Locate all mailboxes with a certain password

Hello Experts,

A couple of days ago, we "Inherited" a multi UPN Exchange 2010 environment (Complete with the accompanying DC and everything).

A short discussion with the previous Helpdesk Team let me into a horrifying fact, about 90% or so of all users have the same password!

I need a script that will run over the entire DC, and will try (Only once) to login into each mailbox with the password in question and will tell me which usersnames (And their respective email addresses) are using said password - exported into CSV. is that at all possible?
LVL 8
David SankovskySenior SysAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
The Exchange mailbox doesn't have a different password than the user account has, does it? So you can test by using a script that simply tries to map a drive to a common share.
for /f %a in (userlist.txt) do net use x: \\server\share /user:%a password && echo found>\\server\anothershare\%a.txt & net use x: /delete

Open in new window


This will create a textfile for each user that uses this password in \\server\anothershare\
0
David SankovskySenior SysAdminAuthor Commented:
Hi, McKnife, Thanks for your comment!
Well the passwords Are identical, but I do need it in to exported into a single CSV or Excel file which will include usernames and associated email addresses - not to mention I don't have a text file of all users.
Further, I don't have a share (Nor do I wish to open one) for all the users until I've fixed the issue at hand!
0
David SankovskySenior SysAdminAuthor Commented:
I've found something that might work, But I need help with getting it to run through ALL the users in the AD, and to output the username and the associated email address into CSV:
function Test-ADCredential {
    [CmdletBinding()]
    Param
    (
        [string]$UserName,
        [string]$Password
    )
    if (!($UserName) -or !($Password)) {
        Write-Warning 'Test-ADCredential: Please specify both user name and password'
    } else {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
        $DS.ValidateCredentials($UserName, $Password)
    }
}

Open in new window

0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Using the function you have, you could use this script from the Exchange Management Shell. Change the PWDtest variable to the password you're testing for.
$PWDtest = 'P@$$w0rd!'
function Test-ADCredential {
    [CmdletBinding()]
    Param
    (
        [string]$UserName,
        [string]$Password
    )
    if (!($UserName) -or !($Password)) {
        Write-Warning 'Test-ADCredential: Please specify both user name and password'
    } else {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
        $DS.ValidateCredentials($UserName, $Password)
    }
}



Get-User -ResultSize Unlimited | % {
    If(Test-ADCredential -UserName $_.SamAccountName -Password $PWDtest){
        $_ | Select SamAccountName,WindowsEmailAddress | Export-Csv C:\Results.csv -NoTypeInformation -Append
        }
    }

Open in new window

0
David SankovskySenior SysAdminAuthor Commented:
I tried Running the script And, well.. it sorta worked, but it threw an error on the append switch - and when I checked the documentation it really doesn't exists

ForEach-Object : A parameter cannot be found that matches parameter name 'Append'.
At C:\Users\gnsadmin\Desktop\Password.ps1:20 char:35
+ Get-User -ResultSize Unlimited | % <<<<  {
    + CategoryInfo          : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.ForEachObjectCommand

When I tried Running it without the Append switch, the CSV only returned one line

Any Ideas?
0
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Try this. Note, posting from my phone so I'm not sure if I have the lines right.
[code]
$PWDtest = 'P@$$w0rd!'
function Test-ADCredential {
    [CmdletBinding()]
    Param
    (
        [string]$UserName,
        [string]$Password
    )
    if (!($UserName) -or !($Password)) {
        Write-Warning 'Test-ADCredential: Please specify both user name and password'
    } else {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
        $DS.ValidateCredentials($UserName, $Password)
    }
}



Get-User -ResultSize Unlimited | % {
    If(Test-ADCredential -UserName $_.SamAccountName -Password $PWDtest){
        $_ | Select SamAccountName,WindowsEmailAddress
        }
    } | Export-Csv C:\Results.csv[/code]
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David SankovskySenior SysAdminAuthor Commented:
Worked like a charm. Thank you very much!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.