Exchange 2007 Administrators List

Need a powershell or Quest script to pull all the user accounts in the domain who has exchange permissions.

I have executed get-exchangeadminstrators | ft

It has returned me a list of groups.

Need to generate a detailed report with all the user information and level of access in Exchange.

Could you help with a script
LVL 2
AhmedAliShaikAsked:
Who is Participating?
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

The above command wouldnt run as these are Security Groups :(

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Look what i know is Exchange has "Built-in Role Groups" so you can check with their membership to understand who has what level of rights to Exchange

Built-in Role Groups
http://technet.microsoft.com/en-us/library/dd351266.aspx

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Ohk lets try this .... share your feedback

Get-RoleGroup (See if you get the list of default Built in groups)

Get-RoleGroup | Get-RoleGroupMember | FT

- Rancy
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
AhmedAliShaikAuthor Commented:
Rancy

Is Get-RoleGroup works in exchange 2007.

I am getting the below error.

The term 'get-rolegroup' is not recognized as the name of a cmdlet, function, s
cript file, or operable program. Check the spelling of the name, or if a path w
as included, verify that the path is correct and try again.

Do we need to add any snappin or run in windows powershell.
0
 
Exchange_GeekCommented:
This isn't something that is for E2007, RBAC was first introduced in E2010.

Regards,
Exchange_Geek
0
 
Exchange_GeekConnect With a Mentor Commented:
check if this works for you

Get-DistributionGroup | %{
  $Group = where {$_ DisplayName -like "*Exchange*"}
  $Group | Get-DistributionGroupMember |
    Select-Object @{n='GroupName';e={ $Group.Name }}, DisplayName,
} | Export-CSV "<FileName>"

Regards,
Exchange_Geek
0
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
Get-DistributionGroup | Get-DistributionGroupMember | where {$_ DisplayName -like "*Exchange*"} | FT Name, *Member* > Name.csv

- Rancy
0
 
AhmedAliShaikAuthor Commented:
Hi Rancy  / Exchange Geek

This script will give me all the exchange admins but how to check what level of exchange persmission they have.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Look this will give you output of members of this Groups and thats how level of rights are determined with Exchange 2007 :)

- Rancy
0
 
Exchange_GeekCommented:
Once you have the details of which admin belongs to which group, read the following link to understand their level of rights / permissions / extent of power

Regards,
Exchange_Geek
0
 
AhmedAliShaikAuthor Commented:
No luck Rancy , I have tried ur cmdlet.

Getting only
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
What is the error or details you get .... did you also try command shared bu Exchange_Geek

- Rancy
0
 
Exchange_GeekCommented:
Get-DistributionGroup | where {$_ DisplayName -like "*Exchange*"}  For-Each Get-DistributionGroupMember | FT Name,Member*

Regards,
Exchange_Geek
0
 
AhmedAliShaikAuthor Commented:
For exchange geek previous cmd the error is
Get-DistributionGroupMember : Cannot bind argument to parameter 'Identity' because it is null.
 Current script error is

Where-Object : A positional parameter cannot be found that accepts argument 'For-Each'.

Rancy for your command i got only 4 users as output.
0
 
AhmedAliShaikAuthor Commented:
Yes you are right Rancy these are security groups.

Getting the below error:

Organizational unit "Domain.com\Microsoft Exchange Security Groups" was not found. Please make sure you have typed it correctly.
At line:1 char:1
+  <<<< Get-Group -OrganizationalUnit "Domain.com\Microsoft Exchange Security Groups"  | where {$_.DisplayName -like "Exchange*"} | FL Name, Members
    + CategoryInfo          : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : B032788B

I went through AD structure and havent found the groups in the display but when i serach the groups i found they are located in the microsoft exchange security groups OU.
0
 
Rajitha ChimmaniConnect With a Mentor Commented:
Wrote a script using QAD cmdlets. You will have to install Power Quest Addin for this and add the PSSnapin (Add-PSSnapin quest.activeroles.admanagement).

