Steve Goodman's Exchange Blog
4Dec/108

How to report which Exchange mailboxes group members have full access to

imageMailbox access rights in Exchange are easy to assign, however managing them can be a bit of a pain, especially if they are assigned on a per-user basis, or assigned when troubleshooting issues for a user. What would be really useful is the ability to quickly generate a report against a subset of users to check that their access rights fall in line with organisational policies or just to check for any permissions that need revoking.

To help with visibility in this area, I've written a little script that let's you discover this information so you can act on it. Basically, it takes a group of users, then checks all the mailboxes to find out if any of those users have full access rights to mailboxes other than their own, and outputs the results to the console.

So, why did I write this script? Quite simply, to meet a business need - a management requirement to provide a report on what mailboxes the people in the IT department have full access to. However it's not just useful for that - users move around between departments often and while group memberships are routinely updated in most organisations, there's always the off-chance a user's been granted full access to a certain mailbox and that permission hasn't been revoked.

Usage is fairly straightforward. You need to know the group name; after that simply specify it when executing the script:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

After execution, the script will expand all the group members (including any in sub-groups), then get all mailboxes. It will compare each mailbox's full access permissions list against those group members and output a result similar to this:

image

Currently, this is a version 1.1 script. It's aimed at both Exchange 2007 and 2010 at the moment, but I envisage a future version would not only check for other types of permissions set at the mailbox level, but also check for mailbox folder permissions in an Exchange 2010 environment. And, as always your comments and ideas for improvements would be very much appreciated :-)


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

Download Get-MailboxPermissionsForGroupMembers.zip

Tagged as: , , , , , , , 8 Comments
27Nov/100

Managing Office 365 and On-Premises Exchange 2010 from the same Powershell Session

I've just been reading on Mike Pfeiffer's blog this article about connecting Remote Powershell to Office 365. I've not yet got my beta account on Office 365, but do use Live@EDU/Outlook Live and had been wondering how similar administration is. It turns out that it's exactly the same (even down to the server names) therefore I thought it might be worth sharing a method I've been using for some…

Because there is such a big overlap of cmdlets between your On Premises Exchange 2010 environment and Office 365/Outlook Live, it can be a bit of a pain when you want to write a script that performs actions on both. I've documented how to do this in a previous post, but when you are disconnecting/connecting between environments, it can get pretty confusing. A simple error in a script can mean you create mailboxes in the wrong environment.

The solution is to use the -Prefix parameter when you're connecting to each environment. This means that, for example, Get-Mailbox can appear as Get-OnPremisesMailbox and Get-CloudMailbox. Your scripts can now easily target either environment, or both in the same script and you won't need to keep on checking whether you're performing actions against the local Exchange server or your "cloud" environment.

To demonstrate how simple this is, here's a quick example of connecting to both environments:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

This should connect us to both environments and even allow us to combine On Premises and Cloud Powershell cmdlets together. For example, to get a total of all your mailboxes, both On Premises and in Office 365 / Outlook Live:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

You can also combine commands via the pipeline. In the next example, we will get all On Premises mail-enabled users that have an External Email Address (eg they are synced using OLSync/DirSync) in our Office 365 / Outlook Live domain, then start a foreach loop (using the % shorthand) and then retrieve details about the mailboxes from Office 365 / Outlook Live:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

Finally, a few notes for those who are just starting to play with Office 365 or Outlook Live via Remote Powershell. Firstly, you might need to set your Powershell execution policy (at an elevated command prompt) the first time you connect:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

And if you are developing/testing and you find the Get-Credential part above tiresome, you can  replace the line with a hard-coded plain text username/password. Be wary of using this in your production environment, due to the security implications of hard-coding an admin password in clear text into a script:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

Hope this helps!

Tagged as: , , , , , No Comments
20Nov/100

TechNet Wiki – Exchange 2010 Powershell Scripting Resources

Ex-Mgmt-ShellIf you've ever wondered how to get started with Exchange Powershell scripting, or have looked for ways to find out more information, bulk modify or automate your environment then hopefully you'll find this article I've recently posted on the Exchange 2010 section on the TechNet Wiki useful.

The Exchange Management Shell isn't just for large enterprises with large teams. Scripting Exchange can provide benefits to even administrators of small, single server environments; for example to provide reports on recent changes to the environment, collate patch levels or to make laborious tasks simple.

The article provides information about how to get started, where to find useful resources and how to get help if you get stuck, along with information about how to take things to the next level once you've found your bearings. As it's a wiki, feel free to add your own favourite resources and Exchange Powershell related blogs too!

Exchange 2010 Powershell Scripting Resources

Tagged as: , , , , No Comments
23Sep/1045

Balancing the number of mailboxes across Exchange 2010 and 2007 databases

Introduction

In Exchange 2010, you now have the option to allow mailboxes to be automatically distributed across databases. However, the algorithm used simply randomly allocates the new mailbox to your chosen databases - rather than ensuring the mailbox count is balanced, and doesn't do anything about re-distributing mailboxes if you add new databases.

To help with this, and of course to help with any situation where you want to balance the number of mailboxes across a set of databases, I've written a simple script that help with moving mailboxes to balance out your databases.

Using Generate-DBBalanceScript.ps1

There's nothing too complicated about the script- it doesn't balance based on mailbox size (a future version), but simply creates a script with Move-Mailbox or New-MoveRequest  commands that once complete, balances based on mailbox counts across the databases. You pass it the results of a Get-MailboxDatabase command, along with an output file that will contain the Mailbox move commands.

First of all, lets see it in action:

Of course, my example was the simplest - across all databases. Here's a few examples including the one above, and some others that show how to drill down to databases on specific servers:

Example One - Generate a move file based on all Exchange 2010 Databases:


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

Example Two - Generate a move file based on  Exchange 2010 Databases located on a single server "servername":


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)

Example Three - Generate a move file based on  Exchange 2007 Databases located on two servers, "serverone" and "servertwo":


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)
Download Generate-DBBalanceScript.ps1

You can download Generate-DBBalanceScript.ps1 here or view the script below.

Hope this helps!


GeSHi Error: GeSHi could not find the language powershell (using path /home/content/03/9366303/html/wp-content/plugins/codecolorer/lib/geshi/) (code 2)
Tagged as: , , , , , 45 Comments
 « Newer Entries  Older Entries »

More from StevieG.org

Order your copy of iPhone with Exchange Server 2010 - Business Integration and Deployment today!

Find Me On…



Important Notice

Posts on this site not endorsed by or the views of my employer and any advice, scripts and other info are provided as-is and without warranty. This site is not affiliated with Microsoft in any way.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Categories

Recent Posts

Top posts

Blogroll