none
PowerShell reporting RRS feed

  • Question

  • Hi all,

    I'm looking for some assistance with a project I'm currently working on.

    The project:

    To pull all users from AD who's UPN starts with the letter M - I have this scripted and it's working correctly

    To go to O365 and get all the mailbox permissions for every users mailbox who's UPN starts with M (these will be managers), showing the display name of who has what level of access, then to output the results to a CSV file.

    E.g.

    Managers Name              Users who have access         Level of access

    Manager 1                            David Smith                         Full Access

    Manager 1                            Lee Brown                            Send as Access

    Manager 2                            Darren Black                          Send as Access

    Manager 2                             Jordan Green                            Full Access

    Then to pull another report from AD which shows a Manager's Direct reports in a similar format to the above

    E.g.

    Managers Name               Direct Report

    Manager 1                           Gillian Smith

    Manager 1                           Jordan Green

    Lastly I need to compare the CSV files to show who has access to a managers mailbox who is NOT a direct report.

    What I have so far:

    Import-Module ActiveDirectory
    Connect-ExchangeOnline -credential $creds

    $UPNsFromAD=(Get-ADUser -Filter * | where samaccountname -match "M\d\d\d" | select -ExpandProperty UserPrincipalName) -like "*.*@example1.co.uk"

    #Create a blank array for any email addresses that were missed
    $Missing=@()
    #Get all Exchange Online Mailboxes to improve searching performance
    $Exchange=Get-Mailbox -ResultSize "Unlimited"
    #Using data from AD to find mailboxes within Exchange Online
    $ManagerMailboxes= $UPNsFromAD.ForEach{
        try {
            $Exchange | where UserPrincipalName -eq $_
        }
        catch {
            #Any mailboxes that are not found will be recorded here
            $Missing+=$_
        }
    }

    $Managermailboxes.UserPrincipalName.ForEach{
        
        $Permissions += Get-MailboxPermission $_ | 
        Where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.user.tostring() -notlike "S-1-5-21*" -and $_.IsInherited -eq $false}

    }

    $Permissions | Select User,AccessRights | Export-Csv -NoTypeInformation -Path C:\temp\ManagersMailboxPermissions.csv -Force

    I'm getting multiple errors in this part of the code where it is only outputting one Managers mailbox permissions to the CSV file, for example the last name extracted from AD is Jamie Jones, the CSV will only show the mailbox permission for Jamie Jones and will only show Full Access permissions, not Send as.

    The error I'm currently getting is: Method invocation failed because [System.Management.Automation.PSObject] does not contain a method named 'op_Addition'.

    Hoping someone with far greater knowledge of PowerShell could give me some suggestions and example code to work with to get the results I'm looking for. Any help/examples/constructive criticism of my code would be greatly appreciated!

    Thanks in advanced!

    Friday, February 14, 2020 10:40 AM

All replies