$AdminDetails = @()
$Admins = Get-ExchangeAdministrator
foreach($Admin in $Admins){
$Details = Get-QADObject $Admin
if($Details.type -eq "Group"){
$Members = Get-QADGroupMember $Details.Name -Indirect
foreach($Member in $Members){
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Member.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Member.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
else{
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Details.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Details.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
$AdminDetails | Export-Csv -Path "filepath" -NoTypeInformation
0
 
AhmedAliShaikAuthor Commented:
The term Get-ExchangeAdministrator is not recognised as the name of the cmdlet,function or script or operable program.

We have a server with quest active roles installed. When i tried the script it is not recognising the Exchange cmdlet.

Rajitha please suggest.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
AhmedAliShaik: The command you ran was incorrect.

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

You ran with .... wrong slash between domain and MESG :(
Domain.com\Microsoft Exchange Security Groups

- Rancy
0
 
AhmedAliShaikAuthor Commented:
Rancy it is quickly running without any errors but no output.

:)
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Just run this

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"

- Rancy
0
 
AhmedAliShaikAuthor Commented:
Yes I am getting the below output Rancy.

Name                DisplayName         SamAccountName      GroupType
----                -----------         --------------      ---------
Exchange Servers                        Exchange Servers    Universal, Security
                                                            Enabled
Exchange Organizati                     Exchange Organizati Universal, Security
on Administrators                       on Administrators   Enabled
Exchange Recipient                      Exchange Recipient  Universal, Security
Administrators                          Administrators      Enabled
Exchange View-Only                      Exchange View-Only  Universal, Security
Administrators                          Administrators      Enabled
ExchangeLegacyInter                     ExchangeLegacyInter Universal, Security
op                                      op                  Enabled
Exchange Public Fol                     Exchange Public Fol Universal, Security
der Administrators                      der Administrators  Enabled
Exchange Trusted Su                     Exchange Trusted Su Universal, Security
bsystem                                 bsystem             Enabled

As the display name field is blank previous command ran and has not given any output.

I replaced Displayname with SamAccoutName but still getting the same output.

I checked manually and found there are many nested groups within each security group.
it will be very tough to do a manual job. Please simplify my task.
0
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_. Name -like "Exchange*"} | FL Name, Members

- Rancy
0
 
AhmedAliShaikAuthor Commented:
This works.

Getting names and  in members field getting ... after 10 characters.

And also ot is showing groups in the members filed.

Is there any way to get nested group members.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Ideally if you see closely no other group should be a member but thats one way i know ... not quiet good at scripting :(
Seems a bit manual task need from u :)

- Rancy
0
 
AhmedAliShaikAuthor Commented:
I dont accept, without good @ scripting , how u have shared lot of logics  & many solutions to me.

I do accept from powershell we may not have the option for nested groups, but from QAD we can get.

Even i have not thought in ur way.

Any how friend we had good fight & explored many things.

Hope will continue the same.
0
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
Going off as too very tired ... once up will try to find something more and post to you if this doesn't helps :)

How to: Get Members of an Exchange Distribution List
http://msdn.microsoft.com/en-us/library/office/bb645998.aspx

http://gsexdev.blogspot.in/2010/06/enumerting-members-of-nested-group-with.html

Tips on Quest and Exchange Shell to Manage Groups and Group Members
http://smtpport25.wordpress.com/2010/07/19/tips-on-quest-and-exchange-shell-and-to-manage-groups-and-group-members/

- Rancy
0
 
Rajitha ChimmaniCommented:
AhmedAliShaik: You did mention in your first comment that you ran the command and received output. As it is an Exchange cmdlet and other part of script requires quest cmdlets, you need to have the quest snapin added to Exchange Management Shell.
0
 
AhmedAliShaikAuthor Commented:
Thanks all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.