timgreen7077
asked on
Exchange Shell Scripting
We have alot of shared mailboxes, and all these mailboxes sit on the same mailbox database. Some of the mailboxes have multiple users with full manage access given via exchange, but some of the mailboxes only have just one user with full manage access given via exchange. The purpose of the shared mailboxes was so that 2 or more users would be granted access and not just a single user. Is there a script or cmdlet available to assist me in getting all shared mailboxes on the shared mailbox db that has only one user with full manage access instead of 2 or more?
ASKER
This is the script I attempt to use but it continues to give an error:
Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in Get-Mailbox) | {Get-MailboxPermission $mailbox | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\output\FullMailboxAcce ssPermissi ons.csv"
This is the error:
Unexpected token 'in' in expression or statement.
At line:1 char:95
+ Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in <<<< Get-Mailbox) | {Get-MailboxPermission $mailbox
| Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -pat
h "c:\output\FullMailboxAcce ssPermissi ons.csv"
+ CategoryInfo : ParserError: (in:String) [], ParentContainsErrorRecordE xception
+ FullyQualifiedErrorId : UnexpectedToken
Let me know what you think.
Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in Get-Mailbox) | {Get-MailboxPermission $mailbox | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\output\FullMailboxAcce
This is the error:
Unexpected token 'in' in expression or statement.
At line:1 char:95
+ Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in <<<< Get-Mailbox) | {Get-MailboxPermission $mailbox
| Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -pat
h "c:\output\FullMailboxAcce
+ CategoryInfo : ParserError: (in:String) [], ParentContainsErrorRecordE
+ FullyQualifiedErrorId : UnexpectedToken
Let me know what you think.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep you are correct since I don't have PS3 it only return 1 result. Can you script this with Exchange Management Shell with PS 2.0?
ASKER
This script got it working thanks for all your help and suggestions:
Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | Get-
MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -
eq $false} | Select Identity,User,@{Name='Acce ss Rights';Expression={[strin g]::join(' , ',
$_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | Get-
MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -
eq $false} | Select Identity,User,@{Name='Acce
$_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
First you need to identify all those shared mailboxes. Are the set-up as that type? If so, this should find them:
Open in new window
The next step is to get the permissions for each of those mailboxes. Start off with one of them, something you already know about, or just the first in the list. This will let us construct the filter which lets you find what you want.Open in new window
So this is where I need your help. You are likely to find you get more than manually added users there. You may also see something like IsInherited in the result. Do you?The goal is to get down to a list of permissions that have been explicitly assigned to that mailbox. If we can get that all we need do is count them to figure out whether or not you're interested in that mailbox or not.
Please let me know how you get on.
Chris