PowerShell Script $exception not working

simoneastwood · 2023-11-14T19:31:07.000Z

I have a script as follows but I need to run it against domain A and then against domain B and not a UserPrincipal name it works with $Exception = @(“simon.e@A-DOMAIN.org.uk”, “adam.c@B-DOMAIN.org.uk”) The script runs against domain A and B simultaneously with no issues.

But not using $Exception = @(“@A-DOMAIN.org.uk”) or $Exception = @(“@B-DOMAIN.org.uk”) how do I correct this the full script is below as I am new to this can anyone point out my mistakes

<#
.SYNOPSIS
PrepareAndSetDefaultCalendarPermissionsForAllUsers.ps1

.DESCRIPTION
Set default calendar permissions for all user mailboxes including exception for users.

The script works for:
-Exchange On-Premises (Run Exchange Management Shell)
-Exchange Online (Connect to Exchange Online PowerShell)

.LINK

Script Exclusions

.NOTES

Exclude users that you don’t want the script to run against. Add them in line 36, 37, 38. If you don’t need this feature, comment out lines 36, 37, 38, 53, 54, 55, 56 and 80.

Calendars are not always set in the English language. For example, in The Netherlands, it’s named Agenda. The script will check for the calendar names defined in line 44.

Change permission that you want to set for all the users in line 39.

Note: The -WhatIf parameter is added in the script on line 66. If you run the script, nothing will happen in the environment. Instead, you get an output showing what will happen.

.CHANGELOG

Line 36, 37, 38 Option enabled

-WhatIf parameter Active

#>

Start transcript

Start-Transcript -Path “C:\temp\Set-DefCalPermissions01.log” -Append

Set scope to entire forest. Cmdlet only available for Exchange on-premises.

#Set-ADServerSettings -ViewEntireForest $true

Get all user mailboxes

$Users = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox

Users exception (add the UserPrincipalName)

$Exception = @(“*@A-DOMAIN.org.uk”)

$Exception = @(“*@B-DOMAIN.org.uk”)

$Exception = @(“simon.e@A-DOMAIN.org.uk”, “adam.c@B-DOMAIN.org.uk”)

Permissions

$Permission = “LimitedDetails”

Calendar name languages

$FolderCalendars = @(“Agenda”, “Calendar”, “Calendrier”, “Kalender”, “日历”)

Loop through each user

foreach ($User in $Users) {

Get calendar in every user mailbox

$Calendars = (Get-MailboxFolderStatistics $User.UserPrincipalName -FolderScope Calendar)

Leave permissions if user is exception

if ($Exception -Contains ($User.UserPrincipalName)) {

Write-Host “$User is an exception, don’t touch permissions” -ForegroundColor Red

}

else {

Loop through each user calendar

foreach ($Calendar in $Calendars) {
$CalendarName = $Calendar.Name

Check if calendar exist

if ($FolderCalendars -Contains $CalendarName) {
$Cal = “$($User.UserPrincipalName):$CalendarName”
$CurrentMailFolderPermission = Get-MailboxFolderPermission -Identity $Cal -User Default

Set calendar permission / Remove -WhatIf parameter after testing

Set-MailboxFolderPermission -Identity $Cal -User Default -AccessRights $Permission -WarningAction:SilentlyContinue -WhatIf

Write output

if ($CurrentMailFolderPermission.AccessRights -eq “$Permission”) {
Write-Host $User.DisplayName already has the permission $CurrentMailFolderPermission.AccessRights -ForegroundColor Yellow
}
else {
Write-Host $User.DisplayName added permissions $Permission -ForegroundColor Green
}
}
}
}

}

Stop-Transcript

jrp78 · 2023-11-15T09:51:01.000Z

One way to fix it for a domain name match rather than an actual userprincipalname match, is to use -match and flip it. Also, the variable doesn’t have to be declared with @().

$Exception = @("@A-DOMAIN.org.uk")
if ($Exception -Contains ($User.UserPrincipalName))

Switch to:

$Exception = "@A-DOMAIN.org.uk"
if ($User.UserPrincipalName -match $Exception)

simoneastwood · 2023-11-15T10:04:37.000Z

Thank you for a beautifully eloquent and simple code change that works perfectly

jrp78 · 2023-11-15T10:11:00.000Z

Happy to help

One last thing, if you feel your question has been sufficiently answered, I’ll ask that you mark a post as Best Answer so this question is marked as [SOLVED] here, in Spiceworks search results, and in internet search results. Thanks!

https://community.spiceworks.com/how_to/126499-how-to-give-out-best-answers-in-the-spiceworks-community

DoctorDNS · 2023-11-16T12:29:09.000Z

A small plea (sorry if this is a broken record). When posting here, strip all the irrelevant lines. While having CBH code is a good thing, it does little to help us debug the issue. Just post the code that is ‘broken’. This makes it easier to debug. And all too often doing so may reveal the issue to you and not need a post here.