EXOMailboxPermission: System.Management.Automation.ParameterBindingValidationException: Cannot validate argument on parameter 'AccessRights'. The argument "SendAs" does not belong to the set "ChangeOwner,ChangePermission,DeleteItem,ExternalAccount,FullAccess,ReadPermission" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again. ---> System.Management.Automation.ValidationMetadataException: The argument "SendAs" does not belong to the set "ChangeOwner,ChangePermission,DeleteItem,ExternalAccount,FullAccess,ReadPermission" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again. #3942
Comments
|
I have upgraded to 1.23.1122.1. This is still an issue. I also re-ran it with the "-Verbose" parameter but no additional useful information was recorded.
|
andikrueger
added
Bug
|
@skghq Could you please check the output of Get-MailboxPermission for one of the mailboxes where the export is failing? Please check if the access rights in this output contains SendAs permissions. Usually, SendAs permissions should not be included in the output of this cmdlet, but your log looks like it contains SendAs perms. |
|
|
@skghq Thanks. I have no idea why SendAs is part of the AccessRights for SELF of some of your mailboxes. Since this cannot be configured with Set-MailboxPermission, I will add a filter to the export to ignore the SendAs permissions. |
|
@malauter Thanks. The only insight I can offer is this is a terminated employee from 1/2015 and we routinely reconfigure mailbox permissions as part of our separation process. I do not know what the policy was in 2015. That mailbox would have been an on-prem mailbox that was later migrated to Office365. |
|
@malauter I updated to the latest version (1.23.1220.1), manually merged in your pull then re-ran the export. It successfully exported mailbox permissions for the mailbox in question. I'm running it against my entire organization. It will take a few hours. If you don't hear back from me then all is well. |
Description of the issue
I have already ran:
Update-M365DSCAllowedGraphScopes -All -Type ReadCommand:
Export-M365DSCConfiguration -Components @("EXOMailboxPermission") -Credential $Credential -Path $FilePath -FileName $FileNameStack Trace:
[2023/11/22 03:29:39]
{InvalidData}
System.Management.Automation.ParameterBindingValidationException: Cannot validate argument on parameter 'AccessRights'. The argument "SendAs" does not belong to the set "ChangeOwner,ChangePermission,DeleteItem,ExternalAccount,FullAccess,ReadPermission" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again. ---> System.Management.Automation.ValidationMetadataException: The argument "SendAs" does not belong to the set "ChangeOwner,ChangePermission,DeleteItem,ExternalAccount,FullAccess,ReadPermission" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.
at System.Management.Automation.ValidateSetAttribute.ValidateElement(Object element)
at System.Management.Automation.ValidateEnumeratedArgumentsAttribute.Validate(Object arguments, EngineIntrinsics engineIntrinsics)
at System.Management.Automation.ParameterBinderBase.BindParameter(CommandParameterInternal parameter, CompiledCommandParameter parameterMetadata, ParameterBindingFlags flags)
--- End of inner exception stack trace ---
at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
"Error during Export:"
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.1115.1\DSCResources\MSFT_EXOMailboxPermission\MSFT_EXOMailboxPermission.psm1: line 440
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.1115.1\modules\M365DSCReverse.psm1: line 615
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.23.1115.1\modules\M365DSCUtil.psm1: line 1320
at , C:\Scripts<<>>\Office365_Backup_Debug.ps1: line 1730
<<>>@<<>>.onmicrosoft.com
TenantId: <<>>.onmicrosoft.com
PS Output:
Transcript started, output file is C:\temp<<>>\debug\log\EXOMailboxPermission.txt
Exporting Microsoft 365 configuration for Components: EXOMailboxPermission
There is a newer version of the 'Microsoft365DSC' module available on the gallery.
To update the module and it's dependencies, run the following command:
Update-M365DSCModule
Authentication methods specified:
Connecting to {ExchangeOnline}...✅
[1/1] Extracting [EXOMailboxPermission] using {Credentials}...
|---[1/4114] <<>>@<<>>.com
|---[1/4] <<name 1>>✅
|---[2/4] <<name 1>>✅
|---[3/4] <<name 1>>✅
|---[4/4] <<name 1>>✅
|---[2/4114] <<>>@<<>>.com
|---[1/2] <<<name 2>>>✅
|---[2/2] <<<name 2>>>✅
|---[3/4114] <<>>@<<>>.com
|---[1/5] <<<name 3>>>❌
Error Log created at {file://C:/temp/<<>>/debug/cwd/5112-M365DSC-ErrorLog.log}
⌛ Export took {270 seconds}
Transcript stopped, output file is C:\temp<<>>\debug\log\EXOMailboxPermission.txt
Microsoft 365 DSC Version
1.23.1115.1
Which workloads are affected
Exchange Online
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version
The text was updated successfully, but these errors were encountered: