======Microsoft - Exchange Server - PowerShell - Snippets======
[[https://technet.microsoft.com/en-us/library/bb124413(v=exchg.150).aspx|TechNet - Exchange 2013 cmdlets]] \\
[[https://technet.microsoft.com/en-us/library/bb124413(v=exchg.141).aspx|TechNet - Exchange 2010 Cmdlets]] \\
[[https://technet.microsoft.com/en-us/library/bb124413(v=exchg.80).aspx|TechNet - Exchange Management Shell]] for Exchange 2007 cmdlets. \\
[[http://theessentialexchange.com/blogs/michael/archive/2010/07/19/exchange-email-address-template-objects-in-powershell.aspx|Michael's meanderings - Exchange Email Address Template Objects in PowerShell]] \\
=====Get message size/recipient limits=====
// Tested on Exchange Server 2007 and 2013. //
For the configured Receive Connectors:
Get-ReceiveConnector | Select-Object Identity,MaxMessageSize,MaxRecipientsPerMessage | Format-Table -AutoSize
For the configured Send Connectors:
Get-SendConnector | Select-Object Identity,MaxMessageSize,SmtpMaxMessagesPerConnection | Format-Table -AutoSize
For the Exchange organization Transport Configuration:
Get-TransportConfig | Select-Object Identity,MaxReceiveSize,MaxRecipientEnvelopeLimit,MaxSendSize | Format-Table -AutoSize
For each Transport Server (use Get-TransportServer for Exchange 2007 and 2010 instead of Get-TransportService):
Get-TransportService | Select-Object Identity,PickupDirectoryMaxRecipientsPerMessage | Format-Table -AutoSize
=====Get Database Quota=====
// Tested on Exchange 2007. //
Get-MailboxDatabase | Select-Object Identity,ProhibitSendQuota,IssueWarningQuota,ProhibitSendReceiveQuota | Format-Table -Wrap
=====Get mailboxes with specific quota's=====
// Tested on Exchange 2007. //
Get-Mailbox | Select-Object Name,UseDatabaseQuotaDefaults,ProhibitSendQuota,ProhibitSendReceiveQuota | Where-Object {$_.UseDatabaseQuotaDefaults -eq $false}
=====Get mailboxes and distribution groups with e-mail address policy disabled=====
// Tested on Exchange 2007. //
Get-Mailbox | Where-Object { $_.EmailAddressPolicyEnabled -eq $false } | Select-Object DisplayName,ServerName,PrimarySmtpAddress| Format-Table -AutoSize
Get-DistributionGroup | Where-Object { $_.EmailAddressPolicyEnabled -eq $false } | Select-Object DisplayName,PrimarySmtpAddress | Format-Table -AutoSize
=====Get mailboxes and distribution that are hidden from address lists=====
// Tested on Exchange 2007. //
Get-Mailbox | Where-Object { $_.HiddenFromAddressListsEnabled -eq $true } | Select-Object DisplayName,HiddenFromAddressListsEnabled | Format-Table -AutoSize
Get-DistributionGroup | Where-Object { $_.HiddenFromAddressListsEnabled -eq $true } | Select-Object DisplayName,HiddenFromAddressListsEnabled | Format-Table -AutoSize
=====Get Address Lists=====
// Tested on Exchange 2007. //
Get-AddressList | Format-Table -AutoSize
=====Get Accepted Domains=====
// Tested on Exchange 2007. //
Get-AcceptedDomain | Format-Table -AutoSize
=====Get a report on mail sent to X=====
// Tested with Exchange 2013. \\
Use Get-TransportServer instead of Get-TransportService on Exchange 2010. //
# The recipient to filter on
$strRecipient = "name@domain.com"
# Startdate in MM/DD/YYYY format for searching
$strStartDate = "11/06/2014"
# Name and location of the log file to create
$strCsvLogFile = "C:\TEMP\report.csv"
# Get results and store in CSV
Get-TransportService | Get-MessageTrackingLog -ResultSize Unlimited -Start $strStartDate -Recipient $strRecipient | Select-Object Timestamp,EventId,MessageSubject,Sender,{$_.Recipients},TotalBytes,RecipientCount,ReturnPath | Export-Csv "$strCsvLogFile" -NoTypeInformation
=====Disable email address policy on all mailboxes=====
Get-Mailbox | Set-Mailbox -EmailAddressPolicyEnabled $False
Source:[[http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-email-address-policies.html|Managing E-Mail Address Policies in Exchange Server 2007]]
=====Report over all mailboxes=====
Report of all mailboxes on a specific server with total number of items, size in MB, sorted by size:
$strServer = "servername"
$strLogFile = "C:\Temp\MailboxSizes.csv"
Get-Mailbox -Server $strServer | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select DisplayName, ItemCount, @{name="SizeInMB";expression={$_.TotalItemSize.value.ToMB()}},@{name="DeletedItemSizeInMB";expression={$_.TotalDeletedItemSize.value.ToMB()}} | Export-Csv -Path "$strLogFile" -NoTypeInformation
Source: Comment of GoodThings2Life at [[http://exchangeshare.wordpress.com/2008/04/23/emc-where-are-mailbox-total-items-size-kb-columns/|EMC - Where are Mailbox Total Items & Size (KB) Columns?]]
