mirror of
https://github.com/admindroid-community/powershell-scripts.git
synced 2025-12-17 16:35:19 +00:00
Export Mailbox Permission Report
Export Mailbox Permission Report
This commit is contained in:
AdminDroid
parent
41610c5f0e
commit
f80198f41f
@ -3,6 +3,23 @@
|
|||||||
Name: Export Mailbox Permission Report
|
Name: Export Mailbox Permission Report
|
||||||
Website: o365reports.com
|
Website: o365reports.com
|
||||||
Version: 3.0
|
Version: 3.0
|
||||||
|
|
||||||
|
Script Highlights :
|
||||||
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
1. The script uses Modern authentication to connect to Exchange Online.
|
||||||
|
2. The script display only “Explicitly assigned permissions” to mailboxes which means it will ignore “SELF” permission that each user on his mailbox and inherited permission.
|
||||||
|
3. Exports output to CSV file.
|
||||||
|
4. The script can be executed with MFA enabled account too.
|
||||||
|
5. The script supports certificate based authentication (CBA) too.
|
||||||
|
6. You can choose to either “export permissions of all mailboxes” or pass an input file to get permissions of specific mailboxes alone.
|
||||||
|
7. Allows you to filter output using your desired permissions like Send-as, Send-on-behalf or Full access.
|
||||||
|
8. Output can be filtered based on user/all mailbox type
|
||||||
|
9. Allows you to filter permissions on admin’s mailbox. So that you can view administrative users’ mailbox permission alone.
|
||||||
|
10. Automatically installs the EXO V2 and MS Graph PowerShell modules (if not installed already) upon your confirmation.
|
||||||
|
11. This script is scheduler friendly.
|
||||||
|
|
||||||
|
|
||||||
For detailed Script execution: https://o365reports.com/2019/03/07/export-mailbox-permission-csv/
|
For detailed Script execution: https://o365reports.com/2019/03/07/export-mailbox-permission-csv/
|
||||||
============================================================================================
|
============================================================================================
|
||||||
#>
|
#>
|
||||||
@ -23,40 +40,23 @@ param(
|
|||||||
|
|
||||||
Function ConnectModules
|
Function ConnectModules
|
||||||
{
|
{
|
||||||
$MsGraphModule = Get-Module Microsoft.Graph -ListAvailable
|
$MsGraphBetaModule = Get-Module Microsoft.Graph.Beta -ListAvailable
|
||||||
if($MsGraphModule -eq $null)
|
if($MsGraphBetaModule -eq $null)
|
||||||
{
|
{
|
||||||
Write-host "Important: Microsoft Graph Powershell module is unavailable. It is mandatory to have this module installed in the system to run the script successfully." -ForegroundColor Yellow
|
Write-host "Important: Microsoft Graph Beta module is unavailable. It is mandatory to have this module installed in the system to run the script successfully."
|
||||||
$confirm = Read-Host Are you sure you want to install Microsoft Graph Powershell module? [Y] Yes [N] No
|
$confirm = Read-Host Are you sure you want to install Microsoft Graph Beta module? [Y] Yes [N] No
|
||||||
if($confirm -match "[yY]")
|
if($confirm -match "[yY]")
|
||||||
{
|
{
|
||||||
Write-host "Installing Microsoft Graph Powershell module..."
|
Write-host "Installing Microsoft Graph Beta module..."
|
||||||
Install-Module -Name Microsoft.Graph -Scope CurrentUser
|
Install-Module Microsoft.Graph.Beta -Scope CurrentUser -AllowClobber
|
||||||
Write-host "Microsoft Graph Powershell module is installed in the machine successfully" -ForegroundColor Magenta
|
Write-host "Microsoft Graph Beta module is installed in the machine successfully" -ForegroundColor Magenta
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
Write-host "Exiting. `nNote: Microsoft Graph Powershell module must be available in your system to run the script" -ForegroundColor Red
|
Write-host "Exiting. `nNote: Microsoft Graph Beta module must be available in your system to run the script" -ForegroundColor Red
|
||||||
Exit
|
Exit
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
[Version]$InstalledVersion = (Get-InstalledModule Microsoft.Graph).Version
|
|
||||||
$Result = $InstalledVersion.CompareTo([Version]"1.10.0")
|
|
||||||
if($Result -eq -1)
|
|
||||||
{
|
|
||||||
$Confirm = Read-Host "The installed version of the Microsoft Graph Powershell module is not supported. Do you want to update the module? [Y] Yes [N] No"
|
|
||||||
if($confirm -match "[yY]")
|
|
||||||
{
|
|
||||||
Update-Module -Name Microsoft.Graph
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
Exit
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$ExchangeOnlineModule = Get-Module ExchangeOnlineManagement -ListAvailable
|
$ExchangeOnlineModule = Get-Module ExchangeOnlineManagement -ListAvailable
|
||||||
if($ExchangeOnlineModule -eq $null)
|
if($ExchangeOnlineModule -eq $null)
|
||||||
{
|
{
|
||||||
@ -110,7 +110,7 @@ Function ConnectModules
|
|||||||
Write-Host $_.Exception.message -ForegroundColor Red
|
Write-Host $_.Exception.message -ForegroundColor Red
|
||||||
Exit
|
Exit
|
||||||
}
|
}
|
||||||
Write-Host "Microsoft Graph Powershell module is connected successfully" -ForegroundColor Cyan
|
Write-Host "Microsoft Graph Beta PowerShell module is connected successfully" -ForegroundColor Cyan
|
||||||
Write-Host "Exchange Online module is connected successfully" -ForegroundColor Cyan
|
Write-Host "Exchange Online module is connected successfully" -ForegroundColor Cyan
|
||||||
}
|
}
|
||||||
Function Print_Output
|
Function Print_Output
|
||||||
@ -173,7 +173,7 @@ Function Get_MailBoxData
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
#Get admin roles assigned to user
|
#Get admin roles assigned to user
|
||||||
$RoleList=Get-MgUserTransitiveMemberOf -UserId $UserId|Select-Object -ExpandProperty AdditionalProperties
|
$RoleList=Get-MgBetaUserTransitiveMemberOf -UserId $UPN|Select-Object -ExpandProperty AdditionalProperties
|
||||||
$RoleList = $RoleList|?{$_.'@odata.type' -eq '#microsoft.graph.directoryRole'}
|
$RoleList = $RoleList|?{$_.'@odata.type' -eq '#microsoft.graph.directoryRole'}
|
||||||
$Roles = @($RoleList.displayName) -join ','
|
$Roles = @($RoleList.displayName) -join ','
|
||||||
if($RoleList.count -eq 0)
|
if($RoleList.count -eq 0)
|
||||||
@ -194,13 +194,14 @@ Function CloseConnection
|
|||||||
Disconnect-ExchangeOnline -Confirm:$false
|
Disconnect-ExchangeOnline -Confirm:$false
|
||||||
}
|
}
|
||||||
ConnectModules
|
ConnectModules
|
||||||
|
Write-Host "`nNote: If you encounter module related conflicts, run the script in a fresh PowerShell window." -ForegroundColor Yellow
|
||||||
|
|
||||||
Write-Progress -Activity Completed -Completed
|
