mirror of
https://github.com/admindroid-community/powershell-scripts.git
synced 2025-12-17 08:25:20 +00:00
184 lines
7.9 KiB
PowerShell
184 lines
7.9 KiB
PowerShell
<#
|
|
=============================================================================================
|
|
Name: List all Exchange Online mailboxes users can access
|
|
Version: 2.0
|
|
Website: m365scripts.com
|
|
Script by: M365Scripts Team
|
|
|
|
Script Highlights:
|
|
~~~~~~~~~~~~~~~~~
|
|
1.Exports mailbox rights for all users by default.
|
|
2.Allows to generate mailbox rights report for a list of users through input CSV.
|
|
3.List mailboxes the users have Send As/Send On Behalf/Full Access permissions.
|
|
4.The script can also be executed with MFA enabled account also.
|
|
5.Export report results to CSV file.
|
|
6.The script is scheduler-friendly. i.e., credentials are passed as parameters, so worry not!
|
|
|
|
For detailed script execution: https://m365scripts.com/exchange-online/URL Sluglist-exchange-online-mailboxes-user-has-access-using-powershell
|
|
|
|
|
|
|
|
Change Log:
|
|
|
|
V1.0 (Apr 27, 2022)- Script created
|
|
v1.1 (Jun 29, 2022)- Error handling added
|
|
v1.3 (July 3, 2024)- Usability added
|
|
V2.0 (Jan 09, 2025)- Due to MS update, GUID shown instead of name in the Identity. Updated the script to show name.
|
|
|
|
============================================================================================
|
|
#>
|
|
Param
|
|
(
|
|
[Parameter(Mandatory = $false)]
|
|
[string]$UserName = $NULL,
|
|
[string]$Password = $NULL,
|
|
[string]$UPN = $NULL,
|
|
[string]$CSV = $NULL,
|
|
[switch]$FullAccess,
|
|
[switch]$SendAs,
|
|
[switch]$SendOnBehalf
|
|
)
|
|
function Connect_Exo {
|
|
#Check for EXO v2 module inatallation
|
|
$Module = Get-Module ExchangeOnlineManagement -ListAvailable
|
|
if ($Module.count -eq 0) {
|
|
Write-Host "Exchange Online PowerShell V2 module is not available" -ForegroundColor yellow
|
|
$Confirm = Read-Host "Are you sure you want to install module? [Y] Yes [N] No"
|
|
if ($Confirm -match "[yY]") {
|
|
Write-host "Installing Exchange Online PowerShell module"
|
|
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force
|
|
}
|
|
else {
|
|
Write-Host EXO V2 module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet.
|
|
Exit
|
|
}
|
|
}
|
|
Write-Host Connecting to Exchange Online...
|
|
#Importing Module by default will avoid the cmdlet unrecognized error
|
|
Import-Module ExchangeOnline -ErrorAction SilentlyContinue -Force
|
|
#Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account
|
|
if (($UserName -ne "") -and ($Password -ne "")) {
|
|
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
|
|
$Credential = New-Object System.Management.Automation.PSCredential $UserName, $SecuredPassword
|
|
Connect-ExchangeOnline -Credential $Credential
|
|
}
|
|
else {
|
|
Connect-ExchangeOnline
|
|
}
|
|
Write-Host "ExchangeOnline PowerShell module is connected successfully"
|
|
}
|
|
function FullAccess {
|
|
$MB_FullAccess = $global:Mailbox | Get-MailboxPermission -User $UPN -ErrorAction SilentlyContinue | Select-Object Identity
|
|
if ($MB_FullAccess.count -ne 0) {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Full Access"; 'Delegated Mailbox Name' = $MB_FullAccess.Identity -join (",") }
|
|
}
|
|
else {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Full Access"; 'Delegated Mailbox Name' = "-" }
|
|
}
|
|
$ExportResults = New-Object PSObject -Property $ExportResult
|
|
$ExportResults | Select-object 'User Name', 'AccessType', 'Delegated Mailbox Name' | Export-csv -path $global:ExportCSVFileName -NoType -Append -Force
|
|
}
|
|
function SendAs {
|
|
$MB_SendAs = Get-RecipientPermission -Trustee $UPN -ErrorAction SilentlyContinue | Select-Object Identity
|
|
