Script to remove Exchange 2010 AutoMapping for all mailboxes
That is incredibly easy. You simply need to retrieve a list of mailboxes and run the example against each of them:
# Get all mailboxes in the forest
$Mailboxes = Get-Mailbox -ResultSize unlimited -IgnoreDefaultScope
$ConfirmPreference = 'None'
# Iterate over each mailbox
foreach($Mailbox in $Mailboxes)
{
try
{
# Try to run the example fix against the current $Mailbox
$FixAutoMapping = Get-MailboxPermission $Mailbox |where {$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}
$FixAutoMapping | Remove-MailboxPermission
$FixAutoMapping | ForEach {Add-MailboxPermission -Identity $_.Identity -User $_.User -AccessRights:FullAccess -AutoMapping $false}
}
catch
{
# Inform about the error if unsuccessful
Write-Host "Encountered error: $($Error[0].Exception) on mailbox $($Mailbox.DisplayName)" -ForegroundColor Red
}
}
Related videos on Youtube
Dave
BOFH, Digital Rogue, and all round nice SysAdmin, based in the Home Counties, United Kingdom
Updated on September 18, 2022Comments
-
Dave over 1 year
I have an Exchange 2010 SP3 server that's getting Application event error 9646 from MSExchangeIS:
Mapi session [ID] [AD User] exceeded the maximum of 500 objects of type "objtFolder"
Looking into this, the cause was found to be several users that have a lot of Full Access Permissions on other people's mailboxes.
Because of the way this changed in SP1 See Technet article HERE, They now automatically open all the users they have access to, rather than being able to add or open them only when needed.
Ideally, I'd like a script I can run to globally remove the -Automapping $true string for all users: This should leave them access to the mailbox when needed, but stop it from automatically opening, taking up MAPI sessions.
I tried the Microsoft Technet Script from the above URL, but that didn't appear to work as intended:
[PS]$FixAutoMapping = Get-MailboxPermission sharedmailbox|where {$_AccessRights -eq "FullAccess" -and $_IsInherited -eq $false} The operation couldn't be performed because object sharedmailbox couldn't be found on '[Servername]'. + CategoryInfo : InvalidData: (:) [Get-MailboxPermission], ManagementObjectNotFoundException + FullyQualifiedErrorId : B485A4C7,Microsoft.Exchange.Management.RecipientTasks.GetMailboxPermission
I'm presuming that sharedmailbox is a specific example mailbox which Doesn't exist on my server: I need a script that searches through all the mailboxes, then changes Automapping $true to Automapping $false for any access permissions on the mailbox.
Is this possible to do?
-
Dave over 10 yearsThanks for the script. I Don't use powershell much, so I assume I save it as a.ps1 file, then call it from the powershell command line?
-
longneck over 10 yearsOr you can just copy and paste in to an Exchange PowerShell window. Possibly followed by an additional Enter or two.
-
Mathias R. Jessen over 10 yearsExactly :-) You might need to change the Execution Policy in order for it to execute as a script
-
Dave over 10 yearsThanks, Mathias - the script worked, apart from you had to press a (Yes to all) for every user. For future use, is there a way yes to all can be added to the script?
-
Mathias R. Jessen over 10 yearsYes by setting the
$ConfirmPreference
or append-confirm $false
to theRemove-MailboxPermission
statement -
Dave over 10 years-confirm $false and that script worked perfectly. Thank you @mathias-r-jessen for the answer, and thanks for the assist Longneck.