<# .SYNOPSIS Convert-MailboxToLinkedMailbox will convert an existing mailbox to a linked mailbox .DESCRIPTION Convert-MailboxToLinkedMailbox will convert an existing mailbox to a linked Mailbox while preserving the Exchange attributes. .PARAMETER Identity The Identity parameter specifies the identity of the mailbox. You can use one of the following values: * GUID * Distinguished name (DN) * Display name * Domain\Account * User principal name (UPN) * LegacyExchangeDN * SmtpAddress * Alias .PARAMETER LinkedMasterAccount The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides. The master account is the account to which the user links. The master account grants access to the user. This must be in the form Domain\Account .PARAMETER LinkedDomainController The LinkedDomainController parameter specifies the domain controller in the forest where the user account resides, if this user is a linked user. The domain controller in the forest where the user account resides is used to get security information for the account specified by the LinkedMasterAccount parameter. .PARAMETER LinkedCredential The LinkedCredential parameter specifies credentials to use to access the domain controller specified by the LinkedDomainController parameter. This parameter requires the creation and passing of a credential object. This credential object is created by using the Get-Credential cmdlet. For more information, see Get-Credential (http://go.microsoft.com/fwlink/?LinkId=142122). .PARAMETER DomainController The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory. .EXAMPLE This example converts the mailbox Chris to a linked mailbox for tom .\Convert-MailboxToLinkedMailbox.ps1 -Identity Chris -LinkedMasterAccount target\tom -LinkedDomainController TargetDC1 -LinkedCredential (Get-Credential) #> [CmdletBinding( SupportsShouldProcess=$true, ConfirmImpact="High" )] Param ( [Parameter(Mandatory=$true,Position=0)] [String]$Identity, [Parameter(Mandatory=$true,Position=1)] [String]$LinkedMasterAccount, [Parameter(Mandatory=$false,Position=2)] [System.Management.Automation.PSCredential]$LinkedCredential, [Parameter(Mandatory=$false,Position=3)] [String]$LinkedDomainController, [Parameter(Mandatory=$false,Position=4)] [String]$DomainController ) PROCESS { if( (Get-ADServerSettings).ViewEntireForest -eq $False ) { Set-AdServerSettings -ViewEntireForest $true } Write-Verbose ( 'Connecting to Active Directory' ) Import-Module ActiveDirectory -Verbose:$false Write-Verbose ( 'Trying to find mailbox for "{0}"' -f $Identity ) $ExchangeUser = Get-User $Identity -ErrorAction SilentlyContinue $parameters = @{} if( $LinkedDomainController ) { $parameters.Add( 'Server', $LinkedDomainController ) Write-Verbose ( 'Using Domain Controller "{0}"' -f $LinkedDomainController ) } if( $LinkedCredential ) { $parameters.Add( 'Credential', $LinkedCredential ) } $LinkedUser = $null if( $LinkedMasterAccount.split('\')[1] ) { $LinkedUser = Get-ADUser $LinkedMasterAccount.split('\')[1] @parameters -ErrorAction SilentlyContinue } if( $ExchangeUser -and $LinkedUser ) { if( $ExchangeUser.RecipientType -eq 'UserMailbox' ) { if( $pscmdlet.ShouldProcess($OldMailbox.DistinguishedName) ) { try { $parameters = @{} if( $DomainController ) { $parameters.Add( 'Server', $DomainController ) Write-Verbose ( 'Using Domain Controller "{0}"' -f $DomainController ) } Write-Verbose ( 'Writing AD attributes for "{0}"' -f $ExchangeUser.DistinguishedName ) Set-ADUser $ExchangeUser.DistinguishedName -Replace @{"msExchRecipientTypeDetails"="2"} @parameters -ErrorAction Stop $parameters = @{} if( $DomainController ) { $parameters.Add( 'DomainController', $DomainController ) Write-Verbose ( 'Using Domain Controller "{0}"' -f $DomainController ) } if( $LinkedDomainController ) { $parameters.Add( 'LinkedDomainController', $LinkedDomainController ) Write-Verbose ( 'Using Linked Domain Controller "{0}"' -f $LinkedDomainController ) } if( $LinkedCredential ) { $parameters.Add( 'LinkedCredential', $LinkedCredential ) } Write-Verbose ( 'Writing Linked Master Account for "{0}"' -f $ExchangeUser.DistinguishedName ) Set-User $ExchangeUser.DistinguishedName -LinkedMasterAccount $LinkedMasterAccount @parameters -ErrorAction Stop $parameters = @{} if( $DomainController ) { $parameters.Add( 'DomainController', $DomainController ) Write-Verbose ( 'Using Domain Controller "{0}"' -f $DomainController ) } Write-Verbose ( 'Writing Mandatory Exchange attributes for "{0}"' -f $ExchangeUser.DistinguishedName ) Set-Mailbox $ExchangeUser.DistinguishedName -ApplyMandatoryProperties @parameters -ErrorAction Stop if( (Get-ADPermission $ExchangeUser.DistinguishedName -User $LinkedMasterAccount @parameters -ErrorAction SilentlyContinue | ? { $_.ExtendedRights -like '*Send-As*' }) -eq $null ) { Write-Verbose ( 'Adding Send-As permission for "{0}"' -f $ExchangeUser.DistinguishedName ) Add-ADPermission $ExchangeUser.DistinguishedName -User $LinkedMasterAccount -AccessRights ExtendedRight -ExtendedRights 'Send-As' @parameters -ErrorAction Stop | Out-Null } if( (Get-MailboxPermission $ExchangeUser.DistinguishedName -User $LinkedMasterAccount @parameters -ErrorAction SilentlyContinue) -eq $null ) { Write-Verbose ( 'Adding Mailbox permission for "{0}"' -f $ExchangeUser.DistinguishedName ) Add-MailboxPermission $ExchangeUser.DistinguishedName -User $LinkedMasterAccount -AccessRights FullAccess @parameters -ErrorAction Stop | Out-Null } } catch { write-host ( "User '{0}' could not be converted {1}" -f $Identity, $error[0] ) -foregroundColor Red } } } else { write-host ( "Unsupported Recipient Type '{0}'" -f $ExchangeUser.RecipientType ) -foregroundColor Red } } elseif( $LinkedUser ) { write-host ( "User '{0}' not found" -f $Identity ) -foregroundColor Red } else { write-host ( "Linked User '{0}' not found" -f $LinkedMasterAccount ) -foregroundColor Red } }