Clean old delegates from Exchange 2010 mailbox: scripted

We have had some recent problems were all kinds of symptoms appeared for mailboxes which had deleted users on them as delegate so I made a little script to fix the issue. The script will list all delegates on a mailbox in a certain OU. Delegates which have SID instead of a username are probably users which are already deleted in AD or users from OLD no-longer existing or reachable domains. The permission for the no longer existing users will be deleted from the mailbox. The script will log the current mailboxpermissions on your C: drive.

Replace the “ThisIstheOUToWhichYouWantToLimitTheDeletions” with the short OU name (no ldap path needed), so e.g. “Financial Department”

$AllUsers = get-mailbox * -ResultSize Unlimited -OrganizationalUnit “ThisIstheOUToWhichYouWantToLimitTheDeletions”
ForEach ($User in $AllUsers) {
$user.displayname | out-file C:\Mailboxpermissions.txt -append
get-mailboxfolderpermission $user | Select User, FolderName, AccessRight | out-file C:\Mailboxpermissions.txt -append
$userperm=get-mailboxfolderpermission $user | Select User

ForEach($perm in $userperm) {
if($perm -match “S-1-5-21″){
$sid=$perm.user
Remove-MailboxFolderPermission -identity $user -user $sid -Confirm:$false
}
}
}

Advertisement

This entry was posted on Saturday, May 28th, 2011 at 10:31 and is filed under Exchange 2010, Powershell, Scripting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.