Find oldest email via PowerShell - powershell

I found multiple posts regarding this topic, but I don't think they are correct.
The following script works great if you want to find the earliest/oldest item (which for my luck, it is a contact).
Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -Identity USERID |
Where OldestItemReceivedDate -ne $null |
Sort OldestItemReceivedDate |
Select -First 1 OldestItemReceivedDate
I want to find the earliest.. first email someone received. So someone helped me creating the following:
# Get the folder statistics for all folders
$stats = Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -Identity $USERID
# Get the oldest email. Can re-use $stats for the other item types
$OldestEmail = $stats |
Where-Object {$_.OldestItemReceivedDate -and $_.ContainerClass -eq 'IPF.Note'} |
Sort-Object OldestItemReceivedDate |
Select-Object ContainerClass,OldestItemReceivedDate,FolderPath -First 1
# Outputs
ContainerClass OldestItemReceivedDate FolderPath
-------------- ---------------------- ----------
IPF.Note 2/8/2016 2:07:50 PM /Inbox
That previous script works great, if... the email is not on the Purge folder. For some reason, when the emails are moved to the Purge folder, the ContainerClass is also removed. I know there is an email prior to 2/8/2016, but it is on the -Archive \Recoverable Items\ Purge

If all you're doing is trying to avoid contact matching, change your ContainerClass to:
$_.ContainerClass -ne 'IPF.Contact'
That way you won't exclude the Purges folder. Alternatively you could adjust it to:
-and (($_.ContainerClass -eq 'IPF.Note') -or ($_.FolderPath -match "Purges"))
edit: I can't make comments to reply to you yet sorry, but yes Purges has no ContainerClass. It'll still proceed just fine with the 1st option (because a $null containerclass is still not equal to 'IPF.Contact'). Did you need to include contacts in the search?

Related

PowerShell - Find Oldest Email

I am stuck, I am trying to find the oldest "EMAIL" in a person's mailbox, but I don't know what else to try. I think I need to add the ContainerClass -eq "IPF.Note" somewhere, but I am not sure where.
The following script works, but it finds the oldest ITEM, which in my case it is a contact. I want to look at each container (Email, Chats, Calendar, Contacts) separately, but for this script, I just want to know the oldest email.
Thank you
Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -Identity USERID |
Where OldestItemReceivedDate -ne $null |
Sort OldestItemReceivedDate |
Select -First 1 OldestItemReceivedDate
You can filter what you have by item type, but I would do it after getting the statistics so you only have to query exchange once:
# Get the folder statistics for all folders
$stats = Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -Identity $USERID
# Get the oldest email. Can re-use $stats for the other item types
$OldestEmail = $stats |
Where-Object {$_.OldestItemReceivedDate -and $_.ContainerClass -eq 'IPF.Note'} |
Sort-Object OldestItemReceivedDate |
Select-Object ContainerClass,OldestItemReceivedDate,FolderPath -First 1
# Outputs
ContainerClass OldestItemReceivedDate FolderPath
-------------- ---------------------- ----------
IPF.Note 2/8/2016 2:07:50 PM /Inbox
You are correct that the mailbox folder statistics command does not search recoverable items by default. It also does not search the mailbox archive unless you specify -Archive. If you need these, you'll have to do additional searches:
# Get recoverable items:
Get-MailboxFolderStatistics -Identity $USERID -FolderScope 'RecoverableItems' -IncludeOldestAndNewestItems |
Where-Object OldestItemReceivedDate |
Sort-Object OldestItemReceivedDate |
Select-Object ContainerClass,OldestItemReceivedDate,FolderPath -First 1
# Note that deleted item containers do not have an item type!
ContainerClass OldestItemReceivedDate FolderPath
-------------- ---------------------- ----------
2/5/2016 3:41:33 PM /Deletions
Presuming this is for compliance reasons to search a mailbox for items on an Exchange Server you should be using the Search-Mailbox cmdlet - https://learn.microsoft.com/en-us/powershell/module/exchange/search-mailbox?view=exchange-ps
For Exchange Online to search a mailbox for items you should use the New-ComplianceSearch cmdlet https://learn.microsoft.com/en-us/powershell/module/exchange/new-compliancesearch?view=exchange-ps
This web page shows how to search by date - New-ComplianceSearch: how to use the newer version of Search-Mailbox https://www.codetwo.com/admins-blog/new-compliancesearch-new-version-of-search-mailbox/
This web page has a script to search mailboxes, including dates PowerShell – New-ComplianceSearch script to go through all mailboxes, find a target message, and remove it - https://365basics.com/powershell-new-compliancesearch-script-to-go-through-all-mailboxes-find-a-target-message-and-remove-it/
Using your original approach, should be done like this. Presuming you have appropriate permissions.
Get-MailboxFolderStatistics -ID <mailboxemailaddress> -IncludeOldestAndNewestItems | select Identity, Name, FolderPath, ItemsInFolder, FolderSize, OldestItemReceivedDate | Export-Csv C:\temp\Mailbox.csv -NoTypeInformation

