External/powershell-scripts
1
0
Fork 0
mirror of https://github.com/admindroid-community/powershell-scripts.git synced 2025-12-17 16:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Export Non-owner Mailbox Access report

Browse Source 
update done
This commit is contained in:
AdminDroid 2020-02-18 11:16:58 +05:30
parent d645e2cb0e
commit 884f188feb
1 changed files with 73 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
Office 365 Non-owner Mailbox Access Report/NonOwnerMBAccessReport.ps1
View File

@ -14,7 +14,7 @@ if ((($StartDate -eq $null) -and ($EndDate -ne $null)) -or (($StartDate -ne $nul
{ {
Write-Host `nPlease enter both StartDate and EndDate for Audit log collection -ForegroundColor Red Write-Host `nPlease enter both StartDate and EndDate for Audit log collection -ForegroundColor Red
exit exit
} }
elseif(($StartDate -eq $null) -and ($EndDate -eq $null)) elseif(($StartDate -eq $null) -and ($EndDate -eq $null))
{ {
$StartDate=(((Get-Date).AddDays(-90))).Date $StartDate=(((Get-Date).AddDays(-90))).Date
@ -25,7 +25,7 @@ else
$StartDate=[DateTime]$StartDate $StartDate=[DateTime]$StartDate
$EndDate=[DateTime]$EndDate $EndDate=[DateTime]$EndDate
if($StartDate -lt ((Get-Date).AddDays(-90))) if($StartDate -lt ((Get-Date).AddDays(-90)))
{ {
Write-Host `nAudit log can be retrieved only for past 90 days. Please select a date after (Get-Date).AddDays(-90) -ForegroundColor Red Write-Host `nAudit log can be retrieved only for past 90 days. Please select a date after (Get-Date).AddDays(-90) -ForegroundColor Red
Exit Exit
} }
@ -37,66 +37,66 @@ else
} }
#Authentication using MFA #Authentication using MFA
if($MFA.IsPresent) if($MFA.IsPresent)
{ {
$MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1) $MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1)
If ($MFAExchangeModule -eq $null) If ($MFAExchangeModule -eq $null)
{ {
Write-Host `nPlease install Exchange Online MFA Module. -ForegroundColor yellow Write-Host `nPlease install Exchange Online MFA Module. -ForegroundColor yellow
Write-Host You can manually install module using below blog : `nhttps://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/ `nOR you can install module directly by entering "Y"`n Write-Host You can manually install module using below blog : `nhttps://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/ `nOR you can install module directly by entering "Y"`n
$Confirm= Read-Host `nAre you sure you want to install module directly? [Y] Yes [N] No $Confirm= Read-Host `nAre you sure you want to install module directly? [Y] Yes [N] No
if($Confirm -match "[Y]") if($Confirm -match "[Y]")
{ {
Start-Process "iexplore.exe" "https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application" Start-Process "iexplore.exe" "https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application"
} }
else else
{ {
Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/' Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/'
Exit Exit
} }
$Confirmation= Read-Host Have you installed Exchange Online MFA Module? [Y] Yes [N] No $Confirmation= Read-Host Have you installed Exchange Online MFA Module? [Y] Yes [N] No
if($Confirmation -match "[yY]") if($Confirmation -match "[yY]")
{ {
$MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1) $MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1)
If ($MFAExchangeModule -eq $null) If ($MFAExchangeModule -eq $null)
{ {
Write-Host Exchange Online MFA module is not available -ForegroundColor red Write-Host Exchange Online MFA module is not available -ForegroundColor red
Exit Exit
} }
} }
else else
{ {
Write-Host Exchange Online PowerShell Module is required Write-Host Exchange Online PowerShell Module is required
Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/' Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/'
Exit Exit
} }
} }
#Importing Exchange MFA Module
. "$MFAExchangeModule"
Write-Host Enter credential in prompt to connect to Exchange Online
Connect-EXOPSSession -WarningAction SilentlyContinue
}
#Authentication using non-MFA #Importing Exchange MFA Module
else . "$MFAExchangeModule"
{ Write-Host Enter credential in prompt to connect to Exchange Online
#Storing credential in script for scheduling purpose/ Passing credential as parameter Connect-EXOPSSession -WarningAction SilentlyContinue
if(($UserName -ne "") -and ($Password -ne "")) }
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
}
else
{
$Credential=Get-Credential -Credential $null
}
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $Session -AllowClobber -DisableNameChecking | Out-Null
}
$OutputCSV=".\NonOwner-Mailbox-Access-Report_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv" #Authentication using non-MFA
else
{
#Storing credential in script for scheduling purpose/ Passing credential as parameter
if(($UserName -ne "") -and ($Password -ne ""))
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
}
else
{
$Credential=Get-Credential -Credential $null
}
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $Session -AllowClobber -DisableNameChecking | Out-Null
}
$OutputCSV=".\NonOwner-Mailbox-Access-Report_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)' $IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)'
$CurrentStart=$StartDate $CurrentStart=$StartDate
$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes) $CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
@ -116,7 +116,7 @@ $NonOwnerAccess=0
Write-Host `nRetrieving audit log from $StartDate to $EndDate... -ForegroundColor Yellow Write-Host `nRetrieving audit log from $StartDate to $EndDate... -ForegroundColor Yellow
while($true) while($true)
{ {
#Write-Host Retrieving audit log between StartDate $CurrentStart to EndDate $CurrentEnd ******* IntervalTime $IntervalTimeInMinutes minutes #Write-Host Retrieving audit log between StartDate $CurrentStart to EndDate $CurrentEnd ******* IntervalTime $IntervalTimeInMinutes minutes
if($CurrentStart -eq $CurrentEnd) if($CurrentStart -eq $CurrentEnd)
{ {
@ -140,7 +140,7 @@ while($true)
if($AuditData.LogonType -eq 0) if($AuditData.LogonType -eq 0)
{ {
continue continue
} }
#Filter for external access #Filter for external access
if(($IncludeExternalAccess -eq $false) -and ($AuditData.ExternalAccess -eq $true)) if(($IncludeExternalAccess -eq $false) -and ($AuditData.ExternalAccess -eq $true))
@ -149,7 +149,7 @@ while($true)
} }
#Processing non-owner mailbox access records #Processing non-owner mailbox access records
if(($AuditData.LogonUserId -ne $AuditData.MailboxOwnerSid) -or ((($AuditData.Operation -eq "SendAs") -or ($AuditData.Operation -eq "SendOnBehalf")) -and ($AuditData.UserType -eq 0))) if(($AuditData.LogonUserSId -ne $AuditData.MailboxOwnerSid) -or ((($AuditData.Operation -eq "SendAs") -or ($AuditData.Operation -eq "SendOnBehalf")) -and ($AuditData.UserType -eq 0)))
{ {
$AuditData.CreationTime=(Get-Date($AuditData.CreationTime)).ToLocalTime() $AuditData.CreationTime=(Get-Date($AuditData.CreationTime)).ToLocalTime()
if($AuditData.LogonType -eq 1) if($AuditData.LogonType -eq 1)
@ -208,7 +208,7 @@ while($true)
{ {
Write-Host Proceeding audit log collection with data loss Write-Host Proceeding audit log collection with data loss
} }
} }
#Check for last iteration #Check for last iteration
if(($CurrentEnd -eq $EndDate)) if(($CurrentEnd -eq $EndDate))
{ {
@ -225,7 +225,7 @@ while($true)
{ {
$CurrentEnd=$EndDate $CurrentEnd=$EndDate
} }
$CurrentResultCount=0 $CurrentResultCount=0
$CurrentResult = @() $CurrentResult = @()
} }
@ -239,15 +239,15 @@ If($AggregateResults -eq 0)
else else
{ {
Write-Host `nThe output file contains $NonOwnerAccess audit records Write-Host `nThe output file contains $NonOwnerAccess audit records
if((Test-Path -Path $OutputCSV) -eq "True") if((Test-Path -Path $OutputCSV) -eq "True")
{ {
Write-Host `nThe Output file available in $OutputCSV -ForegroundColor Green Write-Host `nThe Output file available in $OutputCSV -ForegroundColor Green
$Prompt = New-Object -ComObject wscript.shell $Prompt = New-Object -ComObject wscript.shell
$UserInput = $Prompt.popup("Do you want to open output file?",` $UserInput = $Prompt.popup("Do you want to open output file?",`
0,"Open Output File",4) 0,"Open Output File",4)
If ($UserInput -eq 6) If ($UserInput -eq 6)
{ {
Invoke-Item "$OutputCSV" Invoke-Item "$OutputCSV"
} }
} }
} }