?
Solved

Exchange 2007 Administrators List

Posted on 2012-08-13
28
Medium Priority
?
1,073 Views
Last Modified: 2012-08-23
Need a powershell or Quest script to pull all the user accounts in the domain who has exchange permissions.

I have executed get-exchangeadminstrators | ft

It has returned me a list of groups.

Need to generate a detailed report with all the user information and level of access in Exchange.

Could you help with a script
0
Comment
Question by:AhmedAliShaik
  • 11
  • 11
  • 4
  • +1
28 Comments
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38290484
Look what i know is Exchange has "Built-in Role Groups" so you can check with their membership to understand who has what level of rights to Exchange

Built-in Role Groups
http://technet.microsoft.com/en-us/library/dd351266.aspx

- Rancy
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38290490
Ohk lets try this .... share your feedback

Get-RoleGroup (See if you get the list of default Built in groups)

Get-RoleGroup | Get-RoleGroupMember | FT

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38291496
Rancy

Is Get-RoleGroup works in exchange 2007.

I am getting the below error.

The term 'get-rolegroup' is not recognized as the name of a cmdlet, function, s
cript file, or operable program. Check the spelling of the name, or if a path w
as included, verify that the path is correct and try again.

Do we need to add any snappin or run in windows powershell.
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38292299
This isn't something that is for E2007, RBAC was first introduced in E2010.

Regards,
Exchange_Geek
0
 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 300 total points
ID: 38292349
check if this works for you

Get-DistributionGroup | %{
  $Group = where {$_ DisplayName -like "*Exchange*"}
  $Group | Get-DistributionGroupMember |
    Select-Object @{n='GroupName';e={ $Group.Name }}, DisplayName,
} | Export-CSV "<FileName>"

Regards,
Exchange_Geek
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 975 total points
ID: 38293251
Get-DistributionGroup | Get-DistributionGroupMember | where {$_ DisplayName -like "*Exchange*"} | FT Name, *Member* > Name.csv

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38293339
Hi Rancy  / Exchange Geek

This script will give me all the exchange admins but how to check what level of exchange persmission they have.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38293583
Look this will give you output of members of this Groups and thats how level of rights are determined with Exchange 2007 :)

- Rancy
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38293820
Once you have the details of which admin belongs to which group, read the following link to understand their level of rights / permissions / extent of power

Regards,
Exchange_Geek
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38294053
No luck Rancy , I have tried ur cmdlet.

Getting only
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38294060
What is the error or details you get .... did you also try command shared bu Exchange_Geek

- Rancy
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 38294080
Get-DistributionGroup | where {$_ DisplayName -like "*Exchange*"}  For-Each Get-DistributionGroupMember | FT Name,Member*

Regards,
Exchange_Geek
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38294291
For exchange geek previous cmd the error is
Get-DistributionGroupMember : Cannot bind argument to parameter 'Identity' because it is null.
 Current script error is

Where-Object : A positional parameter cannot be found that accepts argument 'For-Each'.

Rancy for your command i got only 4 users as output.
0
 
LVL 52

Accepted Solution

by:
Manpreet SIngh Khatra earned 975 total points
ID: 38294393
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

The above command wouldnt run as these are Security Groups :(

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38299556
Yes you are right Rancy these are security groups.

Getting the below error:

Organizational unit "Domain.com\Microsoft Exchange Security Groups" was not found. Please make sure you have typed it correctly.
At line:1 char:1
+  <<<< Get-Group -OrganizationalUnit "Domain.com\Microsoft Exchange Security Groups"  | where {$_.DisplayName -like "Exchange*"} | FL Name, Members
    + CategoryInfo          : NotSpecified: (:) [], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : B032788B

I went through AD structure and havent found the groups in the display but when i serach the groups i found they are located in the microsoft exchange security groups OU.
0
 
LVL 16

Assisted Solution

by:Rajitha Chimmani
Rajitha Chimmani earned 225 total points
ID: 38300080
Wrote a script using QAD cmdlets. You will have to install Power Quest Addin for this and add the PSSnapin (Add-PSSnapin quest.activeroles.admanagement).