How to get the get-ADPrincipalGroupMembership for all users in a txt or csv file and put into a txt file for each user?

I am trying to get a file with the group-memberships for every user that is specified in a txt/csv file.
so this is what i had before:
Get-ADPrincipalGroupMembership -Identity $user -Server $DC | Select name | Where-Object name -like GUSR_* | Out-File "C:\temp\$user.txt"
this work fine for getting the groups from 1 singel user, but now i have to do this for 100+ users.
And instead of doing it one by one i am looking for a way to automate it.
so i got myself a .csv export of all the users i want this done for.
and started trying.
what i came up with so far:
$users = Get-Content "C:\temp\test.csv" |ForEach-Object {Get-ADPrincipalGroupMembership -Identity $users -Server $DC | Select name | Where-Object name -like GUSR_* | Out-File "\\ads.net\ADS\SDL\Temp\_ROLAND\RSD\test2\$users.txt"}
This cleary doesnt work.
I have tried a couple of other things with the foreach command but nothing did the trick.
I have the feeling i am not on the right path to get my result.
Maby somebody has done this before and can help me get on the right path.
i'm not new to powershell but i'm far from an expert, most of the time i use it for basic singel commands or edit some great scripts i find.
sadly for this i haven't found any yet.
with kind regards
Roland
Don't assign back to a variable
Import the CSV
No filter after select
Pretiffy your -like
Use $_ as pipeline variable
Use subexpression operator for string+variable concatenation
Import-Csv "C:\temp\test.csv" |ForEach-Object {Get-ADPrincipalGroupMembership -Identity $_.users -Server $_.DC | Where-Object {$_.name -like 'GUSR_*'} | Select -Expand Name | Out-String | Out-File "\\ads.net\ADS\SDL\Temp\_ROLAND\RSD\test2\$($_.users).txt"}

Find AD security groups on network folders

I am not a programmer, I must of taken a wrong turn! So that's out of the way, how on earth is there not an easy way to take a set of network folders and pipe out a list of AD security groups that are applied to it? I have googled my butt off but there are a million similar questions and i have tested a few scripts but cant get exactly what i want or a lot of errors. We have a top level directory of about 7 folders and security is about 3 levels deep. We want to cleanup unused or orphaned security groups out of AD TOOLS, and try to get a feel of what is used and what is not. Attempting a "Network drive cleanup" at my Organization.
What is the best way to accomplish this? I tried this in PS
Get-ChildItem "\\wfs.company.ca\adv\workgroups\adv services" -recurse | ForEach-Object {Get-Acl $_.FullName} | Export-CSV C:\"adv services".csv
It worked but gave me too much info and not specific Group names.
and i also tried something like this which just produced errors.
# Scope options are Universal, DomainLocal,Global
# Get-GroupMember -Scope DomainLocal
Function Get-GroupMember{
Param(
[parameter(Mandatory=$true)]
[string]
$scope
)
$Groups = Get-ADGroup -Filter {GroupScope -eq $scope -and Members -ne "NULL"} -Properties Name |
Select-Object Name, #{Name="GroupMembers";Expression={(Get-ADGroupMember -Identity "$_" |
Select-Object -ExpandProperty SamAccountName) -join "`n"}}
}
$Groups | Format-Table -AutoSize -Wrap
$Groups | Out-GridView
$Groups | Export-Csv C:\groups.csv -NoTypeInformation
I dont mind putting in the work and research i just dont know where to start.
Any pointers much appreciated.
Thanks!
You could use this to get a unique list of applied identities (groups and users):
(Get-ChildItem "\\wfs.company.ca\adv\workgroups\adv services" -Recurse | Get-Acl).Access.IdentityReference | select -Unique
Furthermore, you could use Get-ADGroup or other ways to check if it's a group or user.

