Export All Exchange Mailboxes with Send-As, Full Access & Send-On-Behalf-Of Permissions

There are many times when I need to get a list of all mailboxes that have full control or Send-As permissions assigned to them. In an organization with hundreds or thousands of mailboxes, using the console is not intuitive and sometimes you have to run multiple PowerShell scripts to get the results you need.

I created the script below to help with this. The script will:

  1. Export a list of ALL mailboxes in your Exchange organization
  2. dump all users who have full access to the mailbox
  3. dump all users who have send-as permission to the mailbox
  4. dump all users who have send-on-behalf-of permission to the mailbox

The script will create a TXT file but if you open it in using Excel, you can put the data into columns by using the character caret “^” symbol as the delimiter.

You will still need to do some formatting of the spreadsheet to properly separate the permissions column so that you can read the user list – will continue working on updating the script to better view the results.

Copy the contents below into Notepad and save it as a .PS1 file.

===========================SCRIPT START====================================

$OutFile = “C:\Permissions\Exported_List_of_ALL_Access_Permissions.txt”
“DisplayName” + “^” + “Email Address” + “^” + “Full Access” + “^” + “Send As” + “^” + “Send On Behalf Of” | Out-File $OutFile -Force
 
$Mailboxes = Get-Mailbox -resultsize unlimited | Select Identity, Alias, DisplayName, DistinguishedName, WindowsEmailAddress
ForEach ($Mailbox in $Mailboxes) {
#$SendOnBehalfOf = Get-mailbox $Mailbox.identity | select Alias, @{Name=’GrantSendOnBehalfTo’;Expression={[string]::join(“;”, ($_.GrantSendOnBehalfTo))}}

$SendOnBehalfOf = Get-mailbox $Mailbox.identity | % {$_.GrantSendOnBehalfTo}

$SendAs = Get-ADPermission $Mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}

#$FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq “FullAccess” -and !$_.IsInherited} | % {$_.User}
 
$FullAccess = Get-MailboxPermission $Mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match “NT AUTHORITY”)} |Select User,Identity,@{Name=”AccessRights”;Expression={$_.AccessRights}} | % {$_.User}

$Mailbox.DisplayName + “^” + $Mailbox.WindowsEmailAddress + “^” + $FullAccess + “^” + $SendAs + “^” + $SendOnBehalfOf  | Out-File $OutFile -Append    }

===========================SCRIPT END====================================

Advertisements

Office 365 – Script to Activate New Mailbox

Script can be downloaded by clicking this Link. Rename the file to PS1 before it can be used.

Please note that once the mailbox has been created, it needs to be activated.

Details of creating new mailboxes in O365 can be found at this link

This script is used to perform the following tasks to a mailbox that has newly been created in Office 365:

  • Set usage location on O365 mailbox to Canada
  • Assigns licenses for Exchange Online, Lync Online, Office365 ProPlus and SharePoint Online
  • Enables retention policy on mailboxes
  • Please note that this script will require an input file.
  • The content of the file should be the SAMAccountName or the UPN of the newly created users in Active Directory.
  • As an example, all new users being created have a logon name of firstname.lastname – this is referred to as the SAMAccountName. The file should contain entries like – each name on its own like:

Clark.Kent
Bruce.Wayne
Bruce.Banner

    • The file can also contain the UPNs of the users in the format:

Bruce.Wayne@domain.ca
Bruce.Banner@domain.ca
Clark.Kent@domain.ca

 

############################################################################################################
# This script will activate the user by:
#    •    setting usage location on O365 mailbox to Canada
#    •    Assigns licenses for Exchange Online, Lync Online, Office365 ProPlus and SharePoint Online
#    •    Enables retention policy on mailboxes
############################################################################################################

######
# AUTHOR: IBRAHIM U. BENNA
######

#This function is used to create a “pause” in the script. Continuation of the script requires an input from the keyboard

Function Pause ($Message=”Press Any Key to Continue…”)
{
Write-host $Message
$Null = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Write-host ” ”
}

Write-host -foregroundcolor Red “Please make sure you are running this script from the Windows Azure Active Directory PowerShell”

Echo ” ”

Pause

#Import Users to be activated from text file. If no text file input is provided, the script immediately terminates. The file must contain the logon names or the UPNs of the users being activated

If ($Args.count -eq 0) {
Write-host -foregroundcolor Red “You need to specify a file name in the command. The file should contain a list of users to be activate.”
echo ” ”
Write-host -foregroundcolor Red “Please re-run the script providing the file name using the syntax ‘New-O365UserSettings.PS1 InputFileName.txt’ ”
echo ” ”
Exit
}

# Obtain credentials for global administrator in O365
$O365Credentials = Get-Credential

#Create a remote session and connect to Office 365 using Windows PowerShell
$Session = New-PSSession -ConfigurationName Microsoft.Exchange –ConnectionUri https://ps.outlook.com/powershell/ -Credential $O365Credentials -Authentication Basic –AllowRedirection
Import-PSSession $Session
connect-msolservice -credential $O365credentials

Echo ” ”

Write-Host -foregroundcolor Green “Importing file with user accounts to be activated”

Echo ” ”
#This section will read the content of the text file
$Users = get-content $Args[0]
#This section assigns the license type
$ServicePlans = Get-MsolAccountSku | fl | Where {$_.SkuPartNumber -eq “ENTERPRISEPACK”}
$ServicePlans.ServiceStatus
$MyO365Sku = New-MsolLicenseOptions -AccountSkuId syndication-account:ENTERPRISEPACK -DisabledPlans RMS_S_ENTERPRISE,SHAREPOINTWAC

