API tools faq
paste
Guest User

Untitled

a guest
Nov 16th, 2018
208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.21 KB | None | 0 0
raw download clone embed print report
  1. 1: Get the list of shared mailboxes
  2. Command : Get-Mailbox | where {$_.recipientTypeDetails -eq 'sharedmailbox'}
  3. 2: Iterate over each shared mailbox
  4. A: Get-Mailbox (Mailbox details and GrantSendOfBehalf)
  5. We will store the following attributes of each mailbox object
  6. ExternalDirectoryObjectId - will be used to uniquely identify shared mailboxes.
  7. DisplayName - will store this to show shared mailbox name.
  8. EmailAddresses - Will expand this multi-valued attribute to get all the email addresses(primary as well as alias) of this shared mailbox.
  9. GrantSendOnBehalfTo - This gives comma separated list of members who have 'Send on Behalf' rights.
  10. We will get the entity of each comma-separated Identity given against the attribute GrantSendOnBehalfTo by the ‘getEntity’ logic explained later.
  11. B: Get-MailboxPermission (Full Access)
  12. Get-MailboxPermission -Identity $sharedmailbox.ExternalDirectoryObjectId | ? { $_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false -and $_.AccessRights -like '*FullAccess*' }
  13. We will use string value of 'User' from the results of this query to fetch entities.
  14. We will get the entity using the value returned against the user attribute by ‘getEntity’ logic
  15. C: Get-RecipientPermission (Send As)
  16. Get-RecipientPermission -Identity $sharedmailbox.ExternalDirectoryObjectId | ? { $_.Trustee -ne "NT AUTHORITY\SELF" -and $_.AccessRights -like '*SendAs*' }
  17. We will get the entity using the value returned against the Trustee attribute by ‘getEntity’ logic
  18. D: Get user or group if we have found an email:
  19. Get-User -Identity EMAIL_ID -Filter { WindowsEmailAddress -eq EMAIL_ID } -ErrorAction SilentlyContinue
  20. Get-Group -Identity EMAIL_ID -Filter { WindowsEmailAddress -eq EMAIL_ID } -ErrorAction SilentlyContinue
  21.  
  22. E: Get only group if we have found a name:
  23. Get-Group -Identity NAME_OF_GROUP -Filter { Name -eq NAME_OF_GROUP } -ErrorAction SilentlyContinue
  24.  
  25.  
  26. GetEntity logic:
  27. 1: Ignore if SID - We will use SID regex. (get SID from Ashok).
  28. 2: Ignore if the string contains ‘/’.
  29. 3: If its email getUser and getGroup by the email filter.
  30. 4: If above all is false getGroup using Name filter.
  31.  
  32. We will give rights to all the entities fetched by the above logic
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!