How to Add, Remove and Modify Recipients in Exchange Server using PowerShell
How to Add, Remove and Modify Recipients in Exchange Server using PowerShell
You’ll probably spend a lot of time in your Exchange Management Shell (EMS) on the recipients, creating mailboxes, modifying users and things like that. If you’re going to look at how you’re going to do this one at a time but also more powerful options for doing this in bulk. Taking things out of the CSV or text file and creating multiple users at one time. A lot of power here. We’ll also look at other interesting things here like creating inbox rules, programmatically through PowerShell, managing mailbox folder permissions and also managing out of office settings for users.
Here are a couple scenarios in where you’ll add, modify and remove recipients so let’s take a look at a few of those. First one is going to be creating mailboxes for users that are already out there in your active directory environment. So we look at get user and we’ll do recipient type details of user.
That’s basically going to show you all the Active Directory users that don’t have mailboxes.
I could do here is kind of figure out all right we’ve got this guy, Simon Lamb, we’ll use him. If we want to give his existing AD account or mailbox enable his existing AD account. We could just simply do an enable mailbox, SLamb.
That would give him a mailbox. Now if we want to create a new AD user and a mailbox‑enabled user, we would use the new mailbox cmdlet.
That requires that you define a password for the user. I’ve shown this example previously but that value needs to be encrypted. So usually what I do for this is I use the ConvertTo-SecureString cmdlet and then I pass this whatever the value is that I want to use for the password.
So in this case, I’m converting this plain text password(-ASPlainText –Force) into a secure string.
So you got to do an as point text. Then you got to do a force and if you echo that variable back, you can see that that’s the .NET framework type for the secure string class. Really what we’re saying here is we just don’t want to send this across the network when we’re creating the user. We want to do it encrypted. From there I can do a new mailbox and we can something like Kevin Jones, alias first initial, last name, user principle name and finally the password.
These are the required parameters with new mailbox. So these are the bare minimum to get user created. However this command has all kinds of different parameters so you can do all kinds of different things when you create the mailbox. For this I’m just going to go ahead and run that. You can see that it goes on and creates the user. So this is very static.
This is sitting in the shell one line at a time. You’re not probably going to add users this way. You might do this in bulk through some kind of provisioning script or you might have an interactive script where someone else is actually running that like maybe a help desk or junior admin. You might want to capture some of that information and prompt them along the way.
What I’m going to do is show an example of that. We’ll call this new mailbox.ps1
The idea would be that an admin might run this. And admin might run this and be kind of prompted for information along the way. Initially we might want to prompt them for a password so we do a read hosts, enter the password and you would do this as a secure string.
So instead of manually creating that password object, you could prompt the user in the ISE if you run this.
You can see that it would actually give you a dialog box but if you run it in the Shell,
From here I’ll run new mailbox.ps1. There you can see that it’s prompting me.
It’s actually masking the password with stars. So that’s kind of nice. It’s also good for an interactive script.
If I go back to my script, that’s going to be the password then I might want the name. So we do another Read-Host “Enter the name”. This will not be a secure string we want that to be in plain text, $UPN= Read-Host “Enter the userprinciplename” Name. $alis = Read-Host “Enter an alias” . This should be good enough.
From there you can go out and run New-Mailbox and you can just pass these variables to the parameter values $Name.
The $ name is going to be captured from my user and user principle name same thing, same thing for the password. That’s $ alias. Now if I say that this is a script an operator could run that. You put out the script there somewhere on their machine where they can get to it. They don’t have to necessarily know all the details about PowerShell. They could run that. It would prompt them along the way to create the mailbox.
Let’s just run through that.
So I’m going to enter password and that’s going to get saved. We’ll do Jeff Jones this time. His UPN will be jjones.uss.local and his alias will be jjones and that creates the mailbox.
So that is one way you can do this and that’s probably just creating the mailbox, probably isn’t the only thing you need to do. You might need to set some attributes.
For example the new mailbox cmdlet doesn’t give you the ability to set the title. So it might be something that you have to do during the provisioning process. So you might want to prompt for that too. The $title, enter the title.
That’s actually another command that you have to run. So you first have to create the mailbox then you would need to do a set user on that name and set the title to $title.
Let’s go ahead and save that. We’ll run it again. Create a password. The name Jason Helmick for this user, jason.uss.local his alias can simply be jasonh and his title would be janitor.
We run that and it creates the mailbox. Now if we run Get-User, it will set the title.
So kind of a two‑step thing here. You can go to add the user after they’ve been created and you’ve set all their attributes. You could add them.
Do a distribution list ‑‑ all kinds of different things, fire off an email. So this is kind of the use case for an interactive script.
Now let’s take a look at removing the user. We’ve looked at creating a mailbox and modifying a user account. Let’s go back and delete the one we just created. So if we do a Remove-Mailbox, this will actually prompt you because you’re doing a destructive operation here.
New-Mailbox creates an AD user and also mailbox enables that user.
The flipside of that is remove mailbox will actually remove the AD user and disconnect the mailbox. If you just want to delete the mailbox, you would do a Disable-Mailbox. So there’s this warning that hey do you really want to that? Because we’re going to delete the active directory user. I’m going ahead and type n for no.
If I really just want to get rid of the mailbox, disable mailbox, leave the AD user intact or if I just want to delete it and I don’t care about being prompted then you could use -Confirm:$false go ahead and completely remove that object and don’t even ask me about it.
You can see that it comes back with no errors and if I run get-mailbox jasonh
See I get an error because we actually deleted it and it no longer exists. Now the only other thing that we’ve looked at in the script is changing the settings on mailbox but of course you would do just a Set-Mailbox for that.
So you could do a Set-Mailbox $name (There are a bunch of different parameters out here. This command has about a hundred.)
There’s all kind of different things that you can change so one of the things I normally do is when I’m dealing with modifying recipients. If you’re not sure which commands are responsible for setting which parameters, go on to the properties object in the console.
For example Allan Miller and maybe I need to change a few things about this user such as we’ll add his middle initial.
We’ll change his job title to Sales Rep.
Next we’ll come over to Mailbox Features and we’ll disable MAPI connections for this user.
It’s kind of hard to see this but there’s a Exchange Management Shell Command button here down at the bottom.
If you look at that and this example we’re running set user, set CAS mailbox and maybe if we do one more thing like do a Send on Behalf for another user,
You can see that those three changes require a call to three separate cmdlets. One for Set-Mailbox.
One for Set-User and one for Set-CASMailbox. So you can use the gooey to cheat and figure out which commands you would need to kind of run in sequence here in your script. So that’s the process of going through adding, removing and modifying your recipients.
You May Also Like
Mark Jacob, Cisco Instructor, presents an introduction to Cisco Modeling Labs 2.0 or CML2.0, an upgrade to Cisco’s VIRL Personal Edition. Mark demonstrates Terminal Emulator access to console, as well as console access from within the CML2.0 product. Hello, I’m Mark Jacob, a Cisco Instructor and Network Instructor at Interface Technical Training. I’ve been using … Continue reading A Simple Introduction to Cisco CML2
This content is from our CompTIA Network + Video Certification Training Course. Start training today! In this video, CompTIA Network + instructor Rick Trader demonstrates how to use cable testers in network environments. Let’s look at some tools that we can use to test our different cables in our environment. Cable Testers Properly Wired Connectivity … Continue reading Cable Testers and How to Use them in Network Environments
In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities. BitLocker 2-day instructor-led training is now available at Interface: BITLOCK: Planning and Deploying BitLocker Drive Encryption Training Video Transcription: Hi. … Continue reading Government Edition – Encrypting a USB Flash Drive in Windows 10