#Assign Location attribute, necessary licenses, activate user and also apply the retention policy to the user’s mailbox
Foreach ($U in $Users) {
#Sets Usage Location attribute for mailbox to Canada
echo “enabling Usage Location ”
Set-MsolUser -UserPrincipalName $U -UsageLocation CA

#Sets license to necessary options defined
echo “enabling license options ”
Set-MsolUserLicense -UserPrincipalName $U -addlicenses “syndication-account:ENTERPRISEPACK”
Set-MsolUserLicense -UserPrincipalName $U -licenseoptions $MyO365Sku
echo “$U has now been licensed in O365”

#Applies retention policy to mailbox
Start-ManagedFolderAssistant $U
echo “Archive/Retention Policy successfully applied to $U”

echo ” ”
echo ” ”
}

#Disconnects remote powershell session from O365
get-pssession | remove-pssession

Office 365 – Script to Create New Primary and Archive Mailbox

Script can be downloaded by clicking this Link. Rename the file to PS1 before it can be used.

Please note that once the mailbox has been created, it needs to be activated.

In order to create primary and archive mailboxes in Office 365, the following script can be used.

  • Please note that this script will require an input file.
  • The content of the file should be the SAMAccountName of the newly created users in Active Directory.
  • As an example, all new users being created have a logon name of firstname.lastname – this is referred to as the SAMAccountName (without the domain portion). The file should contain entries like – each name on its own like:

Clark.Kent
Bruce.Wayne
Bruce.Banner

 

##########################################################################
# This function is used to create a “pause” in the script.
# Continuation of the script requires an input from the keyboard.
# Pauses have been added at different steps of the script but can be safely removed.
##########################################################################

 ######
# AUTHOR: IBRAHIM U. BENNA
######

 FunctionPause ($Message=”Press Any Key to Continue…”)
{
Write-host $Message
$Null=$host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Write-host ” ”
}
Write-host -foregroundcolor Red “Please make sure you are running this script from the Microsoft Exchange Management Shell on a machine used to manage the Exchange organization”

Echo ” ”

Pause

#Import Users to be mailbox-enabled from text file. If no text file input is provided, the script immediately terminates. The file must contain the logon names of the users being activated

If ($Args.count -eq 0) {
Write-host -foregroundcolor Red “You need to specify a file name in the command. The file should contain a list of users to be activate.”

echo ” ”

Write-host -foregroundcolor Red “Please re-run the script providing the file name using the syntax ‘New-O365Mailbox.PS1 InputFileName.txt’ ”

echo ” ”

Exit
}

#Enabling mailbox in the cloud – This section will read the content of the text file

$Users=get-content $Args[0]

Foreach ($U in $Users) {
echo ” ”

#Configuring the TargetAddress attribute on the user account in Active Directory and then enabling the mailbox in Exchange Online.
Write-host -foregroundcolor DarkYellow “Enabling remote mailbox for $u”

echo ” ”

Write-host –foregroundcolor Red “MAKE SURE YOU HAVE CHANGED THE TENANT DOMAIN IN THE SCRIPT!”

Pause

#Configuring the TargetAddress attribute on the user account in Active Directory and enabling primary mailbox for user
$routing=$u+“@TENANTNAME.mail.onmicrosoft.com
enable-remotemailbox $u -remoteroutingaddress $routing
Write-Host -foregroundcolor Yellow “$U has O365 primary mailbox enabled”

echo ” ”

#Configuring and enabling an archive mailbox for the user
Write-host -foregroundcolor DarkYellow “Enabling archive mailbox for $u”
enable-remotemailbox $u -archive
Write-Host -foregroundcolor Yellow “$U has archive mailbox enabled”
echo ” ”
}

Scripts for Creating Archive Mailboxes in Exchange 2010

Background Information

I had a client who has been running Exchange 2010 SP1 for some time and they have a little over 7,000 user mailboxes in their environment. Their environment consisted of 2 Exchange servers running the mailbox role and the user mailboxes were spread between the two servers. Each mailbox server had 12 mailbox databases (totalling 24) and it got to a point that they wanted to implement archiving for their users.

The client had already created 12 additional mailbox databases to host the archive mailboxes (these databases were placed on slower disks) so in total each server now has 24 databases (totalling 48 in the environment).

Client Requirements

The client wants to create mailboxes on the same server as the primary mailbox for each user mailbox. For example,  if USER2’s mailbox is on ExchangeSRV02 on database DB09, then this script will create an archive mailbox for USER2 on archive database ARCHIVEDB09

SCRIPT 1 – Create Archive for ALL mailboxes (Save this file as FileName.PS1)

$users = Get-Mailbox -RecipientTypeDetails usermailbox

foreach ($u in $users) {

$MailboxDatabase= (Get-Mailbox $U).Database

$ArchiveDatabase= “Archive”+ ( $MailboxDatabase.Name).Substring( 0)

Enable-Mailbox $U -Archive -ArchiveDatabase $ArchiveDatabase

write-host “Done processing $u…”

}

In an Exchange Powershell, simply run the script as FileName.PS1

SCRIPT 2 – Create Archive for selected mailboxes (Save this file as FileName.PS1)

As a modification to this script – if you have a list of names for the users who you want to have archive mailboxes, you can place these names in a text file (names.txt for example)

If ($Args.Count -eq 0) {
write-host “You need to specify a file with a list of users as a parameter at the command line!!!”
Exit
}
$users = get-content $args[0]
foreach ($u in $users) {
$MailboxDatabase= (Get-Mailbox $U).Database
$ArchiveDatabase= “Archive”+ ( $MailboxDatabase.Name).Substring( 0)
Enable-Mailbox $U -Archive -ArchiveDatabase $ArchiveDatabase
write-host “Done processing $u…”
}

In an Exchange Powershell, simply run the script as FileName.PS1 Names.txt