Powershell command, to get users with expiring passwords in the next month or 30 days?

I'm having the hardest time getting the following output from powershell. The console just stops at the blinking cursor like the command is running, but I wait 20 min or so, and I still have no output, both in the powershell console, as well as when I try to export as a csv. I'm using the following command:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A | Export-Csv C:\temp
Could someone help? I've scoured the internet to no avail.
You are using format-table inappropriately. Don't use any Format-* cmdlets if you need to process the data after that point - formatting makes that impossible. Always save formatting for the very end, and only for user presentation.
Also, you're going to end up with a file in your C:\ root directory named temp that's not entirely usable as a CSV file, at least from Excel and other readers, because additional information is going to be inserted by Export-CSV. This will be eliminated by the -notypeinformation switch.
Additionally, you can speed this up by specifying the -UsersOnly switch for Search-ADAccount and skipping the where-object loop - the pipeline is really useful, but constructs like this can slow it down. Filter your data as far to the left as possible, and if you can do it inside a cmdlet that offers a filter, do it there.
Corrected script which should work as you expect:
Search-ADAccount -AccountExpiring -DateTime "01/29/2017" -UsersOnly | select-object -Property Name,ObjectClass | Export-Csv C:\temp\expiring.csv -NoTypeInformation;
Forgive me if this isn't perfect code, but this script will get you accounts expiring within the next 7 days. You can change the $DaysAhead variable to alter the time frame.
$maxPwdAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days;
$daysAhead = 7;
$dateMin=(get-date).AddDays(-$maxPwdAge);
$dateMax=$DateMin.AddDays($daysAhead);
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} –Properties * | where {($_.PasswordLastSet) -ge $dateMin} |where {($_.PasswordLastSet) -le $dateMax} | select CN,EmailAddress,passwordLastSet | Format-Table;

office 365 Powershell

The HR department has 5000 unliscenced users. I want to remove them all.
I'm confused between two powershell commands and want to use the fastest one:
## 1
Get-MsolUser -UnlicensedUsersOnly | Remove-MsolUser -force
## 2
Get-MsolUser -All | where {$_.department -eq "HR"} | Remove-MsolUser -force
Although I don't think that there would be a huge difference in processing time since you're just using two different ways of retrieving a list of data, it seems like it would be a little faster to just pull the unlicensed users, as opposed to pulling all users and then filtering them based on department. However, are you sure that there aren't any unlicensed users in other departments that you may not want to delete?
Regarding which command is faster, have you tried using the Measure-Object command to see how long each one will take? You could just measure the Get-MsolUser command to confirm the difference.
Measure-Object {Get-MsolUser -UnlicensedUsersOnly}
Measure-Object {Get-MsolUser -All | where {$_.department -eq "HR"}}
Remove-MsolUser -force should take the same amount of time for both options. Also, I think you'll need to put the Remove-MsolUser command in a foreach loop:
foreach($user in Get-MsolUser -UnlicensedUsersOnly | where {$_.department -eq "HR"})
{Remove-MsolUser -ObjectId $user.ObjectId.guid -force}
https://technet.microsoft.com/en-us/library/ee176899.aspx