Report of all mailboxes with total number of items, size in MB, sorted by size:
$strLogFile = "C:\Temp\MailboxSizes.csv"
Get-Mailbox | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select DisplayName, ItemCount, @{name="SizeInMB";expression={$_.TotalItemSize.value.ToMB()}},@{name="DeletedItemSizeInMB";expression={$_.TotalDeletedItemSize.value.ToMB()}} | Export-Csv -Path "$strLogFile" -NoTypeInformation
Source: Comment of GoodThings2Life at [[http://exchangeshare.wordpress.com/2008/04/23/emc-where-are-mailbox-total-items-size-kb-columns/|EMC - Where are Mailbox Total Items & Size (KB) Columns?]]
Report of all mailboxes with total number of items, size in MB, and mailbox store sorted by size:
Get-MailboxStatistics -server servernaam | Sort-Object TotalItemSize -Descending | Select DisplayName, ItemCount, @{expression={$_.TotalItemSize.value.ToMB()}}, Database | Export-CSV MailboxSizes.csv
Report of all mailboxes under a specific OU with number of items, and size in MB:
Get-Mailbox -OrganizationalUnit "OU=name,DC=domain,DC=local" | foreach {Get-Mailboxstatistics $_ | Sort-Object TotalItemSize -Descending | Select DisplayName, ItemCount, @{expression={$_.TotalItemSize.value.ToMB()}} }|Export-CSV mailboxuse.csv
=====Mailbox move requests=====
Get the DisplayName and Mailbox size in MB of alle the mailbox move requests with status "Completed":
(Get-MoveRequest|Where-Object {$_.Status -eq "Completed"})|ForEach {Get-MailboxStatistics $_.Name}|Select-Object Displayname,@{expression={$_.TotalItemSize.value.ToMB()}}
=====Public Folder permissions======
Tested with Exchange 2007: Get a list of Public Folder permissions starting at a specific folder, examining all folders below and export to CSV:
Get-PublicFolder -Identity "\PublicFolderName" -Recurse | Get-PublicFolderClientPermission | Select-Object identity,user,@{Name = 'AccessRights';Expression = {[string]::join(',',$_.AccessRights)}} | Export-Csv c:\tmp\publicfolderperms.csv
Source for AccessRights expression:[[http://wugsaju.blogspot.nl/2009/06/accessrights-exportados-csv.html|·=WugSaJu=· - AccessRights exportados a csv]] \\
=====Add Public Folder access for an account=====
Tested with Exchange 2007: Add an account with Owner permissions to all Public Folders starting at a specific folder:
Get-PublicFolder -Identity "\PublicFolderName" -Recurse | Add-PublicFolderClientPermission -User username -AccessRights Owner
=====Report of mailbox (tested on Exchange 2007)=====
Tested on Exchange 2007: Report of all mailboxes with name, number of items, total size, and total deleted items size:
Get-MailboxStatistics -server servername | Select DisplayName, ItemCount, @{Name="Total Size in MB";expression={$_.TotalItemSize.value.ToMB()}}, @{Name="Total Deleted Items Size in MB";expression={$_.TotalDeletedItemSize.value.ToMB()}} | Export-CSV c:\temp\MailboxSizes.csv -NoTypeInformation
=====Report of public folders=====
Tested on Exchange 2007: Report of all public folders with path, number of items, total size, and total deleted items size:
Get-PublicFolderStatistics -server servername -ResultSize Unlimited | Select FolderPath, ItemCount, @{Name="Total Size in MB";expression={$_.TotalItemSize.value.ToMB()}}, @{Name="Total Deleted Items Size in MB";expression={$_.TotalDeletedItemSize.value.ToMB()}} | Sort-Object FolderPath | Export-CSV c:\temp\PublicFolderSizes.csv -NoTypeInformation
// On Exchange 2016 (and maybe earlier) the .value.ToMB() no longer works, use this one: //
Get-PublicFolderStatistics -ResultSize Unlimited | Select FolderPath, ItemCount, @{Name="Total Size in MB";expression={$_.TotalItemSize.ToMB()}}, @{Name="Total Deleted Items Size in MB";expression={$_.TotalDeletedItemSize.ToMB()}} | Sort-Object FolderPath | Export-CSV c:\temp\PublicFolderSizes.csv -NoTypeInformation
