It’s been a while since I’ve created a post for quick, useful PowerShell commands. For the fourth installment in this vein I am going to provide code for some environment checks I’ve used in audits or general Exchange check-ups.
Quick Script 1 – Full Mailbox Permissions Granted Check
Have you ever wanted a report on who has full mailbox access to what mailboxes? Well, then this script is for you. With this script you will be able to create a report that checks each mailbox for Full Access and logs it into a CSV file. Fields included are the name of the mailbox, who has permission, their permissions, if they are inherited and if they are denied. I’ve found this to be useful for security audits of an Exchange environment.
$mailboxes = get-mailbox
$array = @()
$results = @()
$rows = "Mailbox," + "User With Permission," + "Permissions," + "Deny," + "Inherited"
Add-Content c:\script\MailboxPermissions.csv $rows
foreach ($line in $mailboxes) {
$mailbox = $line.alias
$array = $permissions = Get-MailboxPermission $mailbox | where {$_.AccessRights -match 'FullAccess'}
foreach ($line1 in $array) {
$Name1 = $line1.identity
$name = $name1.name
$rights = $line1.accessrights
$user = $line1.user
$inherited = $line1.isinherited
$deny = $line1.deny
$results += ,@($name,$user,$rights)
$rowline = "$name," + "$user," + "$rights," + "$deny," + "$inherited"
Add-Content c:\script\MailboxPermissions.csv $rowline
}
}
Quick Script 2 – Postmaster Address Check
So why are Postmaster addresses important? In order for a mail system to be RFC compliant, RFC 2142 states that the use of Postmaster@domain.com should be used. In order to check for a valid Postmaster address, we will also need to know what domains are valid in the environment. This script will review the accepted domains and then check for a Postmaster address for each valid domain. If a valid one exists, the script will respond with the name of the mailbox. If it does not exist, this will be displayed as well.
# Postmaster check script
# first we need tp export accepted domains to a CSV file
get-accepteddomain | export-csv c:\scripts\accepteddomains.csv
# Now we need to loop through this to find any Postmaster mailboxes in the Accepted Domains
$accepted = import-csv c:\scripts\accepteddomains.csv
foreach ($line in $accepted) {
$AD = $line.domainname
$postmaster = "postmaster@"+$line.domainname
$a = get-mailbox $postmaster -erroraction silentlycontinue
get-mailbox $postmaster -erroraction silentlycontinue
if (!$a) { Write-Host $postmaster" does not exist."
}
}
That’s it for this time, look for more coming up in the following weeks.
