使用Powershell审核Exchange 2007邮箱的完全访问权限
[英]Auditing Exchange 2007 Mailbox Full Access Permissions with Powershell
问题描述
I on occasion I get asked to produce a list of users who have Full Access rights to a particular Exchange 2007 Mailbox. 
有时我会被要求产生一个对特定Exchange 2007邮箱具有完全访问权限的用户列表。 At the moment I am doing this manually, and I'd ideally like to do it with Powershell. 目前,我正在手动执行此操作,并且理想情况下,我希望使用Powershell进行此操作。
Is there anyway to produce a list of Full Access Permissions (and Send On Behalf rights would also be useful). 无论如何,有没有产生完全访问权限的列表(并且“代表发送”权限也将很有用)。
Thanks, Jonny 谢谢乔尼
5 个解决方案
解决方案1
2 已采纳 2010-01-04 15:35:28
Send-As permissions are stored in active directory, so it's a bit tricky to get at them. 发送权限存储在活动目录中,因此获取它们有些棘手。 You could use Add-Member if you like to combine the properties you care about from the two results. 如果您想合并两个结果中您关心的属性,则可以使用Add-Member。
Full Access: 完全访问权限:
get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
Send-As: 发送为:
get-mailbox | %{$mailbox = $_; Get-ADPermission $mailbox.DistinguishedName | ?{$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF"}} | ft {$mailbox},user,{"Send-As"}
解决方案2
2 2010-01-05 16:21:48
In addition to Slipsecs answer there is an alternative to the Send-As permissions audit. 除了Slipsecs答案之外,还有一种替代“代理发送”权限审核的方法。
$(Get-Mailbox -Identity mailboxName).GrantSendOnBehalfTo | ft Name
This returns only manually added users and no auto generated ones. 这仅返回手动添加的用户,而不返回自动生成的用户。
Thanks again Slipsec with your help on this! 再次感谢Slipsec在此方面的帮助!
解决方案3
1 2012-02-27 18:16:55
get-mailbox -identity MailBoxName | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
If you're looking for permissions for users on a specific mailbox. 如果您正在寻找特定邮箱上用户的权限。 Replace the MailBoxName with the exact name of the mailbox you're attempting to run the report on. 将MailBoxName替换为您要在其上运行报告的邮箱的确切名称。 It is KeySensitive with regards to the name of the mailbox and alias. 关于邮箱名称和别名,它是KeySensitive。
解决方案4
0 2010-11-24 11:57:28
get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
in the above command, do i replace foo with the mailbox or the username ? 在以上命令中,我是否将foo替换为邮箱或用户名? I tried the command and it says cannot bind as object is null - will be grateful for your assistance. 我尝试了该命令,它说不能绑定,因为object为null-非常感谢您的帮助。
解决方案5
0 2011-10-23 20:03:00
I know this is old, but just in case anyone else comes across this thread looking for help, to answer the OPs last question, $foo represents a variable that you have to define before running the command, so as n example: 我知道这很旧,但是以防万一其他人遇到这个线程寻求帮助,以回答OP的最后一个问题, $foo代表您必须在运行命令之前定义的变量,例如n:
$foo = 'Example User'
get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.