so I have a script that works fine that I found online and changed to suit my needs. I have pasted this script below. However, in the output there is a lot of disabled users that have permissions to the mailboxes. E.g. I'd get an Output like "Mailbox Name^Mailbox#email.com^ActiveUser ActiveUser DisabledUser" So I am wondering if there is a way to make the script skip disabled users, same way how it leaves out self permissions.
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto
$OutFile = “C:\Send_As_Permissions.txt”
“DisplayName” + “^” + “Email Address” + “^” + “Send As” | Out-File $OutFile -Force
$Mailboxes = Get-Mailbox -resultsize unlimited | Select Identity, Alias, DisplayName, DistinguishedName, WindowsEmailAddress
ForEach ($Mailbox in $Mailboxes) {
$SendAs = Get-ADPermission $Mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}
$Mailbox.DisplayName + “^” + $Mailbox.WindowsEmailAddress + “^” + $SendAs | Out-File $OutFile -Append
}
If you want to report on enabled mailboxes only, filter the output from Get-Mailbox on the IsMailboxEnabled property:
$Mailboxes = Get-Mailbox -resultsize unlimited | Where-Object { $_.IsMailboxEnabled } | Select ...
If you want to report on individual rights assignments for enabled accounts only, you'll have to query AD based on the value of the User property you extract:
$SendAs = Get-ADPermission $Mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}
$domain,$username = $SendAs.Split('\')
$ADUser = Get-ADUser -Identity $username -Server $domain
if($ADUser.Enabled){
# output to report
}
Related
I am trying to get the SamAccountName from Get-ADUser, but when I pass in the variable $member.User I get no results. $member.User when I print it out with Write-Host returns a variable, but used in the code below I get nothing. Also, if I copy/paste the $member.User value into that $add = Get-ADUser I get the SamAccountName. Why isn't Get-ADUser -Filter {EmailAddress -eq "$member.User" } returning anything? It is driving me nuts. Thank you in advance.
$Send = #()
$SendAs = #()
# Displaying FullAccess permissions for shared mailboxes
$Send = Get-MailboxPermission -Identity $MailboxUPN | Where-Object { -not ($_.User -like “NT AUTHORITY\SELF”) } | Select-Object Identity,User,AccessRights
$Send
# Displaying SendAs permissions for shared mailboxes
# $SendAs = Get-RecipientPermission -Identity $MailboxUPN | Where-Object {($_.IsInherited -eq $False) -and -not ($_.Trustee -like “NT AUTHORITY\SELF”) } | Select-Object Trustee, AccessRights
# $SendAs
forEach ($member in $Send){
Write-Host "In here"
Write-Host $member
$add = Get-ADUser -Filter {EmailAddress -eq "$member.User" }| Select-Object -ExpandProperty SamAccountName
Write-Host $add.SamAccountName
}
Basically what i'm trying to achieve here is an output with 4 column/list (in this case i'm exporting as a text)
Get-MailboxPermission gives me a property of identity, user, accessrights but it doesn't give me a property of "Manager". I need to identify where that particular user reports to. So, i tried PSCustomObject and hoping i can put the results in an array. See script below
$GETMAILBOXPERM = Get-Content C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt | ForEach-Object {Get-MailboxPermission $_ |
where {
($_.User -notlike ‘*NT AUTHORITY*’) -and
($_.User -notlike ‘*S-1-5-21-*’) -and
($_.User -notlike ‘*NAMPRD08*’) -and
($_.User -notlike ‘*PRDTSB01*’) -and
($_.User -notlike ‘*0365Admin*’) -and
($_.User -notlike ‘*Discovery Management*’) -and
($_.User -notlike ‘*NAMPR08A005*’) -and
($_.User -notlike ‘*NT AUTHORITY*’)
}
}
$Results = foreach( $Mailbox in (get-content C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt))
{
$Users = Get-User $Mailbox
if ($Users){
foreach ($User in $Users){
[pscustomobject]#{
DisplayName = $User.name
Account = $GETMAILBOXPERM.user
Manager = $User.manager
Access = $GETMAILBOXPERM.accessrights
}
}
}
}
$Results | Format-List -Property DisplayName, Account, Manager, Access | Out-File C:\Users\Account\Desktop\MailboxUsers\mailbox4.txt
Here's the output in text file. I get the DisplayName and Manager right but the Account and Access just doesn't seem to loop from the text file.
DisplayName : MAILBOX1
Account : {user1#domain.ca, user2#domain.ca, user3#domain.ca, user4#domain.ca...}
Manager : MANAGER1
Access : {FullAccess, FullAccess, FullAccess, FullAccess...}
DisplayName : MAILBOX2
Account : {user1#domain.ca, user2#domain.ca, user3#domain.ca, user4#domain.ca...}
Manager : MANAGER2
Access : {FullAccess, FullAccess, FullAccess, FullAccess...}
The user manager attribute is normally in ADDS, not Exchange. Yet, that text file seems to be where you are getting this from vs dynamically from ADDS.
Why are you using Format-List?
PowerShell will automatically format as a list the moment you columns exceed 5.
This is untested, since I do not have an environment to try it on, but a refactor of what you have here. Give it a shot.
$GetMailboxPerm = Get-Content -Path 'C:\Users\Account\Desktop\MailboxUsers\MAILBOXESUSERS.txt' |
ForEach-Object {Get-MailboxPermission $PSitem |
where {
($PSitem.User -notlike ‘*NT AUTHORITY*|
*S-1-5-21-*|
*NAMPRD08*|
*PRDTSB01*|*0365Admin*|
*Discovery Management*|
*NAMPR08A005*|
*NT AUTHORITY*’)
}
}
foreach( $Mailbox in (Get-Content -Path 'C:\Users\Account\Desktop\MailboxUsers\MailboxUsers.txt'))
{
$Users = Get-User $Mailbox
if ($Users)
{
foreach ($User in $Users)
{
[pscustomobject]#{
DisplayName = $User.name
Account = $GetMailboxPerm.user
Manager = $User.manager
Access = $GetMailboxPerm.accessrights
} | Out-File -FilePath 'C:\Users\Account\Desktop\MailboxUsers\mailbox4.txt' -Append
}
}
}
$results = foreach ($Mailbox in (Get-Mailbox -ResultSize Unlimited))
{
get-MailboxFolderPermission -identity "$($Mailbox.Name):\Calendar" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and
$_.User -notlike "Anonymous" -and
$_.AccessRights -notlike "None" -and
$_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}}, FolderName, User, AccessRights
}
$results
I am still learning powershell (only 1 full year of experience). I'm using this code to report on calendar permissions for all end user mailboxes in our environment. The code works well but it only reports on the Calendar object. I need to run three separate reports to get the Calendar, Contacts, and Inbox permissions.
I have tried creating an array but it throws multiple values all on one line. (Some end users have more than one person with access to their Calendar/Contacts/Inbox. Does anyone have a good idea of how to combine these results?
thanks
Here is an example of what results I would like:
Iterating Mailboxes only once with an additional
ForEach ($Folder in 'Contents','Calendar','Inbox')
Should be more efficient:
#Date
$date = (Get-Date -f yyyy-MM-dd)
#Pull Permissions
$Permissions = ForEach ($Mailbox in (Get-Mailbox -ResultSize Unlimited )) {
ForEach ($Folder in 'Contents','Calendar','Inbox'){
Get-MailboxFolderPermission -identity "$($Mailbox.Name):\$($Folder)" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.AccessRights -notlike "None" -and $_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}},
#{N="Folder";E={$_.FolderName}},
#{N="User With Access";E={$_.User}},
#{N="Access";E={$_.AccessRights}}
}
}
#Export to Desktop
$Permissions | Sort User | Export-Csv "$env:USERPROFILE\Desktop\ExchangePermissions-$Date.csv" -NoTypeInformation
#Date
$date = (Get-Date -f yyyy-MM-dd)
#Pull Permissions
$Permissions = ForEach ($Mailbox in (Get-Mailbox -ResultSize Unlimited )) {
$userInfo = get-user $Mailbox.name | select Title
ForEach ($Folder in 'Contacts','Calendar','Inbox'){
Get-MailboxFolderPermission -identity "$($Mailbox.Name):\$($Folder)" -ErrorAction SilentlyContinue |
Where-Object {$_.User -notlike "Default" -and $_.User -notlike "Anonymous" -and $_.AccessRights -notlike "None" -and $_.AccessRights } |
Select #{N="Mailbox";E={$Mailbox.SamAccountName}},
#{N="Office";E={$Mailbox.Office}},
#{N="Title";E={$userInfo.Title}},
#{N="Folder";E={$_.FolderName}},
#{N="User With Access";E={$_.User}},
#{N="Access";E={$_.AccessRights}}
}
}
#Export to Desktop
$Permissions | Sort User | Export-Csv
"$env:USERPROFILE\Desktop\ExchangePermissions-$Date.csv" -NoTypeInformation
I'm trying to pull Send As permissions from an Exchange 2010 Server.
I keep encountering an error that The total data received from the remote client exceeded allowed maximum. Allowed maximum is 524288000.
As a way to mitigate this, I was thinking about running the command in a foreach loop for each database.
My question is, how can I get this to work? The script above does not work unfortunately.
$allmbxinyourorg = Get-Mailbox -ResultSize unlimited
Foreach ($mbx in $allmbxinyourorg)
{
Get-Mailbox -database $mbx |
Get-ADPermission |
?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authorityself")} |
Select Identity, User |
export-csv -notypeinformation $mbx.csv
}
I dont have an exch server to test this but you can try the following:
$databases = Get-MailboxDatabase -Server $yourserver
$databases |
Get-Mailbox -resultsize unlimited
Get-ADPermission |
Where-Object{($_.ExtendedRights -like '*send-as*') -and (-not ($_.User -like 'nt authorityself'))} |
Select-Object Identity, User |
export-csv -Path 'c:\temp\mbx.csv' -NoTypeInformation
In your post you had the export-csv inside the foreach which would overwrite the file on every run of the loop.
Try this:
$allmbxinyourorg = Get-Mailbox -ResultSize unlimited
Foreach ($mbx in $allmbxinyourorg)
{
Get-Mailbox -database $mbx |
Get-ADPermission |
?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authorityself")} |
Select Identity, User |
export-csv -notypeinformation 'mbx.csv' -Append
}
Could you post exact error you get?
When do you hit the exception?
$allmbxinyourorg = Get-Mailbox -ResultSize unlimited or at another step?
I'm trying to display all the mailboxes and their sizes for all our users in our Departed OU. I seem to be very close but my command seems to be adding some padding to the results.
[PS] C:\Windows\system32>dsquery user "ou=Departed,ou=Staff,dc=COMPANY,dc=local" -limit 4 | dsget user -samid | Get-MailboxStatistics | ft DisplayName, TotalItemSize, ItemCount
And the output:
Dsquery has reached the specified limit on number of results to display; use a different value for the -limit option to
display more results.The specified mailbox " samid " doesn't exist.
+ CategoryInfo : NotSpecified: (0:Int32) [Get-MailboxStatistics], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : DD7D7CEA,Microsoft.Exchange.Management.MapiTasks.GetMailboxStatistics
The specified mailbox " Eka.Tian " doesn't exist.
+ CategoryInfo : NotSpecified: (1:Int32) [Get-MailboxStatistics], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 7F701DFD,Microsoft.Exchange.Management.MapiTasks.GetMailboxStatistics
Obviously shouldnt work for the first result "samid" but "Eka.Tian" exists. Why is it adding all those spaces? Is there a way I could format the output from dsget user so it plays nice with Get-MailboxStatistics?
Why the dsquery?
get-mailbox -OrganizationalUnit "ou=Departed,ou=Staff,dc=COMPANY,dc=local" -resultsize unlimited |
get-mailboxstatistics | ft DisplayName,TotalItemSize,Itemcount
I've got something for you, even though it's a little late.
You just need to adjust every Searchbase with OU and DC, the Email-Adresses at the end and the SMTP-Server, then you get an Email with a CSV-Attachment that contains every OU with Counts of active and inactive Mailboxes and a list with every mailbox and its parameters.
You can also trigger it with the Task-Scheduler of Windows, so it's an automatic report.
