结合 PowerShell 脚本列出 MailboxName、PrimarySMTPAddress、Who Got Access、AccessPermissions 和 SizeInMB
Combining PowerShell script to list MailboxName, PrimarySMTPAddress, Who Got Access, AccessPermissions and SizeInMB
我想修改一个 PowerShell 脚本来导出具有除用户本身以外的多个人的完全代理访问权限的 UserMailbox 列表。
下面的脚本以某种方式 returns 结果:
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox |
Get-MailboxPermission |
Where-Object { ($_.AccessRights -like "*FullAccess*") -and
(-not $_.IsInherited) -and
($_.User -ne "NT AUTHORITY\SELF") -and
($_.User -notlike '*Discovery Management*') } |
Select @{Name="User Name";expression={(Get-Recipient $_.User.tostring()).displayname}},
Identity,
@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}},
@{Name="PrimarySMTPAddress";expression={(Get-Recipient $_.User).PrimarySMTPAddress}} |
Export-Csv -path C:\EE\Results.csv -NoTypeInformation
和
$filter = '(Enabled -eq $false) -and (msExchRecipientTypeDetails -ne 4) -and (homeMDB -ne "$null")'
$properties = @('homeMDB', 'mailNickName', 'mail', 'DisplayName', 'SamAccountName', 'ProxyAddresses')
Get-ADUser -Filter $filter -Properties $properties |
ForEach-Object {
$stat = Get-MailboxStatistics $_.SamAccountName
$smtpAddresses = ($_.ProxyAddresses | Where-Object {$_ -like "*smtp:*" }) -replace 'smtp:'
New-Object -TypeName PSObject -Property ([ordered]@{
DisplayName = $_.DisplayName
mailNickName = $_.mailNickName
SamAccountName = $_.SamAccountName
mail = $_.mail
ProxyAddresses = $smtpAddresses -join ';'
HomeMDB = $_.homeMDB.Split(',=')[1]
MBytes = $stat.TotalItemSize.Value.ToMB()
LastLogonTime = $stat.LastLogonTime
LastLoggedOnUserAccount = $stat.SamAccountName
DisconnectDate = $stat.DisconnectDate
})
} |
Sort-Object MBytes -Descending |
Export-Csv C:\EE\Results.csv -NoTypeInformation
但我需要一些帮助来修改附加列,以便显示:
具有多个完全代理访问权限的用户邮箱:此列将显示多个用户访问的邮箱的显示名称。 (仅显示名称)
Primary SMTP Address:该栏会显示第一栏(Identity)的PrimarySMTPAddress或第一栏邮箱的邮箱地址。
获得访问权限的人员:此列显示拥有 UserMailbox(显示名称)的人员的用户名。
访问权限:显示代表的访问权限。 [这已经正确了]
以 MB 为单位的大小:此列将在第 1 列中以兆字节为单位显示邮箱的大小。
我想这可能会让你继续:
$filter = '(Enabled -eq $false) -and (msExchRecipientTypeDetails -ne 4) -and (homeMDB -ne "$null")'
$properties = @('homeMDB', 'mailNickName', 'mail', 'DisplayName', 'SamAccountName', 'ProxyAddresses')
Get-ADUser -Filter $filter -Properties $properties |
ForEach-Object {
$stat = Get-MailboxStatistics $_.SamAccountName
$smtpAddresses = ($_.ProxyAddresses | Where-Object {$_ -match "^smtp:" }) -replace 'smtp:', ''
# Normally, the 'mail' attribute of a user is set to be the Primary email address, but
# this need not be the case, as Exchange uses the ProxyAddresses attribute.
# The PrimarySMTPAddress can be extracted from the ProxyAddresses with:
$primarySmtpAddress = ($_.ProxyAddresses | Where-Object {$_ -cmatch "^SMTP:" }) -replace 'SMTP:', ''
# or by using the EmailAddress property from the user object.
# You will then need to add 'EmailAddress' to the '$properties' array above
# $primarySmtpAddress = $_.EmailAddress
# See if there are delegate users and what access rights they have
$delegates = @(Get-MailboxPermission -Identity $primarySmtpAddress |
Where-Object { ($_.AccessRights -like "*FullAccess*") -and
(-not $_.IsInherited) -and
($_.User -ne "NT AUTHORITY\SELF") -and
($_.User -notlike '*Discovery Management*') } |
Select-Object @{Name='Delegate'; Expression={(Get-Recipient $_.User.toString()).DisplayName}},
@{Name='AccessRights';Expression={$_.AccessRights -join ', '}})
##############################################################################
# The resulting $delegates is an array, so if you want to only get output for
# mailboxes that actually HAVE delegate users, you can uncomment the next line
##############################################################################
# if ($delegates.Count -eq 0) { continue }
# this can become a LONG column if you want to see the accessrights per user..
$access = $delegates | ForEach-Object { "{0} ({1})" -f $_.Delegate, ($_.AccessRights -join ', ') }
New-Object -TypeName PSObject -Property ([ordered]@{
DisplayName = $_.DisplayName
mailNickName = $_.mailNickName
SamAccountName = $_.SamAccountName
mail = $_.mail
PrimarySMTPAddress = $primarySmtpAddress
ProxyAddresses = $smtpAddresses -join ';'
HomeMDB = $_.homeMDB.Split(',=')[1]
MBytes = $stat.TotalItemSize.Value.ToMB()
LastLogonTime = $stat.LastLogonTime
LastLoggedOnUserAccount = $stat.SamAccountName
DisconnectDate = $stat.DisconnectDate
Delegates = $delegates.Delegate -join ', '
AccessRights = $access -join ', '
})
} |
Sort-Object MBytes -Descending |
Export-Csv C:\EE\Results.csv -NoTypeInformation
我想修改一个 PowerShell 脚本来导出具有除用户本身以外的多个人的完全代理访问权限的 UserMailbox 列表。
下面的脚本以某种方式 returns 结果:
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox |
Get-MailboxPermission |
Where-Object { ($_.AccessRights -like "*FullAccess*") -and
(-not $_.IsInherited) -and
($_.User -ne "NT AUTHORITY\SELF") -and
($_.User -notlike '*Discovery Management*') } |
Select @{Name="User Name";expression={(Get-Recipient $_.User.tostring()).displayname}},
Identity,
@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}},
@{Name="PrimarySMTPAddress";expression={(Get-Recipient $_.User).PrimarySMTPAddress}} |
Export-Csv -path C:\EE\Results.csv -NoTypeInformation
和
$filter = '(Enabled -eq $false) -and (msExchRecipientTypeDetails -ne 4) -and (homeMDB -ne "$null")'
$properties = @('homeMDB', 'mailNickName', 'mail', 'DisplayName', 'SamAccountName', 'ProxyAddresses')
Get-ADUser -Filter $filter -Properties $properties |
ForEach-Object {
$stat = Get-MailboxStatistics $_.SamAccountName
$smtpAddresses = ($_.ProxyAddresses | Where-Object {$_ -like "*smtp:*" }) -replace 'smtp:'
New-Object -TypeName PSObject -Property ([ordered]@{
DisplayName = $_.DisplayName
mailNickName = $_.mailNickName
SamAccountName = $_.SamAccountName
mail = $_.mail
ProxyAddresses = $smtpAddresses -join ';'
HomeMDB = $_.homeMDB.Split(',=')[1]
MBytes = $stat.TotalItemSize.Value.ToMB()
LastLogonTime = $stat.LastLogonTime
LastLoggedOnUserAccount = $stat.SamAccountName
DisconnectDate = $stat.DisconnectDate
})
} |
Sort-Object MBytes -Descending |
Export-Csv C:\EE\Results.csv -NoTypeInformation
但我需要一些帮助来修改附加列,以便显示:
具有多个完全代理访问权限的用户邮箱:此列将显示多个用户访问的邮箱的显示名称。 (仅显示名称)
Primary SMTP Address:该栏会显示第一栏(Identity)的PrimarySMTPAddress或第一栏邮箱的邮箱地址。
获得访问权限的人员:此列显示拥有 UserMailbox(显示名称)的人员的用户名。
访问权限:显示代表的访问权限。 [这已经正确了]
以 MB 为单位的大小:此列将在第 1 列中以兆字节为单位显示邮箱的大小。
我想这可能会让你继续:
$filter = '(Enabled -eq $false) -and (msExchRecipientTypeDetails -ne 4) -and (homeMDB -ne "$null")'
$properties = @('homeMDB', 'mailNickName', 'mail', 'DisplayName', 'SamAccountName', 'ProxyAddresses')
Get-ADUser -Filter $filter -Properties $properties |
ForEach-Object {
$stat = Get-MailboxStatistics $_.SamAccountName
$smtpAddresses = ($_.ProxyAddresses | Where-Object {$_ -match "^smtp:" }) -replace 'smtp:', ''
# Normally, the 'mail' attribute of a user is set to be the Primary email address, but
# this need not be the case, as Exchange uses the ProxyAddresses attribute.
# The PrimarySMTPAddress can be extracted from the ProxyAddresses with:
$primarySmtpAddress = ($_.ProxyAddresses | Where-Object {$_ -cmatch "^SMTP:" }) -replace 'SMTP:', ''
# or by using the EmailAddress property from the user object.
# You will then need to add 'EmailAddress' to the '$properties' array above
# $primarySmtpAddress = $_.EmailAddress
# See if there are delegate users and what access rights they have
$delegates = @(Get-MailboxPermission -Identity $primarySmtpAddress |
Where-Object { ($_.AccessRights -like "*FullAccess*") -and
(-not $_.IsInherited) -and
($_.User -ne "NT AUTHORITY\SELF") -and
($_.User -notlike '*Discovery Management*') } |
Select-Object @{Name='Delegate'; Expression={(Get-Recipient $_.User.toString()).DisplayName}},
@{Name='AccessRights';Expression={$_.AccessRights -join ', '}})
##############################################################################
# The resulting $delegates is an array, so if you want to only get output for
# mailboxes that actually HAVE delegate users, you can uncomment the next line
##############################################################################
# if ($delegates.Count -eq 0) { continue }
# this can become a LONG column if you want to see the accessrights per user..
$access = $delegates | ForEach-Object { "{0} ({1})" -f $_.Delegate, ($_.AccessRights -join ', ') }
New-Object -TypeName PSObject -Property ([ordered]@{
DisplayName = $_.DisplayName
mailNickName = $_.mailNickName
SamAccountName = $_.SamAccountName
mail = $_.mail
PrimarySMTPAddress = $primarySmtpAddress
ProxyAddresses = $smtpAddresses -join ';'
HomeMDB = $_.homeMDB.Split(',=')[1]
MBytes = $stat.TotalItemSize.Value.ToMB()
LastLogonTime = $stat.LastLogonTime
LastLoggedOnUserAccount = $stat.SamAccountName
DisconnectDate = $stat.DisconnectDate
Delegates = $delegates.Delegate -join ', '
AccessRights = $access -join ', '
})
} |
Sort-Object MBytes -Descending |
Export-Csv C:\EE\Results.csv -NoTypeInformation