When moving mailboxes to exchange online, you will probably get errors like this
“A corrupted item was encountered: Unable to translate principals for folder”
Some of these errors occur for a reason that all the users which have permissions to other user mailbox folders (example calendars), have not been synced to O365. Or there might be a permissions for users which account have been deleted.
This script finds and removes these “Legacy Permissions”. It won´t work for a freebusy and other non ipm subtree folders.
** Updated! 27022019 **
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
#Please, run this script first without -AuditOnly parameter and check the Logfile that it will remove only permissions that you wish #Syntax Fix-LegacyPerm.ps1 -auditonly $false -import c:\users.csv #Use -import parameter to import from .csv file default is get-mailbox -resultsize unlimted #\NEW-Fix-LegacyPerm.ps1 -Auditonly:$false Param ( $import= (get-mailbox -resultsize unlimited), [bool]$Auditonly = $true ) #where do you want your logfiles $Logfile="C:\temp\Logs\PermFIX\Removed-FolderPerm.txt" $Logfile2="C:\temp\Logs\PermFIX\LIST_AllFolderPerm.txt" $Logfile3="C:\temp\Logs\PermFIX\PROGRESS_FolderPer.txt" Write-host "Getting info, please wait ... " Switch -wildcard ($import) { "*.csv" {$Mailboxes= import-csv $import;Write-host " $import file selected" ; Break} "*@*" {$Mailboxes=(get-mailbox -identity $import); Write-host "$import selected";Break} default {$Mailboxes=(get-mailbox -resultsize unlimited); Write-host "all Mailboxes selected";break} } Write-host "......" # Geting Users Foreach ( $Mailbox in $Mailboxes ) { IF ($mailboxes.count -gt "1"){ # PROGRESS BAR $i=$i+1 Write-Progress ` -Activity ("Scanning " + $Mailboxes.Count + " Mailboxes for folder permissions.") ` -Status ("Currently Scanning..." + $i.ToString() + "> " + $_.EmailAddress ) ` -PercentComplete ($i/$Mailboxes.Count*100) } Else { Write-host "Skip Progress bar, only one mailbox" } # Getting folders $UPN=$Mailbox.userprincipalname $Folders = get-mailbox $UPN | Get-MailboxFolderStatistics Foreach ($folder in $folders) { #$folderpath=$folder.folderpath #$directory = Get-MailboxFolderStatistics -Identity "$UPN" | Where {$_.Folderpath -eq "$folderpath"} #Foreach ($Dir in $directory.folderpath) { If ($folder.folderpath -eq $null ) { Write-host "Folder $Dir not found for user $UPN" -foreground "Red" continue } # converting Folderpath to righ format Else { $Dirpath = $folder.folderpath -Replace "/" , "\" $FP="$UPN"+":"+"$Dirpath" # Write all permission to log Add-content $Logfile2 "----------------------" Add-content $Logfile2 "$FP" $Perm = (Get-MailboxfolderPermission -Identity $FP -ErrorAction "silentlycontinue" ) add-content $Logfile2 $perm.user # Getting Permission $Oldusers= Get-MailboxfolderPermission -Identity $FP -ErrorAction "silentlycontinue" | where { $_.user -match "mikon.testi" -or $_.user -match "NT:S-" -or $_.user -match "NT USER:S-" -or $_.user -match "NT-käyttäjä:S-" -or $_.user -match "NT-användare:S-" } Foreach ($user in $oldusers) { If ( $User -eq $null ) { write-host $User "why this?" #Mikä tämä on? continue } # Remove legacy permissions and write these to log ElseIf ($AuditOnly -eq $false) { $UPN = $user.user Add-content $Logfile "Folder $FP" Add-content $Logfile "Remove $UPN" Add-content $Logfile "----------------------" Write-host "Remove $UPN from: $FP " -foreground "Darkmagenta" Write-host "audit FALSE removing $upn" Remove-MailboxFolderPermission -Identity $FP -User $UPN -Confirm:$false } Else { Write-host "auditonly is TRUE, $UPN writen to log only" continue } } } } #} } # Write Progress to log $Count= $Mailboxes.count $completePercent= "$i/$Count" Add-content $Logfile3 "$completePercent $UPN" |
RSS - Posts