Enterprise Vault™ PowerShell Cmdlets

Last Published:
Product(s): Enterprise Vault (12.4)
  1. Introducing the Enterprise Vault PowerShell cmdlets
    1.  
      About the Enterprise Vault Management Shell
    2.  
      Getting Help for Enterprise Vault PowerShell cmdlets
    3.  
      Rules for PowerShell strings
    4. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Archiving: Exchange
    1.  
      Add-EVPstComputer
    2.  
      Add-EVPstFile
    3.  
      Get-EVExchangeMailboxPolicy
    4.  
      New-EVExchangeMailboxPolicy
    5.  
      Remove-EVExchangeFolderPolicy
    6.  
      Remove-EVExchangeMailboxPolicy
    7.  
      Set-EVExchangeMailboxPolicy
  3. Archiving: FSA
    1.  
      Get-EVFSAComputerSettings
    2.  
      Get-EVFSAFileServer
    3.  
      Get-EVFSAFolder
    4.  
      Get-EVFSASiteSettings
    5.  
      Get-EVFSAVolume
    6.  
      New-EVFSAFileServer
    7.  
      New-EVFSAFolder
    8.  
      New-EVFSAVolume
    9.  
      Remove-EVFSAFileServer
    10.  
      Remove-EVFSAFolder
    11.  
      Remove-EVFSAVolume
    12.  
      Set-EVFSAComputerSettings
    13.  
      Set-EVFSAFileServer
    14.  
      Set-EVFSAFolder
    15.  
      Set-EVFSASiteSettings
    16.  
      Set-EVFSAVolume
  4. Archiving: Skype for Business
    1.  
      Get-EVSkypeForBusinessTarget
    2.  
      New-EVSkypeForBusinessTarget
    3.  
      Remove-EVSkypeForBusinessTarget
    4.  
      Set-EVSkypeForBusinessTarget
  5. Archiving: SMTP
    1.  
      Get-EVSMTPHoldingFolder
    2.  
      Get-EVSMTPMessageTrackingLogLocation
    3.  
      Get-EVSMTPPolicy
    4.  
      Get-EVSMTPServerSettings
    5.  
      Get-EVSMTPTarget
    6.  
      New-EVSMTPPolicy
    7.  
      New-EVSMTPServerSettings
    8.  
      New-EVSMTPTarget
    9.  
      Remove-EVSMTPPolicy
    10.  
      Remove-EVSMTPTarget
    11.  
      Set-EVSMTPMessageTrackingLogLocation
    12.  
      Set-EVSMTPPolicy
    13.  
      Set-EVSMTPServerSettings
    14.  
      Set-EVSMTPTarget
    15.  
      Sync-EVSMTPServerSettings
  6. Backup
    1.  
      Clear-IndexLocationBackupMode
    2.  
      Clear-VaultStoreBackupMode
    3.  
      Get-IndexLocationBackupMode
    4.  
      Get-VaultStoreBackupMode
    5.  
      Set-IndexLocationBackupMode
    6.  
      Set-VaultStoreBackupMode
  7. Classification
    1.  
      Disable-EVClassification
    2.  
      Get-EVClassificationFCITags
    3.  
      Get-EVClassificationPolicy
    4.  
      Get-EVClassificationStatus
    5.  
      Get-EVClassificationTestMode
    6.  
      Get-EVClassificationVICTags
    7.  
      Import-EVClassificationFCIRules
    8.  
      Initialize-EVClassificationVIC
    9.  
      New-EVClassificationPolicy
    10.  
      Publish-EVClassificationFCIRules
    11.  
      Remove-EVClassificationPolicy
    12.  
      Set-EVClassificationPolicy
    13.  
      Set-EVClassificationTestMode
  8. Databases
    1.  
      Get-EVDatabase
    2.  
      Get-EVDatabaseDetail
    3.  
      Get-EVDatabaseFileInfo
    4.  
      Get-EVStorageDatabase
    5.  
      Set-EVDatabaseDetail
    6.  
      Start-EVDatabaseUpgrade
  9. IMAP access
    1.  
      Get-EVIMAPUsers
    2.  
      Get-EVIMAPUserSettings
    3.  
      Set-EVIMAPServerDisabled
    4.  
      Set-EVIMAPServerEnabled
  10. Indexing
    1.  
      Get-EVIndexLocation
    2.  
      Get-EVMDSStatus
    3.  
      Get-IndexServerForIndexLocation
    4.  
      New-EVMDSBuildTask
    5.  
      Set-IndexMetadataSyncLevel
  11. Records management
    1.  
      Export-EVNARAArchive
    2.  
      Get-EVRecordSettings
  12. Retention plans
    1.  
      Get-EVRetentionPlan
    2.  
      New-EVRetentionPlan
    3.  
      Remove-EVRetentionPlan
    4.  
      Set-EVRetentionPlan
  13. Roles-based administration
    1.  
      Add-EVRBARoleMember
    2.  
      Get-EVRBAAzStoreXml
    3.  
      Get-EVRBARole
    4.  
      Get-EVRBARoleMember
    5.  
      Remove-EVRBARoleMember
    6.  
      Set-EVRBAAzStoreXml
  14. Sites and servers
    1.  
      Get-EVComputers
    2.  
      Get-EVFileLocation
    3.  
      Get-EVIISWebsite
    4.  
      Get-EVServer
    5.  
      Get-EVSite
    6.  
      Get-EVSiteInfo
  15. Tasks and services
    1.  
      Get-EVDependencyService
    2.  
      Get-EVDependencyServiceState
    3.  
      Get-EVService
    4.  
      Get-EVServiceState
    5.  
      Get-EVTask
    6.  
      Get-EVTaskState
  16. Vault stores and archives
    1.  
      Export-EVArchive
    2.  
      Get-EVArchive
    3.  
      Get-EVArchivePermission
    4.  
      Get-EVVaultStore
    5.  
      Get-EVVaultStorePartition
    6.  
      Remove-EVArchive
    7.  
      Remove-EVArchivePermission
    8.  
      Set-EVArchive
    9.  
      Set-EVArchivePermission
    10.  
      Start-PartitionRollover

