Solved

Find mailboxes in Exchange that have disabled users.

Posted on 2015-02-20
24
868 Views
Last Modified: 2015-02-24
I need to find a Exchange Mangement Shell command to find all the mailboxes that have disabled users.  The only thing i have found comes up with an empty result set, that I know should have at least 1 entry.  This is what I have so far:

$mailboxlist = Get-Mailbox -ResultSize Unlimited | ? {$_.UserAccountControl -match “AccountDisabled” -and $_.isLinked -match “false” -and $_.isResource -match “false”}
0
Comment
Question by:tommy porter
  • 12
  • 11
24 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 40621591
Though it is no good style, it still works (for me). But you should not use -match for boolean values, it is better to write:
$mailboxlist = Get-Mailbox -ResultSize Unlimited |
  ? { $_.UserAccountControl -match “AccountDisabled” -and !$_.isLinked -and !$_.isResource }

Open in new window

0
 

Author Comment

by:tommy porter
ID: 40621859
That did not work.  All it does is CR to the next line with no output.  thanks for the attempt, though

exchange server 2010
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40621866
Of course it does "nothing". The result is in the var. Did you check the var's content?
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:tommy porter
ID: 40621935
Then, I don't know where to look.  Could you elaborate?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40621943
For testing, use
Get-Mailbox -ResultSize Unlimited |
  ? { $_.UserAccountControl -match “AccountDisabled” -and !$_.isLinked -and !$_.isResource }

Open in new window

Otherwise, $mailboxlist contains the results. You can type that in directly on the command prompt to see its value.
0
 

Author Comment

by:tommy porter
ID: 40622182
I am definitely missing something. I can't seem to get it to work.  Either i am not using it correctly or not looking in the right spot.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40622195
What does this display?
Get-Mailbox -ResultSize Unlimited | ft -a Identity, UserAccountControl, isLinked, isResource

Open in new window

0
 

Author Comment

by:tommy porter
ID: 40622199
Something similar to this.
Capture.PNG
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40622224
UserAccountControl is empty? Test
   Get-Mailbox | gm u*
it should list UserAccountControl as a property.
0
 
LVL 17

Expert Comment

by:Viral Rathod
ID: 40622725
Get-Mailbox | ?{$_.ExchangeUserAccountControl -eq 'AccountDisabled'} | ft Name,Database,ExchangeUserAccountControl |Out-File "c:\path.txt"
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40623038
Viral,

very, very bad style to use ft | out-file. Unless for very specific cases, where formatting needs to be exactly that way.

But you are correct, that seems to have changed. In MSX 2007 UserAccountControl works. Online doc for 2010/2013 tells different, though (https://msdn.microsoft.com/de-de/library/microsoft.exchange.data.directory.management.mailbox.exchangeuseraccountcontrol(v=exchg.150).aspx).


So the correct command should be
$mailboxlist = Get-Mailbox -ResultSize Unlimited |
  ? { $_.ExchangeUserAccountControl -match “AccountDisabled” -and !$_.isLinked -and !$_.isResource }

Open in new window

0
 

Author Comment

by:tommy porter
ID: 40626538
I ran:

UserAccountControl is empty? Test
   Get-Mailbox | gm u*
it should list UserAccountControl as a property.

and Got:

TypeName: Microsoft.Exchange.Data.Directory.Management.Mailbox

Name                         MemberType Definition
----                         ---------- ----------
UMDtmfMap                    Property   Microsoft.Exchange.Data.MultiValuedProperty`1[[System.String, mscorlib, Vers...
UMEnabled                    Property   System.Boolean UMEnabled {get;}
UsageLocation                Property   Microsoft.Exchange.Data.Directory.CountryInfo UsageLocation {get;set;}
UseDatabaseQuotaDefaults     Property   System.Nullable`1[[System.Boolean, mscorlib, Version=2.0.0.0, Culture=neutra...
UseDatabaseRetentionDefaults Property   System.Boolean UseDatabaseRetentionDefaults {get;set;}
UserCertificate              Property   Microsoft.Exchange.Data.MultiValuedProperty`1[[System.Byte[], mscorlib, Vers...
UserPrincipalName            Property   System.String UserPrincipalName {get;set;}
UserSMimeCertificate         Property   Microsoft.Exchange.Data.MultiValuedProperty`1[[System.Byte[], mscorlib, Vers...
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626620
See code in http:#a40623038
0
 

Author Comment

by:tommy porter
ID: 40626627
that get's me:


Name                      Alias                ServerName       ProhibitSendQuota                                      
----                      -----                ----------       -----------------                                      
DiscoverySearchMailbox... DiscoverySearchMa... xxxxxxxx         50 GB (53,687,091,200 bytes)
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626646
Sounds like a hit!
0
 

Author Comment

by:tommy porter
ID: 40626656
Ok, that really doesn't tell me what I want to know, or I am mis-interpreting the data.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626672
Obviously the Discovery...  mailbox is the only one being disabled, not linked and not a resource?!
0
 

Author Comment

by:tommy porter
ID: 40626739
I think the issue may be that the UserAccountControl property isn't populated, how do i change that?  it would make sense that it can't find any to match ? { $_.ExchangeUserAccountControl -match “AccountDisabled" if it doesn't exist anywhere.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626812
UserAccountControl has been populated with my Exchange. ExchangeUserAccountControl is the correct one, according to the doc. And you got one record by using it in the condition.  IMO the result shown is plausible.
0
 

Author Comment

by:tommy porter
ID: 40626827
I know that there is at least one user (not any shown) that has a disabled user account through ad but still has a mailbox.  I am using that as my baseline for my search.  Until that user pulls up in the result set, I know that I am not looking at or in the right spot or information.  

On looking at this result set, (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_28621197.html#a40622199) it would be logical to assume that I should see that field populated, however it isn't.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626911
Again, it is expected that ExchangeUserAccountControl is filled, so test
Get-Mailbox -ResultSize Unlimited | ft -a Identity, UserAccountControl, ExchangeUserAccountControl, isLinked, isResource

Open in new window

now. One of both columns should contain the AccountDisabled value.
0
 

Author Comment

by:tommy porter
ID: 40626917
I think we are on the same page, I don't have any values for the UserAccountContorl field.  That is where the issue lies.  Working on getting that populated.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40626924
That field does not exist for you. That is why we try to tell you to look at ExchangeUserAccountControl. Did you?
0
 

Author Comment

by:tommy porter
ID: 40629236
I get some data returned, but not what I am looking for.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question