[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

send as permissions for the same user exchange 2007

Posted on 2014-07-13
10
Medium Priority
?
231 Views
Last Modified: 2014-08-03
Greetings all I have an issue and need assistance with. In our company we make it mandatory that users need to be explicitly added to send as permissions to even a user to send from its own mailbox. One of the challenges is we use a numeric value for the users logon EX: 12457 and the user has an alias for its email address. So for example a user could have the following


You pull this user up in the exchange tools by the email alias "John.Doe"  and his numeric AD logon that gets associated to his account for access is 12457. you go to view his send as access by right clicking and selecting send as permission. Here is what you get

NT/Authority-Self
94512
global-admins

Note: that the numeric logon 12457 is not present. I am trying to find all accounts with this problem and report to management and then come back later and add those numeric logons to the users send as access.  I did notice that the  samaccountname has this numeric value also.

Problem is when the accounts were setup originally one by one helpdesk missed this step with some of the users. What I am trying to do is print a report with those numeric logons not present on that user and or the exchange accounts missing that value. It would be nice to get something of the following.


users email alias         users numeric value       ispartofsendas
john.doe                           12457                                 false
mary.doe                          35427                                 false
jimmy.johnson                 21478                                 true


I started with this powershell command but cannot get the rest



get-content c:\temp\alias.csv | foreach {Get-ADPermission $_ }| where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)}
0
Comment
Question by:techdrive
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40193641
get-content c:\temp\alias.csv | foreach {Get-ADPermission $_ | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and  ($_.User -notlike “NT AUTHORITY\SELF”)}}

assume the alias.csv is all your username.
0
 

Author Comment

by:techdrive
ID: 40203592
sorry but it looks like you copied my command and just pasted this in. This does not work
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40203754
I remove the } after $_

and i test the command it works on mine.

if you worry, you should try the command in foreach

Get-ADPermission <replace with user> | ? {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and  ($_.User -notlike “NT AUTHORITY\SELF”)}  

to confirm this command works or not
if you cannot get the result you want, then get-content won't work

after you confirm the first part working, then revalidate with get-content

if not, i will try
get-mailbox <numeric> to see whether it found a mailbox

if it is good, then you can use the below

get-mailbox <numeric>  | Get-ADPermission | ? {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and  ($_.User -notlike “NT AUTHORITY\SELF”)}
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:techdrive
ID: 40204204
limjianan does your example list the columns that I wanted in my original post above. Please check that post.
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40204233
aa.. sorry .. let's try again

get-mailbox <username> | select-object `
@{Label="users email alias";Expression={$_.alias}},`
@{Label="users numeric value";Expression={$_.samaccountname}},`
@{Label="ispartofsendas";Expression={(get-mailbox $_  | Get-ADPermission | ? {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and  ($_.User -notlike “NT AUTHORITY\SELF”) | measure-object).count}}}
\\hopefully there is no syntax error as i am typing from home (without server access)

if 0 means false
if 1 means true

(mailbox alias)              *mailbox samaccoutname     *your sendas right*
users email alias         users numeric value       ispartofsendas
john.doe                           12457                                 0
mary.doe                          35427                                 1
jimmy.johnson                 21478                                 1
0
 

Author Comment

by:techdrive
ID: 40204796
thank you sir will try it in a moment.
0
 

Author Comment

by:techdrive
ID: 40205683
I am getting errors when using this code.
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40205914
what is your error?
0
 

Author Comment

by:techdrive
ID: 40220125
I tried this by adding a bracket and then removed it. It is still not working and sorry for taking so long.

[PS] C:\temp>.\mailboxstater.ps1
At C:\temp\mailboxstater.ps1:4 char:78
+ @{Label="ispartofsendas";Expression={(get-mailbox $_  | Get-ADPermission | ? {($ ...
+                                                                              ~
Missing closing '}' in statement block.
At C:\temp\mailboxstater.ps1:4 char:220
+ ... object).count}}}
+                    ~
Unexpected token '}' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : MissingEndCurlyBrace

[PS] C:\temp>.\mailboxstater.ps1
At C:\temp\mailboxstater.ps1:4 char:78
+ @{Label="ispartofsendas";Expression={(get-mailbox $_  | Get-ADPermission | ? {($ ...
+                                                                              ~
Missing closing '}' in statement block.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : MissingEndCurlyBrace
0
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 40231064
Okay, i miss a } before the where command so this will definitely work accordingly.

let me know




get-mailbox <username> | select-object `
@{Label="users email alias";Expression={$_.alias}},`
@{Label="users numeric value";Expression={$_.samaccountname}},`
@{Label="ispartofsendas";`
Expression={(get-mailbox $_  | Get-ADPermission | `
? {($_.ExtendedRights -like “*Send-As*”) -and `
($_.IsInherited -eq $false) -and `
($_.User -notlike “NT AUTHORITY\SELF”)} | `
measure-object).count}}
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question