1

I'm trying to remove orphaned user objects from all mailboxes in our Exchange server.

When I execute this command:

get-mailboxpermission * | where {$_.User -like "S-1-5-21*"} | foreach {$_.Identity.Name}

It correctly returns a list with all the mailboxes that still have orphaned user account permissions set on them.

However, when I try to remove them by doing this:

get-mailboxpermission * | where {$_.User -like "S-1-5-21*"} | remove-mailboxpermission -identity $_.Identity.Name -user $_.User -accessrights $_.AccessRights -deny:$_.Deny

It returns this error:

Cannot bind argument to parameter 'Identity' because it is null.
+ CategoryInfo          : InvalidData: (:) [Remove-MailboxPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Remove-MailboxPermission

What am I doing wrong?

Thanks for any help.

Improve this question

1 Answer 1

Reset to default
3

$_ doesn't work like that, you need to wrap the Remove-MailboxPermission statement in ForEach-Object {}:

Get-MailboxPermission * | Where-Object {$_.User -like "S-1-5-21*"} | ForEach-Object {
  Remove-MailboxPermission -Identity $_.Identity.Name -User $_.User -AccessRights $_.AccessRights -Deny:$_.Deny
}

Since Exchange doesn't seem to like nested pipelines very much, you could simply to away with the parameter arguments altogether (Remove-MailboxPermission will automatically bind the permissions from the pipeline):

Get-MailboxPermission * | Where-Object {$_.User -like "S-1-5-21*"} | Remove-MailboxPermission
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I've already tried this and got the error Pipelines cannot be executed concurrently. Get-MailboxPermission and Remove-MailboxPermission are designed to take pipeline input from each other so there's no need to use ForEach. see this link
@mariu5 My bad. Is there a reason you specify all those parameters with Remove-MailboxPermission? Get-MailboxPermission|Remove-MailboxPermission should suffice
That did the trick! I thought you would have to specify the exact permission in order to remove it but apparently, that isn't necessary. Thanks for your help. If you edit your answer, I could mark it as a solution if you like.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.