange 2007 Snap-ins if they aren't already and prepare credentials
writetolog
"Checking Exchange 2007 Snapins"if
((Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin -ErrorAction SilentlyContinue) -and (Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Support -ErrorAction SilentlyContinue)){writetolog
"Added Exchange 2007 Snapins"}Else
{writetolog
"Exchange 2007 Snapins present."}### Add the Quest Active-Roles Snap-ins if they aren't already and prepare credentials
writetolog
"Checking Exchange 2007 Snapins"if
(Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue){writetolog
"Added Quest Snapins"}Else
{writetolog
"QuestSnapins present."}### Set the variables
[
string]$HelpDeskTicket = Read-Host -prompt "Enter HelpDesk #"[
string]$notesstring = "Created per HelpDesk Ticket #" + $HelpDeskTicket[
string]$sharedmbxname = Read-Host -Prompt "Enter New Shared Mailbox Name"[
string]$upn = $sharedmbxname.Replace(" ","") + '@contoso.com'[
string]$secgrpname = 'MBX_' + $sharedmbxname.Replace(" ","")[
string]$secgrpupn = $secgrpname + '@contoso.com'$title
= "Mailbox Server to host new mailbox:"$message
= "Should this new mailbox be placed in Site1 or Site2?"$Site1
= New-Object System.Management.Automation.Host.ChoiceDescription "&Site1", ` "The new mailbox will be created in Site1."$Site2
= New-Object System.Management.Automation.Host.ChoiceDescription "&Site2", ` "The new mailbox will be created in Site2."$options
= [System.Management.Automation.Host.ChoiceDescription[]]($Site1, $Site2)$result
= $host.ui.PromptForChoice($title, $message, $options, 0)switch
($result) {0 {[
string]$mbxOU = 'contoso.com/SITES/Site1/Site1-Exchange Objects/Site1-Resource Accounts'[
string]$secgroupOU = 'contoso.com/SITES/Site1/Site1-Groups/Site1-Security Groups'[
string]$mbxdatabase = 'site1exchange\site1exchange-sg1\site1exchange-db1'}1 {[
string]$mbxOU = 'contoso.com/SITES/Site2/Site2-Exchange Objects/Site2-Resource Accounts'[
string]$secgroupOU = 'contoso.com/SITES/Site2/Site2-Groups/Site2-Security Groups'[
string]$mbxdatabase = 'site2exchange\site2exchange-sg1\site2exchange-db1'} }writetolog
"HelpDesk Ticket: $HelpDeskTicket"writetolog
"Shared Mailbox Name: $sharedmbxname"writetolog
"Security Group Name: $secgrpname"writetolog
"Mailbox OU: $mbxOU"writetolog
"Security Group OU: $secgroupou"writetolog
"Mailbox Database: $mbxdatabase"$newSharedMailbox
= New-Mailbox -Alias $sharedmbxname.Replace(" ","") -Name $sharedmbxname -Database $mbxdatabase -OrganizationalUnit $mbxOU -Shared -UserPrincipalName $upnSet-Mailbox
$newSharedMailbox -ManagedFolderMailboxPolicy 'Mailbox Policy Name' -Confirm:$falseSet-User
$newSharedMailbox -Notes $notesstring$newSecurityGroup
= New-QADGroup -ParentContainer $secgroupOU -Name $secgrpname -SamAccountName $secgrpnameGet-Mailbox
$newSharedMailbox | Add-MailboxPermission -User $secgrpname -AccessRights 'FullAccess'Get-Mailbox
$newSharedMailbox | Add-ADPermission -User $secgrpname -ExtendedRights Send-AsWrite-Host
'Use AD Users & Computers to add the users with access to this shared mailbox to the $secgrpname security group'
Comments