EndMove
/
excal-arights
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Activity

Compare commits

base: EndMove:1.0.0
Branches Tags
EndMove:master
EndMove:dev
EndMove:1.1.0
EndMove:1.0.0
...
compare: EndMove:master
Branches Tags
EndMove:dev
EndMove:master
EndMove:1.1.0
EndMove:1.0.0

2 Commits
1.0.0 ... master

Author SHA1 Message Date
Jérémi N ‘EndMove’ acb5cfaf64
Cloturation développement version 1.1.0 2022-08-26 09:48:05 +02:00
Jérémi N ‘EndMove’ 2e4b8a4525
Début transition vers protocol exchange v2 + correction de bug + mis en place deep search 2022-08-25 23:26:12 +02:00
5 changed files with 191 additions and 37 deletions
Show Stats Expand all files Collapse all files

120
README.md
View File

@ -7,11 +7,13 @@
[link-icon-website]: https://img.shields.io/badge/%F0%9F%92%BB-My%20Web%20Site-0078D4.svg
[link-website]: https://www.endmove.eu/
__Current version : *1.0.0*__
__Current version : *1.1.0*__
## Description
ExCal-ARights is a script to automate the change of permissions on Microsoft Exchange Server calendars. This script allows you to define a list of aliases to ignore, as well as different triggers (permissions triggering a change) and the permission to use. Moreover, any action performed by the ExCal-ARights is logged so that you can confirm and view the changes after application.
ExCal-ARights is a script to automate the change of permissions on Microsoft Exchange Server calendars. This script allows you to define your own configuration (see [Use->Configuration](#configuration)). Moreover, any action performed by ExCal-ARights is recorded so that you can confirm and view the changes after application.
You can also choose to quit the script before starting the change of permissions. As well as previewing the permissions of all calendars before and after the change. The permissions preview does not consider the configuration filters, it previews all users.
## Requierements
@ -25,9 +27,7 @@ To use this script you need the following software and libraries. See the instal
### Installation
To install Windows 11 see the requirement at https://www.microsoft.com/en-us/windows/windows-11-specifications (check minimum version above).
To install powershell 7 use the command below in your Pshell (check minimum version above).
To install Windows 11 see the requirement at https://www.microsoft.com/en-us/windows/windows-11-specifications (check minimum version above). To install powershell 7 use the command below in your Pshell (check minimum version above).
```ps1
iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI"
@ -51,6 +51,112 @@ Set-ExecutionPolicy Restricted # set the policy to restricted
## Use
Clone or download and extract this repository from its archive. Open the `configs.ps1` script and configure it. Then run the `run-script.ps1` file and follow the indications.
Clone or download and extract this repository from its archive. Open the `configs.ps1` script and configure it. Then run the `run-script.ps1` file and follow the indications.
After the process you should find a log file with the process details.
After the process you should find a log file with the process details.
### Exchange Server Structure
Regardons ici à quoi resemble la structure d'un server Exchange au niveau de la répartition des dossiers et permissions d'accès par utilisateur.
1. Is the first level and represents a user. ```[*1]```
2. Is the second level and represents a folder in our case a calendar. This level can contain several items (folders). ```[*2]```
3. Is the third level and represents the authorizations assigned to a specific user to the folder by the 1st level owner user. ```[*3]```
* "**Default**" user represents the authorizations for all persons for which the authorizations have not been defined manually.
* "**Anonymous**" user should have *None* permission (authorizations for anyone outside the organization).
```
Exchange_Server:
├───User-1 [*1]
│ └───Calandar [*2]
│ ├───Default [*3]
│ └───Anonymous
├───User-2
│ └───Agenda
│ ├───Default
│ ├───Anonymous
│ └───User-3
└───User-3
├───Agenda-2
│ ├───Default
│ ├───Anonymous
│ └───User-1
└───Calandar
├───Default
├───Anonymous
├───User-1
├───User-2
└───User-3
```
### Configuration
#### New permission
This variable allows you to configure the permission that will replace the current permission (if the current permission fires the trigger). You can find [here](https://docs.microsoft.com/en-us/powershell/module/exchange/set-mailboxfolderpermission?view=exchange-ps#parameters) the list of permissions on the Microsoft website.
```ps1
$Permission = "Reviewer"
```
