Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .SYNOPSIS
- Get all the permissions for User, Room, Equipment and Shared mailboxes for your o365 Tenant
- .DESCRIPTION
- Great for documenting and auditing o365 Exchange Permissions
- .PARAMETER <None>
- .INPUTS
- <None>
- .OUTPUTS
- <Outputs to C:\bin unless you edit the Initialisations section >
- .NOTES
- Version: 1.0.2
- Author: <Jared Heinrichs>
- Creation Date: <10/01/2019>
- Purpose/Change: Audit my o365 Exchange Environment
- .EXAMPLE
- <Just run the Powershell script!>
- #>
- #---------------------------------------------------------[Initialisations]--------------------------------------------------------
- # UserName of the o365 Admin account that the audit will be performed under.
- [string]$O365Credential = "email.address@domain.com"
- <# --------------[ $Mailbox Types ] -------------------------
- An Array of Mailboxes to audit.
- Options that can be used:
- DiscoveryMailbox
- EquipmentMailbox
- GroupMailbox
- LegacyMailbox
- LinkedMailbox
- LinkedRoomMailbox
- RoomMailbox
- SchedulingMailbox
- SharedMailbox
- TeamMailbox
- UserMailbox
- #>
- $MailboxTypes = @(
- “RoomMailbox”,
- “SharedMailbox”,
- “EquipmentMailbox”,
- "UserMailbox"
- )
- <#--------------[ $ReportFolder Examples ] -------------------------
- "C:\bin\" or
- "C:\Reports\o365Auditing\"
- etc...
- Notice in each of the examples, a trailing '\' was used.
- This is required for the script to run!
- -----------------------------------------------------------------
- ReportFolder = "C:\bin\" #<----- Make Sure to have trailing "\"
- #>
- $ReportFolder = "C:\bin\"
- #---------------------------------------------------------[Functions]--------------------------------------------------------------
- Function Connect-EXOnline {
- param (
- [String]$UserName
- )
- $credentials = Get-Credential -Credential $UserName
- Write-Output "Getting the Exchange Online cmdlets"
- $Session = New-PSSession -ConnectionUri https://outlook.office365.com/powershell-liveid/ `
- -ConfigurationName Microsoft.Exchange -Credential $credentials `
- -Authentication Basic -AllowRedirection
- Import-PSSession $Session
- }
- Function Disconnect-EXOnline {
- $session = Get-PSSession
- foreach ($id in $session) {
- if ($id.ConfigurationName -eq 'Microsoft.Exchange') {
- Remove-PSSession $session
- }
- }
- }
- Function Get-MailboxPermissions {
- param (
- [string]$MailBoxName,
- [Boolean]$AccountDisabled
- )
- #Get Permissions for Mailbox Granted by End user
- $MailBoxPermissions = Get-Mailbox $MailBoxName |
- ForEach-Object {
- Get-MailboxFolderPermission $($_.PrimarySmtpAddress)
- } |
- Select-Object Identity, User, AccessRights
- #Get Permissions for Calendar granted by End User
- $MailBoxPermissions += Get-Mailbox $MailBoxName |
- ForEach-Object {
- Get-MailboxFolderPermission $($_.PrimarySmtpAddress + ":\Calendar")
- } |
- Select-Object Identity, User, AccessRights
- #Get Permissions for Mailbox Granted by an Administrator
- $MailBoxPermissions += get-mailbox $MailBoxName |
- Get-MailboxPermission |
- Where-Object {
- ($_.AccessRights -eq "FullAccess") -and
- ($_.User -notlike "S-1-5*") -and
- ($_.User -notlike "NAMPRD02*") -and
- ($_.User -notlike "NT AUTH*") } |
- Select-Object Identity, User, AccessRights
- [array]$MailboxPermissionsArray = $null
- Foreach ($item in $MailBoxPermissions) {
- $obj = New-Object -TypeName psobject
- $obj | Add-Member -MemberType NoteProperty -Name Identity -Value $item.identity
- $obj | Add-Member -MemberType NoteProperty -Name User -Value $item.user
- $obj | Add-Member -MemberType NoteProperty -Name AccessRights -Value $item.AccessRights
- $obj | Add-Member -MemberType NoteProperty -Name AccountDisabled -Value $AccountDisabled
- $MailboxPermissionsArray += $obj
- }
- #Clear out Variables
- $MailBoxPermissions = $null
- $accountDisabled = $null
- #By clearing the above variables above, only the data in $MailboxPermissionsArray is returned
- return $MailboxPermissionsArray
- }
- #============================================================================================
- #Start o365 Mailbox Permission Auditing
- #============================================================================================
- Clear-Host
- Connect-EXOnline -Credential $O365Credential
- Clear-Host
- #Cycle through all the Mailbox Types (one at a time) as defined above in the Initialisations section
- foreach ($MailboxType in $MailboxTypes) {
- Write-Host "===================================="
- Write-Host "Gathering Mailbox Type: $MailboxType"
- Write-Host "===================================="
- #Get All Room Mailboxesof Type ==| $MailboxType |==
- $Mailbox = Get-Mailbox -RecipientTypeDetails $MailboxType | Select-Object Name, Alias, PrimarySmtpAddress, AccountDisabled
- [array]$MailBoxPermissions = $null
- #Go through all the mailboxes in the Mailbox type that was selected.
- #Get all permissions for that mailbox
- foreach ($item in $Mailbox) {
- Write-Host 'Getting' $item.Name 'Permissions'
- $MailBoxPermissions += Get-MailboxPermissions -MailBoxName $item.Name -AccountDisabled $item.AccountDisabled
- }
- #Export the Mailbox Permissions
- $ReportFile = $ReportFolder + $MailboxType + '.csv'
- Write-Host "Exporting Report to: $ReportFile"
- $MailBoxPermissions | Sort-Object Identity | Export-Csv $ReportFile -NoTypeInformation
- Write-Host "Export Complete."
- }
- Disconnect-EXOnline
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement