PowerShell Script to Convert Shared Mailbox or User Mailbox with Delegates into Distribution Group


Exchange PFE Daya Patil shares with us a recent script she wrote to help convert a shared mailbox with delegates into a distribution group and preserving the


When working on a recent case, One of our customers needed a quick way to convert their existing shared mailboxes with multiple delegates to a Distribution group.

We made a script to get this done quickly and efficiently.

You can use the script below to convert either a user mailbox or a shared mailbox to Distribution Group.

To delete an existing mailbox and replace it with Distribution group the below syntax can be used, where the owner of the new group is specified.

MBX-To-DG -UserMBX <Mailbox Name> -DGOwner <UserAccount>

 

As always, please test and fully validate the script prior to running in a production environment.

Script content to be copied is from the line below.


#DISCLAIMER STARTS#

#This Sample Code is provided for the purpose of illustration only and is not intended to be used in a #production environment. THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" #WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO #THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. We #grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and #distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, #logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to #include a valid copyright notice on Your software product in which the Sample Code is embedded; and #(iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or #lawsuits, including attorneys’ fees, that arise or result from the use or distribution of the Sample Code."

#"This sample script is not supported under any Microsoft standard support program or service. The #sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied #warranties including, without limitation, any implied warranties of merchantability or of fitness for a #particular purpose. The entire risk arising out of the use or performance of the sample scripts and #documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in #the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, #without limitation, damages for loss of business profits, business interruption, loss of business #information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or #documentation, even if Microsoft has been advised of the possibility of such damages"

#DISCLAIMER ENDS#

Function Mbx-To-DG

{

<#

. SYNOPSIS

Convert a mailbox with multiple Delegates into Distribution Group

.DESCRIPTION

This function will Convert a mailbox with multiple Delegates into Distribution Group

.PARAMETER UserMBX

The user mailbox with multiple delegates.

.PARAMETER DGOwner

The Owner for a distribution group.

.PARAMETER DGName

The name for distribution group. If you do not specify the name, it would delete your user/shared mailbox and use the name and SMTP address of that mailbox.

.EXAMPLE

To delete existing mailbox and replace it with Distribution group

MBX-To-DG - UserMBX <Mailbox Name> -DGOwner <UserAccount>

To keep existing mailbox and create new Distribution Group with same members and extended rights

MBX-To-DG - UserMBX <Mailbox Name> -DGOwner <UserAccount> -DGName MYDGGroup

#>

[CmdletBinding()]

Param(

[Parameter(Mandatory=$True,Position=1)]

[string]$UserMBX,

[Parameter(Mandatory=$True)]

[string]$DGOwner,

[string]$DGName

)

$ErrorActionpreference = "SilentlyContinue"

# Getting the mailbox you mentioned

$MBX = Get-Mailbox -Identity $UserMBX -ErrorAction Continue

if (!$MBX) { Write-Error "Mailbox $Mbx not found" -ErrorAction Stop }

# Getting the Delegates for the mailbox

$MBXDelegates = Get-MailboxPermission $MBX.UserPrincipalName | ? {$_.IsInherited -ne $true -and $_.User -ne "NT AUTHORITY\SELF"}

# Getting the users with Send As permission on the mailbox

$MBXSendAS = Get-Mailbox $MBX.UserPrincipalName| Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)}

# To check if you want new DG group name or replace Existing one

If(!$DGName)

{

# Removing the mailbox

Remove-Mailbox $MBX.UserPrincipalName -Confirm:$true

# Create new DG with the same email address and name

$DGroup = New-DistributionGroup -Name $MBX.Name -DisplayName $MBX.DisplayName -ManagedBy $DGOwner -PrimarySmtpAddress $MBX.PrimarySMTPAddress -Alias $MBX.Alias

Set-DistributionGroup $DGroup.Identity -GrantSendOnBehalfTo $MBX.grantsendonbehalfto -MailTip $MBX.MailTip -EmailAddresses $($MBX.EmailAddresses | ? {$_ -notlike "sip:*"})

}

Else

{

$DGEmail = $DGName + "@" + ($MBX.PrimarySMTPAddress).Domain

# Create new DG with name provided

$DGroup = New-DistributionGroup -Name $DGNAme -DisplayName $DGNAme -ManagedBy $DGOwner -PrimarySmtpAddress $DGEmail -Alias $DGNAme

Set-DistributionGroup $DGroup.Identity -GrantSendOnBehalfTo $MBX.grantsendonbehalfto -MailTip $MBX.MailTip -EmailAddresses $($DGEmail | ? {$_ -notlike "sip:*"})

}

# Add member of the DG

foreach ($MBXDelegate in $MBXDelegates)

{

$Member = split-path ([string]($MBXDelegate.user)) -leaf

Write-host “Adding $member as a member to $DGroup”

Add-DistributionGroupMember -Identity $DGroup.Identity -Member $Member -ErrorAction SilentlyContinue

}

# Add Send As permissions

foreach ($MBXSend in $MBXSendAS)

{

$Member = split-path ([string]($MBXSend.user)) -leaf

Write-host “ Adding Extended Rights for $member”

Get-DistributionGroup -Identity $DGroup.Identity | Add-AdPermission –ExtendedRights Send-As –User $Member –AccessRights ExtendedRight }

#Add-RecipientPermission -Identity $DGroup.Identity -Trustee $ MBXSend.Trustee -AccessRights $ MBXSend.AccessRights -Confirm:$false

}

}


Script content ends above this line.

 

 


Published by MSPFE editor Rhoderick Milne.