Enterprise Vault™ PowerShell Cmdlets

Last Published:
Product(s): Enterprise Vault (14.3)
  1. Introducing the Enterprise Vault PowerShell cmdlets
    1.  
      About the Enterprise Vault Management Shell
    2.  
      Getting Help for Enterprise Vault PowerShell cmdlets
    3.  
      Rules for PowerShell strings
    4.  
      About the imported Boolean value while using the Import-Csv cmdlet
    5. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Archiving: Exchange
    1.  
      Add-EVPstComputer
    2.  
      Add-EVPstFile
    3.  
      Get-EVExchangeMailboxPolicy
    4.  
      New-EVExchangeMailboxPolicy
    5.  
      Remove-EVExchangeFolderPolicy
    6.  
      Remove-EVExchangeMailboxPolicy
    7.  
      Set-EVExchangeMailboxPolicy
  3. Archiving: FSA
    1.  
      Get-EVFSAComputerSettings
    2.  
      Get-EVFSAFileServer
    3.  
      Get-EVFSAFolder
    4.  
      Get-EVFSASiteSettings
    5.  
      Get-EVFSAVolume
    6.  
      New-EVFSAFileServer
    7.  
      New-EVFSAFolder
    8.  
      New-EVFSAVolume
    9.  
      Remove-EVFSAFileServer
    10.  
      Remove-EVFSAFolder
    11.  
      Remove-EVFSAVolume
    12.  
      Set-EVFSAComputerSettings
    13.  
      Set-EVFSAFileServer
    14.  
      Set-EVFSAFolder
    15.  
      Set-EVFSASiteSettings
    16.  
      Set-EVFSAVolume
  4. Archiving: Skype for Business
    1.  
      Get-EVSkypeForBusinessTarget
    2.  
      New-EVSkypeForBusinessTarget
    3.  
      Remove-EVSkypeForBusinessTarget
    4.  
      Set-EVSkypeForBusinessTarget
  5. Archiving: SMTP
    1.  
      Get-EVSMTPHoldingFolder
    2.  
      Get-EVSMTPMessageTrackingLogLocation
    3.  
      Get-EVSMTPPolicy
    4.  
      Get-EVSMTPServerSettings
    5.  
      Get-EVSMTPTarget
    6.  
      New-EVSMTPPolicy
    7.  
      New-EVSMTPServerSettings
    8.  
      New-EVSMTPTarget
    9.  
      Remove-EVSMTPPolicy
    10.  
      Remove-EVSMTPTarget
    11.  
      Set-EVSMTPMessageTrackingLogLocation
    12.  
      Set-EVSMTPPolicy
    13.  
      Set-EVSMTPServerSettings
    14.  
      Set-EVSMTPTarget
    15.  
      Sync-EVSMTPServerSettings
  6. Backup
    1.  
      Get-EVIndexSnapshotLocationBackupMode
    2.  
      Set-EVIndexSnapshotLocationBackupMode
    3.  
      Clear-EVIndexSnapshotLocationBackupMode
    4.  
      Get-IndexLocationBackupMode
    5.  
      Set-IndexLocationBackupMode
    6.  
      Clear-IndexLocationBackUpMode
    7.  
      Get-VaultStoreBackupMode
    8.  
      Set-VaultStoreBackupMode
    9.  
      Clear-VaultStoreBackupMode
    10.  
      Set-EVIndexSnapshotLocation
    11.  
      Get-EVIndexSnapshotLocation
    12.  
      Remove-EVIndexSnapshotLocation
    13.  
      New-EVIndexSnapshot
    14.  
      Get-EVIndexSnapshot
    15.  
      Remove-EVIndexSnapshot
    16.  
      Restore-EVIndexSnapshot
    17.  
      Get-EVIndexSnapshotRepository
    18.  
      Remove-EVIndexSnapshotRepository
  7. Classification
    1.  
      Disable-EVClassification
    2.  
      Get-EVClassificationFCITags
    3.  
      Get-EVClassificationPolicy
    4.  
      Get-EVClassificationStatus
    5.  
      Get-EVClassificationTestMode
    6.  
      Get-EVClassificationVICTags
    7.  
      Import-EVClassificationFCIRules
    8.  
      Initialize-EVClassificationVIC
    9.  
      Set-EVClassificationVICFIPSMode
    10.  
      New-EVClassificationPolicy
    11.  
      Publish-EVClassificationFCIRules
    12.  
      Remove-EVClassificationPolicy
    13.  
      Set-EVClassificationPolicy
    14.  
      Set-EVClassificationTestMode
  8. Databases
    1.  
      Get-EVDatabase
    2.  
      Get-EVDatabaseDetail
    3.  
      Get-EVDatabaseFileInfo
    4.  
      Get-EVStorageDatabase
    5.  
      Set-EVDatabaseDetail
    6.  
      Start-EVDatabaseUpgrade
  9. IMAP access
    1.  
      Get-EVIMAPUsers
    2.  
      Get-EVIMAPUserSettings
    3.  
      Set-EVIMAPServerDisabled
    4.  
      Set-EVIMAPServerEnabled
  10. Indexing
    1.  
      Get-EVIndexLocation
    2.  
      Get-EVMDSStatus
    3.  
      Get-IndexServerForIndexLocation
    4.  
      New-EVMDSBuildTask
    5.  
      Set-IndexMetadataSyncLevel
    6.  
      Submit-EVIndexingSubTask
    7.  
      Get-EVIndexVolume
    8.  
      Get-EVElasticsearchIndex
  11. Records management
    1.  
      Export-EVNARAArchive
    2.  
      Get-EVRecordSettings
  12. Retention plans
    1.  
      Get-EVRetentionPlan
    2.  
      New-EVRetentionPlan
    3.  
      Remove-EVRetentionPlan
    4.  
      Set-EVRetentionPlan
  13. Roles-based administration
    1.  
      Add-EVRBARoleMember
    2.  
      Get-EVRBAAzStoreXml
    3.  
      Get-EVRBARole
    4.  
      Get-EVRBARoleMember
    5.  
      Remove-EVRBARoleMember
    6.  
      Set-EVRBAAzStoreXml
  14. Sites and servers
    1.  
      Get-EVComputers
    2.  
      Get-EVFileLocation
    3.  
      Get-EVIISWebsite
    4.  
      Get-EVServer
    5.  
      Get-EVSite
    6.  
      Get-EVSiteInfo
  15. Tasks and services
    1.  
      Get-EVDependencyService
    2.  
      Get-EVDependencyServiceState
    3.  
      Get-EVService
    4.  
      Get-EVServiceState
    5.  
      Get-EVTask
    6.  
      Get-EVTaskState
  16. Vault stores and archives
    1.  
      Export-EVArchive
    2.  
      Get-EVArchive
    3.  
      Get-EVArchivePermission
    4.  
      Get-EVVaultStore
    5.  
      Get-EVVaultStorePartition
    6.  
      Remove-EVArchive
    7.  
      New-EVArchive
    8.  
      Remove-EVArchivePermission
    9.  
      Set-EVArchive
    10.  
      Set-EVArchivePermission
    11.  
      Start-PartitionRollover

Get-EVArchivePermission

Get-EVArchivePermission returns a list of all the users and groups who have any of the following types of access to the specified archive.

Table: Access types

Access

Gives permission to

Read

Read all items in the archive and restore items from it.

Write

Save items in the archive and retrieve items from it. Users with this access permission also have control of the folders in the archive. For example, they can rename and change permissions on the folders.

Delete

Delete items from the archive. To allow users to delete items from the archive, you must grant the user delete permission on the archive, select the site setting Users can delete items from their archives, and use Set-EVArchive to set -DeleteProtected to $false.

Table: Access permission types describes the types of access permissions for which Get-EVArchivePermission returns information.

Table: Access permission types

Type

Description

Automatic

Permissions that have been set on the target from which Enterprise Vault is archiving, such as an Exchange mailbox.

By default, Enterprise Vault synchronizes these permissions with the permissions on the corresponding archive and archive folders.

Manual

Permissions that an Enterprise Vault administrator has set on the archive.

When editing the properties of an archive, an administrator can manually apply permissions to it that override the automatic permissions.

Note the following:

  • The user who runs the cmdlet must have the roles-based administration permission to manage the specified type of archive. For example, to manage Exchange Mailbox archives, the user must have the roles-based administration permission "Can manage Exchange Mailbox Archives".

  • This cmdlet returns permissions information for users that have Active Directory or Domino Directory accounts. To view Domino users, you need to install the Notes client and configure the Domino domain on the Enterprise Vault server.

  • This cmdlet does not return permissions information if the archive is marked for deletion.

Get-EVArchivePermission is provided by the snap-in Symantec.EnterpriseVault.PowerShell.Snapin.dll.

Syntax

Get-EVArchivePermission [-ArchiveId] <String> [[-Trustee] <String>] [-Granted <AccessRight[]> {Read | Write | Delete | All}] [-Denied <AccessRight[]> {Read | Write | Delete | All}] [<CommonParameters>]

Parameters

Table: Get-EVArchivePermission parameters

Parameter

Description

-ArchiveId (required)

Specifies the ID of the archive for which to return the list of access permissions. You can use Get-EVArchive to obtain the required ID.

-Trustee

Filters the list of access permissions to show those for the specified user or group only.

For Active Directory accounts, type the value in any of the following formats:

  • domain\user

  • domain\group

  • hostname\localuser

  • hostname\localgroup

For Domino accounts, type the value in any of the following formats:

  • CN=user/O=org

  • group (org)

  • */org

  • */orgunit/org. For example, */abc/DominoOrg.

