locked
powershell to query from a list of mailboxes the accounts that have permission in it and also display the accounts OU RRS feed

  • Question

  • I need to create a script that can query a mailbox and show all users that have access to it. In turn will also allow me what OU these users are.

    The below script is the one I created. so what it does is it

    1. queries mailbox permission then store it in a variable($perm).
    2. Run another cmdlet to remove the domain name then store the modified list to another variable ($user)
    3. Query the users ($user) and get their their Distinguished name

    My problem is, the script will work until the 2nd process. Once it queries the name of users for me to know where they are physically located it shows that its querying all mailboxes in our Exchange server.

    any idea why it still query all the mailbox instead of those that are in the variable ($user) only

    ##gets list of users who have access on a mailbox
    $perm = get-mailbox "<mailbox name>" | get-mailboxpermission | where {$_.isinherited -eq $false -and $_.user.tostring() -ne "NT AUTHORITY\SELF"} | select-object user

    ##removes INTRANET\ on the list of user from $perm
    $user = $perm | foreach {$_.user -replace "Domain\\", ""}

    ## display all the users on $perm and display their samaccountname and DistingquishedName
    $user | foreach {get-mailbox $_.user | select-object samaccountname,distinguishedname} | export-csv TestResult.csv

    $user


    PoSH newbie, BaSH Oldie

    Wednesday, December 19, 2012 7:33 AM

Answers

  • Hi,

    Thank you for the post.

    According to the description, the issue seems to be related to Scripting. As we mainly focus on the general question about Forefront Client Security, it is recommend you to get further support in our Scripting forum. The engineers and community members there have more experience and can help you in a more efficient way.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en-US/ITCG/threads

    Regards,


    Nick Gu - MSFT

    • Proposed as answer by Nick Gu - MSFT Friday, December 21, 2012 6:13 AM
    • Marked as answer by navarro_aries Friday, December 21, 2012 8:00 AM
    Friday, December 21, 2012 6:13 AM

All replies

  • I managed to solve it by adding removing the last line and instead use the command below. However now that I want to export it to a csv file it only display the last user. WHere do i put the export-csv cmdlet?

    Foreach ($objitem in $user) {
    get-mailbox $objitem | select-object displayname, distinguishedname
    }


    PoSH newbie, BaSH Oldie

    Wednesday, December 19, 2012 8:35 AM
  • I now have a new script, what I want to do is basically query the mailboxes from my CSV file to display the mailbox displayname, with the user that have permission to it and also display the users Distinguished name.

    The result from the script below will just display 1 mailbox and show all users that have permissions on the mailboxes. Any idea how can I separate them to display 1 mailbox with the users that have permission in it then also display the users Distinguished name?

    $mbx=import-csv "mbx_over10GB.csv"
    $result=@()
    $list=@()

    ### gets list of users who have access on a mailbox
    $list += $mbx | foreach { get-mailbox $_.displayname | get-mailboxpermission | where {$_.isinherited -eq $false -and $_.user.tostring() -ne "NT AUTHORITY\SELF"} | select-object $_.displayname,$.user}


    ### removes INTRANET\ on the list of user
    $user = $list | foreach {$_.user -replace "INTRANET\\", ""}

    ### display all the users on $user and display their samaccountname and DistingquishedName
    Foreach ($objitem in $user) {
    $result += get-mailbox $objitem | select-object displayname, distinguishedname
    }


    $result | export-csv testresults.csv -NoTypeInformation


    PoSH newbie, BaSH Oldie

    Thursday, December 20, 2012 4:18 AM
  • Hi,

    Thank you for the post.

    According to the description, the issue seems to be related to Scripting. As we mainly focus on the general question about Forefront Client Security, it is recommend you to get further support in our Scripting forum. The engineers and community members there have more experience and can help you in a more efficient way.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en-US/ITCG/threads

    Regards,


    Nick Gu - MSFT

    • Proposed as answer by Nick Gu - MSFT Friday, December 21, 2012 6:13 AM
    • Marked as answer by navarro_aries Friday, December 21, 2012 8:00 AM
    Friday, December 21, 2012 6:13 AM