#### Trigger permission
This variable is used to define the list of permissions that should be changed. We call this list of permissions the list of triggers.
```ps1
$PermissionsTrigger = @("LimitedDetails", "AvailabilityOnly")
```
#### Folder to process
This variable defines the list of caller names to be processed. If a user has more than one calendar in this list, all calendars in the list will be impacted.
In the structure we are on the ``*2nd`` level.
```ps1
$CalandarFolders = @("Agenda", "Calendar", "Calendrier", "Kalender")
```
#### User to exclude
This variable defines a list of email aliases of users whose calendars should be ignored (in short, the calendars of these people will not be checked or processed). An alias is that part of the email address (``contact``@endmove.eu).
In the structure we are at the ``*1st`` level.
```ps1
$IgnoreAlias = @("jeremi.nihart", "contact.endmove")
```
#### Permission of user to skip
This variable defines a list of user names whose authorizations that the 1st level users have defined in their own calendars must be ignored.
In the structure we are on the ``*3rd`` level.
```ps1
$IgnoreUsers = @("Anonymous", "Nihart Jérémi", "Jone Michel")
```
#### Admin Exchange account
This variable defines the email of an administrator account with edit and write permissions on the Microsoft Exchange server.
```ps1
$AdminAccount = "admin@endmove.eu"
```
#### Logs file name
This variable defines the name of the log file. The `$Time` variable contains the complete date and time.
```ps1
$LogFile = "logs-$time.log"
```
#### Script name
This variable is used to define the name of the script, in our case ExCal-ARights.
```ps1
$ScriptName = "EXCAL-ARIGHTS"
```

9
configs.ps1
View File

@ -1,8 +1,8 @@
<##
# EXCAL-ARIGHTS - configuration file
#
# @version 1.0.0
# @since 08-25-2022
# @version 1.1.0
# @since 08-26-2022
#
# @author Jérémi Nihart <contact@endmove.eu>
# @copyright © 2022 EndMove, All rights reserved.
@ -27,11 +27,14 @@ $CalandarFolders = @("Agenda", "Calendar", "Calendrier", "Kalender")
# Alias of account to be skipped (an alias, is the email prefix ahead of the @domain.com)
$IgnoreAlias = @("raoul.nihart", "brecht.marsoul")
# Name of account to be skipped when permission for it's is set into user's calandar (a full name ex: Jeremi Nihart)
$IgnoreUsers = @("Anonymous")
# Email of the Administration account to use
$AdminAccount = "admin@luminussolutions.be"
# Logs file in which log all process
$LogFile = "logs-$time.log"
$LogFile = "logs-$Time.log"
# Script name
$ScriptName = "EXCAL-ARIGHTS"

68
run-script.ps1
View File

@ -1,8 +1,8 @@
<##
# EXCAL-ARIGHTS - runable script (entrypoint)
#
# @version 1.0.0
# @since 08-25-2022
# @version 1.1.0
# @since 08-26-2022
#
# @author Jérémi Nihart <contact@endmove.eu>
# @copyright © 2022 EndMove, All rights reserved.
@ -12,7 +12,7 @@
# Setup script
$Root = (Split-Path $MyInvocation.MyCommand.Path -Parent)
$time = (Get-Date -Format "MM-dd-yyyy-HH-mm-ss")
$Time = (Get-Date -Format "MM-dd-yyyy-HH-mm-ss")
. $Root\configs.ps1
. $Root\utils\functions.ps1
Import-Module ExchangeOnlineManagement
@ -22,57 +22,77 @@ Add-Type -AssemblyName PresentationFramework
Start-Transcript -Path $Root\$LogFile -Append
# Statistics variables
$CountOK = 0
$CountUpdated = 0
$CountError = 0
$CountUsers = 0
$CountUpdates = 0
$CountErrors = 0
# Initiate exchange connection
Connect-ExchangeOnline -UserPrincipalName $AdminAccount -ShowProgress $true
# Do you want to preview current permissions ?
if ((DialogAsk "$ScriptName" "Do you want to preview all calandar permissions ?`nThis action may take more than 5 minutes.") -eq $true) {
DisplayAll $CalandarFolders
}
# Do you realy want to change permissions ?
if ((DialogAsk "$ScriptName" "Do you want to continue and change the permission of the calendars according to your current configuration?") -eq $false) {
if ((DialogAsk "$ScriptName" "Do you want to continue and change the permission of the calendars according to your current configuration?`nIf no script will be aborted.") -eq $false) {
Stop-Transcript
Exit
}
# Retrieving users mailbox
$Users = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Where-Object {$_.Alias -notin $IgnoreAlias}
Write-Host ("[$ScriptName] We found " + $Users.count + " users`n") -BackgroundColor White -ForegroundColor Black
$Users = Get-EXOMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Where-Object {$_.Alias -notin $IgnoreAlias}
$CountUsers = $Users.count
Write-Host ("[$ScriptName] We found $CountUsers users") -BackgroundColor White -ForegroundColor Black
