From 4da9c41b8d8f7e78979ecca6c27be5d71e3f5b1b Mon Sep 17 00:00:00 2001 From: Thomas Stensitzki Date: Fri, 14 Jun 2019 14:46:39 +0200 Subject: [PATCH] Fix to ensure mailbox uniqueness using the alias property --- Get-MailboxPermissionReport.ps1 | 114 ++++++++++++++++++-------------- README.md | 13 ++-- 2 files changed, 72 insertions(+), 55 deletions(-) diff --git a/Get-MailboxPermissionReport.ps1 b/Get-MailboxPermissionReport.ps1 index e5284e3..3169e7f 100644 --- a/Get-MailboxPermissionReport.ps1 +++ b/Get-MailboxPermissionReport.ps1 @@ -1,48 +1,51 @@ <# - .SYNOPSIS - Dump mailbox folder permissions to CSV file + .SYNOPSIS + Dump mailbox folder permissions to CSV file - Thomas Stensitzki + Thomas Stensitzki - THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE - RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. + THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE + RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. - Version 1.2, 2017-04-06 + Version 1.4, 2019-06-14 - Ideas, comments and suggestions to support@granikos.eu + Ideas, comments and suggestions to support@granikos.eu - This script is based on Mr Tony Redmonds blog post http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes/ + This script is based on Mr Tony Redmonds blog post http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes/ - .LINK - More information can be found at http://www.granikos.eu/en/scripts + .LINK + http://www.granikos.eu/en/scripts - .DESCRIPTION - This script exports all mailbox folder permissions for mailboxes of type "UserMailbox". + .DESCRIPTION + This script exports all mailbox folder permissions for mailboxes of type "UserMailbox". - The permissions are exported to a local CSV file - - The script is inteded to run from within an active Exchange 2013 Management Shell session. - - .NOTES - Requirements - - Windows Server 2012 or Windows Server 2012 R2 - - Revision History - -------------------------------------------------------------------------------- - 1.0 | Initial community release - 1.1 | Minor PowerShell fix - 1.2 | Minor PowerShell changes - 1.3 | MailboxId parameter + The permissions are exported to a local CSV file + + The script is inteded to run from within an active Exchange 2013 Management Shell session. + + .NOTES + Requirements + - Windows Server 2012 or newer + - Exchange Server Management Shell (EMS) 2010+ + + Revision History + -------------------------------------------------------------------------------- + 1.0 | Initial community release + 1.1 | Minor PowerShell fix + 1.2 | Minor PowerShell changes + 1.3 | MailboxId parameter + 1.4 | Fix to ensure mailbox uniqueness using the alias property - .PARAMETER MailboxId - Mailbox filter - .PARAMETER CsvFileName - CSV file name + .PARAMETER MailboxId + Mailbox filter, default * - .EXAMPLE - Export mailbox permissions to export.csv + .PARAMETER CsvFileName + CSV file name, default MailboxPermissions.csv - .\Get-MailboxPermissionsReport-ps1 -CsvFileName export.csv + .EXAMPLE + Export mailbox permissions to export.csv + + .\Get-MailboxPermissionsReport-ps1 -CsvFileName export.csv #> [CmdletBinding()] @@ -55,14 +58,14 @@ Param( $ScriptDir = Split-Path -Path $script:MyInvocation.MyCommand.Path $ScriptName = $MyInvocation.MyCommand.Name +# build CSV full path to store CSV in script directory $OutputFile = Join-Path -Path $ScriptDir -ChildPath $CsvFileName -Write-Verbose $OutputFile +Write-Verbose -Message $OutputFile # Fetch mailboxes of type UserMailbox only $Mailboxes = Get-Mailbox -RecipientTypeDetails 'UserMailbox' -Identity $MailboxId -ResultSize Unlimited | Sort-Object - $result = @() # counter for progress bar @@ -70,24 +73,33 @@ $MailboxCount = ($Mailboxes | Measure-Object).Count $count = 1 ForEach ($Mailbox in $Mailboxes) { - $Alias = '' + $Mailbox.Alias #Use Alias property instead of name to ensure 