#BlackBerry, #Powershell
So I had a bit of brain freeze yesterday, and then it hit me. BlackBerry needs AD SendAs permissions, but I thought I had done that!
Doh! The current place I am working has multiple AD Domains, and I done the root! What I needed was an Exchange like domainprep to apply the permissions ..
So knocked up this. I basically this assigns the permission to a group, so I can add and remove service accounts to it ;-)
$domains = ([System.DirectoryServices.ActiveDirectory.forest]::getcurrentforest()).domains | select name | sort name
ForEach($domain in $Domains){
$dom = $domain.name
Write-Host $dom
Add-ADPermission $dom -user “domain\Group” -AccessRights extendedright -ExtendedRight Send-As
}
flaphead.com 