List of all public folders starting at the root folder with name, parentpath, if they are mail enabled, and what kind of content the folder has:
Get-PublicFolder -Identity "\" -Recurse -ResultSize Unlimited | Select-Object Name,ParentPath,Mailenabled,FolderType | Export-CSV c:\temp\PublicFolders.csv -NoTypeInformation
List of all mail enabled public folders with their e-mailaddresses:
Get-MailPublicFolder -ResultSize Unlimited| Select-Object Name,DisplayName,Alias,Identity,WindowsEmailAddress,PrimarySmtpAddress,@{Label="EmailAddresses";Expression={[string]::join(',',$_.EmailAddresses)}} | Export-Csv C:\temp\MailEnabledPublicFolders.csv -NoTypeInformation
// Tested on Exchange Server 2010. //
=====Report of all mailboxes with server and email addressess=====
Tested on Exchange 2007/2010: Report of all mailboxes with server and SMTP email addresses (skip the X.500 addresses).
$strServer = "ServerName"
$strReportFile = "C:\temp\Mailboxes.csv"
# For one server
Get-Mailbox -Server $strServer | Select-Object Displayname,ServerName,@{Name='EmailAddresses';Expression={[string]::join(";", (($_.EmailAddresses -match "smtp") -Replace "smtp:",""))}} | Export-Csv "$strReportFile" -NoTypeInformation
# For all servers
Get-Mailbox | Select-Object Displayname,ServerName,@{Name='EmailAddresses';Expression={[string]::join(";", (($_.EmailAddresses -match "smtp") -Replace "smtp:",""))}} | Export-Csv "$strReportFile" -NoTypeInformation
Source:[[https://exchangeshare.wordpress.com/2008/12/10/powershell-export-multivalued-properties/|Exchange Server Share - PowerShell: Export Multivalued Properties]] \\
=====Adding an email address to a mailbox=====
Set-Mailbox User1 -EmailAddresses @{Add='TestUser1@domain.com’}
Source: [[http://blogs.microsoft.co.il/blogs/scriptfanatic/archive/2010/11/22/Managing-email-addresses-in-exchange-2010.aspx|Shay Levy - Managing email addresses in Exchange 2010]] via [[http://www.mikepfeiffer.net/2010/04/quickly-add-an-email-address-to-an-exchange-mailbox-using-powershell/|Mike Pfeiffer's Blog - Quickly Add an Email Address to an Exchange Mailbox using PowerShell]] \\
=====Create a Dynamic Distribution group containing all accounts with mailboxes in a specific OU=====
New-DynamicDistributionGroup -Name "All janitors" -Alias "All-janitors" -OrganizationalUnit "domain.local/Distribution Lists" -RecipientFilter {(RecipientType -eq 'UserMailbox')} -RecipientContainer "domain.local/Janitors"
Sadly the following doesn't work (see the KB296112 link):
New-DynamicDistributionGroup -Name "All users with mailbox (except janitors)" -Alias "All-users-with-mailbox-except-janitors" -OrganizationalUnit "domain.local/Distribution Lists" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (DistinguishedName -notlike 'OU=Janitors,DC=domain,DC=local')} -RecipientContainer "domain.local"
Sources: \\
[[http://support.microsoft.com/kb/296112/en-us|Microsoft Support - Cannot use an organizational unit or the location of an account for recipient policy (KB296112)]] \\
[[http://technet.microsoft.com/en-us/library/bb124268(EXCHG.80).aspx|Microsoft TechNet - Exchange 2007 - Creating Filters in Recipient Commands]] \\
[[http://technet.microsoft.com/en-us/library/bb738157(EXCHG.80).aspx|Microsoft TechNet - Exchange 2007 - Filterable Properties for the -RecipientFilter Parameter in Exchange 2007 SP1 and SP2]] \\
[[http://technet.microsoft.com/en-us/library/bb125127.aspx|Microsoft TechNet - Exchange 2010 - New-DynamicDistributionGroup]] \\
=====Get list of delegates=====
// Tested on Exchange Server 2007 and 2010. //
Get-Mailbox -ResultSize Unlimited | `
Where-Object {$_.GrantSendOnBehalfTo -ne $null} | `
Select-Object Name,@{Name='GrantSendOnBehalfTo';Expression={[string]::join(";", ($_.GrantSendOnBehalfTo))}}
=====Get the mailbox access permissions of one user=====
// Tested on Exchange Server 2010. //
$strUser = "username"
Get-Mailbox | Get-MailboxPermission | Where-Object {$_.User -match "$strUser"} | Format-Table -AutoSize
// Only shows access granted by an administrator on the Exchange mailbox level. //
=====Get all non-inherited mailbox permissions=====
// Tested with Exchange Server 2010. //
Get-mailbox | `
Get-MailboxPermission | `
Where-Object {$_.IsInherited -ne "True"} | `
Select-Object `
Identity,User,
@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}},InheritanceType | `
Sort-Object Identity | `
Export-Csv -Path C:\Temp\result.csv -NoTypeInformation
Same, but filter on accounts whose Displayname starts with User1:
Get-mailbox | `
Where-Object {$_.DisplayName -match "User1*"} | `
Get-MailboxPermission | `
Where-Object {$_.IsInherited -ne "True"} | `
Select-Object `
Identity,User,
@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}},InheritanceType | `
Sort-Object Identity | `
Export-Csv -Path C:\Temp\result.csv -NoTypeInformation
=====Get all mailbox permissions=====
// Tested on Exchange Server 2010. //
Get-mailbox | `
Get-MailboxPermission | `
Select-Object `
Identity,User,
@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}},InheritanceType,IsInherited,Deny | `
Sort-Object Identity | `
Export-Csv -Path C:\Temp\result.csv -NoTypeInformation
Active Directory side (for SendAs permission) for a specific mailbox (User1):
Get-ADPermission -Identity User1 | `
Select-Object Identity,
User,
@{Name="AccessRights";Expression={[string]::join(";",$_.AccessRights)}},
@{Name="ExtendedRights";Expression={[string]::join(";",$_.ExtendedRights)}},
InheritanceType,
IsInherited,
Deny | `
Export-Csv -Path C:\Temp\result.csv -NoTypeInformation
All AD accounts with SendAs granted to another user:
foreach ($objUser in $(Get-ADUser -Filter *)) {
Get-AdPermission -Identity $objUser.Name | `
Where-Object {$_.ExtendedRights -match "Send" -And $_.User -notmatch "SELF" -And $_.User -notmatch "^S-1-5"} | `
Select-Object Identity,User,AccessRights,ExtendedRights
}
Export all AD accounts with SendAs granted to another user to C:\Temp\YYYY-MM-DD-SendAs.csv:
$objPermissions = @()
foreach ($objUser in $(Get-ADUser -Filter *)) {
$objTemp = Get-AdPermission -Identity $objUser.Name | `
Where-Object {$_.ExtendedRights -match "Send" -And $_.User -notmatch "SELF" -And $_.User -notmatch "^S-1-5"} | `
Select-Object Identity,User,@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}},@{Name="ExtendedRights";Expression={[string]::join(";", ($_.ExtendedRights))}}
$objPermissions += $objTemp
}
$objPermissions | Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-SendAs.csv
All mailboxes with GrantSendOnBehalfTo granted to another user:
Get-Mailbox | `
Where-Object {$_.GrantSendOnBehalfTo -ne $null} | `
Select-Object Name,@{Label="GrantSendOnBehalfTo";Expression={$_.GrantSendOnBehalfTo.Name}} | `
Sort-Object Name | `
Format-Table -AutoSize
Export all mailboxes with GrantSendOnBehalfTo granted to another user to C:\Temp\YYYY-MM-DD-SendOnBehalfTo.csv:
Get-Mailbox | `
Where-Object {$_.GrantSendOnBehalfTo -ne $null} | `
Select-Object Name,@{Label="GrantSendOnBehalfTo";Expression={$_.GrantSendOnBehalfTo.Name}} | `
Sort-Object Name | `
Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-SendOnBehalfTo.csv
List all mailboxes where an unresolvable SID (deleted account/group/object) still has permissions:
Get-Mailbox | Get-MailboxPermission | Where-Object {$_.User -match "^S-1-5"} | Format-Table -AutoSize
Export all non-inherited mailbox permissions to C:\Temp\YYYY-MM-DD-MailboxPermissions.csv:
Get-Mailbox | `
Get-MailboxPermission | `
Where-Object {$_.IsInherited -eq $False -And $_.User -notmatch "SELF" } | `
Select-Object Identity,User,@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}} | `
Sort-Object Identity | `
Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-MailboxPermissions.csv
See also:
* [[https://medium.com/365uc/export-fullaccess-sendas-permissions-for-shared-mailboxes-be2a93d9d206|Medium - 365 UC - Export FullAccess & SendAs permissions for Shared Mailboxes…]]
====Exchange Online====
Mailbox permissions:
Get-EXOMailbox | `
Get-EXOMailboxPermission | `
Where-Object {$_.IsInherited -eq $False -And $_.User -notmatch "SELF" } | `
Select-Object Identity,User,@{Name="AccessRights";Expression={$_.AccessRights -join ";"}} | `
Sort-Object Identity | `
Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-MailboxPermissions.csv
SendOnBehalf:
Get-EXOMailbox -Properties GrantSendOnBehalfTo | `
Where-Object {$_.GrantSendOnBehalfTo -ne $null} | `
Select-Object Name,@{Label="GrantSendOnBehalfTo";Expression={$_.GrantSendOnBehalfTo}} | `
Sort-Object Name | `
Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-SendOnBehalfTo.csv
SendAs:
Get-EXORecipientPermission | `
Where-Object {$_.IsInherited -eq $False -And $_.Trustee -notmatch "SELF" } | `
Select-Object Identity,Trustee,@{Name="AccessRights";Expression={[string]::join(";", ($_.AccessRights))}} | `
Sort-Object Identity | `
Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-RecipientPermissions.csv
=====Add mailbox permissions=====
// Tested on Exchange Server 2010, and 2013. //
$strMailbox = "Mailbox name"
$strPermissionsFor = "User or group"
# Add mailbox full access permissions.
Add-MailboxPermission -Identity "$strMailbox" -User "$strPermissionsFor" -InheritanceType All -AccessRights FullAccess
# Add Send As permissions.
Add-ADPermission -Identity "$strMailbox" -User "$env:USERDOMAIN\$strPermissionsFor" -Extendedrights "Send As"
Office 365 / Exchange Online version:
$strMailbox = "Mailbox name"
$strPermissionsFor = "User or group"
# Add mailbox full access permissions.
Add-MailboxPermission -Identity "$strMailbox" -User "$strPermissionsFor" -InheritanceType All -AccessRights FullAccess
# Add Send As permissions.
Add-RecipientPermission -Identity "$strMailbox" -Trustee "$strPermissionsFor" -AccessRights SendAs
Source: [[https://o365info.com/manage-send-as-permissions-using-powershell-office-365/|o365info.com - Manage Send As Permissions using PowerShell – Office 365]]
=====Export Calendar folder permissions=====
// Tested on Exchange Server 2019. //
// First try the Dutch "Agenda" if that fails, try the default "Calendar". //
$objMailboxes = Get-Mailbox | Sort-Object Name
$objResult = @()
foreach ($objMailbox in $objMailboxes) {
Write-Host $($objMailbox.Name)
try {
$objPerms = Get-MailboxFolderPermission -Identity "$($objMailbox.Name):\Agenda" -ErrorAction Stop
} catch {
$objPerms = Get-MailboxFolderPermission -Identity "$($objMailbox.Name):\Calendar"
}
foreach ($objPerm in $objPerms) {
$objTemp = {} | Select-Object Name,Folder,User,AccessRights
$objTemp.Name = $objMailbox.Name
$objTemp.Folder = $objPerm.FolderName
$objTemp.User = $objPerm.User
$objTemp.AccessRights = [string]::join(" + ", ($objPerm.AccessRights))
$objResult += $objTemp
}
}
$objResult | Export-Csv -NoTypeInformation -Path C:\Temp\$((Get-Date -Format u).SubString(0,10))-CalendarFolderPermissions.csv