TechQA.

Add-RecipientPermission gives back ok result but SendAs rights are not set when queried by Get-RecipientPermission

97 views Asked by At

I am trying to set the Send-As rights on a synced user in a Hybrid Exchange environment. I stored all the onPrem SendAs rights data in a SQL database, and i am looping that database to set the Send-As in the cloud using Add-RecipientPermission, as Microsoft does not sync that.

Part off my code is as follow:

foreach ($userToProcess in $dtUsersToProcess) {

        $userId = $userToProcess["UserId"]
        $delegateTo = $userToProcess["DelegateTo"]
        $primarySmtpAddress = $userToProcess["PrimarySmtpAddress"]
        $delegateToSmtpAddress = $userToProcess["DelegateToSmtpAddress"]

        # Process each record
        $logger.Debug("Processing user: $userId ($primarySmtpAddress) to give delegation to $delegateTo ($delegateToSmtpAddress).")

        try {
          $result = $NULL
          $result = Add-RecipientPermission -Identity $primarySmtpAddress -Trustee $delegateToSmtpAddress -AccessRights sendas -Confirm:$false -ErrorAction Stop
          $message = "On user $($result.Identity) the trustee $($result.Trustee) has AccessContyrolType $($result.AccessControlType) and IsValid $($result.IsValid) with AccessRights $($result.AccessRights)."
          $userToProcess.RightSet = 1
          $userToProcess.FeedBack = $message
          $logger.Info($Message)
        }
        catch [System.Management.Automation.WarningRecord] {
          $message = "Warning for $userId and $delegateTo : $($_.Exception.Message)."
          $userToProcess.RightSet = 1
          $userToProcess.FeedBack = $message
          $logger.Warning($message)
        }
        catch {
          $message = "Add-RecipientPermission for $primarySmtpAddress to $delegateToSmtpAddress was not ok: $($_.Exception.Message)."
          $userToProcess.RightSet = 0
          $userToProcess.FeedBack = $message
          $logger.Error($message)
        }
        $rowCount++

Now I notice in my log files following

Set-SendAsRights;Processing user: u3 to give delegation to user1. Set-SendAsRights;On user u3 the trustee user1 has AccessContyrolType Allow and IsValid True with AccessRights SendAs. Set-SendAsRights;Processing user: u3 to give delegation to user2. Set-SendAsRights;On user u3 the trustee user2 has AccessContyrolType Allow and IsValid True with AccessRights SendAs. Set-SendAsRights;Processing user: u3 to give delegation to user3. Set-SendAsRights;On user u3 the trustee user3 has AccessContyrolType Allow and IsValid True with AccessRights SendAs. Set-SendAsRights;Processing user: u3 to give delegation to user4. Set-SendAsRights;On user u3 the trustee user4 has AccessContyrolType Allow and IsValid True with AccessRights SendAs. Set-SendAsRights;Processing user: u3 to give delegation to user5. Set-SendAsRights;On user u3 the trustee user5 has AccessContyrolType Allow and IsValid True with AccessRights SendAs. Set-SendAsRights;Processing user: u3 to give delegation to user6. Set-SendAsRights;On user u3 the trustee 12434309-1b53-4536-b6d2-2a94c284eaa4 has AccessContyrolType Allow and IsValid True with AccessRights SendAs.

But when I execute Get-RecipientPermission I see that not all rights have been set, although Add-RecipientPermission told me it did.

PS C:\Users\myUser> Get-RecipientPermission -Identity u****3

Identity Trustee                      AccessControlType AccessRights Inherited
-------- -------                      ----------------- ------------ ---------
u****3 NT AUTHORITY\SELF    Allow             {SendAs}     False
u****3 [email protected]     Allow             {SendAs}     False
u****3 [email protected]     Allow             {SendAs}     False

So the big question is why the Add-RecipientPermission returned a valid result ?

I executed the commands from the script manually, and there it was not a problem

$result = Add-RecipientPermission -Identity u****3 -Trustee user1 -AccessRights sendas -Confirm:$false -ErrorAction Stop
$result = Add-RecipientPermission -Identity u****3 -Trustee user2 -AccessRights sendas -Confirm:$false -ErrorAction Stop
$result = Add-RecipientPermission -Identity u****3 -Trustee user3 -AccessRights sendas -Confirm:$false -ErrorAction Stop
$result = Add-RecipientPermission -Identity u****3 -Trustee user4 -AccessRights sendas -Confirm:$false -ErrorAction Stop
$result = Add-RecipientPermission -Identity u****3 -Trustee user5 -AccessRights sendas -Confirm:$false -ErrorAction Stop
$result = Add-RecipientPermission -Identity u****3 -Trustee user6 -AccessRights sendas -Confirm:$false -ErrorAction Stop

A Get-RecipientPermission returned all results as expected.

powershell office365 exchange-server hybrid rights-management
Original Q&A
0

There are 0 answers

Related Questions in POWERSHELL

Related Questions in OFFICE365

Related Questions in EXCHANGE-SERVER

Related Questions in HYBRID

Related Questions in RIGHTS-MANAGEMENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions