• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 64
  • Last Modified:

List users in Shared Account (Exchange 2013)

I have been looking for a way, in the exchange command shell, to list users in a shared group. Having it convert to a csv is a bonus. Getting directions on doing one shared group at a time and all shared groups at one time would be great. I know how to list just shared groups, but not the members within it. That is what I need.  

I found a forum where you can write up a PS Script but I am not that savvy with power shell. I am a beginner.
0
Erik Townsend
Asked:
Erik Townsend
  • 7
  • 6
2 Solutions
 
SubsunCommented:
I am not that clear about the question...

What is shared group?
If it's a distribution group then you can use Get-DistributionGroupMember, Following is the example..
Get-DistributionGroup GroupA | Get-DistributionGroupMember -ResultSize Unlimited | Select DisplayName,PrimarySmtpAddress | Export-CSV C:\Group.csv -nti

Open in new window


If it's a shared mailbox and you need a list of users who has full access to it then use Get-MailboxPermission ..
Get-MailboxPermission MailboxName |?{$_.AccessRights -like "*Fullaccess*"} | Select User,{$_.AccessRights}  | Export-CSV C:\MailboxName.csv -nti

Open in new window

0
 
Erik TownsendAuthor Commented:
I can use this to get a list of just the shared groups: Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv

That works great. What I need is a csv with a list of who is in each shared group.

example:
Accounting
Erik Townsend
Jack Bean

Like that. I am not sure how else to explain it. I hope that was helpful.
0
 
Erik TownsendAuthor Commented:
Yes. Thank you for being patient. That is what I mean.

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }

The above seems to work, but I can not get it to convert to a .csv. Plus on the powershell, the name for all the shared mailboxes just says,"NT AUTHORUTY\SYSTEM" instead of the name like accountspayable. I believe it is listing them in order so I can manually type in the names if I have too.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
SubsunCommented:
That works great. What I need is a csv with a list of who is in each shared group
I understand by shared group you mean a shared mailbox.

So 'with a list of who is in each shared group' You mean, you need a list of users who has full access to the shared mailbox?
If yes, try following code and see if you get the results as expected.

Get-Recipient -RecipientTypeDetails SharedMailbox | Select Name,Manager,@{N="Users";E={(Get-MailboxPermission $_.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}|Select -exp User) -join ","}} | Export-csv C:\report.csv -nti

Open in new window

0
 
Erik TownsendAuthor Commented:
I used this to list the shared mailboxes to a csv:
Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv

This worked as well.
0
 
Erik TownsendAuthor Commented:
I tried using: Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" } | ft Name,Manager >C:\temp\shared.csv

I thought the columns would be mislabeled but it would still show the results I am looking for. Instead it did create a csv but only had the headers for two columns but none of the other information. Ideas?
0
 
Todd NelsonSystems EngineerCommented:
And what happens when you modify the command slightly?

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" } | Export-Csv C:\temp\shared.csv -notype

Open in new window


FYI ... Piping the console output really doesn't create a useful CSV file.
1
 
SubsunCommented:
Did you try the command which I posted? Is it not giving the list of users who has full permission including the name of share account and the Manager?
0
 
SubsunCommented:
To get the display names of users instead of ,"Domain\user" format, use the following code..
$Mailbox = Get-Recipient -RecipientTypeDetails SharedMailbox
$(Foreach ($Mbx in $Mailbox){
Write-Host "Working on $($Mbx.Name)"
$Users = Get-MailboxPermission $Mbx.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}
New-Object PSobject -Property @{
 Name = $Mbx.Name
 Manager = $Mbx.Manager
 Users = ($Users | %{Try{$User = $_.User;Get-Recipient $User -ea STOP | Select -exp DisplayName}Catch{($User -split "\\")[1]}}) -join ","
}
})| Export-csv C:\Report.csv -nti

Open in new window

Let me know if you get any issue with script..
0
 
Erik TownsendAuthor Commented:
Subsun and Todd, Thank you for all your insight. I have what I need.
0
 
Erik TownsendAuthor Commented:
Thanks a lot. I can take that spread sheet and slightly tweak it for use.
0
 
SubsunCommented:
FYI, The answer you selected will not show you, for which shared mailbox the permissions belongs to..

My script will show the result like following screenshot (If you open the result csv file in excel), so you know the permission related to each mailbox. Get result of all shared mailbox in once result file..
Untitled.jpg
1
 
Erik TownsendAuthor Commented:
Sabsun, I will play around with yours because now they want both Full Access vs Send As lists. But I am going to work on that sometime Wednesday.
0
 
SubsunCommented:
I had answered similar question few days back with Send-as and full mailbox permission, check it out..

https://www.experts-exchange.com/questions/28968408/Powershell-to-get-shared-mailboxes-permissions.html

BTW, I can see you are new to EE, if you don't know how to accept multiple responses, this EE support article explains it: :-)
http://support.experts-exchange.com/customer/portal/articles/608596-how-do-i-accept-multiple-comments-as-my-solution-?b_id=44
1

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now