Exchange Powershell - Check if a user is in a specific mailbox database - powershell

I am trying to writing a script to move a user to a new database and then export their mailbox to pst, but I need to verify if the user is in the correct database to begin with from a user input.
I am trying a command like:Get-Mailbox -Database "Archive Mailbox Database" -Identity Fbloggs
Then I would error trap if the user is not found. This line does not work however with error:
Parameter set cannot be resolved using the specified named parameters.
+ CategoryInfo : InvalidArgument: (:) [Get-Mailbox], ParameterBindingException
+ FullyQualifiedErrorId : AmbiguousParameterSet,Get-Mailbox
Many thanks for any help.
NA

Try with the Filter parameter (you can also use Name instead of Alias):
Get-Mailbox -Database "Archive Mailbox Database" -Filter {Alias -eq 'Fbloggs'}
Or the other way around:
(Get-Mailbox -Identity Fbloggs).Database.Name
Or
Get-Mailbox -Database "Archive Mailbox Database" | Where-Object {$_.Name -eq 'Fbloggs'}

Related

Purging deleted external user from AzureAD / Office 365 fails with UserNotFoundException

I am trying to purge a deleted user from Office 365 / AzureAD. The way to do this seems to be Remove-MsolUser with the -RemoveFromRecycleBin flag.
I can retrieve the user with
Get-MsolUser -All -ReturnDeletedUsers | ? {$_.userPrincipalName -eq $USERNAME}
When I try to remove it with
Remove-MsolUser -UserPrincipalName $USERNAME -RemoveFromRecycleBin
I get
Remove-MsolUser : User Not Found in the Microsoft Online directory Deleted Users container. User:
xxxxxx#EXT##yyyyyyyyy.
In Zeile:1 Zeichen:1
+ Remove-MsolUser -UserPrincipalName $USERNAME -RemoveFromRecycleBin
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Remove-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Admini
stration.Automation.RemoveUser
https://support.microsoft.com/en-us/help/3019157/remove-msoluser-user-not-found-error-when-you-try-to-remove-a-user-fro states
This problem occurs if the user who is performing the action is not a global admin.
However my using is global admin.
In this case it would be better to pipe the output of Get-MsolUser -All -ReturnDeletedUsers | ? {$_.userPrincipalName -eq $USERNAME} directly to the Remove-MsolUser.
That way, the ObjectID property is used instead of the UserPrincipalName which looks to have been changed (#EXT#) once added to the Recycle bin.
The ObjectID (a guid) however is not changed and uniquely identifies the user object.
Try:
Get-MsolUser -All -ReturnDeletedUsers | ? {$_.userPrincipalName -eq $USERNAME} |
Remove-MsolUser -RemoveFromRecycleBin
Or:
$exUser = Get-MsolUser -All -ReturnDeletedUsers | ? {$_.userPrincipalName -eq $USERNAME}
Remove-MsolUser -ObjectId $exUser.ObjectID -RemoveFromRecycleBin
If you have to use the older MSOnline V1 PowerShell module for Azure Active Directory, you need to delete the guest user from the recycle bin with setting the username as the real email address of the guest user.
For example, if the guest user is aaa#outlook.com. It will be listed as aaa_outlook.com#EXT##***.onmicrosoft.com with Get-MsolUser. But you need set $USERNAME = "aaa#outlook.com" instead of "aaa_outlook.com#EXT##***.onmicrosoft.com".
Then you will be able to delete it from the recycle bin.

Get-ADUser -Identity

Unable to pass a variable to the Identity parameter in Powershell.
$username = "John.Doe"
Get-ADUser -Identity "$username"
Get-ADUser : Cannot find an object with identity: 'John.Doe' under: 'DC=contoso,DC=com'.
At line:1 char:1
+ Get-ADUser -Identity "$username"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (John.Doe:ADUser) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,M
icrosoft.ActiveDirectory.Management.Commands.GetADUser
If I just put Get-ADUser -Identity "John.Doe" the results come back just fine.
The -Identity parameter accepts the following:
A distinguished name
A GUID (objectGUID)
A security identifier (objectSid)
A SAM account name (sAMAccountName)
If you want to search based on another attribute, then you need to use the -Filter switch. For example, to find user based on UserPrincipalName, you can do the following:
Get-ADUser -Filter "UserPrincipalName -eq 'John.Doe#contoso.com'"
See Get-ADUser for more details.
I know it is old question but It might be the answer. It might help some one down the line.
I came across the same issue and it stumped me 1 hour. Finally I used $username = $username.trim() . So obviously the variable has space which need to be trimmed.

Exchange PowerShell: Exporting mailbox folder AccessRights

With PowerShell, I want to make an export of all the mailboxes in an Exchange environment of users in a specific OU where the level of AccessRights of the user "Default" on the folder level does not equal "None". For this I am using the following command:
$AllMailbox = Get-Mailbox -OrganizationalUnit "DNofOU" -ResultSize Unlimited
$ResultData = foreach ($Mailbox in $AllMailbox)
{
Get-MailboxFolderPermission $Mailbox | Where-Object {$_.User -Match "Default" -AND $_.AccessRights -NotMatch "None"} | Select-Object Identity,AccessRights,#{Name="Name"; Expression={$Mailbox.Name}}
}
$ResultData | Export-CSV -Path C:\temp\MailboxFolderPermissions.csv
However, when running this command I get the following error:
Cannot process argument transformation on parameter 'Identity'. Cannot convert the "DisplayNameOfMailbox" value of type "Deserialized.Microsoft.Exc
hange.Data.Directory.Management.Mailbox" to type "Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter".
+ CategoryInfo : InvalidData: (:) [Get-MailboxFolderPermission], ParameterBindin...mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-MailboxFolderPermission
+ PSComputerName : FQDNofExchangeServer
The environment is based on Exchange 2010 on a Windows Server 2008 R2 server with PowerShell version 2.0. It is also possible to execute this from a Windows Server 2012 R2 server with PowerShell version 4.0 when remote connecting to the Exchange server.
For me, it worked better to use the full Canonical name of the object.
Like so:
$mailboxArray = Get-Mailbox -OrganizationalUnit "example.com/Accounts" -ResultSize Unlimited
I Wasn't sure if this for have found the answer or not yet, but wanted to provide my input on how you could possibly get all the mailboxes in an organizational Unit.

Powershell - Add-Adgroupmember objectclass:contact to a distribution group error Cannont find[..]

I'm working on a simple script that should add a contact to a distribution group depending of the week of the year. My bug is that my script can add objectclass:User but when I try with a contact GUID the script give me that error:
Add-ADGroupMember : Cannot find an object with identity: '123dd2345-12f0-542b-c3e6-5774bac431aa' under: 'DC=MY,DC=DOMAIN'.
At line:1 char:25
+ get-adgroup $ADGroup | Add-ADGroupMember -members $zvar.ObjectGUID
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (123dd2345-12f0-542b-c3e6-5774bac431aa:ADPrincipal) [Add-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
The part of the script that I use is looking like that:
$zvar = get-adobject -filter {displayname -eq "Valentine, John (CELL)" } #this is my contact displayname that is put in a variable with necessary properties
get-adgroup "Dist - Support group" | Add-ADGroupMember -members $zvar.ObjectGUID #this is my Distribution group, whatever the properties I put to my contact object I get the error message above i.e. $zvar.name, $zvar.distinguishedname, etc
If I replace the value "Valentine, John (CELL)" by the ObjectClass:user "Valentine,John" the command will succeed without error.
Am I using the command correctly ?
I could probably use the Quest-module but I'd like to avoid using a third party.
Thanks in advance
Came across this problem as well today: You cannot add an AD Object of class "objectClass=contact" to a group using the Add-ADGroupMember cmdlet.
However, the members of a an AD group are simply stored in the multivalued property "member", and every *-ADObject and related command supports the -Add, -Replace, -Clear and -Replace parameters.
Thus, this works to add a single user:
Set-ADGroup -Identity "GroupName" -Add #{'member'=$contact.DistinguishedName};
And this removes the user:
Set-ADGroup -Identity "GroupName" -Remove #{'member'=$contact.DistinguishedName};
As #mjolinor comment, the exchange cmdlet would be the solution, but I don't have what it need to use it. So I will use Quest-cmdlet. With that it's working.

Display groups a user belongs to by searching their email address - Quest Powershell Active Roles Management Shell

This is the command I'm using currently:
$user = Get-QADUser -email user#domain.com -enabled ; $user.memberOf |
Get-QADGroup | findstr Green
"Green" is just an identifying marker on group names.
Sometimes this command works just fine. It displays to me, based on the email address input, all groups that match "Green" that the user belongs to.
Sometimes, however, it does not... and I get this:
Get-QADGroup : Cannot validate argument on parameter 'Identity'. The
argument is null or empty. Supply an argument that is not null or
empty and then try the command again. At line:1 char:97
+ $user = Get-QADUser -email user#domain.com -enabled ; $user.memberOf | Get-QADGroup <<<< | findstr Green
+ CategoryInfo : InvalidData: (:) [Get-QADGroup], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlet
s.GetGroupCmdlet
I've been googling and trying modifications of and variations on this for weeks on and off, and no luck. I'm hoping someone can explain the inconsistent behavior and provide a better or just more consistently working command.
Give this a try:
Get-QADMemberOf -Identity user#domain.com -Name Green