search

Vogete / Exchange-shared-mailbox-automapping

A small script that enables easy access management of Exchange shared mailboxes through Active Directory security groups, while keeping the Outlook automapping feature.
Apache License 2.0
6 stars 1 forks source link

Script Error #1

Open Kipferl3 opened 1 year ago

Kipferl3 commented 1 year ago

After I Started the Script it get the following Error:

 PS C:\exch\Exchange-shared-mailbox-automapping-main\ExchangeOnline> .\SharedMailboxDelegateSync.ps1
Log folder exists

----------------------------------------------------------------------------------------
This V3 EXO PowerShell module contains new REST API backed Exchange Online cmdlets which doesn't require WinRM for Client-Server communication. You can now run these cmdlets after turning off WinRM Basic Auth in your client machine thus making it more secure
. 

Unlike the EXO* prefixed cmdlets, the cmdlets in this module support full functional parity with the RPS (V1) cmdlets.

V3 cmdlets in the downloaded module are resilient to transient failures, handling retries and throttling errors inherently. 

However, REST backed EOP and SCC cmdlets are not available yet. To use those, you will need to enable WinRM Basic Auth. 

For more information check https://aka.ms/exov3-module
----------------------------------------------------------------------------------------

Der Typ [Microsoft.ActiveDirectory.Management.azureADGroup] wurde nicht gefunden.
In C:\exch\Exchange-shared-mailbox-automapping-main\ExchangeOnline\SharedMailboxDelegateSync.ps1:11 Zeichen:9
+         [Microsoft.ActiveDirectory.Management.azureADGroup]$Permissio ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Activ...nt.azureADGroup:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound

Der Typ [Microsoft.ActiveDirectory.Management.azureADGroup] wurde nicht gefunden.
In C:\exch\Exchange-shared-mailbox-automapping-main\ExchangeOnline\SharedMailboxDelegateSync.ps1:11 Zeichen:9
+         [Microsoft.ActiveDirectory.Management.azureADGroup]$Permissio ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Activ...nt.azureADGroup:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound

Der Typ [Microsoft.ActiveDirectory.Management.azureADGroup] wurde nicht gefunden.
In C:\exch\Exchange-shared-mailbox-automapping-main\ExchangeOnline\SharedMailboxDelegateSync.ps1:11 Zeichen:9
+         [Microsoft.ActiveDirectory.Management.azureADGroup]$Permissio ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Activ...nt.azureADGroup:TypeName) [], RuntimeException
    + FullyQualifiedErrorId : TypeNotFound
Vogete commented 1 year ago

Do you have RSAT installed on your computer? RSAT is required to use the Active Directory PowerShell Module.

userrrrrrrr commented 3 weeks ago

i had the same error. it appears these users had a SAM different from their EXO alias (firstname.lastname in AD and firstnamelastname in EXO). i caught it since only a part of the users were failing in the script. not sure if this is something that could be taken care of within the script.

Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 2]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 2]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

True
[user 4] is Added

Identity             User                 AccessRights                                                                                                                                                             IsInherited Deny 
--------             ----                 ------------                                                                                                                                                             ----------- ---- 
[REDACTED]    S-1-5-21-24928312... {FullAccess}                                                                                                                                                             False       False
True

Identity          : [REDACTED]
Trustee           : [REDACTED]
AccessControlType : Allow
AccessRights      : {SendAs}
IsInherited       : False
InheritanceType   : None
TrusteeSidString  : [REDACTED]
IsValid           : True
ObjectState       : New

WARNING: The appropriate access control entry is already present on the object "CN=[REDACTED],OU=[REDACTED],OU=Microsoft Exchange Hosted Organizations,DC=[REDACTED],DC=PROD,DC=OUTLOOK,DC=COM" for account "
[REDACTED]".
True
[user 3] is Added
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 3]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 3]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

True
[user 1] is Added
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 1]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-MailboxPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

True
Write-ErrorMessage : [REDACTED]|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|User or group "[user 1]" wasn't found. Please make sure you've typed it correctly.
At C:\Users\[REDACTED]\AppData\Local\Temp\18\tmpEXO_slf3qbz3.gu4\tmpEXO_slf3qbz3.gu4.psm1:1204 char:13
+             Write-ErrorMessage $ErrorObject
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-RecipientPermission], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=[REDACTED],RequestId=[REDACTED],TimeStamp=Tue, [REDACTED]],Write-ErrorMessage

I did run into 2 scenarios what i would consider a bug. I would expect the mailboxGroupPrefix to be required to match. So i've setup a prefix called "SG_CompanyT" while the actual security group is called "SG_Company_P_X" and yet still it removed all users from the group. I'm guessing when the script can't find any matching group it will just delete all users, but i haven't been able to test further (bedtime).

The second is the logging. I will get a user is added/removed log message, first and then the actual call fails. a catch would be nice to make sure the actual change is processed before making this statement and when the script fails log the error message instead.