I have created a script for adding Send on Behalf Perms for a DG on prem in a hyrbid environment but having a few issues with it processing the list of names. If you add one name its fine add another and it removes the old and adds the new. That is how it is. So the command you normally string the list of names separated by a comma then it will add them all and it works fine. The script allows me to list them however fails to find the entries. Can anyone suggest why or an edit which will make this work?
#Script prompts for the required information needed to perform the required actions.
$Distro = Read-Host 'Insert Distribution Group to check perms.'
$DGroup = Read-Host 'Insert Distribution Group Name e.g. [email protected]'
$username = Read-Host 'Insert User who needs Send On Behalf. Please include all shown in the last step seperate each name by a comma. Format is First Lastname.'
#Displys the current settings for Send on Behalf rights for the DG.
Get-DistributionGroup $Distro | FL GrantSendOnBehalfTo
Read-Host -Prompt "Press Enter to proceed to next step"
#Now script adds the required permissions input at the beginning.
Set-DistributionGroup -Identity $DGroup -GrantSendOnBehalfTo $username
Read-Host -Prompt "Press Enter to proceed to next step"
#Now the script shows the current permissions after changes
Get-DistributionGroup $Distro | FL GrantSendOnBehalfTo
Read-Host -Prompt "Press Enter to exit"
Ideally i will look split so it displays the current perms then asks who needs adding so you can just add the names all within the script. I am new to this so still learning and looking to get one part done then expand it.
Thanks
Cannot test this myself, but from the docs:
To add or remove one or more values without affecting any existing entries, use the following syntax:
Set-DistributionGroup -Identity $DGroup -GrantSendOnBehalfTo @{Add="$username", "$username2"}
Because you are using Read-Host it is vital to always check/correct the input you are getting. The prompt tells people to enter First Lastname, but to uniquely identify a mail-enabled user or group, it would be MUCH better to ask for either SamAccountName, Emailaddress or UserPrincipalName.
Because the input names can contain spaces or characters that need quoting, my suggestion would be to always quote whatever the user inputs.
Something like:
$prompt = @"
Insert user(s) that need Send On Behalf.
You can enter multiple usernames, separated by a comma.
Allowed names are SamAccountName, EmailAddress or user full name (Firstname Lastname).
"@
# get the (string) input from the user
$username = Read-Host $prompt
# as per your latest comment and testing, simply split the input on comma
# to create an array of names. (Trim to remove unwanted whitespace)
$users = ($username -split ',').Trim()
Then add these to the group with
Set-DistributionGroup -Identity $DGroup -GrantSendOnBehalfTo @{Add=$users}
Needless to say that you should provide checks for everything you are receiving from Read-Host inputs, so also test if the given $Distro and $DGroup actually exist before doing anything with these values..