WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
List users in Shared Account (Exchange 2013)
I have been looking for a way, in the exchange command shell, to list users in a shared group. Having it convert to a csv is a bonus. Getting directions on doing one shared group at a time and all shared groups at one time would be great. I know how to list just shared groups, but not the members within it. That is what I need.
I found a forum where you can write up a PS Script but I am not that savvy with power shell. I am a beginner.
I found a forum where you can write up a PS Script but I am not that savvy with power shell. I am a beginner.
Who is Participating?
I am not that clear about the question...
What is shared group?
If it's a distribution group then you can use Get-DistributionGroupMembe
If it's a shared mailbox and you need a list of users who has full access to it then use Get-MailboxPermission ..
What is shared group?
If it's a distribution group then you can use Get-DistributionGroupMembe
Get-DistributionGroup GroupA | Get-DistributionGroupMember -ResultSize Unlimited | Select DisplayName,PrimarySmtpAddress | Export-CSV C:\Group.csv -nti
If it's a shared mailbox and you need a list of users who has full access to it then use Get-MailboxPermission ..
Get-MailboxPermission MailboxName |?{$_.AccessRights -like "*Fullaccess*"} | Select User,{$_.AccessRights} | Export-CSV C:\MailboxName.csv -nti
I can use this to get a list of just the shared groups: Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv
That works great. What I need is a csv with a list of who is in each shared group.
example:
Accounting
Erik Townsend
Jack Bean
Like that. I am not sure how else to explain it. I hope that was helpful.
That works great. What I need is a csv with a list of who is in each shared group.
example:
Accounting
Erik Townsend
Jack Bean
Like that. I am not sure how else to explain it. I hope that was helpful.
Yes. Thank you for being patient. That is what I mean.
Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }
The above seems to work, but I can not get it to convert to a .csv. Plus on the powershell, the name for all the shared mailboxes just says,"NT AUTHORUTY\SYSTEM" instead of the name like accountspayable. I believe it is listing them in order so I can manually type in the names if I have too.
Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }
The above seems to work, but I can not get it to convert to a .csv. Plus on the powershell, the name for all the shared mailboxes just says,"NT AUTHORUTY\SYSTEM" instead of the name like accountspayable. I believe it is listing them in order so I can manually type in the names if I have too.
That works great. What I need is a csv with a list of who is in each shared groupI understand by shared group you mean a shared mailbox.
So 'with a list of who is in each shared group' You mean, you need a list of users who has full access to the shared mailbox?
If yes, try following code and see if you get the results as expected.
Get-Recipient -RecipientTypeDetails SharedMailbox | Select Name,Manager,@{N="Users";E={(Get-MailboxPermission $_.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}|Select -exp User) -join ","}} | Export-csv C:\report.csv -nti
I used this to list the shared mailboxes to a csv:
Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv
This worked as well.
Get-Recipient -Resultsize unlimited | where {$_.RecipientTypeDetails -eq "SharedMailbox"} | ft Name,Manager >C:\temp\shared.csv
This worked as well.
I tried using: Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" } | ft Name,Manager >C:\temp\shared.csv
I thought the columns would be mislabeled but it would still show the results I am looking for. Instead it did create a csv but only had the headers for two columns but none of the other information. Ideas?
I thought the columns would be mislabeled but it would still show the results I am looking for. Instead it did create a csv but only had the headers for two columns but none of the other information. Ideas?
Did you try the command which I posted? Is it not giving the list of users who has full permission including the name of share account and the Manager?
To get the display names of users instead of ,"Domain\user" format, use the following code..
$Mailbox = Get-Recipient -RecipientTypeDetails SharedMailbox
$(Foreach ($Mbx in $Mailbox){
Write-Host "Working on $($Mbx.Name)"
$Users = Get-MailboxPermission $Mbx.Name |?{$_.AccessRights -like "*Fullaccess*"} | ?{$_.User -notmatch "SYSTEM|SELF|^S-1-5"}
New-Object PSobject -Property @{
Name = $Mbx.Name
Manager = $Mbx.Manager
Users = ($Users | %{Try{$User = $_.User;Get-Recipient $User -ea STOP | Select -exp DisplayName}Catch{($User -split "\\")[1]}}) -join ","
}
})| Export-csv C:\Report.csv -nti
FYI, The answer you selected will not show you, for which shared mailbox the permissions belongs to..
My script will show the result like following screenshot (If you open the result csv file in excel), so you know the permission related to each mailbox. Get result of all shared mailbox in once result file..
My script will show the result like following screenshot (If you open the result csv file in excel), so you know the permission related to each mailbox. Get result of all shared mailbox in once result file..
Sabsun, I will play around with yours because now they want both Full Access vs Send As lists. But I am going to work on that sometime Wednesday.
I had answered similar question few days back with Send-as and full mailbox permission, check it out..
https://www.experts-exchange.com/questions/28968408/Powershell-to-get-shared-mailboxes-permissions.html
BTW, I can see you are new to EE, if you don't know how to accept multiple responses, this EE support article explains it: :-)
http://support.experts-exchange.com/customer/portal/articles/608596-how-do-i-accept-multiple-comments-as-my-solution-?b_id=44
https://www.experts-exchange.com/questions/28968408/Powershell-to-get-shared-mailboxes-permissions.html
BTW, I can see you are new to EE, if you don't know how to accept multiple responses, this EE support article explains it: :-)
http://support.experts-exchange.com/customer/portal/articles/608596-how-do-i-accept-multiple-comments-as-my-solution-?b_id=44
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month7 days, 10 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
Open in new window
FYI ... Piping the console output really doesn't create a useful CSV file.