From 210e74c6a4c9fcf1098c0dc10c0a4a8ebf182e5e Mon Sep 17 00:00:00 2001
From: "Jeremy D. Berkleef" <jberkleef@aperturect.com>
Date: Thu, 4 Nov 2021 11:22:40 +0100
Subject: [PATCH] Add permission checking functionality

---
 Docs/exchange-toolkit.md |  5 ++-
 exchange-toolkit.ps1     | 66 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/Docs/exchange-toolkit.md b/Docs/exchange-toolkit.md
index eff62c8..f6cc5d3 100644
--- a/Docs/exchange-toolkit.md
+++ b/Docs/exchange-toolkit.md
@@ -42,4 +42,7 @@
  This option will export the mailboxes found via the search term to a .pst. For some reason, Exchange requires a UNC path for the export.
 
  ### 6. Set mailbox locale based on a search term
- This allows you to change a large number of mailboxes' language, time zone and date format settings in one go.
\ No newline at end of file
+ This allows you to change a large number of mailboxes' language, time zone and date format settings in one go.
+
+ ### 7. and 8.
+ These allow you to list all permissions for mailboxes based on a search term or export them to .csv.
\ No newline at end of file
diff --git a/exchange-toolkit.ps1 b/exchange-toolkit.ps1
index f6161d4..58b4bed 100644
--- a/exchange-toolkit.ps1
+++ b/exchange-toolkit.ps1
@@ -29,6 +29,14 @@
     Write-Host -ForegroundColor Cyan " '6' " -NoNewline
     Write-Host "to change mailbox locale/language based on a search term."
 
+    Write-Host "7: Press" -NoNewline
+    Write-Host -ForegroundColor Cyan " '7' " -NoNewline
+    Write-Host "to list all mailbox permissions based on a search term."
+
+    Write-Host "8: Press" -NoNewline
+    Write-Host -ForegroundColor Cyan " '8' " -NoNewline
+    Write-Host "to list all mailbox permissions based on a search term and export to a .csv."
+
     Write-Host "Q: Press" -NoNewline
     Write-Host -ForegroundColor Red " 'Q' " -NoNewline
     Write-Host "to quit."
@@ -141,7 +149,65 @@ do
         Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"} | Set-MailboxRegionalConfiguration -Language "$targetLanguage" -TimeZone "$targetTimezone" -DateFormat "$targetDateFormat"
     }
 
+    '7' {
+        $searchTerm = Read-Host -Prompt "Input Query"
+
+        #Get mailboxes from search term
+        $mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"}
+
+        #Create array to store the objects
+        [System.Collections.ArrayList]$permissionsArray = @()
+
+        #Get Permissions from mailboxes and create custom object
+        Write-Host "Getting permissions for $mailbox"
+        foreach ($mailbox in $mailboxes) {
+            $permissionsObject = [PSCustomObject]@{
+                displayname = $mailbox.DisplayName
+                emailAddress = $mailbox.PrimarySmtpAddress
+                sendOnBehalfOf = $mailbox.GrantSendOnBehalfTo
+                sendAs = Get-ADPermission $mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}
+                fullAccess = Get-MailboxPermission $mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match “NT AUTHORITY”)} |Select User,Identity,@{Name=”AccessRights”;Expression={$_.AccessRights}} | % {$_.User}
+                }
+            
+            #Add the objects to the permissions array
+            $permissionsArray.Add($permissionsObject) | Out-Null
+        }
+    
+    #Output a cool and nice table
+    $permissionsArray | Format-Table
+    Write-Host -ForegroundColor White -BackgroundColor Blue "Data is stored in the variable permissionsArray."
     }
+    
+    '8' {
+        $searchTerm = Read-Host -Prompt "Input Query"
+        $csvSavePath = Read-Host -Prompt ".csv save"
+
+        #Get mailboxes from search term
+        $mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"}
+
+        #Create array to store the objects
+        [System.Collections.ArrayList]$permissionsArray = @()
+
+        #Get Permissions from mailboxes and create custom object
+        Write-Host "Getting permissions for $mailbox"
+        foreach ($mailbox in $mailboxes) {
+            $permissionsObject = [PSCustomObject]@{
+                displayname = $mailbox.DisplayName
+                emailAddress = $mailbox.PrimarySmtpAddress
+                sendOnBehalfOf = $mailbox.GrantSendOnBehalfTo
+                sendAs = Get-ADPermission $mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}
+                fullAccess = Get-MailboxPermission $mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match “NT AUTHORITY”)} |Select User,Identity,@{Name=”AccessRights”;Expression={$_.AccessRights}} | % {$_.User}
+                }
+            
+            #Add the objects to the permissions array
+            $permissionsArray.Add($permissionsObject) | Out-Null
+        }
+    
+    #Output a cool and nice table and output a .csv
+    $permissionsArray | Format-Table 
+    $permissionsArray | Export-Csv -NoTypeInformation $csvSavePath
+    }
+
     Read-Host -Prompt 'Press Enter to Continue'
 }
 until ($selection -eq 'q')