Exchange Sync script issue

Hello All,

I am new here with the scripting and have an issue with one of our script from previous employee.

Would anyone please explain to me what is this script do so I can understand it clearly before looking into the sync issue that I had.

Thanks,

Key

Scripts:

--------------------------------------------------------------------------------------------------

Import-Module C:\PSModule\Exchange
Import-Module C:\PSModule\Data
Import-Module C:\PSModule\Reporting

$exchCred = . 'C:\Scripts\Credential\el-svc-exch-script@xyz.com.ps1'

$To = 'abc@xyz.com'
$Subject = 'Mailbox Permissions Changes'

Import-ExchangeSession -Credential $exchCred

$usedPermissions = 'FullAccess'
$executeChanges = $true

$userTemplate = [pscustomobject]@{
    Key = $null
    Group = $null
    Identity = $null
    User = $null
    AccessRights = $null
}

$mailboxGroups = Get-ADGroup -SearchBase 'OU=Mailbox,OU=Resource Access,OU=Groups,DC=xyz,DC=com' -Filter *
$userGroupPermissions = foreach ($mailboxGroup in $mailboxGroups)
{
    $isMatch = $mailboxGroup.Name -match "\A(.+?) - (.+) - (.+?)\Z"
    if (-not $isMatch)
    {
        Write-Error "Problem with group: $($mailboxGroup.Name)."
        next
    }

    $mailbox = $Matches[2]
    $access = $Matches[3] -split '&' | ForEach-Object { $_.Replace(' ', '') }
   
    $foundPermissions = $usedPermissions |
        Where-Object { $_ -in $access }
    if (-not $foundPermissions)
    {
        next
    }

    $users = Get-ADGroupMember -Identity $mailboxGroup -Recursive |
        Where-Object 'objectClass' -eq 'user'
    foreach ($user in $users)
    {
        $userRecord = $userTemplate | Select-Object *
        $userRecord.Group = $mailboxGroup.Name
        $userRecord.Identity = $mailbox
        $userRecord.User = $user.name
        $userRecord.AccessRights = 'FullAccess'
        $userRecord.Key = $userRecord.Identity + '|' + $userRecord.User + '|' + $userRecord.AccessRights
        $userRecord
    }
}

$mailboxPermTemplate = [pscustomobject]@{
    Key = $null
    Identity = $null
    User = $null
    AccessRights = $null
}

$mailboxGroupNames = $userGroupPermissions |
    Group-Object Group |
    Select-Object -ExpandProperty Name

$mailboxNames = $userGroupPermissions |
    Group-Object Identity |
    Select-Object -ExpandProperty Name
$userMailboxPermissions = foreach ($mailboxName in $mailboxNames)
{
    $mailboxPermissions = $null
    $mailboxPermissions = Get-MailboxPermission -Identity $mailboxName

    if (-not $mailboxPermissions)
    {
        Write-Error "Unable to find mailbox: $mailboxName."
        next
    }

    $applicablePermissions = $mailboxPermissions |
        Where-Object { -not $_.IsInherited -and $_.User -notlike 'NT Authority\Self' -and $_.User -notin $mailboxGroupNames }

    foreach ($permission in $applicablePermissions)
    {
        foreach ($accessRight in $permission.AccessRights)
        {
            $userRecord = $mailboxPermTemplate | Select-Object *
            $userRecord.Identity = $mailboxName
            $userRecord.User = $permission.User
            $userRecord.AccessRights = $accessRight
            $userRecord.Key = $userRecord.Identity + '|' + $userRecord.User + '|' + $userRecord.AccessRights
            $userRecord
        }
    }
}

$differences = Get-CollectionDifferences -LeftCollection $userGroupPermissions -RightCollection $userMailboxPermissions -KeyAttribute Key

$changes = & {
    $differences.LeftOnly | Select @{Name='Action'; Expression={'Add'}}, Identity, User, AccessRights
    $differences.RightOnly | Select @{Name='Action'; Expression={'Remove'}}, Identity, User, AccessRights
}

if ($executeChanges)
{
    foreach ($addPermission in $differences.LeftOnly)
    {
        Add-MailboxPermission -Identity $addPermission.Identity -AccessRights $addPermission.AccessRights -User $addPermission.User -Confirm:$false
    }
    foreach ($addPermission in $differences.RightOnly)
    {
        Remove-MailboxPermission -Identity $addPermission.Identity -AccessRights $addPermission.AccessRights -User $addPermission.User -Confirm:$false
    }
}

if ($changes)
{
    $preHtml = @"
<h1>$Subject</h1>
<p>The following changes are being made to mailbox permissions to sync them with the groups that have access.</p>
"@

    $emailArgs = @{}
    $emailArgs.To = $To
    $emailArgs.Subject = $Subject
    $emailArgs.Port = 587
    $emailArgs.Style = 'Ethos1'
    $emailArgs.HtmlTableArgs = @{
        PreContent = $preHtml
    }

    $changes |
        Sort-Object Identity, User |
        Send-HTMLMailMessageV2 @emailArgs
}

Get-PSSession | Remove-PSSession

$Error |
    Out-File 'C:\Scripts\Exchange Mailbox Permissions Sync\Errors.txt'