Remove-EVArchivePermission

Remove-EVArchivePermission lets you remove the following types of access permissions that are granted or denied to a given user or group on the specified archive.

Table: Access types

Access

Gives permission to

Read

Read all items in the archive and restore items from it.

Write

Save items in the archive and retrieve items from it. Users with this access permission also have control of the folders in the archive. For example, they can rename and change permissions on the folders.

Delete

Delete items from the archive. To allow users to delete items from the archive, you must grant the user delete permission on the archive, select the site setting Users can delete items from their archives, and use Set-EVArchive to set -DeleteProtected to $false.

Note the following:

  • The user who runs the cmdlet must have the roles-based administration permission to manage the specified type of archive. For example, to manage Exchange Mailbox archives, the user must have the roles-based administration permission "Can manage Exchange Mailbox Archives".

  • You can use this cmdlet to remove access permissions for users that have Active Directory or Domino Directory accounts. Note that Domino users can have access permissions only on Domino mailbox archives. To remove access permissions for Domino users, you need to install the Notes client and configure the Domino domain on the Enterprise Vault server.

  • This cmdlet only removes the manually set permissions. You cannot use this cmdlet to remove the automatically set permissions.

  • This cmdlet does not remove permissions information if the archive is marked for deletion.

  • The effect of this cmdlet is the same as clearing the check box for a user on the Permissions tab of Archive Properties dialog box.

Remove-EVArchivePermission is provided by the snap-in Symantec.EnterpriseVault.PowerShell.Snapin.dll.

Syntax

Remove-EVArchivePermission [-ArchiveId] <String> [-Trustee] <String> [-Granted <AccessRight[]> {Read | Write | Delete | All}] [-Denied <AccessRight[]> {Read | Write | Delete | All}] [-WhatIf] [-Confirm] [<CommonParameters>]

Remove-EVArchivePermission [-ArchiveId] <String> [-Trustee] <String> -All [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Table: Remove-EVArchivePermission parameters

Parameter

Description

-ArchiveId (required)

Specifies the ID of the archive for which to remove the access permissions. You can use Get-EVArchive to obtain the required ID.

-Trustee (required)

The account name of the user or group for which you want to remove access permissions from the specified archive.

For Active Directory accounts, type the value in any of the following formats:

  • domain\user

  • domain\group

  • hostname\localuser

  • hostname\localgroup

For Domino accounts, type the value in any of the following formats:

  • user/org

  • group/org

  • CN=user/O=org

  • group (org)

  • */org

  • */orgunit/org. For example, */abc/DominoOrg.

-Granted

The granted access permissions that you want to remove for the user or group: Read, Write, or Delete. Specifying the access type as All removes all the granted permissions for that user or group.

You can specify multiple access types by separating them with commas; for example, -Granted Read,Write.

-Denied

The denied access permissions that you want to remove for the user or group: Read, Write, or Delete. Specifying the access type as All removes all the denied permissions for that user or group.

You can specify multiple access types by separating them with commas; for example, -Denied Read,Write.

-All

Removes all the granted and denied permissions for the user or group from the specified archive. It is that same as specifying -Granted All -Denied All.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not actually run.

-Confirm

Prompts you for confirmation before running the cmdlet. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.

Examples

  • Remove-EVArchivePermission -ArchiveId 19D...EVServer1 -Trustee EXAMPLE\msmith -Granted Read

    Prompts for confirmation, and then removes "Read" from the list of granted access permissions for the user "EXAMPLE\msmith" on the archive with the ID "19D...EVServer1".

  • Get-EVArchive -ArchiveName msmith | Remove-EVArchivePermission -Trustee EXAMPLE\msmith -Denied Read,Write -Confirm:$false

    Pipes the archive ID that is obtained from Get-EVArchive to Remove-EVArchivePermission, and removes "Read" and "Write" from the list of denied access permissions for the user "EXAMPLE\msmith" on the archive "msmith". This command also suppresses the confirmation prompt.

  • Get-EVArchive -ArchiveName msmith | Remove-EVArchivePermission -Trustee EXAMPLE\msmith -All -Confirm:$false

    Pipes the archive ID that is obtained from Get-EVArchive to Remove-EVArchivePermission, and removes all the granted and denied access permissions for the user "EXAMPLE\msmith" on the archive "msmith". This command also suppresses the confirmation prompt.

  • Get-EVArchive -ArchiveName dsmith | Remove-EVArchivePermission -Trustee dsmith/DominoOrg -Granted All -Confirm:$false

    Pipes the archive ID that is obtained from Get-EVArchive to Remove-EVArchivePermission, and removes all the granted and denied access permissions for the Domino user "dsmith" on the archive "dsmith". This command also suppresses the confirmation prompt.

  • Get-EVArchive | Remove-EVArchivePermission -Trustee EXAMPLE\msmith -All -Confirm:$false

    Removes all the access permissions for the user "EXAMPLE\msmith" on all the archives without prompting for confirmation.

Output

For a user or group for which you have removed all permissions, Remove-EVArchivePermission returns a confirmation message on completion. For a user or group that still has some permissions applied, the cmdlet returns a modified object of type EnterpriseVault.Admin.ArchivePermissionEntry, which has the following properties.

Table: Remove-EVArchivePermission properties

Name

Type

Description

ArchiveId

String

The ID of the archive to which the user or group has access.

ArchiveName

String

The name of the archive to which the user or group has access.

ArchiveType

EV_STG_API_ARCHIVE_TYPE

The Enterprise Vault archive type enumeration. The possible values are as follows:

  • ARCHIVE_TYPE_DOMINO_JOURNAL

  • ARCHIVE_TYPE_DOMINO_MAILBOX

  • ARCHIVE_TYPE_FILE_SYSTEM

  • ARCHIVE_TYPE_INTERNETMAIL

  • ARCHIVE_TYPE_JOURNAL

  • ARCHIVE_TYPE_MAILBOX

  • ARCHIVE_TYPE_PUBLIC_FOLDER

  • ARCHIVE_TYPE_SHARED

  • ARCHIVE_TYPE_SHAREPOINT

  • ARCHIVE_TYPE_SMTP

TrusteeId

String

The ID that uniquely identifies the user or group. For Active Directory accounts, the cmdlet displays the security identifier (SID), whereas for Domino Directory accounts the cmdlet displays the UNID.

Trustee

String

The account name of the user or group.

TrusteeSource

TrusteeSource

The directory service in which the user or group has an account. "Windows" designates Active Directory, whereas "Domino" designates a Domino Directory.

TrusteeType

TrusteeType

The Enterprise Vault trustee type enumeration. The possible values are as follows:

  • User

  • Group

  • Wildcard

  • Unknown

  • DeletedUser

ManualGranted

AccessRight[]

The manually-granted level of access: Read, Write, or Delete.

ManualDenied

AccessRight[]

The manually-denied level of access: Read, Write, or Delete.

AutoGranted

AccessRight[]

The automatically-granted level of access: Read, Write, or Delete.

AutoDenied

AccessRight[]

The automatically-denied level of access: Read, Write, or Delete.

Related cmdlets