# Processing users mailbox list
# Info: all these loops are here because we want to follow up as we
# process the data (too much symplification is not always a good thing).
foreach ($User in $Users) {
Write-Host $user.Name -BackgroundColor DarkBlue
Write-Host $User.Name -BackgroundColor DarkBlue
try {
$Calandars = Get-MailboxFolderStatistics $User.Identity -FolderScope Calendar | Where-Object {$_.Name -in $CalandarFolders}
$Calandars = Get-EXOMailboxFolderStatistics $User.Identity -FolderScope Calendar | Where-Object {$_.Name -in $CalandarFolders}
# Process user calandars
foreach ($Calandar in $Calandars) {
Write-Host $Calandar.Name.ToString() -BackgroundColor DarkMagenta
$CurrCalId = $User.Identity.ToString() + ":\" + $Calandar.Name.ToString()
$CurrCalPerm = Get-MailboxFolderPermission -Identity $CurrCalId -User Default
$CurrCalPerms = Get-MailboxFolderPermission -Identity $CurrCalId | Where-Object {$_.Name -notin $IgnoreUsers -and $_.AccessRights -in $PermissionsTrigger}
$CountLocalUpdates = 0
# Check and update permission
if ($PermissionsTrigger -Contains $CurrCalPerm.AccessRights) {
Write-Host " [X] " -NoNewline
Write-Host ("Updated : The permission has been updated from (" + $CurrCalPerm.AccessRights + ") to (" + $Permission + ").") -ForegroundColor Green
$CountOK++
# Nothing to change ?
if ($CurrCalPerms.count -eq 0) {
Write-Host (" OK --> The permissions are in accordance with the current configuration.") -ForegroundColor Yellow
}
# Process caladar permissions
foreach ($CurrCalPerm in $CurrCalPerms) {
Write-Host (" UPDATE --> Permission for " + $CurrCalPerm.User.ToString() + " has been switch from " + $CurrCalPerm.AccessRights + " to " + $Permission + ".") -ForegroundColor Green
# Update permission (for debugging: -WhatIf)
Set-MailboxFolderPermission -Identity $CurrCalId -User Default -AccessRights $Permission
} else {
Write-Host " [X] " -NoNewline
Write-Host ("Ignored : The permission (" + $CurrCalPerm.AccessRights + ") of this user did not launch the trigger.") -ForegroundColor Yellow
$CountUpdated++
Set-MailboxFolderPermission -Identity $CurrCalId -User $CurrCalPerm.User.ToString() -AccessRights $Permission
$CountLocalUpdates++
}
}
Write-Host ("($CountLocalUpdates permissions updated for $CurrCalId)") -BackgroundColor White -ForegroundColor Black
$CountUpdates += $CountLocalUpdates
}
catch {
Write-Host "[ERROR] An unexpected error occured." -ForegroundColor DarkRed
Write-Host "--> $_" -ForegroundColor DarkRed
$CountError++
$CountErrors++
}
Write-Host
}
# Showing resultats
DialogSay "$ScriptName" "The update was performed successfuly.`n`n$CountOK account(s) was already correctly configured.`n$CountUpdated account(s) were updated.`n$CountError error(s) occurred."
DialogSay "$ScriptName" "The update was performed successfuly.`n`n$CountUpdates has been updated on $CountUsers`n$CountErrors errors occured."
# Do you want to view the new permissions ?
if ((DialogAsk "$ScriptName" "Do you want to view all new permission ?`nThis action may take more than 5 minutes.") -eq $true) {
DisplayAll $CalandarFolders
}
Read-Host "The script has finished, press ENTER to continue..."
# Stop logging
Stop-Transcript

4
utils/dev-note.txt
View File

@ -1,4 +1,6 @@
Get-ExecutionPolicy
Set-ExecutionPolicy Unrestricted
Set-ExecutionPolicy Restricted
Set-ExecutionPolicy Restricted
un objet | Get-Member -MemberType Property

27
utils/functions.ps1
View File

@ -1,8 +1,8 @@
<##
# EXCAL-ARIGHTS - utilities function
#
# @version 1.0.0
# @since 08-25-2022
# @version 1.1.0
# @since 08-26-2022
#
# @author Jérémi Nihart <contact@endmove.eu>
# @copyright © 2022 EndMove, All rights reserved.
@ -27,4 +27,27 @@ Function DialogSay {
[string]$Message
)
[System.Windows.MessageBox]::Show($Message, $Title, 'OK', 'Information')
}
# Show current permissions for all user's calandars
Function DisplayAll {
param (
[string[]]$CalandarFolders
)
$Users = Get-EXOMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox
Write-Host ("[$ScriptName] We found " + $Users.count + " users") -BackgroundColor White -ForegroundColor Black
foreach ($User in $Users) {
Write-Host $User.Name -BackgroundColor DarkGreen
$Calandars = Get-EXOMailboxFolderStatistics $User.Identity -FolderScope Calendar | Where-Object {$_.Name -in $CalandarFolders}
foreach ($Calandar in $Calandars) {
Write-Host $Calandar.Name.ToString() -BackgroundColor DarkMagenta
$CurrCalId = $User.Identity.ToString() + ":\" + $Calandar.Name.ToString()
$CurrCalPerms = Get-MailboxFolderPermission -Identity $CurrCalId
foreach ($CurrCalPerm in $CurrCalPerms) {
Write-Host ($CurrCalPerm.User.ToString() +" : " + $CurrCalPerm.AccessRights)
}
}
Write-Host
}
}