-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathGet-MailboxExtendedRights.ps1
98 lines (92 loc) · 7.02 KB
/
Get-MailboxExtendedRights.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
function Get-MailboxExtendedRights {
<#
.SYNOPSIS
Retrieves a list of mailbox extended rights.
.DESCRIPTION
Get-MailboxExtendedRights gathers a list of extended rights like 'send-as' on exchange mailboxes.
.PARAMETER MailboxNames
Array of mailbox names in string format.
.PARAMETER MailboxObject
One or more mailbox objects.
.LINK
http://www.the-little-things.net
.LINK
https://github.com/zloeber/Powershell/
.NOTES
Version
1.1.1 11/20/2014
- Included filtering for nt authority/self and got rid of parameter.
1.1.0 11/04/2014
- Minor structual changes and input parameter updates
1.0.0 10/04/2014
- Initial release
Author : Zachary Loeber
.EXAMPLE
Get-MailboxExtendedRights -MailboxName "Test User1" -Verbose
Description
-----------
Gets the send-as rights for "Test User1" and shows verbose information.
.EXAMPLE
Get-MailboxExtendedRights -MailboxName "user1","user2" | Format-List
Description
-----------
Gets the send-as rights on mailboxes "user1" and "user2" and returns the info as a format-list.
.EXAMPLE
(Get-Mailbox -Database "MDB1") | Get-MailboxExtendedRights
Description
-----------
Gets all mailboxes in the MDB1 database and pipes it to Get-MailboxExtendedRights and returns the
send-as rights.
#>
[CmdLetBinding(DefaultParameterSetName='AsStringArray')]
param(
[Parameter(ParameterSetName='AsStringArray', Mandatory=$True, ValueFromPipeline=$True, Position=0, HelpMessage="Enter an Exchange mailbox name")]
[string[]]$MailboxNames,
[Parameter(ParameterSetName='AsMailbox', Mandatory=$True, ValueFromPipeline=$True, Position=0, HelpMessage="Enter an Exchange mailbox name")]
$MailboxObject,
[Parameter(HelpMessage='Rights to check for. Defaults to Send-As.')]
[string]$Rights="send-as",
[Parameter(HelpMessage='Includes unresolved names (typically deleted accounts) and NT Authority/Self')]
[switch]$ShowAll
)
begin {
Write-Verbose "$($MyInvocation.MyCommand): Begin"
$Mailboxes = @()
}
process {
switch ($PSCmdlet.ParameterSetName) {
'AsStringArray' {
try {
$Mailboxes = @($MailboxNames | Foreach {Get-Mailbox $_ -erroraction Stop})
}
catch {
Write-Warning = "$($MyInvocation.MyCommand): $_.Exception.Message"
}
}
'AsMailbox' {
$Mailboxes = @($MailboxObject)
}
}
Foreach ($Mailbox in $Mailboxes)
{
Write-Verbose "$($MyInvocation.MyCommand): Processing Mailbox $($Mailbox.Name)"
$extendedperms = @(Get-ADPermission $Mailbox.identity | Where {$_.ExtendedRights} |
Where {$_.extendedrights -like $Rights} |
Select @{n='Mailbox';e={$Mailbox.Name}},User,ExtendedRights,isInherited,Deny)
if ($extendedperms.Count -gt 0)
{
if ($ShowAll)
{
$extendedperms
}
else
{
$extendedperms | Where {($_.User -notlike 'S-1-*') -and ($_.User -notlike 'NT AUTHORITY\SELF')}
}
}
}
}
end {
Write-Verbose "$($MyInvocation.MyCommand): End"
}
}