Powershell 将 O365 用户添加到具有“发送为”权限的邮箱并将其添加到具有完全访问权限的安全组

tag-icon tag-icon email microsoft-outlook permissions powershell
Powershell 将 O365 用户添加到具有“发送为”权限的邮箱并将其添加到具有完全访问权限的安全组

尝试想出一种方法来将具有发送权限的用户添加到邮箱,并将具有完全控制权限的用户添加到安全组。目前,我正在使用以下命令执行此操作...

$User = "UserEmail"
$Mailbox = "MailboxEmail"
$MailboxAccess = "SecurityGroup"
Add-RecipientPermission -Identity $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$false
Add-DistributionGroupMember -Identity $MailboxAccess -Member $User -Confirm:$false -BypassSecurityGroupManagerCheck

但要知道这不是最快的方法,因为我必须手动从 O365 管理门户查找邮箱电子邮件。尝试了类似下面的方法...

$User = "UserEmail"
$Mailbox = Get-Mailbox -RecipientTypeDetails SharedMailbox -Anr *MailboxName* | Select-Object PrimarySmtpAddress
$MailboxAccess = Get-Group -Anr *SecurityGroupName* | Select-Object WindowsEmailAddress
Add-RecipientPermission -Identity $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True
Add-DistributionGroupMember -Identity $MailboxAccess -Member $User -Confirm:$True -BypassSecurityGroupManagerCheck

但失败了,因为 cmdlet 不支持管道。对 Powershell 来说还很陌生,所以任何帮助/建议都将不胜感激。

编辑

运行时收到的错误信息是...

PS C:\WINDOWS\System32\WindowsPowerShell\v1.0> Add-RecipientPermission -Identity
 $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True
Cannot process argument transformation on parameter 'Identity'. Cannot convert
value "@{PrimarySmtpAddress=*EmailAddress*}" to type
"Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter". Error: "Cannot
convert hashtable to an object of the following type:
Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter.
Hashtable-to-Object conversion is not supported in restricted language mode or
a Data section."
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], Para
   meterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-Recipie
   ntPermission
    + PSComputerName        : outlook.office365.com

还尝试在最后不添加附加 Select-Objects 的情况下运行它,但仍然得到类似的结果......

    PS C:\WINDOWS\System32\WindowsPowerShell\v1.0> Add-RecipientPermission -Identity  
 $Mailbox -AccessRights SendAs -Trustee $User -Confirm:$True  
Cannot process argument transformation on parameter 'Identity'. Cannot convert  
value "*EmailDisplayName*" to type  
"Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter". Error: "Cannot  
convert hashtable to an object of the following type:  
Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter.  
Hashtable-to-Object conversion is not supported in restricted language mode or  
a Data section."  
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], Para  
   meterBindin...mationException  
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-Recipie  
   ntPermission  
    + PSComputerName        : outlook.office365.com

答案1

看看TechNet 页面上Add-RecipientPermission,似乎可以为参数提供一个简单的字符串值-Identity;它不需要花哨的对象。文章还指出(在参数表中),您可以使用任何唯一标识主体的名称,甚至是显示名称。Add-DistributionGroupMember

因此,您不必使用Get-MailboxGet-Group查找收件人的电子邮件地址;您只需使用您的第一个脚本并提供人类可读的名称即可。

但是,如果您确实想使用这些 cmdlet,则需要从 返回的单属性对象中获取纯电子邮件地址select。例如,您将提供$MailboxAccess.WindowsEmailAddress而不是仅仅提供。如果它是另一个无法自动转换为可用内容的 .NET 对象,$MailboxAccess您甚至可能必须调用该值。ToString()

相关内容