Powershell - Disabled Users Mailbox Query

ITguy565
ITguy565 used Ask the Experts™
on
Experts

I am looking for a powershell script to do the following:

Give me a list of all my Disabled Users and Whether they have exchange accounts with active Mailboxes. If Mailbox is found list users with full access permissions as well as last accessed date.

  • Name
  • SamAccountName
  • E-Mail Address
  • If a Mailbox is Found on Exchange Server
  • Object Class
  • List anyone who has Full Access to the Mailbox : (User1,User2,User3,User4 …. )
  • Last Access Date

Here is what I have so Far..

#Get all Disabled Mailboxes
$dmbx = get-aduser -properties * -filter *|? {$_.Enabled -like $False}

#Filter Conference Rooms Out
##$out = $dmbx | ? (({$_.msExchResourceDisplay -notlike "*Room*"}) -AND ($_.Name -notlike "*SystemMailbox*") -AND ($_.Name -notlike "*FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042*"))
#Filter Arbritation mailbox

#$arbitrationMailbox = "SystemMailbox{1f05a927-eff8-48f7-8c97-6fab4bd8b50b}","SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}","FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042"


#Filters
#filter Room
$Filter = $dmbx | ? {$_.msExchResourceDisplay -notlike "*Room*"}
#Filter Arbitration Mailboxes
$Filter = $Filter | ? { ($_.Name -notlike "*SystemMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*DiscoverySearchMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*FederatedEmail*") }

#MailEnabled
$filteredMailEnabled = $Filter | Select Name, SamaccountName, mail

$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailBoxFound -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name ObjectClass -value ""

#determine if Mailbox Exists
foreach ($n in $filteredMailEnabled){
    try {
        write-host "Processing .... $($n.name)"
    $n.mailboxFound = if (get-mailbox $($n.name)){"True"}else {"False"}
    $n.ObjectClass = "$((get-mailboxstatistics $($n.name)).objectclass)"
    write-host "    Processing Completed"
    }catch{
        write-host "    $($n.Name) Object Not Found"
    }

}
#Filter Only if Mailbox Exists in a database
$MailboxExistsUserDisabled = $filteredMailEnabled|? {$_.mailboxFound -eq "True"}

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Experts, I was able to come up with a solution for this on my own.. On the off chance it will assist another person, here is the script I came up with:

$ExchangeServer = "ServerName"


Function ServerPermissions($servername){
    Get-Mailbox -Server $servername  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select @{Name = "Identity"; expression = { ($_.Identity -split "/")[-1] } }, User
}

#Get all Disabled Mailboxes
$dmbx = get-aduser -properties * -filter * | ? { $_.Enabled -like $False }

#Filter Conference Rooms Out

#Filters
#filter Room
$Filter = $dmbx | ? { $_.msExchResourceDisplay -notlike "*Room*" }
#Filter Arbitration Mailboxes
$Filter = $Filter | ? { ($_.Name -notlike "*SystemMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*DiscoverySearchMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*FederatedEmail*") }

#MailEnabled
$filteredMailEnabled = $Filter | Select Name, SamaccountName, mail

$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailBoxFound -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name ObjectClass -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name FullAccess -value ""
#$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailboxLastAccessed -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name TotalItemSize -value ""

#Get Results of users with FullPermissions
$fullpermissions = ServerPermissions -servername $ExchangeServer

#determine if Mailbox Exists
foreach ($n in $filteredMailEnabled) {
    try {
        write-host "Processing .... $($n.name)"
        $n.mailboxFound = if (get-mailbox $($n.name)) { "True" }else { "False" }
            if ($n.mailboxFound -eq "True"){
               $n.FullAccess = if ($fullpermissions|? {$_.Identity -like "$($n.name)"}){"$(($fullpermissions|? {$_.identity -like "*$($n.name)*"}).User -join ", ")"}
               #$n.MailboxLastAccessed = ""
               $n.TotalItemSize = ($($n.mail)|select -first 1|get-mailbox|Get-MailboxStatistics).Totalitemsize
            }
        $n.ObjectClass = "$((get-mailboxstatistics $($n.name)).objectclass)"
        write-host "    Processing Completed"
    }
    catch {
        write-host "    $($n.Name) Object Not Found"
    }
}

#Show All DisableduserMailboxes
$FullAccessReport = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize



#Show only Users that meet Criteria and have Full Access Permission Granted to another individual
$FullAccessReport_OnlyFA = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | ? { (($_.Fullaccess) -gt 1) } | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize


$FullAccessReport|Export-Csv -Path c:\DisabledMailboxReport.csv -NoTypeInformation
$FullAccessReport_OnlyFA | Export-Csv -Path c:\DisabledMailboxReport1.csv -NoTypeInformation

Open in new window

$ExchangeServer = "ServerName"


Function ServerPermissions($servername){
    Get-Mailbox -Server $servername  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select @{Name = "Identity"; expression = { ($_.Identity -split "/")[-1] } }, User
}



