Open Kipferl3 opened 1 year ago
Do you have RSAT installed on your computer? RSAT is required to use the Active Directory PowerShell Module.
i had the same error. it appears these users had a SAM different from their EXO alias (firstname.lastname in AD and firstnamelastname in EXO). i caught it since only a part of the users were failing in the script. not sure if this is something that could be taken care of within the script.
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 2]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 2]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
True
[user 4] is Added
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
[REDACTED] S-1-5-21-24928312... {FullAccess} False False
True
Identity : [REDACTED]
Trustee : [REDACTED]
AccessControlType : Allow
AccessRights : {SendAs}
IsInherited : False
InheritanceType : None
TrusteeSidString : [REDACTED]
IsValid : True
ObjectState : New
WARNING: The appropriate access control entry is already present on the object "CN=[REDACTED],OU=[REDACTED],OU=Microsoft Exchange Hosted Organizations,DC=[REDACTED],DC=PROD,DC=OUTLOOK,DC=COM" for account "
[REDACTED]".
True
[user 3] is Added
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 3]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 3]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
True
[user 1] is Added
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 1]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 1]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage
I did run into 2 scenarios what i would consider a bug. I would expect the mailboxGroupPrefix to be required to match. So i've setup a prefix called "SG_CompanyT" while the actual security group is called "SG_Company_P_X" and yet still it removed all users from the group. I'm guessing when the script can't find any matching group it will just delete all users, but i haven't been able to test further (bedtime).
The second is the logging. I will get a user is added/removed log message, first and then the actual call fails. a catch would be nice to make sure the actual change is processed before making this statement and when the script fails log the error message instead.
After I Started the Script it get the following Error: