External/powershell-scripts
1
0
Fork 0
mirror of https://github.com/admindroid-community/powershell-scripts.git synced 2025-12-17 16:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Non-Owner Mailbox Access Report

Browse Source 
Spl handling for send as and send-on-behalf activities to get an accurate result
This commit is contained in:
AdminDroid 2024-09-24 15:03:09 +05:30
parent 8997bd5fec
commit b6f95438dd
1 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Office 365 Non-owner Mailbox Access Report/NonOwnerMBAccessReport.ps1
View File

@ -4,6 +4,7 @@ Name: Export Non-Owner Mailbox Access Report
Version: 2.0 Version: 2.0
Website: o365reports.com Website: o365reports.com
Script Highlights: Script Highlights:
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
@ -15,6 +16,16 @@ Script Highlights:
6.The script supports Certificate-based authentication too. 6.The script supports Certificate-based authentication too.
For detailed script execution: https://o365reports.com/2020/02/04/export-non-owner-mailbox-access-report-to-csv/ For detailed script execution: https://o365reports.com/2020/02/04/export-non-owner-mailbox-access-report-to-csv/
Change Log
~~~~~~~~~~
V1.0 (Feb 17, 2020) - File created
V1.1 (Oct 06, 2023) - Minor changes
V2.0 (Nov 25, 2023) - Added certificate-based authentication support to enhance scheduling capability
V2.1 (Sep 24, 2024) - Special handling done to track send as and send-on-behalf activities accurately.
============================================================================================ ============================================================================================
#> #>
@ -101,7 +112,7 @@ $OutputCSV=".\NonOwner-Mailbox-Access-Report_$((Get-Date -format yyyy-MMM-dd-ddd
$IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)' $IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)'
$CurrentStart=$StartDate $CurrentStart=$StartDate
$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes) $CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
$Operation='ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItem','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules' $Operation='ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItems','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules'
#Check whether CurrentEnd exceeds EndDate(checks for 1st iteration) #Check whether CurrentEnd exceeds EndDate(checks for 1st iteration)
@ -168,12 +179,12 @@ while($true)
if($AuditData.Operation -eq "SendAs") if($AuditData.Operation -eq "SendAs")
{ {
$AccessedMB=$AuditData.SendAsUserSMTP $AccessedMB=$AuditData.SendAsUserSMTP
$AccessedBy=$AuditData.MailboxOwnerUPN $AccessedBy=$AuditData.UserId
} }
elseif($AuditData.Operation -eq "SendOnBehalf") elseif($AuditData.Operation -eq "SendOnBehalf")
{ {
$AccessedMB=$AuditData.SendOnBehalfOfUserSmtp $AccessedMB=$AuditData.SendOnBehalfOfUserSmtp
$AccessedBy=$AuditData.MailboxOwnerUPN $AccessedBy=$AuditData.UserId
} }
else else
{ {
@ -185,15 +196,16 @@ while($true)
Continue Continue
} }
$NonOwnerAccess++ $NonOwnerAccess++
$AllAudits=@{'Access Time'=$AuditData.CreationTime;'Accessed by'=$AccessedBy;'Performed Operation'=$AuditData.Operation;'Accessed Mailbox'=$AccessedMB;'Logon Type'=$LogonType;'Result Status'=$AuditData.ResultStatus;'External Access'=$AuditData.ExternalAccess} $AllAudits=@{'Access Time'=$AuditData.CreationTime;'Accessed by'=$AccessedBy;'Performed Operation'=$AuditData.Operation;'Accessed Mailbox'=$AccessedMB;'Logon Type'=$LogonType;'Result Status'=$AuditData.ResultStatus;'External Access'=$AuditData.ExternalAccess;'More Info'=$Result.auditdata}
$AllAuditData= New-Object PSObject -Property $AllAudits $AllAuditData= New-Object PSObject -Property $AllAudits
$AllAuditData | Sort 'Access Time','Accessed by' | select 'Access Time','Logon Type','Accessed by','Performed Operation','Accessed Mailbox','Result Status','External Access' | Export-Csv $OutputCSV -NoTypeInformation -Append $AllAuditData | Sort 'Access Time','Accessed by' | select 'Access Time','Logon Type','Accessed by','Performed Operation','Accessed Mailbox','Result Status','External Access','More Info' | Export-Csv $OutputCSV -NoTypeInformation -Append
} }
} }
Write-Progress -Activity "`n Retrieving audit log from $StartDate to $EndDate.."`n" Processed audit record count: $AggregateResults"
#$CurrentResult += $Results #$CurrentResult += $Results
$currentResultCount=$CurrentResultCount+($Results.count) $currentResultCount=$CurrentResultCount+($Results.count)
$AggregateResults +=$Results.count $AggregateResults +=$Results.count
Write-Progress -Activity "`n Retrieving audit log for $CurrentStart : $CurrentResultCount records"`n" Total processed audit record count: $AggregateResults"
if(($CurrentResultCount -eq 50000) -or ($Results.count -lt 5000)) if(($CurrentResultCount -eq 50000) -or ($Results.count -lt 5000))
{ {
if($CurrentResultCount -eq 50000) if($CurrentResultCount -eq 50000)
@ -232,6 +244,10 @@ while($true)
} }
} }
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
If($AggregateResults -eq 0) If($AggregateResults -eq 0)
{ {
Write-Host No records found Write-Host No records found
@ -244,8 +260,6 @@ else
{ {
Write-Host `nThe Output file available in: -NoNewline -ForegroundColor Yellow Write-Host `nThe Output file available in: -NoNewline -ForegroundColor Yellow
Write-Host $OutputCSV Write-Host $OutputCSV
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
$Prompt = New-Object -ComObject wscript.shell $Prompt = New-Object -ComObject wscript.shell
$UserInput = $Prompt.popup("Do you want to open output file?",` $UserInput = $Prompt.popup("Do you want to open output file?",`
0,"Open Output File",4) 0,"Open Output File",4)