Get-Mailbox -Server $servername  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select @{Name = "Identity"; expression = { ($_.Identity -split "/")[-1] } }, User
@{Name = "FullAccess"; expression = { (($_.User).User).split("\")[-1] }}
(($_).User).split("\")[-1]



#Get all Disabled Mailboxes
$dmbx = get-aduser -properties * -filter * | ? { $_.Enabled -like $False }

#Filter Conference Rooms Out

#Filters
#filter Room
$Filter = $dmbx | ? { $_.msExchResourceDisplay -notlike "*Room*" }
#Filter Arbitration Mailboxes
$Filter = $Filter | ? { ($_.Name -notlike "*SystemMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*DiscoverySearchMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*FederatedEmail*") }

#MailEnabled
$filteredMailEnabled = $Filter | Select Name, SamaccountName, mail

$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailBoxFound -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name ObjectClass -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name FullAccess -value ""
#$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailboxLastAccessed -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name TotalItemSize -value ""

#Get Results of users with FullPermissions
$fullpermissions = ServerPermissions -servername $ExchangeServer

#determine if Mailbox Exists
foreach ($n in $filteredMailEnabled) {
    try {
        write-host "Processing .... $($n.name)"
        $n.mailboxFound = if (get-mailbox $($n.name)) { "True" }else { "False" }
            if ($n.mailboxFound -eq "True"){
               $n.FullAccess = if ($fullpermissions|? {$_.Identity -like "$($n.name)"}){"$(($fullpermissions|? {$_.identity -like "*$($n.name)*"}).User -join ", ")"}
               #$n.MailboxLastAccessed = ""
               $n.TotalItemSize = ($($n.mail)|select -first 1|get-mailbox|Get-MailboxStatistics).Totalitemsize
            }
        $n.ObjectClass = "$((get-mailboxstatistics $($n.name)).objectclass)"
        write-host "    Processing Completed"
    }
    catch {
        write-host "    $($n.Name) Object Not Found"
    }
}

#Show All DisableduserMailboxes
$FullAccessReport = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize



#Show only Users that meet Criteria and have Full Access Permission Granted to another individual
$FullAccessReport_OnlyFA = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | ? { (($_.Fullaccess) -gt 1) } | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize


$FullAccessReport|Export-Csv -Path c:\DisabledMailboxReport.csv -NoTypeInformation
$FullAccessReport_OnlyFA | Export-Csv -Path c:\DisabledMailboxReport1.csv -NoTypeInformation

Open in new window

$ExchangeServer = "ServerName"


Function ServerPermissions($servername){
    Get-Mailbox -Server $servername  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select @{Name = "Identity"; expression = { ($_.Identity -split "/")[-1] } }, User
}

#Get all Disabled Mailboxes
$dmbx = get-aduser -properties * -filter * | ? { $_.Enabled -like $False }

#Filter Conference Rooms Out

#Filters
#filter Room
$Filter = $dmbx | ? { $_.msExchResourceDisplay -notlike "*Room*" }
#Filter Arbitration Mailboxes
$Filter = $Filter | ? { ($_.Name -notlike "*SystemMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*DiscoverySearchMailbox*") }
$Filter = $Filter | ? { ($_.Name -notlike "*FederatedEmail*") }

#MailEnabled
$filteredMailEnabled = $Filter | Select Name, SamaccountName, mail

$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailBoxFound -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name ObjectClass -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name FullAccess -value ""
#$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name MailboxLastAccessed -value ""
$filteredMailEnabled | Add-Member -MemberType NoteProperty -Name TotalItemSize -value ""

#Get Results of users with FullPermissions
$fullpermissions = ServerPermissions -servername $ExchangeServer

#determine if Mailbox Exists
foreach ($n in $filteredMailEnabled) {
    try {
        write-host "Processing .... $($n.name)"
        $n.mailboxFound = if (get-mailbox $($n.name)) { "True" }else { "False" }
            if ($n.mailboxFound -eq "True"){
               $n.FullAccess = if ($fullpermissions|? {$_.Identity -like "$($n.name)"}){"$(($fullpermissions|? {$_.identity -like "*$($n.name)*"}).User -join ", ")"}
               #$n.MailboxLastAccessed = ""
               $n.TotalItemSize = ($($n.mail)|select -first 1|get-mailbox|Get-MailboxStatistics).Totalitemsize
            }
        $n.ObjectClass = "$((get-mailboxstatistics $($n.name)).objectclass)"
        write-host "    Processing Completed"
    }
    catch {
        write-host "    $($n.Name) Object Not Found"
    }
}

#Show All DisableduserMailboxes
$FullAccessReport = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize



#Show only Users that meet Criteria and have Full Access Permission Granted to another individual
$FullAccessReport_OnlyFA = $filteredMailEnabled | Sort-Object mailboxFound, Name, FullAccess | ? { (($_.Fullaccess) -gt 1) } | select Name, SamaccountName, MailBoxFound, FullAccess, TotalItemSize


$FullAccessReport|Export-Csv -Path c:\DisabledMailboxReport.csv -NoTypeInformation
$FullAccessReport_OnlyFA | Export-Csv -Path c:\DisabledMailboxReport1.csv -NoTypeInformation

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial