这将删除某个用户的邮箱中的所有FullAccess访问权限。
Remove-MailboxPermission -identity MyMailbox -user SomeUser -AccessRights FullAccess
这将删除SendAs accessrights
Remove-MailboxPermission -identity MyMailbox -user SomeUser -AccessRights SendAs
我是否可以一次性删除所有访问权限,因此我不必明确删除每一种访问权限?
答案 0 :(得分:1)
试试这个:
Remove-MailboxPermission -Identity MyMailbox -User SomeUser -AccessRights FullAccess -InheritanceType All
或(未经测试)
$ar = "FullAccess", "SendAs", "ExternalAccount", "DeleteItem", "ReadPermission", "ChangePermission", "ChangeOwner"
Remove-MailboxPermission -Identity MyMailbox -User SomeUser -AccessRights $ar -InheritanceType All
答案 1 :(得分:0)
Remove-MailboxPermission -Identity hppo.us@something.com-User vcx@something.com-AccessRights FullAccess -Confirm:$ false
Remove-RecipientPermission hr-stuttgart@something.com-AccessRights SendAs -Trustee Paul.Rumiz@something.com-confirm:$ false
答案 2 :(得分:0)
以下是我最终的结果:
(假设使用samaccountname / identity输入$ alias)
Get-MailboxPermission -Identity $alias | ForEach-Object {Remove-MailboxPermission -identity $_.Identity -user $_.User -AccessRights FullAccess -InheritanceType All -confirm: $false}
Get-MailboxPermission -Identity $alias | ForEach-Object {Remove-MailboxPermission -identity $_.Identity -user $_.User -AccessRights ReadPermission -InheritanceType All -confirm: $false}
$Permissions = Get-Mailbox -identity $alias | where {($_.Identity -like "*")} | Get-ADPermission | Where-Object { ($_.ExtendedRights -like "*send-as*") -and $_.User -notlike "*AUTHORITY*" }
if ($Permissions)
{
$Permissions | ForEach-Object{ Remove-ADPermission -identity $_.Identity -user $_.User -ExtendedRights "Send As" -confirm:$false }
}
$mb = Get-mailbox -Identity $alias
$mb.GrantSendOnBehalfTo = "CN=SomeAdminAccount,CN=Users,DC=ourdomain,DC=local"
Set-Mailbox -Identity $alias -GrantSendOnBehalfTo $mb.GrantSendOnBehalfTo
可以做得更优雅一点,但好的工作可以完成。
也可以使用远程PowerShell工作,这种情况通常会因创意“使用管道的解决方案而失败。