-Granted

Filters the list of access permissions to show only those users or groups who have been granted the specified type of access: Read, Write, or Delete. Specifying the access type as All returns a list of users and groups who have been granted all types of access.

You can specify multiple access types by separating them with commas; for example, -Granted Read,Write.

-Denied

Filters the list of access permissions to show only those users or groups who have been denied the specified type of access: Read, Write, or Delete. Specifying the access type as All returns a list of users and groups who have been denied all types of access.

You can specify multiple access types by separating them with commas; for example, -Denied Read,Write.

Examples

  • Get-EVArchivePermission -ArchiveId 19D...EVServer1

    Returns a list of all the users and groups who have Read, Write, or Delete access to the specified archive.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission

    Uses the Get-EVArchive cmdlet as the pipeline input to the Get-EVArchivePermission cmdlet and returns a list of all users and groups who have access to the specified archive.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission | Format-List

    Formats the output as a list of properties, which includes some properties that the above commands do not output. For example:

    ArchiveId : 19DA8E5040AE76844B9257AD88F4B8098111000EVServer1
ArchiveName : msmith
ArchiveType: ARCHIVE_TYPE_MAILBOX
TrusteeId : S-1-5-21-1924283671-4217592524-148916455-1131
Trustee : EXAMPLE\msmith
TrusteeSource : Windows
TrusteeType : User
ManualGranted: 
ManualDenied:
AutoGranted: Read,Write,Delete
AutoDenied:

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission -Trustee EXAMPLE\msmith

    Returns permissions only for the Windows trustee "EXAMPLE\msmith" on the specified archive.

  • Get-EVArchive -ArchiveName dsmith | Get-EVArchivePermission -Trustee "CN=dsmith/O=DominoOrg"

    Returns permissions only for the Domino user "dsmith" from the Domino Directory "DominoOrg" on the specified archive.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission -Trustee EXAMPLE\*

    Performs a wildcard search and returns a list of all users and groups from the "EXAMPLE" domain who have Read, Write, or Delete access to the specified archive.

  • Get-EVArchive -ArchiveName dsmith | Get-EVArchivePermission -Trustee "*/abc/DominoOrg"

    Returns permissions information for the Domino wildcard entry "*/abc/DominoOrg".

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission -Trustee EXAMPLE\* -Granted All

    Returns a list of all users and groups from the "EXAMPLE" domain who have been granted All access (Read, Write, and Delete) to the specified archive.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission -Trustee EXAMPLE\* -Denied Delete

    Returns a list of all users and groups from the "EXAMPLE" domain who have been denied Delete access to the specified archive.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission -Granted Read -Denied Delete

    Returns a list of all users and groups who have been granted Read access and denied Delete access to the specified archive.

Output

Get-EVArchivePermission returns an object of type EnterpriseVault.Admin.ArchivePermissionEntry, which has the following properties.

Table: Get-EVArchivePermission properties

Name

Type

Description

ArchiveId

String

The ID of the archive to which the user or group has access.

ArchiveName

String

The name of the archive to which the user or group has access.

ArchiveType

EV_STG_API_ARCHIVE_TYPE

The Enterprise Vault archive type enumeration. The possible values are as follows:

  • ARCHIVE_TYPE_DOMINO_JOURNAL

  • ARCHIVE_TYPE_DOMINO_MAILBOX

  • ARCHIVE_TYPE_FILE_SYSTEM

  • ARCHIVE_TYPE_INTERNETMAIL

  • ARCHIVE_TYPE_JOURNAL

  • ARCHIVE_TYPE_MAILBOX

  • ARCHIVE_TYPE_PUBLIC_FOLDER

  • ARCHIVE_TYPE_SHARED

  • ARCHIVE_TYPE_SHAREPOINT

  • ARCHIVE_TYPE_SMTP

TrusteeId

String

The ID that uniquely identifies the user or group. For Active Directory accounts, the cmdlet displays the security identifier (SID), whereas for Domino Directory accounts the cmdlet displays the UNID.

Trustee

String

The account name of the user or group.

TrusteeSource

TrusteeSource

The directory service in which the user or group has an account. "Windows" designates Active Directory, whereas "Domino" designates a Domino Directory.

TrusteeType

TrusteeType

The Enterprise Vault trustee type enumeration. The possible values are as follows:

  • User

  • Group

  • Wildcard

  • Unknown

  • DeletedUser

ManualGranted

AccessRight[]

The manually-granted level of access: Read, Write, or Delete.

ManualDenied

AccessRight[]

The manually-denied level of access: Read, Write, or Delete.

AutoGranted

AccessRight[]

The automatically-granted level of access: Read, Write, or Delete.

AutoDenied

AccessRight[]

The automatically-denied level of access: Read, Write, or Delete.

Related cmdlets