Enterprise Vault™ PowerShell Cmdlets

Last Published:
Product(s): Enterprise Vault (14.3)
  1. Introducing the Enterprise Vault PowerShell cmdlets
    1.  
      About the Enterprise Vault Management Shell
    2.  
      Getting Help for Enterprise Vault PowerShell cmdlets
    3.  
      Rules for PowerShell strings
    4.  
      About the imported Boolean value while using the Import-Csv cmdlet
    5. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Archiving: Exchange
    1.  
      Add-EVPstComputer
    2.  
      Add-EVPstFile
    3.  
      Get-EVExchangeMailboxPolicy
    4.  
      New-EVExchangeMailboxPolicy
    5.  
      Remove-EVExchangeFolderPolicy
    6.  
      Remove-EVExchangeMailboxPolicy
    7.  
      Set-EVExchangeMailboxPolicy
  3. Archiving: FSA
    1.  
      Get-EVFSAComputerSettings
    2.  
      Get-EVFSAFileServer
    3.  
      Get-EVFSAFolder
    4.  
      Get-EVFSASiteSettings
    5.  
      Get-EVFSAVolume
    6.  
      New-EVFSAFileServer
    7.  
      New-EVFSAFolder
    8.  
      New-EVFSAVolume
    9.  
      Remove-EVFSAFileServer
    10.  
      Remove-EVFSAFolder
    11.  
      Remove-EVFSAVolume
    12.  
      Set-EVFSAComputerSettings
    13.  
      Set-EVFSAFileServer
    14.  
      Set-EVFSAFolder
    15.  
      Set-EVFSASiteSettings
    16.  
      Set-EVFSAVolume
  4. Archiving: Skype for Business
    1.  
      Get-EVSkypeForBusinessTarget
    2.  
      New-EVSkypeForBusinessTarget
    3.  
      Remove-EVSkypeForBusinessTarget
    4.  
      Set-EVSkypeForBusinessTarget
  5. Archiving: SMTP
    1.  
      Get-EVSMTPHoldingFolder
    2.  
      Get-EVSMTPMessageTrackingLogLocation
    3.  
      Get-EVSMTPPolicy
    4.  
      Get-EVSMTPServerSettings
    5.  
      Get-EVSMTPTarget
    6.  
      New-EVSMTPPolicy
    7.  
      New-EVSMTPServerSettings
    8.  
      New-EVSMTPTarget
    9.  
      Remove-EVSMTPPolicy
    10.  
      Remove-EVSMTPTarget
    11.  
      Set-EVSMTPMessageTrackingLogLocation
    12.  
      Set-EVSMTPPolicy
    13.  
      Set-EVSMTPServerSettings
    14.  
      Set-EVSMTPTarget
    15.  
      Sync-EVSMTPServerSettings
  6. Backup
    1.  
      Get-EVIndexSnapshotLocationBackupMode
    2.  
      Set-EVIndexSnapshotLocationBackupMode
    3.  
      Clear-EVIndexSnapshotLocationBackupMode
    4.  
      Get-IndexLocationBackupMode
    5.  
      Set-IndexLocationBackupMode
    6.  
      Clear-IndexLocationBackUpMode
    7.  
      Get-VaultStoreBackupMode
    8.  
      Set-VaultStoreBackupMode
    9.  
      Clear-VaultStoreBackupMode
    10.  
      Set-EVIndexSnapshotLocation
    11.  
      Get-EVIndexSnapshotLocation
    12.  
      Remove-EVIndexSnapshotLocation
    13.  
      New-EVIndexSnapshot
    14.  
      Get-EVIndexSnapshot
    15.  
      Remove-EVIndexSnapshot
    16.  
      Restore-EVIndexSnapshot
    17.  
      Get-EVIndexSnapshotRepository
    18.  
      Remove-EVIndexSnapshotRepository
  7. Classification
    1.  
      Disable-EVClassification
    2.  
      Get-EVClassificationFCITags
    3.  
      Get-EVClassificationPolicy
    4.  
      Get-EVClassificationStatus
    5.  
      Get-EVClassificationTestMode
    6.  
      Get-EVClassificationVICTags
    7.  
      Import-EVClassificationFCIRules
    8.  
      Initialize-EVClassificationVIC
    9.  
      Set-EVClassificationVICFIPSMode
    10.  
      New-EVClassificationPolicy
    11.  
      Publish-EVClassificationFCIRules
    12.  
      Remove-EVClassificationPolicy
    13.  
      Set-EVClassificationPolicy
    14.  
      Set-EVClassificationTestMode
  8. Databases
    1.  
      Get-EVDatabase
    2.  
      Get-EVDatabaseDetail
    3.  
      Get-EVDatabaseFileInfo
    4.  
      Get-EVStorageDatabase
    5.  
      Set-EVDatabaseDetail
    6.  
      Start-EVDatabaseUpgrade
  9. IMAP access
    1.  
      Get-EVIMAPUsers
    2.  
      Get-EVIMAPUserSettings
    3.  
      Set-EVIMAPServerDisabled
    4.  
      Set-EVIMAPServerEnabled
  10. Indexing
    1.  
      Get-EVIndexLocation
    2.  
      Get-EVMDSStatus
    3.  
      Get-IndexServerForIndexLocation
    4.  
      New-EVMDSBuildTask
    5.  
      Set-IndexMetadataSyncLevel
    6.  
      Submit-EVIndexingSubTask
    7.  
      Get-EVIndexVolume
    8.  
      Get-EVElasticsearchIndex
  11. Records management
    1.  
      Export-EVNARAArchive
    2.  
      Get-EVRecordSettings
  12. Retention plans
    1.  
      Get-EVRetentionPlan
    2.  
      New-EVRetentionPlan
    3.  
      Remove-EVRetentionPlan
    4.  
      Set-EVRetentionPlan
  13. Roles-based administration
    1.  
      Add-EVRBARoleMember
    2.  
      Get-EVRBAAzStoreXml
    3.  
      Get-EVRBARole
    4.  
      Get-EVRBARoleMember
    5.  
      Remove-EVRBARoleMember
    6.  
      Set-EVRBAAzStoreXml
  14. Sites and servers
    1.  
      Get-EVComputers
    2.  
      Get-EVFileLocation
    3.  
      Get-EVIISWebsite
    4.  
      Get-EVServer
    5.  
      Get-EVSite
    6.  
      Get-EVSiteInfo
  15. Tasks and services
    1.  
      Get-EVDependencyService
    2.  
      Get-EVDependencyServiceState
    3.  
      Get-EVService
    4.  
      Get-EVServiceState
    5.  
      Get-EVTask
    6.  
      Get-EVTaskState
  16. Vault stores and archives
    1.  
      Export-EVArchive
    2.  
      Get-EVArchive
    3.  
      Get-EVArchivePermission
    4.  
      Get-EVVaultStore
    5.  
      Get-EVVaultStorePartition
    6.  
      Remove-EVArchive
    7.  
      New-EVArchive
    8.  
      Remove-EVArchivePermission
    9.  
      Set-EVArchive
    10.  
      Set-EVArchivePermission
    11.  
      Start-PartitionRollover

Set-EVArchivePermission

Set-EVArchivePermission lets you grant or deny the following types of access permissions to a given user or group on the specified archive.

Table: Access types

Access

Gives permission to

Read

Read all items in the archive and restore items from it.

Write

Save items in the archive and retrieve items from it. Users with this access permission also have control of the folders in the archive. For example, they can rename and change permissions on the folders.

Delete

Delete items from the archive. To allow users to delete items from the archive, you must grant the user delete permission on the archive, select the site setting Users can delete items from their archives, and use Set-EVArchive to set -DeleteProtected to $false.

Note the following:

  • The user who runs the cmdlet must have the roles-based administration permission to manage the specified type of archive. For example, to manage Exchange Mailbox archives, the user must have the roles-based administration permission "Can manage Exchange Mailbox Archives".

  • You can use this cmdlet to set access permissions for users that have Active Directory or Domino Directory accounts. Note that Domino users can have access permissions only on Domino mailbox archives. To add Domino users, you need to install the Notes client and configure the Domino domain on the Enterprise Vault server.

  • This cmdlet only grants or denies the manually set permissions. You cannot use this cmdlet to change the automatically set permissions.

  • The cmdlet adds the specified permissions to the existing permissions the user or group has on the archive, it does not overwrite the existing permissions. For example, if the user or group already has read access on the specified archive and you specify -Grant Write, then Enterprise Vault grants the user or group both read and write access permissions on the specified archive.

  • The -Grant and -Deny parameters are mutually exclusive for a given access type, which means that setting one clears the other. For example, if the user or group is denied read access on the specified archive, and you specify -Grant Read, then the cmdlet grants read access permissions to the user or group.

  • The value that is specified in -Deny takes precedence over the one specified in -Grant. For example:

    • If you specify the access type as -Grant All -Deny Delete, the cmdlet grants the read and write access to the user or group, but denies the permission to delete items from the archive.

    • If you specify the access type as -Grant Delete -Deny All, Enterprise Vault denies the user or group all access permissions on the archive even though you have chosen to allow the user or group to delete items from the archive using -Grant Delete.

  • This cmdlet does not update permissions information if the archive is marked for deletion.

  • The effect of this cmdlet is the same as selecting the check box for a user on the Permissions tab of Archive Properties dialog box.

Set-EVArchivePermission is provided by the snap-in Symantec.EnterpriseVault.PowerShell.Snapin.dll.

Syntax

Set-EVArchivePermission [-ArchiveId] <String> [-Trustee] <String> [-Grant <AccessRight[]> {Read | Write | Delete | All}] [-Deny <AccessRight[]> {Read | Write | Delete | All}] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Table: Set-EVArchivePermission parameters

Parameter

Description

-ArchiveId (required)

Specifies the ID of the archive for which to set the access permissions. You can use Get-EVArchive to obtain the required ID.

-Trustee (required)

The account name of the user or group for which you want to add or update access permissions on the specified archive.

