none
Security Group Audit - Email

    Question

  • Working on a security group audit that will go out monthly for our shared mailbox security groups. I have it all working except for description. It is not pulling that attribute - any thoughts?

    Also - I would appreciate feedback on my logic for this.  I am sure it could be cleaned up.  Right now just emailing to me - once its working I Will change the To Address to the managedBy email - which is why I am pulling that data as well.

    Thanks
    John

    $smtp = "mail.domain.local"
    $emailAddressBCC ="test <test@domain.com>"
    $from = "Shared Mailbox Audit<donotreply@domain.com>"
    
    
    Get-ADGroup -filter * -searchBase "OU=Shared Mailboxes,DC=domain,DC=Local" -Properties managedBy |
    ForEach-Object { 
    	$managedBy = $_.managedBy;
    	$groupName = $_
    	
    	if ($managedBy -ne $null)
    	{
    	$manager = (get-aduser -Identity $managedBy -Properties emailAddress);
    	$managerName = $manager.Name;
    	$managerEmail = $manager.emailAddress;
    	$subject = "Shared Mailbox Audit " + $groupName.description 
    	$emailBodyTable = Get-ADGroupMember -Identity $groupName -Recursive | Select @{N='GroupName';E={$groupName.description}},Name,SamAccountName
    	$emailBody = "You have received this email because you are listed as the owner of the following shared mailbox.<br><br>"
    	$emailBody += "Listed below are all of the employees that have access to this shared mailbox.<br><br>"
    	$emailBody += "If this list is correct - no action is necessary.  If you need to add or removed people, please open a helpdesk ticket.<br><br>"
    	$emailBody += $emailBodyTable | ConvertTo-HTML | Out-String
    	#send-MailMessage -SmtpServer $smtp -To $emailAddressBCC -Bcc $emailAddressBCC -From $from -Subject $subject -BodyAsHtml $emailbody
    	send-MailMessage -SmtpServer $smtp -To $emailAddressBCC -From $from -Subject $subject -BodyAsHtml $emailbody
    	}
    	
    	else
    	{
    	$managerName = 'N/A';
     	$managerEmail = 'N/A';
    	$subject = "Shared Mailbox Audit " + $groupName.description
    	$emailBodyTable = Get-ADGroupMember -Identity $groupName -Recursive | Select @{N='GroupName';E={$groupName.description}},Name,SamAccountName
    	$emailBody = "The following group does not have an owner listed.<br><br>"
    	$emailBody += "Please assign an owner for this shared mailbox for monthly audits.<br><br>"
    	$emailBody += "If this list is correct - no action is necessary.  If you need to add or removed people, please open a helpdesk ticket.<br><br>"
    	$emailBody += $emailBodyTable | ConvertTo-HTML | Out-String
    	#send-MailMessage -SmtpServer $smtp -To $emailAddressBCC -Bcc $emailAddressBCC -From $from -Subject $subject -BodyAsHtml $emailbody
    	send-MailMessage -SmtpServer $smtp -To $emailAddressBCC -From $from -Subject $subject -BodyAsHtml $emailbody
    	}
    
    } 

    Thursday, April 20, 2017 6:09 PM

All replies

  • These are the two parts that are not pulling anything - doesn't like description...

    $subject = "Shared Mailbox Audit " + $groupName.description

    Select @{N='GroupName';E={$groupName.description}},Name,SamAccountName

    If I use $groupName.name it works - but that name may be confusing to the end user so I was trying to use the description attribute.

    Thanks

    John

    Thursday, April 20, 2017 6:53 PM
  • Figured it out - had to add * to properties to pull all attributes.

    Get-ADGroup -filter * -searchBase "OU=Shared Mailboxes,DC=domain,DC=Local" -Properties * |

    Thursday, April 20, 2017 7:19 PM