Solved

List users in Shared Account (Exchange 2013)

Posted on 2016-09-26
15
50 Views
Last Modified: 2016-10-07
I have been looking for a way, in the exchange command shell, to list users in a shared group. Having it convert to a csv is a bonus. Getting directions on doing one shared group at a time and all shared groups at one time would be great. I know how to list just shared groups, but not the members within it. That is what I need.  

I found a forum where you can write up a PS Script but I am not that savvy with power shell. I am a beginner.
0
Comment
Question by:Erik Townsend
  • 7
  • 6
15 Comments
 
LVL 40

Assisted Solution

by:Subsun
Subsun earned 250 total points
ID: 41816354
I am not that clear about the question...

What is shared group?
If it's a distribution group then you can use Get-DistributionGroupMember, Following is the example..
Get-DistributionGroup GroupA | Get-DistributionGroupMember -ResultSize Unlimited | Select DisplayName,PrimarySmtpAddress | Export-CSV C:\Group.csv -nti

Open in new window


If it's a shared mailbox and you need a list of users who has full access to it then use Get-MailboxPermission ..
Get-MailboxPermission MailboxName |?{$_.AccessRights -like "*Fullaccess*"} | Select User,{$_.AccessRights}  | Export-CSV C:\MailboxName.csv -nti

Open in new window

0
 

Author Comment

by:Erik Townsend
ID: 41816405
I can use this to get a list of just the shared groups: Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv

That works great. What I need is a csv with a list of who is in each shared group.

example:
Accounting
Erik Townsend
Jack Bean

Like that. I am not sure how else to explain it. I hope that was helpful.
0
 

Author Comment

by:Erik Townsend
ID: 41816429
Yes. Thank you for being patient. That is what I mean.

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }

The above seems to work, but I can not get it to convert to a .csv. Plus on the powershell, the name for all the shared mailboxes just says,"NT AUTHORUTY\SYSTEM" instead of the name like accountspayable. I believe it is listing them in order so I can manually type in the names if I have too.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 40

Expert Comment

by:Subsun
ID: 41816431
That works great. What I need is a csv with a list of who is in each shared group
I understand by shared group you mean a shared mailbox.

So 'with a list of who is in each shared group' You mean, you need a list of users who has full access to the shared mailbox?
If yes, try following code and see if you get the results as expected.

Get-Recipient -RecipientTypeDetails SharedMailbox | Select Name,Manager,@{N="Users";E={(Get-MailboxPermission $_.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}|Select -exp User) -join ","}} | Export-csv C:\report.csv -nti

Open in new window

0
 

Author Comment

by:Erik Townsend
ID: 41816445
I used this to list the shared mailboxes to a csv:
Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv

This worked as well.
0
 

Author Comment

by:Erik Townsend
ID: 41816453
I tried using: Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" } | ft Name,Manager >C:\temp\shared.csv

I thought the columns would be mislabeled but it would still show the results I am looking for. Instead it did create a csv but only had the headers for two columns but none of the other information. Ideas?
0
 
LVL 15

Accepted Solution

by:
Todd Nelson earned 250 total points
ID: 41816461
And what happens when you modify the command slightly?

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" } | Export-Csv C:\temp\shared.csv -notype

Open in new window


FYI ... Piping the console output really doesn't create a useful CSV file.
1
 
LVL 40

Expert Comment

by:Subsun
ID: 41816469
Did you try the command which I posted? Is it not giving the list of users who has full permission including the name of share account and the Manager?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41816480
To get the display names of users instead of ,"Domain\user" format, use the following code..
$Mailbox = Get-Recipient -RecipientTypeDetails SharedMailbox
$(Foreach ($Mbx in $Mailbox){
Write-Host "Working on $($Mbx.Name)"
$Users = Get-MailboxPermission $Mbx.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}
New-Object PSobject -Property @{
 Name = $Mbx.Name
 Manager = $Mbx.Manager
 Users = ($Users | %{Try{$User = $_.User;Get-Recipient $User -ea STOP | Select -exp DisplayName}Catch{($User -split "\\")[1]}}) -join ","
}
})| Export-csv C:\Report.csv -nti

Open in new window

Let me know if you get any issue with script..
0
 

Author Comment

by:Erik Townsend
ID: 41816542
Subsun and Todd, Thank you for all your insight. I have what I need.
0
 

Author Comment

by:Erik Townsend
ID: 41816546
Thanks a lot. I can take that spread sheet and slightly tweak it for use.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41816552
FYI, The answer you selected will not show you, for which shared mailbox the permissions belongs to..

My script will show the result like following screenshot (If you open the result csv file in excel), so you know the permission related to each mailbox. Get result of all shared mailbox in once result file..
Untitled.jpg
1
 

Author Comment

by:Erik Townsend
ID: 41816659
Sabsun, I will play around with yours because now they want both Full Access vs Send As lists. But I am going to work on that sometime Wednesday.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41816705
I had answered similar question few days back with Send-as and full mailbox permission, check it out..

https://www.experts-exchange.com/questions/28968408/Powershell-to-get-shared-mailboxes-permissions.html

BTW, I can see you are new to EE, if you don't know how to accept multiple responses, this EE support article explains it: :-)
http://support.experts-exchange.com/customer/portal/articles/608596-how-do-i-accept-multiple-comments-as-my-solution-?b_id=44
1

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question