Write-Progress -Activity Completed -Completed
|
||||||
Select-MgProfile -Name beta
|
|
||||||
#Set output file
|
#Set output file
|
||||||
$Location = (Get-Location)
|
$Location = (Get-Location)
|
||||||
$ExportCSV = "$($Location)\MBPermission_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm-ss` tt).ToString()).csv"
|
$ExportCSV = "$($Location)\MBPermission_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm-ss` tt).ToString()).csv"
|
||||||
$Result = "" ; $Mailboxes = @(); $MBUserCount = 1;
|
$Result = "" ; $Mailboxes = @(); $MBUserCount = 1;
|
||||||
$Users = Get-MgUser -All
|
$Users = Get-MgBetaUser -All
|
||||||
#Check for AccessType filter
|
#Check for AccessType filter
|
||||||
if(($FullAccess.IsPresent) -or ($SendAs.IsPresent) -or ($SendOnBehalf.IsPresent))
|
if(($FullAccess.IsPresent) -or ($SendAs.IsPresent) -or ($SendOnBehalf.IsPresent))
|
||||||
{
|
{
|
||||||
@ -233,7 +234,6 @@ if ($MBNamesFile -ne "")
|
|||||||
}
|
}
|
||||||
$DisplayName = $MailBox.DisplayName
|
$DisplayName = $MailBox.DisplayName
|
||||||
$UPN = $MailBox.UserPrincipalName
|
$UPN = $MailBox.UserPrincipalName
|
||||||
$UserId = $MailBox.ExternalDirectoryObjectId
|
|
||||||
$MBType = $MailBox.RecipientTypeDetails
|
$MBType = $MailBox.RecipientTypeDetails
|
||||||
$SendOnBehalfPermissions = $MailBox.GrantSendOnBehalfTo
|
$SendOnBehalfPermissions = $MailBox.GrantSendOnBehalfTo
|
||||||
Get_MailBoxData
|
Get_MailBoxData
|
||||||
@ -244,7 +244,6 @@ else
|
|||||||
Get-EXOMailbox -ResultSize Unlimited -PropertySets All | Where{$_.DisplayName -notlike "Discovery Search Mailbox"} |ForEach-Object{
|
Get-EXOMailbox -ResultSize Unlimited -PropertySets All | Where{$_.DisplayName -notlike "Discovery Search Mailbox"} |ForEach-Object{
|
||||||
$DisplayName = $_.DisplayName
|
$DisplayName = $_.DisplayName
|
||||||
$UPN = $_.UserPrincipalName
|
$UPN = $_.UserPrincipalName
|
||||||
$UserId = $_.ExternalDirectoryObjectId
|
|
||||||
$MBType = $_.RecipientTypeDetails
|
$MBType = $_.RecipientTypeDetails
|
||||||
$SendOnBehalfPermissions = $_.GrantSendOnBehalfTo
|
$SendOnBehalfPermissions = $_.GrantSendOnBehalfTo
|
||||||
Get_MailBoxData
|
Get_MailBoxData
|
||||||
@ -254,7 +253,7 @@ else
|
|||||||
Write-Host `nScript executed successfully
|
Write-Host `nScript executed successfully
|
||||||
if((Test-Path -Path $ExportCSV) -eq "True")
|
if((Test-Path -Path $ExportCSV) -eq "True")
|
||||||
{
|
{
|
||||||
Write-Host Detailed report available in: $ExportCSV -ForegroundColor Green
|
Write-Host Detailed report available in: -NoNewline -Foregroundcolor Yellow; Write-Host " $ExportCSV"
|
||||||
$Prompt = New-Object -ComObject wscript.shell
|
$Prompt = New-Object -ComObject wscript.shell
|
||||||
$UserInput = $Prompt.popup("Do you want to open output file?",` 0,"Open Output File",4)
|
$UserInput = $Prompt.popup("Do you want to open output file?",` 0,"Open Output File",4)
|
||||||
if ($UserInput -eq 6)
|
if ($UserInput -eq 6)
|
||||||
@ -266,4 +265,6 @@ else
|
|||||||
{
|
{
|
||||||
Write-Host No mailbox found that matches your criteria. -ForegroundColor Red
|
Write-Host No mailbox found that matches your criteria. -ForegroundColor Red
|
||||||
}
|
}
|
||||||
|
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
|
||||||
|
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
|
||||||
CloseConnection
|
CloseConnection
|
||||||
Loading…
x
Reference in New Issue
Block a user