asked on

Locate all mailboxes with a certain password

Hello Experts,

A couple of days ago, we "Inherited" a multi UPN Exchange 2010 environment (Complete with the accompanying DC and everything).

A short discussion with the previous Helpdesk Team let me into a horrifying fact, about 90% or so of all users have the same password!

I need a script that will run over the entire DC, and will try (Only once) to login into each mailbox with the password in question and will tell me which usersnames (And their respective email addresses) are using said password - exported into CSV. is that at all possible?

McKnife

The Exchange mailbox doesn't have a different password than the user account has, does it? So you can test by using a script that simply tries to map a drive to a common share.

for /f %a in (userlist.txt) do net use x: \\server\share /user:%a password && echo found>\\server\anothershare\%a.txt & net use x: /delete

Open in new window

This will create a textfile for each user that uses this password in \\server\anothershare\

David Sankovsky

ASKER

Hi, McKnife, Thanks for your comment!
Well the passwords Are identical, but I do need it in to exported into a single CSV or Excel file which will include usernames and associated email addresses - not to mention I don't have a text file of all users.
Further, I don't have a share (Nor do I wish to open one) for all the users until I've fixed the issue at hand!

David Sankovsky

ASKER

I've found something that might work, But I need help with getting it to run through ALL the users in the AD, and to output the username and the associated email address into CSV:

function Test-ADCredential {
    [CmdletBinding()]
    Param
    (
        [string]$UserName,
        [string]$Password
    )
    if (!($UserName) -or !($Password)) {
        Write-Warning 'Test-ADCredential: Please specify both user name and password'
    } else {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
        $DS.ValidateCredentials($UserName, $Password)
    }
}

Open in new window

Jeremy Weisinger

Using the function you have, you could use this script from the Exchange Management Shell. Change the PWDtest variable to the password you're testing for.

$PWDtest = 'P@$$w0rd!'
function Test-ADCredential {
    [CmdletBinding()]
    Param
    (
        [string]$UserName,
        [string]$Password
    )
    if (!($UserName) -or !($Password)) {
        Write-Warning 'Test-ADCredential: Please specify both user name and password'
    } else {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain')
        $DS.ValidateCredentials($UserName, $Password)
    }
}



Get-User -ResultSize Unlimited | % {
    If(Test-ADCredential -UserName $_.SamAccountName -Password $PWDtest){
        $_ | Select SamAccountName,WindowsEmailAddress | Export-Csv C:\Results.csv -NoTypeInformation -Append
        }
    }

Open in new window

David Sankovsky

ASKER

I tried Running the script And, well.. it sorta worked, but it threw an error on the append switch - and when I checked the documentation it really doesn't exists

ForEach-Object : A parameter cannot be found that matches parameter name 'Append'.
At C:\Users\gnsadmin\Desktop\Password.ps1:20 char:35
+ Get-User -ResultSize Unlimited | % <<<< {
+ CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.ForEachObjectCommand

When I tried Running it without the Append switch, the CSV only returned one line

Any Ideas?

ASKER CERTIFIED SOLUTION

Jeremy Weisinger

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

David Sankovsky

ASKER

Worked like a charm. Thank you very much!