Add-PSSnapin Microsoft.Exchange.Management.Powershell.SnapIn;
$Kunden=Get-ADOrganizationalUnit -Filter * -SearchBase "OU=Kunden,DC=domain,DC=domain"
$leerzeile ="`n"
#Funktion für 10 GB Kontrolle
function getUber10 ($name)
{
$Uberschreit=0
$anzahluber10=0
$anzahl=0
$UserList = Get-Mailbox -OrganizationalUnit "$name" |Get-MailboxStatistics
$großen = $UserList |Select TotalItemSize
for($y=0; $y -lt $großen.Length; $y++){
if($großen[$y].totalItemSize.value.toMB() -gt 10000){
$wieoft=$großen[$y].totalItemSize.value.toMB() * 0.0001
$anzahluber10 = $anzahluber10 + [Math]::Ceiling($wieoft) - 1
}
}
$anzahluber10
}
#Liste aller Kunden mit Postfachanzahl
Get-ADOrganizationalUnit -Filter * -SearchBase "OU=Kunden, DC=domain, DC=domain" |Select-Object Name, #{n="Postfach-Anzahl";e = {(Get-ADUser -Filter {(EmailAddress -like "*#*") -and (Enabled -eq "True")} -SearchBase $_).count}},`
#{n="Deaktivierte Postfächer";e = {(Get-ADUser -Filter {Enabled -eq "False"} -SearchBase $_).count}}, #{n="10GB-Überschreitungen"; e={ getUber10 -name $_}} `
| ConvertTo-Csv -Delimiter ";" -NoTypeInformation | % {$_.Replace('"','')} | Out-File C:\ExchangeReport.csv -Append
$leerzeile | Out-File C:\ExchangeReport.csv -Append
$leerzeile | Out-File C:\ExchangeReport.csv -Append
#Liste der einzelnen Kunden mit Details der Postfächer
For($i=1; $i -lt $Kunden.Length; $i++){
$Kunde=$Kunden[$i]
$Uberschreit=0
$anzahluber10=0
$anzahl=0
$UserList = Get-Mailbox -OrganizationalUnit "$Kunde" |Get-MailboxStatistics
$großen = $UserList |Select TotalItemSize
for($x=0; $x -lt $großen.Length; $x++){
if($großen[$x].totalItemSize.value.toMB() -gt 10000){
$wieoft=$großen[$x].totalItemSize.value.toMB() * 0.0001
$anzahluber10 = $anzahluber10 + [Math]::Ceiling($wieoft) - 1
}
}
Get-ADOrganizationalUnit -Identity $Kunden[$i] |Select-Object Name, #{n="Postfach-Anzahl";e = {(Get-ADUser -Filter {(EmailAddress -like "*#*") -and (Enabled -eq "True")} -SearchBase $Kunde).count}}`
,#{n="Deaktivierte Postfächer";e = {(Get-ADUser -Filter {Enabled -eq "False"} -SearchBase $_).count}},#{n="10GB-Überschreitungen"; e={$uberschreit= $anzahluber10 ; $uberschreit}}`
| ConvertTo-Csv -Delimiter ";" -NoTypeInformation | % {$_.Replace('"','')} | Out-File C:\ExchangeReport.csv -Append
Get-Mailbox -OrganizationalUnit "$Kunde" |Select-Object #{n="Kundenname";e={Get-ADOrganizationalUnit -Identity $Kunden[$i] |Select-Object Name}}, Displayname, PrimarySmtpAddress, `
#{n="Size(MB)";e = {$Fachstat = Get-MailboxStatistics $_.name;$Fachstat.totalItemsize.value.toMB()}}, #{n="Quota";e={$Fachquot=Get-Mailbox $_.name;$Fachquot.ProhibitSendReceiveQuota}},`
#{n="Aktiv?"; e={Get-ADUser $_.DistinguishedName |select Enabled}}, #{n="Über 10GB?"; e={$uber10 = Get-MailboxStatistics $_.name; if($uber10.totalItemSize.value.toMB() -gt 10000){$uber10.IsValid}else{$uber10.IsQuarantined}}} `
| ConvertTo-Csv -Delimiter ";" -NoTypeInformation | % {$_.Replace('"','')} | % {$_.Replace('#{Name=','')} | % {$_.Replace('}','')} | % {$_.Replace('#{Enabled=','')} | Out-File C:\ExchangeReport.csv -Append
$leerzeile | Out-File C:\ExchangeReport.csv -Append
$leerzeile | Out-File C:\ExchangeReport.csv -Append
}
$Date = Get-DAte -UFormat "%d.%m.%Y"
Send-MailMessage -to "empfänger#domain.domain" -from "administrator#domain.domain" -Subject "Exchange-Report" -body "Exchange Report of $Date" -SmtpServer "External IP" -Attachments "C:\ExchangeReport.csv"
Remove-Item C:\ExchangeReport.csv
I wrote the variables etc. in German, I hope thats no problem ;)