Script to assign Office 365 full access permissions based on the MigrationWiz bulk import CSV file

When you’re migrating to Office 365 using a tool like MigrationWiz, one of the requirements should be to have a “MigrationWizAdmin” account, on Office 365, that will have full access to all the mailboxes (unless you want to specify each user’s password when importing the users to the MigrationWiz project).

Most of the times the “easy” solution is to run the following cmdlet:

Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User MigrationWizAdmin@yourdomain.com -AccessRights fullaccess -InheritanceType all -AutoMapping $false

And you can also use the “Filter” parameter on the “Get-Mailbox” to narrow the number of mailboxes where the MigrationWizAdmin will have full access, based on one or several specific attributes, as show below:

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User MigrationWizAdmin@yourdomain.com -AccessRights fullaccess -InheritanceType all -AutoMapping $false

The cmdlet above filters all user mailboxes, excludes the one that has the Alias “Admin”, and assigns full permissions to the migrationwizadmin user.

So could this solution fit the requirements of all your scenarios? Not really. Why? Some of the reasons are outlined below:

  • If you’re moving a subset of users to an existing tenant (i.e on a company acquisition), giving full permissions to the MigrationWizAdmin on all online mailboxes might just not be an option. Why should you give full access permissions on an existing Office 365 mailbox that is not going to be migrated? You should have a plan B.
  • Filtering might be a good option, but you need to set specific and unique attributes on the Office 365 mailboxes that are going to be migrated, and in most cases that just doesn’t happen.

So what could be your plan B? Well if you’re familiar with the MigrationWiz process, you know that after creating the project, the next step would be adding the users/items. You have several options to add them, such as using autodiscover, bulk add users via a CSV file or manually add each user.

I normally use the CSV file. To download it you have to choose the “Add > Bulk Add” option on the project, and click on “Download sample CSV file”.

1-done

Then all you have to do is, export the e-mail addresses from your source system, copy them into the MigrationWiz CSV and import the CSV via the portal.

Now, can i use that CSV file to assign permissions to the Office 365 mailboxes? Yes, and by using the CSV file you will be assigning permissions only to the users you’re going to migrate.

I’ve built a small and simple script that will read the “Destination Email” column and assign permissions to all the users on the CSV. You can copy and paste the script into a notepad and save it as a “.ps1” script. You need to connect to the Exchange Online management shell to run the script. Click here for guidance.

#Script to add mailbox permissions on Office 365 to an admin account#
#This script should run from an Exchange Online Management Shell#
#Version 1.0 - 27/05/2014#
#Author: Antonio Vargas#

foreach ($user in Import-Csv "C:\BlogTestDir\migrationwiz_import.csv"){ 
 Get-MailBox -Identity $user."Destination Email" |Add-MailboxPermission -user antonio.vargas@yourtenant.onmicrosoft.com -AccessRights FullAccess -InheritanceType All -AutoMapping $false
 write-host "Permissions added for the mailbox:" $user."Destination Email"
}

2-Done

Replace the user “antonio.vargas@yourtenant.onmicrosoft.com” with your Office 365 admin MigrationWiz admin user.

Note: The Office 365 MigrationWiz admin user, that will have full access on the destination, to all mailboxes being migrated, needs to be mailbox enabled.

Now see below an example of the CSV file, and the output of the script based on that file.

5-Done

3-Done

Finally if you want to check if the your admin user has full access on a specific mailbox, you can run the following cmdlet:

Get-MailboxPermission -Identity jorgelorenzo@domain.com -User antonio.vargas@yourtenant.onmicrosoft.com

4-Done

This blog post and the script can be useful to things as simple as giving permissions on mailboxes (on premises or on Office 365) based on a CSV file, or more specific such as during a MigrationWiz project.

Thanks and ping me if you have questions! 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s