how to use Exchange Management Shell to find disabled AD users with mailboxes

All replies

• 

  

  0

  Sign in to vote

  On Tue, 25 Sep 2012 22:25:00 +0000, GilbertF wrote:

   

  >

  >

  >I'm trying to figure out the Exchange 2007 Management shell command to find disabled AD accounts that still have a mailbox in the database.

  >

  >Please don't send me to a generic Microsoft link, I need the actual command.

   

  There's no "command" to do that. However this LDAP query will find ALL

  the mailboxes that are assigned to AD user accounts that are disabled

  -- including system mailboxes which you really shouldn't touch.

   

  Replace <YOURDOMAIN> and <TLD> with whatever is appropriate for your

  AD.

   

  $searcher=new-object directoryservices.directorysearcher

  $root=new-object directoryservices.directoryentry

  'LDAP://dc=<YOURDOMAIN>,dc=<TLD>'

  $searcher.searchroot = $root

  $searcher.filter='(&(objectclass=user)(objectcategory=person)(msExchRecipientTypeDetails=*)(userAccountControl:1.2.840.113556.1.4.803:=2))'

  $searcher.pagesize=100

  $searcher.findall()|foreach{

  $_.psbase.properties.name

  }

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  • Proposed as answer by Fiona_LiaoModerator Wednesday, September 26, 2012 3:29 AM

  Wednesday, September 26, 2012 2:09 AM
• 

  

  0

  Sign in to vote

  Hi there,

  We could not achieve this via EMS. This is because disabling AD user account does not affect Exchange mailbox attributes/status.

  I'd suggest you run AD commands to query disabled AD accounts, and then run "Get-Mailbox -id <AD account> |FT RecipientType" to see if those AD accounts are associated with a mailbox.

  Hope it is helpful.

  ---

  Fiona Liao

  TechNet Community Support

  

  • Proposed as answer by Fiona_LiaoModerator Wednesday, September 26, 2012 3:29 AM

  Wednesday, September 26, 2012 3:29 AM

  Moderator
• 

  

  1

  Sign in to vote

  Hia,

  I think below command should help!

  Get-Mailbox |?{$_.UserAccountControl -Match "AccountDisabled"}| Fl Name,Database,UserAccountControl

  Let me know if this works!

  _____________________________________________________

  Pavan ~ ( Exchange Support | 2003/2007/2010) ~Mark this if Helfpul

  • Marked as answer by GilbertF Wednesday, September 26, 2012 4:02 PM

  Wednesday, September 26, 2012 4:20 AM
• 

  

  0

  Sign in to vote

  That worked great, thanks a lot.  Everybody else was saying there's no way to do it.

  Wednesday, September 26, 2012 4:02 PM
• 

  

  0

  Sign in to vote

  On Wed, 26 Sep 2012 16:02:30 +0000, GilbertF wrote:

   

  >That worked great, thanks a lot. Everybody else was saying there's no way to do it.

   

  No, I said there's no "command" to do it. Since you didn't specify

  what O/S you were running so I had to assume you might have been

  running Windows 2003 or 2008 whch don't have the AD commands.

   

  The small snippet of code I suggested works with any server O/S

  capable of running Powershell.

   

  ---

  Rich Matheisen

  MCSE+I, Exchange MVP

   

  ---

  --- Rich Matheisen MCSE+I, Exchange MVP

  Wednesday, September 26, 2012 9:38 PM