Delegate management module updated to support Exchange Online

Posted on by 7 Comments ↓

Articles in the "Mailbox Delegate Management" series

  1. Super duper delegate retrieval script
  2. PowerShell module for managing Exchange mailbox delegates
  3. Small update to delegate management module
  4. Delegate management module updated to v1.3.5
  5. Delegate management module updated to support Exchange Online [This article]
  6. Delegate management module updated to v1.4.5
  7. Delegate management module updated to 1.4.6
  8. Delegate management module updated to v1.5.0
  9. Delegate management module updated

The module for managing Exchange mailbox delegates has been updated with support for Exchange Online. In its current version (v1.4) you can use one mode or the other. The default mode is on-premises, but you can change this on demand to use Exchange Online by using Set-DelegateMananagementMode, a new cmdlet added in this version. If you change it on demand, you will be prompted for your Office 365 credentials. If you will be exclusively working with Exchange Online, you can change the line near the top of the module to default to using that method. In that case, you will be prompted for credentials the first time you run a cmdlet.

It is my intention to update the module to support a hybrid environment, but I first need to set up one in my lab in order to test it.

Previous in series | | Next in series

7 thoughts on “Delegate management module updated to support Exchange Online

  1. Doesn’t work for me on EOL. Error messages given:

    Exception calling “GetDelegates” with “2” argument(s): “The specified object was not found in the store.”
    At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DelegateManagement\DelegateManagement.psm1:772 char:4
    + $currentDelegates = $exchangeService.GetDelegates($EWSMailbox,$true)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ServiceResponseException

    Exception calling “Translate” with “1” argument(s): “Some or all identity references could not be translated.”
    At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DelegateManagement\DelegateManagement.psm1:199 char:3
    + $aSID += $adUser.Translate([System.Security.Principal.SecurityIdentifier]).Val …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException

  2. I may not be remembering correctly, but I think that error can happen when you don’t have the necessary permission to the mailbox. To test, try it against your own mailbox (assuming the account you are using to authenticate is the one for your mailbox). I will do some testing to see what error I get when querying a mailbox that I don’t have full access to.

  3. Doesnt work for me on EOL. First error I get using Get-MailboxDelegate

    FException calling “AutodiscoverUrl” with “2” argument(s): “The Autodiscover service couldn’t be located.”
    At C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\DelegateManagement\DelegateManagement.psm1:175 char:2
    + $exchangeService.AutodiscoverUrl($smtpAddress, {$true})
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AutodiscoverLocalException

  4. I discovered a mistake in variable naming when I changed how the module detects if it is in online or on-premises mode. I have fixed that and updated the download. Try again.

  5. I am trying to run the latest scrip and I am getting stuck here:

    cmdlet Write-Progress at command pipeline position 1
    Supply values for the following parameters:
    (Type !? for Help.)
    Status:

  6. Hello – First of all this is a great tool, very useful in the day job so thanks for that.

    I’ve noticed a weird thing where no output is produced for some users. The progress indicator whizzes along as usual and no errors are surfaced, just no output.

    I haven’t spotted any obvious differences in permissions, i.e. the AD object has inherited permissions. All the usual groups have Full Access Permission for the problematic mailbox etc, just no output.

    Would appreciate any help with this. Thanks.

    See anonymized example below…

    Person1 produces no output
    Person2 delegates are shown [ok]
    Person3 reports no delegates [ok]
    Person4 does not exist [ok]

    [PS] C:\Windows\system32>get-mailboxdelegate person1
    [PS] C:\Windows\system32>get-mailboxdelegate person2

    Owner : Firstname1 Secondname1
    Delegate : Firstname2 Secondname2
    MeetingHandling : NoForward
    FMA : False
    SendAs :
    Calendar : Editor
    Inbox : Editor
    Contacts : None
    Tasks : Editor
    DeletedItems : None
    SentItems : None
    ReceiveMeetings : False
    ViewPrivate : True
    Error :
    ErrorNote :

    [PS] C:\Windows\system32>get-mailboxdelegate person3
    Firstname3 Secondname3 has no delegates.

    [PS] C:\Windows\system32>get-mailboxdelegate person4
    Find-Mailbox : A mailbox cannot be found that matches the input string person4.
    At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DelegateManagement\DelegateManagement.psm1:732 char:26
    + $mbOwner = Find-Mailbox <<<< $Identity
    + CategoryInfo : ObjectNotFound: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Find-Mailbox

  7. Howdy,

    I’m not able to get past a non-existent user. If I run this:
    get-mailbox -ResultSize Unlimited | foreach {gmd -identity $_.Alias}

    I get:
    Find-Mailbox: A mailbox cannot be found that matches the input string BESAdmin.

    In this instance “BESAdmin” is a service account.
    Is it possible to run the script and skip non-existent mailboxes, or continue after errors?

    Cheers,
    Eric

Leave a Reply

Your email address will not be published. Required fields are marked *

*