Add permission checking functionality

This commit is contained in:
Jeremy D. Berkleef 2021-11-04 11:22:40 +01:00
parent 778dcd93cf
commit 210e74c6a4
2 changed files with 70 additions and 1 deletions

View File

@ -43,3 +43,6 @@
### 6. Set mailbox locale based on a search term ### 6. Set mailbox locale based on a search term
This allows you to change a large number of mailboxes' language, time zone and date format settings in one go. This allows you to change a large number of mailboxes' language, time zone and date format settings in one go.
### 7. and 8.
These allow you to list all permissions for mailboxes based on a search term or export them to .csv.

View File

@ -29,6 +29,14 @@
Write-Host -ForegroundColor Cyan " '6' " -NoNewline Write-Host -ForegroundColor Cyan " '6' " -NoNewline
Write-Host "to change mailbox locale/language based on a search term." Write-Host "to change mailbox locale/language based on a search term."
Write-Host "7: Press" -NoNewline
Write-Host -ForegroundColor Cyan " '7' " -NoNewline
Write-Host "to list all mailbox permissions based on a search term."
Write-Host "8: Press" -NoNewline
Write-Host -ForegroundColor Cyan " '8' " -NoNewline
Write-Host "to list all mailbox permissions based on a search term and export to a .csv."
Write-Host "Q: Press" -NoNewline Write-Host "Q: Press" -NoNewline
Write-Host -ForegroundColor Red " 'Q' " -NoNewline Write-Host -ForegroundColor Red " 'Q' " -NoNewline
Write-Host "to quit." Write-Host "to quit."
@ -141,7 +149,65 @@ do
Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"} | Set-MailboxRegionalConfiguration -Language "$targetLanguage" -TimeZone "$targetTimezone" -DateFormat "$targetDateFormat" Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"} | Set-MailboxRegionalConfiguration -Language "$targetLanguage" -TimeZone "$targetTimezone" -DateFormat "$targetDateFormat"
} }
'7' {
$searchTerm = Read-Host -Prompt "Input Query"
#Get mailboxes from search term
$mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"}
#Create array to store the objects
[System.Collections.ArrayList]$permissionsArray = @()
#Get Permissions from mailboxes and create custom object
Write-Host "Getting permissions for $mailbox"
foreach ($mailbox in $mailboxes) {
$permissionsObject = [PSCustomObject]@{
displayname = $mailbox.DisplayName
emailAddress = $mailbox.PrimarySmtpAddress
sendOnBehalfOf = $mailbox.GrantSendOnBehalfTo
sendAs = Get-ADPermission $mailbox.identity | where {($_.ExtendedRights -like *Send-As*) -and -not ($_.User -like NT AUTHORITY\SELF) -and -not ($_.User -like s-1-5-21*)} | % {$_.User}
fullAccess = Get-MailboxPermission $mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match NT AUTHORITY)} |Select User,Identity,@{Name=AccessRights;Expression={$_.AccessRights}} | % {$_.User}
}
#Add the objects to the permissions array
$permissionsArray.Add($permissionsObject) | Out-Null
}
#Output a cool and nice table
$permissionsArray | Format-Table
Write-Host -ForegroundColor White -BackgroundColor Blue "Data is stored in the variable permissionsArray."
} }
'8' {
$searchTerm = Read-Host -Prompt "Input Query"
$csvSavePath = Read-Host -Prompt ".csv save"
#Get mailboxes from search term
$mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object {$_.EmailAddresses -like "$searchTerm"}
#Create array to store the objects
[System.Collections.ArrayList]$permissionsArray = @()
#Get Permissions from mailboxes and create custom object
Write-Host "Getting permissions for $mailbox"
foreach ($mailbox in $mailboxes) {
$permissionsObject = [PSCustomObject]@{
displayname = $mailbox.DisplayName
emailAddress = $mailbox.PrimarySmtpAddress
sendOnBehalfOf = $mailbox.GrantSendOnBehalfTo
sendAs = Get-ADPermission $mailbox.identity | where {($_.ExtendedRights -like *Send-As*) -and -not ($_.User -like NT AUTHORITY\SELF) -and -not ($_.User -like s-1-5-21*)} | % {$_.User}
fullAccess = Get-MailboxPermission $mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match NT AUTHORITY)} |Select User,Identity,@{Name=AccessRights;Expression={$_.AccessRights}} | % {$_.User}
}
#Add the objects to the permissions array
$permissionsArray.Add($permissionsObject) | Out-Null
}
#Output a cool and nice table and output a .csv
$permissionsArray | Format-Table
$permissionsArray | Export-Csv -NoTypeInformation $csvSavePath
}
Read-Host -Prompt 'Press Enter to Continue' Read-Host -Prompt 'Press Enter to Continue'
} }
until ($selection -eq 'q') until ($selection -eq 'q')