'uniqueness' passed on to Get-MailboxFolderStatistics - $DisplayName = ('{0} ({1})' -f $Mailbox.DisplayName, $Mailbox.Name) - $activity = ('Working... [{0}/{1}]' -f $count, $mailboxCount) - $status = ('Getting folders for mailbox: {0}' -f $DisplayName) - Write-Progress -Status $status -Activity $activity -PercentComplete (($count/$MailboxCount)*100) + $Alias = '' + $Mailbox.Alias # Use Alias property instead of name to ensure 'uniqueness' passed on to Get-MailboxFolderStatistics + + $DisplayName = ('{0} ({1})' -f $Mailbox.DisplayName, $Mailbox.Name) + + $activity = ('Working... [{0}/{1}]' -f $count, $mailboxCount) + $status = ('Getting folders for mailbox: {0}' -f $DisplayName) + Write-Progress -Status $status -Activity $activity -PercentComplete (($count/$MailboxCount)*100) + + # Fetch folders + $Folders = Get-MailboxFolderStatistics $Alias | ForEach-Object {$_.folderpath} | ForEach-Object{$_.replace('/','\')} + + ForEach ($Folder in $Folders) { + + # build folder key to fetch mailbox folder permissions + $FolderKey = $Alias + ':' + $Folder + + # fetch mailbox folder permissions + $Permissions = Get-MailboxFolderPermission -Identity $FolderKey -ErrorAction SilentlyContinue + + # store results in variable + $result += $Permissions | Where-Object {$_.User -notlike 'Default' -and $_.User -notlike 'Anonymous' -and $_.AccessRights -notlike 'None' -and $_.AccessRights -notlike 'Owner' } | Select-Object -Property @{name='Mailbox';expression={$DisplayName}}, FolderName, @{name='User';expression={$_.User -join ','}}, @{name='AccessRights';expression={$_.AccessRights -join ','}} + } - # Fetch fodlers - $Folders = Get-MailboxFolderStatistics $Alias | % {$_.folderpath} | %{$_.replace('/','\')} - - ForEach ($Folder in $Folders) { - $FolderKey = $Alias + ':' + $Folder - $Permissions = Get-MailboxFolderPermission -identity $FolderKey -ErrorAction SilentlyContinue - $result += $Permissions | Where-Object {$_.User -notlike 'Default' -and $_.User -notlike 'Anonymous' -and $_.AccessRights -notlike 'None' -and $_.AccessRights -notlike 'Owner' } | Select-Object @{name='Mailbox';expression={$DisplayName}}, FolderName, @{name='User';expression={$_.User -join ','}}, @{name='AccessRights';expression={$_.AccessRights -join ','}} - } - # Increment counter - $count++ + # Increment counter + $count++ } # Export to CSV -$result | Export-Csv -Path $OutputFile -NoTypeInformation -Encoding UTF8 -Delimiter ';' -Force +$result | Export-Csv -Path $OutputFile -NoTypeInformation -Encoding UTF8 -Delimiter ';' -Force \ No newline at end of file diff --git a/README.md b/README.md index cecf8eb..6fef6ef 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,13 @@ The script is intended to run from within an active Exchange 2013 Management She ## Parameters -### MailboxId (optional, defaulting to "*") -### CsvFileName (optional, defaulting to "MailboxPermissions.csv") +### MailboxId + +The mailbox id for filtering mailboxes, default * + +### CsvFileName + +The file name for the export CSV file, default MailboxPermissions.csv ## Examples @@ -32,7 +37,7 @@ RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. Find the script at TechNet Gallery -* TBD +* [https://gallery.technet.microsoft.com/Export-all-user-mailbox-155a33de](https://gallery.technet.microsoft.com/Export-all-user-mailbox-155a33de) ## Credits @@ -53,4 +58,4 @@ For more Office 365, Cloud Security, and Exchange Server stuff checkout services Additional Credits: -* This script is based on Mr Tony Redmonds blog post [http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes](http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes) +* This script is based on Mr Tony Redmonds blog post [http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes](http://thoughtsofanidlemind.com/2014/09/05/reporting-delegate-access-to-exchange-mailboxes) \ No newline at end of file