For Active Directory accounts, type the value in any of the following formats:

  • domain\user

  • domain\group

  • hostname\localuser

  • hostname\localgroup

For Domino accounts, type the value in any of the following formats:

  • user/org

  • group/org

  • CN=user/O=org

  • group (org)

  • */org

  • */orgunit/org. For example, */abc/DominoOrg.

-Grant

The access permissions that you want to grant to the user or group on the specified archive: Read, Write, or Delete. Specifying the access type as All grants all types of access to the user or group.

You can specify multiple access types by separating them with commas; for example, -Grant Read,Write.

-Deny

The access permissions that you want to deny to the user or group on the specified archive: Read, Write, or Delete. Specifying the access type as All denies all types of access to the user or group.

You can specify multiple access types by separating them with commas; for example, -Deny Read,Write.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not actually run.

-Confirm

Prompts you for confirmation before running the cmdlet. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.

Examples

  • Set-EVArchivePermission -ArchiveId 19D...EVServer1 -Trustee EXAMPLE\msmith -Grant read

    Grants the user "EXAMPLE\msmith" read access permission on the archive with the ID "19D...EVServer1".

  • Get-EVArchive -ArchiveName msmith | Set-EVArchivePermission -Trustee EXAMPLE\msmith -Deny d

    Pipes the archive ID that is obtained from Get-EVArchive to Set-EVArchivePermission and denies the Windows user "EXAMPLE\msmith" delete permission on the archive "msmith".

  • Get-EVArchive -ArchiveName dsmith | Set-EVArchivePermission -Trustee dsmith/DominoOrg -Deny d

    Pipes the archive ID that is obtained from Get-EVArchive to Set-EVArchivePermission and denies the Domino user "dsmith" from the Domino Directory "DominoOrg" delete permission on the Domino Mailbox archive "dsmith".

  • Get-EVArchive -ArchiveName msmith | Set-EVArchivePermission -Trustee Example\Supervisors -Grant All -Deny R, W

    WARNING: You have specified the same permissions in the Grant and Deny parameters. The permissions specified in the Deny parameter will take precedence. The cmdlet will add permissions 'Deny: R, W'.

    Confirm Do you want to continue? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y

    Displays the warning and prompts for confirmation to proceed. If you choose 'Yes', the command grants the group "EXAMPLE\Supervisors" delete access permissions and denies the read and write access permissions on the archive "msmith".

  • Get-EVArchive -ArchiveName msmith | Set-EVArchivePermission -Trustee EXAMPLE\Supervisors -Grant Delete -Deny All -Confirm:$false

    Displays the warning, and then denies the group "EXAMPLE\Supervisors" read, write, and delete access permissions on the archive "msmith" without asking for confirmation.

  • Get-EVArchive -ArchiveName msmith | Get-EVArchivePermission | ForEach-Object { Set-EVArchivePermission -ArchiveId 19D...EVServer1 -Trustee $_.Trustee -Grant $_.ManualGranted -Deny $_.ManualDenied }

    Pipes the archive ID that is obtained from Get-EVArchive and the list of access permissions from Get-EVArchivePermission and copies the access permissions that are granted on the archive "msmith" to the archive with ID "19D...EVServer1".

Output

Set-EVArchivePermission returns an object of type EnterpriseVault.Admin.ArchivePermissionEntry, which has the following properties.

Table: Set-EVArchivePermission properties

Name

Type

Description

ArchiveId

String

The ID of the archive to which the user or group has access.

ArchiveName

String

The name of the archive to which the user or group has access.

ArchiveType

EV_STG_API_ARCHIVE_TYPE

The Enterprise Vault archive type enumeration. The possible values are as follows:

  • ARCHIVE_TYPE_DOMINO_JOURNAL

  • ARCHIVE_TYPE_DOMINO_MAILBOX

  • ARCHIVE_TYPE_FILE_SYSTEM

  • ARCHIVE_TYPE_INTERNETMAIL

  • ARCHIVE_TYPE_JOURNAL

  • ARCHIVE_TYPE_MAILBOX

  • ARCHIVE_TYPE_PUBLIC_FOLDER

  • ARCHIVE_TYPE_SHARED

  • ARCHIVE_TYPE_SHAREPOINT

  • ARCHIVE_TYPE_SMTP

TrusteeId

String

The ID that uniquely identifies the user or group. For Active Directory accounts, the cmdlet displays the security identifier (SID), whereas for Domino Directory accounts the cmdlet displays the UNID.

Trustee

String

The account name of the user or group.

TrusteeSource

TrusteeSource

The directory service in which the user or group has an account. "Windows" designates Active Directory, whereas "Domino" designates a Domino Directory.

TrusteeType

TrusteeType

The Enterprise Vault trustee type enumeration. The possible values are as follows:

  • User

  • Group

  • Wildcard

  • Unknown

  • DeletedUser

ManualGranted

AccessRight[]

The manually-granted level of access: Read, Write, or Delete.

ManualDenied

AccessRight[]

The manually-denied level of access: Read, Write, or Delete.

AutoGranted

AccessRight[]

The automatically-granted level of access: Read, Write, or Delete.

AutoDenied

AccessRight[]

The automatically-denied level of access: Read, Write, or Delete.

Related cmdlets