Created
May 13, 2020 17:14
-
-
Save azure365pro/bac63fb291c1beedf5fd5995ceee9c6c to your computer and use it in GitHub Desktop.
Creating Custom RBAC Role to Enable Inbox Rules in OWA (Hosted Environment)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -version 2 | |
| <# | |
| .SYNOPSIS | |
| CreateCustomRoleGroup.ps1 - Creates Customized Role where members can access Rules Via OWA | |
| .DESCRIPTION | |
| Creates Management Role,Gets the Created Role into the Role Group | |
| .OUTPUTS | |
| Results are output to the PowerShell window. | |
| .PARAMETER server | |
| Perform a check of a single server | |
| .EXAMPLE | |
| .\CreateCustomRoleGroupforOwaRules.ps1 | |
| Enter Organization Name:Mycompany | |
| Enter ManagementRole Name:Owa Management Role | |
| Enter Role Group Name:Owa Role Group | |
| Enter the Email Address of the User who is going to Manage:[email protected] | |
| .NOTES | |
| Written By: Satheshwaran Manoharan | |
| Change Log | |
| V1.0, 14/09/2012 - Initial version | |
| #> | |
| #Add Exchange 2010 snapin if not already loaded | |
| if (!(Get-PSSnapin | where {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) | |
| { | |
| Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue | |
| } | |
| $ORGNAME = Read-Host "Enter Organization Name" | |
| $ManagementRole = Read-Host "Enter ManagementRole Name" | |
| $RoleGroup = Read-Host "Enter Role Group Name" | |
| $Managed = Read-Host "Enter the Email Address of the User who is going to Manage" | |
| # Script will be Creating a Role Group which will give users access to OWA rules | |
| # Creating Role Group | |
| New-ManagementRole -Parent "Mail Recipients" -Name "$ManagementRole" -Organization "$ORGNAME" | |
| # removing Unwanted Role Entries Which is not Equals Get-* | |
| Get-ManagementRoleEntry "$ORGNAME\$ManagementRole\*" | Where-Object {$_.Name -Notlike "Get-*”} | Remove-ManagementRoleEntry –Confirm:$false | |
| # adding Roles Entries which are Required | |
| # Set-InboxRule, Remove-InboxRule, New-InboxRule,Enable-InboxRule,Disable-InboxRule as to be there | |
| Add-ManagementRoleEntry "$ORGNAME\$ManagementRole\Set-inboxrule" | |
| Add-ManagementRoleEntry "$ORGNAME\$ManagementRole\Remove-InboxRule" | |
| Add-ManagementRoleEntry "$ORGNAME\$ManagementRole\New-InboxRule" | |
| Add-ManagementRoleEntry "$ORGNAME\$ManagementRole\Enable-InboxRule" | |
| Add-ManagementRoleEntry "$ORGNAME\$ManagementRole\Disable-InboxRule" | |
| # removing the Get-* Entries - Where it’s not required | |
| Get-ManagementRoleEntry "$ORGNAME\$ManagementRole\*" | Where-Object {$_.Name -like "Get-*”} | Remove-ManagementRoleEntry -Confirm:$false | |
| # confirming the Role Entries which has only | |
| # Set-InboxRule, Remove-InboxRule, New-InboxRule,Enable-InboxRule,Disable-InboxRule | |
| Get-ManagementRoleEntry "$ORGNAME\$ManagementRole\*" | |
| # Created a Role Group | |
| New-RoleGroup -Name "$Managed" –Roles “$ManagementRole" -Organization "$ORGNAME" -Managedby "$Managed" | |
| # Add User which is required To Get Access to OWA Rules to the Role Group which is Created | |
| # Add-RoleGroupmember Command or Use ECP or Use ADUC |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment