A complete script to first dump all exchange mailboxes to .csv and then enumerate all mailbox permissions.
It uses the Exchange 2010 management shell and Quest’s Active Directory Powershell modules.
Usage:
- Load the script in the ISE editor.
- Set the two global parameters
- Run the script
- first execute: dump_mailboxes (this wil generate a .csv with all mailboxes)
- then execuite: dump_all_mailbox_permission (this will generate a second .csv with all permissions. Open in Excel to filter)
echo "-"
$global_ad_domain = "AD.CUSTOMER.LOCAL"
$global_ad_short = "AD"
### Load Modules for Active Directory and Exchange 2010
if (!($QUEST_LOADED))
{
Add-PSSnapin Quest.ActiveRoles.ADManagement
Set-QADPSSnapinSettings -DefaultSizeLimit 0
$logged_on_to = $env:USERDNSDOMAIN
if (!($logged_on_to -eq "$global_ad_domain"))
{
$user = read-host "Enter username in adusername format"
$pw = read-host "Enter password" -AsSecureString
connect-QADService -service '$global_ad_domain' -ConnectionAccount $user -ConnectionPassword $pw
}
else
{
connect-QADService
}
Set-QADProgressPolicy -ShowProgress $false
$QUEST_LOADED=$TRUE
echo "quest loaded"
}
if ($EMS_loaded -eq $NULL)
{
. 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'
echo "- Exchange Management Shell Loaded"
Connect-ExchangeServer -auto
$EMS_loaded = $true
echo "- Exchange Management Shell Connected"
}
### Functions
function dump_mailboxes
{
$output_file = "d:\temp\mailboxes.csv"
echo "Name`tAlias" >$output_file
# $mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
$mailboxes = Get-Mailbox -resultsize Unlimited
foreach ($mailbox in $mailboxes)
{
$Name = $mailbox.Name
$Alias = $mailbox.Alias
echo "$Name`t$Alias" >>$output_file
}
}
function dump_all_mailbox_permission
{
$output_file = "d:\temp\mailbox_permissions.csv"
$lijst = import-csv -delimiter "`t" d:\temp\mailboxes.csv
$aantal = $lijst.count
$teller = 0
write-host "Aantal functionele mailboxen: $aantal"
echo "Mailbox`tAuthType`tGroup`tSam`tType" >$output_file
foreach ($regel in $lijst)
{
$teller++
$Alias = $regel.alias
write-host "$teller / $aantal -> $Alias"
mailbox_permissions $Alias >>$output_file
}
}
function mailbox_permissions($mailbox)
{
if ($perms = get-mailboxpermission -identity "$mailbox" | where {($_.isinherited -eq $false) -and ($_.User -like "$global_ad_short\*")})
{
foreach ($perm in $perms)
{
$usr = $perm.User.tostring()
$typeusr = (get-qadobject -identity $usr -DontUseDefaultIncludedProperties).type
$usr = $usr.replace("$global_ad_short","")
$rights = $perm.AccessRights
if ($typeusr -eq "group")
{
$members = get-qadgroupmember -identity "$usr"
foreach ($member in $members)
{
$mbmrsam = $member.samaccountname
echo "$mailbox`t$typeusr`t$usr`t$mbmrsam`t$rights"
}
}
else
{
echo "$mailbox`t$typeusr`t`t$usr`t$rights"
}
}
}
}
echo "-"