if ($MB_SendAs.count -ne 0) {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Send As"; 'Delegated Mailbox Name' = $MB_SendAs.Identity -join (",") }
|
|
}
|
|
else {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Send As"; 'Delegated Mailbox Name' = "-" }
|
|
}
|
|
$ExportResults = New-Object PSObject -Property $ExportResult
|
|
$ExportResults | Select-object 'User Name', 'AccessType', 'Delegated Mailbox Name' | Export-csv -path $global:ExportCSVFileName -NoType -Append -Force
|
|
|
|
}
|
|
function SendOnBehalfTo {
|
|
$MB_SendOnBehalfTo = $global:Mailbox | Where-Object { $_.GrantSendOnBehalfTo -match $Identity } -ErrorAction SilentlyContinue | Select-Object Name
|
|
if ($MB_SendOnBehalfTo.count -ne 0) {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Send on Behalf"; 'Delegated Mailbox Name' = $MB_SendOnBehalfTo.Name -join (",") }
|
|
}
|
|
else {
|
|
$ExportResult = @{'User Name' = $Identity; 'AccessType' = "Send on Behalf"; 'Delegated Mailbox Name' = "-" }
|
|
}
|
|
$ExportResults = New-Object PSObject -Property $ExportResult
|
|
$ExportResults | Select-object 'User Name', 'AccessType', 'Delegated Mailbox Name' | Export-csv -path $global:ExportCSVFileName -NoType -Append -Force
|
|
}
|
|
|
|
|
|
Connect_Exo
|
|
$global:ExportCSVFileName = "MailboxesUserHasAccessTo_" + ((Get-Date -format "MMM-dd hh-mm-ss tt").ToString()) + ".csv"
|
|
$global:Mailbox = Get-Mailbox -ResultSize Unlimited
|
|
if (($UPN -ne "")) {
|
|
$UserInfo = $global:Mailbox | Where-Object { $_.UserPrincipalName -eq "$UPN" } | Select-Object Identity
|
|
$Identity = $UserInfo.Identity
|
|
if ($FullAccess.IsPresent) {
|
|
FullAccess
|
|
}
|
|
if ($SendAs.IsPresent) {
|
|
SendAs
|
|
}
|
|
if ($SendOnBehalf.IsPresent) {
|
|
SendOnBehalfTo
|
|
}
|
|
if((($FullAccess.IsPresent) -eq $false) -and (($SendAs.IsPresent) -eq $false) -and (($SendOnBehalf.IsPresent) -eq $false)){
|
|
FullAccess
|
|
SendAs
|
|
SendOnBehalfTo
|
|
}
|
|
}
|
|
elseif (($CSV -ne "")) {
|
|
Import-Csv $CSV -ErrorAction Stop | ForEach-Object {
|
|
$UPN = $_.UPN
|
|
$UserInfo = $global:Mailbox | Where-Object { $_.UserPrincipalName -eq "$UPN" }
|
|
$Identity = $UserInfo.Displayname
|
|
Write-Progress "Processing for the Mailbox: $Identity"
|
|
if ($FullAccess.IsPresent) {
|
|
FullAccess
|
|
}
|
|
if ($SendAs.IsPresent) {
|
|
SendAs
|
|
}
|
|
if ($SendOnBehalf.IsPresent) {
|
|
SendOnBehalfTo
|
|
}
|
|
if((($FullAccess.IsPresent) -eq $false) -and (($SendAs.IsPresent) -eq $false) -and (($SendOnBehalf.IsPresent) -eq $false)){
|
|
FullAccess
|
|
SendAs
|
|
SendOnBehalfTo
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$MBCount = 0
|
|
$global:Mailbox | ForEach-Object {
|
|
$MBCount = $MBCount + 1
|
|
$UPN = $_.UserPrincipalName
|
|
$Identity = $_.DisplayName
|
|
Write-Progress -Activity "Processing for : $Identity" -Status "Processed mailbox Count: $MBCount"
|
|
if ($FullAccess.IsPresent) {
|
|
FullAccess
|
|
}
|
|
if ($SendAs.IsPresent) {
|
|
SendAs
|
|
}
|
|
if ($SendOnBehalf.IsPresent) {
|
|
SendOnBehalfTo
|
|
}
|
|
if((($FullAccess.IsPresent) -eq $false) -and (($SendAs.IsPresent) -eq $false) -and (($SendOnBehalf.IsPresent) -eq $false)){
|
|
FullAccess
|
|
SendAs
|
|
SendOnBehalfTo
|
|
}
|
|
}
|
|
}
|
|
if ((Test-Path -Path $global:ExportCSVFileName) -eq "True") {
|
|
Write-Host `n "The Output file availble in: " -NoNewline -ForegroundColor Yellow; Write-Host "`"$global:ExportCSVFileName`""`n
|
|
$prompt = New-Object -ComObject wscript.shell
|
|
$userInput = $prompt.popup("Do you want to open output files?", 0, "Open Output File", 4)
|
|
if ($userInput -eq 6) {
|
|
Invoke-Item "$global:ExportCSVFileName"
|
|
}
|
|
}
|
|
Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue
|
|
Write-Host "Disconnected active ExchangeOnline session"
|
|
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
|
|
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
|