For one of my clients, we had to migrate a Microsoft Exchange 2010 server to Microsoft Exchange 365 in one night. Lots of shared mailboxes had to be migrated by hand and it’s authorized users required to be added one by one through the interface as there was no feature provided by Microsoft to just add all members of a group. We were in need of a PowerShell script!
Having only one night to make it work and nothing to be found on the web to help, I managed to babble this little Power Shell script that logs into the Online Exchange Power Shell console and adds all users of Office 365 groups as full access users on a defined shared mailbox or any mailbox.
Connecting to Microsoft Exchange Online PowerShell
First thing to do is to connect to your Online Exchange PowerShell. Here’s how to proceed. You can read on my simpler version or go through the full Microsoft documentation on how to connect to the Online Microsoft Exchange PowerShell.
Run PowerShell as Administrator
With everything Microsoft, the easiest way of getting something working the first time is to run the program or commands as an Administrator to avoid lacking of sufficient permissions.
To run Power Shell as administrator in Windows 10, simply search for “Power Shell” in the search bar located down left beside the Windows menu icon. Then, right click on the Power Shell program that pops up, or the Power Shell ISE one which I prefer, and select Run as Administrator in the resulting dropdown.
Voilà, you are now running every commands or script as admin in this instance of Power Shell!
Enable Remote Certificate support
In order for our PowerShell environment to accept the remote certificate of our online Microsoft Exchange server, we need to configure our environment to do so. This is a one time thing, and is only needed to be activated once per computer.
Simply type on the PowerShell command line:
1
Set-ExecutionPolicy RemoteSigned
Supply Your Credentials
Next up, we need to tell our Power Shell environment which credentials to use to connect to our remote server.
There’s many ways of doing so but the simplest is to type-in this:
1
$UserCredential = Get-Credential
A windows dialog will popup asking you for your credentials, which are the same as the ones you use to login into your Office 365 console online. Put in your username and password and submit them. They are now stored into the $UserCredential variable we will use next.
Open a New Session on Your Online Exchange Server
Now, we have everything to open a new session to our Online Microsoft Exchange 365 Console. We’ll store it into a $Session variable so that we can work with it afterwards.
Simply copy-paste this into the prompt and hit Enter:
1
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Now, our session is stored into this new variable!
Import the Remote Session
Now to make everything work locally, we need to import the session to our PowerShell environment.
1
Import-PSSession $Session
This might take a few seconds to download and work its magic. Once done, congrats you’re connected to your remote Exchange 365 console!
Testing Your Online Microsoft Exchange PowerShell Connection
Now I know, it seems you’re not online like an SSH connection would tell you by changing the prompt and all. The way to test it’s actually working is to call any cmdlet into the prompt to test it out.
Here’s a simple cmdlet that will list all mailboxes configured in your Microsoft Exchange 365 Server:
1
Get-Mailbox
The PowerShell Script
Once we’re connected to our remote server, the basic idea is to list every member for a given Unified 365 Group, loop through them and give them FullAccess access rights to the chosen mailbox in the process.
Start by creating a new PS1 file in your prefered text editor (I use Notepad++) and name the file something that speaks to you like addgrouptomailbox.ps1 and read on.
Asking for parameters
1
2
$groupname = Read-Host -Prompt 'Group to add?'
$mailboxname = Read-Host -Prompt 'Mailbox to target?'
Retreiving the Unified Group members
1
$members = Get-UnifiedGroupLinks -Identity $groupname -LinkType Members
Adding Mailbox Permissions
1
2
3
4
foreach ($member in $members){
Add-MailboxPermission -Identity $mailboxname -User $member.Name -
AccessRights FullAccess -InheritanceType All
}
Getting it all together
That’s it! Now just to make your life simpler by giving to you to copy paste all at once, here it is:
1
2
3
4
5
6
7
8
$groupname = Read-Host -Prompt 'Group to add?'
$mailboxname = Read-Host -Prompt 'Mailbox to target?'
$members = Get-UnifiedGroupLinks -Identity $groupname -LinkType Members
foreach ($member in $members){
Add-MailboxPermission -Identity $mailboxname -User $member.Name -
AccessRights FullAccess -InheritanceType All
}
To run it, simply move to the destination folder you saved the file and run it as many times as needed!
Once done, you will want to log out to make sure you don’t use up all allowed sessions and lock yourself out!
1
Remove-PSSession $Session
Final Toughts
Simple things are often the best ones. This script might not be perfect but might save you some time like it did for me! Feel free to upgrade it to whatever your needs are as every applications are different.
All in all, the old adage that says that a Microsoft Exchange server without the use of PowerShell is useless still applies even now with the newer Exchange 365 service provided by the Microsoft Office 365 Suite.