We help IT Professionals succeed at work.

Exchange 2007 Administrators List

Need a powershell or Quest script to pull all the user accounts in the domain who has exchange permissions.

I have executed get-exchangeadminstrators | ft

It has returned me a list of groups.

Need to generate a detailed report with all the user information and level of access in Exchange.

Could you help with a script
Comment
Watch Question

Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Look what i know is Exchange has "Built-in Role Groups" so you can check with their membership to understand who has what level of rights to Exchange

Built-in Role Groups
http://technet.microsoft.com/en-us/library/dd351266.aspx

- Rancy
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Ohk lets try this .... share your feedback

Get-RoleGroup (See if you get the list of default Built in groups)

Get-RoleGroup | Get-RoleGroupMember | FT

- Rancy

Author

Commented:
Rancy

Is Get-RoleGroup works in exchange 2007.

I am getting the below error.

The term 'get-rolegroup' is not recognized as the name of a cmdlet, function, s
cript file, or operable program. Check the spelling of the name, or if a path w
as included, verify that the path is correct and try again.

Do we need to add any snappin or run in windows powershell.
This isn't something that is for E2007, RBAC was first introduced in E2010.

Regards,
Exchange_Geek
check if this works for you

Get-DistributionGroup | %{
  $Group = where {$_ DisplayName -like "*Exchange*"}
  $Group | Get-DistributionGroupMember |
    Select-Object @{n='GroupName';e={ $Group.Name }}, DisplayName,
} | Export-CSV "<FileName>"

Regards,
Exchange_Geek
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013
Commented:
Get-DistributionGroup | Get-DistributionGroupMember | where {$_ DisplayName -like "*Exchange*"} | FT Name, *Member* > Name.csv

- Rancy

Author

Commented:
Hi Rancy  / Exchange Geek

This script will give me all the exchange admins but how to check what level of exchange persmission they have.
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Look this will give you output of members of this Groups and thats how level of rights are determined with Exchange 2007 :)

- Rancy
Once you have the details of which admin belongs to which group, read the following link to understand their level of rights / permissions / extent of power

Regards,
Exchange_Geek

Author

Commented:
No luck Rancy , I have tried ur cmdlet.

Getting only
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
What is the error or details you get .... did you also try command shared bu Exchange_Geek

- Rancy
Get-DistributionGroup | where {$_ DisplayName -like "*Exchange*"}  For-Each Get-DistributionGroupMember | FT Name,Member*

Regards,
Exchange_Geek

Author

Commented:
For exchange geek previous cmd the error is
Get-DistributionGroupMember : Cannot bind argument to parameter 'Identity' because it is null.
 Current script error is

Where-Object : A positional parameter cannot be found that accepts argument 'For-Each'.

Rancy for your command i got only 4 users as output.
Solutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013
Commented:
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

The above command wouldnt run as these are Security Groups :(

- Rancy

Author

Commented:
Yes you are right Rancy these are security groups.

Getting the below error:

Organizational unit "Domain.com\Microsoft Exchange Security Groups" was not found. Please make sure you have typed it correctly.
At line:1 char:1
+  <<<< Get-Group -OrganizationalUnit "Domain.com\Microsoft Exchange Security Groups"  | where {$_.DisplayName -like "Exchange*"} | FL Name, Members
    + CategoryInfo          : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : B032788B

I went through AD structure and havent found the groups in the display but when i serach the groups i found they are located in the microsoft exchange security groups OU.
Rajitha ChimmaniSpecialized Technology Analyst
CERTIFIED EXPERT
Commented:
Wrote a script using QAD cmdlets. You will have to install Power Quest Addin for this and add the PSSnapin (Add-PSSnapin quest.activeroles.admanagement).

$AdminDetails = @()
$Admins = Get-ExchangeAdministrator
foreach($Admin in $Admins){
$Details = Get-QADObject $Admin
if($Details.type -eq "Group"){
$Members = Get-QADGroupMember $Details.Name -Indirect
foreach($Member in $Members){
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Member.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Member.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
else{
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Details.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Details.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
$AdminDetails | Export-Csv -Path "filepath" -NoTypeInformation

Author

Commented:
The term Get-ExchangeAdministrator is not recognised as the name of the cmdlet,function or script or operable program.

We have a server with quest active roles installed. When i tried the script it is not recognising the Exchange cmdlet.

Rajitha please suggest.
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
AhmedAliShaik: The command you ran was incorrect.

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

You ran with .... wrong slash between domain and MESG :(
Domain.com\Microsoft Exchange Security Groups

- Rancy

Author

Commented:
Rancy it is quickly running without any errors but no output.

:)
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Just run this

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"

- Rancy

Author

Commented:
Yes I am getting the below output Rancy.

Name                DisplayName         SamAccountName      GroupType
----                -----------         --------------      ---------
Exchange Servers                        Exchange Servers    Universal, Security
                                                            Enabled
Exchange Organizati                     Exchange Organizati Universal, Security
on Administrators                       on Administrators   Enabled
Exchange Recipient                      Exchange Recipient  Universal, Security
Administrators                          Administrators      Enabled
Exchange View-Only                      Exchange View-Only  Universal, Security
Administrators                          Administrators      Enabled
ExchangeLegacyInter                     ExchangeLegacyInter Universal, Security
op                                      op                  Enabled
Exchange Public Fol                     Exchange Public Fol Universal, Security
der Administrators                      der Administrators  Enabled
Exchange Trusted Su                     Exchange Trusted Su Universal, Security
bsystem                                 bsystem             Enabled

As the display name field is blank previous command ran and has not given any output.

I replaced Displayname with SamAccoutName but still getting the same output.

I checked manually and found there are many nested groups within each security group.
it will be very tough to do a manual job. Please simplify my task.
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013
Commented:
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_. Name -like "Exchange*"} | FL Name, Members

- Rancy

Author

Commented:
This works.

Getting names and  in members field getting ... after 10 characters.

And also ot is showing groups in the members filed.

Is there any way to get nested group members.
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Ideally if you see closely no other group should be a member but thats one way i know ... not quiet good at scripting :(
Seems a bit manual task need from u :)

- Rancy

Author

Commented:
I dont accept, without good @ scripting , how u have shared lot of logics  & many solutions to me.

I do accept from powershell we may not have the option for nested groups, but from QAD we can get.

Even i have not thought in ur way.

Any how friend we had good fight & explored many things.

Hope will continue the same.
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013
Commented:
Going off as too very tired ... once up will try to find something more and post to you if this doesn't helps :)

How to: Get Members of an Exchange Distribution List
http://msdn.microsoft.com/en-us/library/office/bb645998.aspx

http://gsexdev.blogspot.in/2010/06/enumerting-members-of-nested-group-with.html

Tips on Quest and Exchange Shell to Manage Groups and Group Members
http://smtpport25.wordpress.com/2010/07/19/tips-on-quest-and-exchange-shell-and-to-manage-groups-and-group-members/

- Rancy
Rajitha ChimmaniSpecialized Technology Analyst
CERTIFIED EXPERT

Commented:
AhmedAliShaik: You did mention in your first comment that you ran the command and received output. As it is an Exchange cmdlet and other part of script requires quest cmdlets, you need to have the quest snapin added to Exchange Management Shell.

Author

Commented:
Thanks all.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.