$AdminDetails = @()
$Admins = Get-ExchangeAdministrator
foreach($Admin in $Admins){
$Details = Get-QADObject $Admin
if($Details.type -eq "Group"){
$Members = Get-QADGroupMember $Details.Name -Indirect
foreach($Member in $Members){
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Member.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Member.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
else{
$AdminObject = New-Object System.Object
$AdminObject | Add-Member -Name Name -Value $Details.Name -MemberType NoteProperty
$AdminObject | Add-Member -Name Type -Value $Details.Type -MemberType NoteProperty
$AdminObject | Add-Member -Name Role -Value $Admin.Role -MemberType NoteProperty
$AdminObject | Add-Member -Name Scope -Value $Admin.Scope -MemberType NoteProperty
$AdminDetails += $AdminObject
}
}
$AdminDetails | Export-Csv -Path "filepath" -NoTypeInformation
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38303082
The term Get-ExchangeAdministrator is not recognised as the name of the cmdlet,function or script or operable program.

We have a server with quest active roles installed. When i tried the script it is not recognising the Exchange cmdlet.

Rajitha please suggest.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38303090
AhmedAliShaik: The command you ran was incorrect.

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_ DisplayName -like "Exchange*"} | FL Name, Members

You ran with .... wrong slash between domain and MESG :(
Domain.com\Microsoft Exchange Security Groups

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38303184
Rancy it is quickly running without any errors but no output.

:)
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38303254
Just run this

Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38303266
Yes I am getting the below output Rancy.

Name                DisplayName         SamAccountName      GroupType
----                -----------         --------------      ---------
Exchange Servers                        Exchange Servers    Universal, Security
                                                            Enabled
Exchange Organizati                     Exchange Organizati Universal, Security
on Administrators                       on Administrators   Enabled
Exchange Recipient                      Exchange Recipient  Universal, Security
Administrators                          Administrators      Enabled
Exchange View-Only                      Exchange View-Only  Universal, Security
Administrators                          Administrators      Enabled
ExchangeLegacyInter                     ExchangeLegacyInter Universal, Security
op                                      op                  Enabled
Exchange Public Fol                     Exchange Public Fol Universal, Security
der Administrators                      der Administrators  Enabled
Exchange Trusted Su                     Exchange Trusted Su Universal, Security
bsystem                                 bsystem             Enabled

As the display name field is blank previous command ran and has not given any output.

I replaced Displayname with SamAccoutName but still getting the same output.

I checked manually and found there are many nested groups within each security group.
it will be very tough to do a manual job. Please simplify my task.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 975 total points
ID: 38303280
Get-Group -OrganizationalUnit "Domain.com/Microsoft Exchange Security Groups"  | where {$_. Name -like "Exchange*"} | FL Name, Members

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38303292
This works.

Getting names and  in members field getting ... after 10 characters.

And also ot is showing groups in the members filed.

Is there any way to get nested group members.
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38303305
Ideally if you see closely no other group should be a member but thats one way i know ... not quiet good at scripting :(
Seems a bit manual task need from u :)

- Rancy
0
 
LVL 2

Author Comment

by:AhmedAliShaik
ID: 38303314
I dont accept, without good @ scripting , how u have shared lot of logics  & many solutions to me.

I do accept from powershell we may not have the option for nested groups, but from QAD we can get.

Even i have not thought in ur way.

Any how friend we had good fight & explored many things.

Hope will continue the same.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 975 total points
ID: 38303336
Going off as too very tired ... once up will try to find something more and post to you if this doesn't helps :)

How to: Get Members of an Exchange Distribution List
http://msdn.microsoft.com/en-us/library/office/bb645998.aspx

http://gsexdev.blogspot.in/2010/06/enumerting-members-of-nested-group-with.html

Tips on Quest and Exchange Shell to Manage Groups and Group Members
http://smtpport25.wordpress.com/2010/07/19/tips-on-quest-and-exchange-shell-and-to-manage-groups-and-group-members/

- Rancy
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 38303656
AhmedAliShaik: You did mention in your first comment that you ran the command and received output. As it is an Exchange cmdlet and other part of script requires quest cmdlets, you need to have the quest snapin added to Exchange Management Shell.
0
 
LVL 2

Author Closing Comment

by:AhmedAliShaik
ID: 38325524
Thanks all.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question