List the users that have Automapping enabled for a given mailbox
This article is presenting a script that I made in order to find out which are the users that have Automapping enabled, when full access rights are granted on a mailbox. This was something that I longed for since a while now and as far as I knew, we didn't have any option to get this information, excepting the Outlook test - Test Email AutoConfiguration that was giving us in the xml the 'AlternativeMailbox' connected.
Now, you can get a list with the users that have a certain mailbox automapped, by simply running this script while being connected to our Exchange Online platform. In order to achieve this task, the mailbox for which we want to see the users that have it automapped has to have any kind of permissions (even Read) on a public folder or on a mailbox folder (belonging to any user). Through these permissions we will be able to get information related to the AD recipients and see the DelegateListLink that provides us the needed data.
The script is reading the public folders and the mailbox folders in an alphabetical order. In case you have a small organization, the output will be returned pretty fast. However, if you have a big company, that has a lot of public folders and a lot of mailboxes hosted in the cloud, then, it might take some time to get the outcome.
In any of the scenarios, for a fast data return, you can assign the permissions to a public folder or user mailbox (folder) positioned at the beginning of the alphabetical list.
DISCLAIMER: This application is a sample application. The sample is provided “as is” without warranty of any kind. Microsoft further disclaims all implied warranties including without limitation any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the samples remains with you. in no event shall Microsoft or its suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss arising out of the use of or inability to use the samples, even if Microsoft has been advised of the possibility of such damages). Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
$j=0;$l=0;
$mbx = Read-Host -prompt "List the accounts that have the next mailbox automapped (PrimarySmtpAddress)"
#Search for permissions granted on public folders
foreach ($PF in Get-PublicFolder -Recurse)
{
$i=0;
(Get-PublicFolderClientPermission $PF.Identity).User | % {
if ($_.ADRecipient.PrimarySmtpAddress -eq $mbx) {
Write-Host "Permissions found on $($PF.Identity)" -ForegroundColor white
$j++;
$out = (Get-PublicFolderClientPermission $PF.Identity).User[$i].ADRecipient.DelegateListLink
if($out) { Write-host "The following mailboxes have the mailbox $mbx automapped:`n" $out -ForegroundColor White }
else {
Write-host "There isn't any mailbox that has the mailbox $mbx automapped" -ForegroundColor Yellow
$perm = Get-MailboxPermission $mbx | ? {$_.AccessRights -eq "FullAccess" -and $_.User -notlike "EURPRD*" -and $_.User -notlike "S-*" -and $_.User -notlike "NT Authority*"}
if($perm) { Write-host "However, the users below have full access rights on the mailbox $mbx" -ForegroundColor White; $perm; }
else { write-host "Moreover, there aren't any users that have full access rights on the mailbox $mbx" -ForegroundColor Yellow }
}
break;
}
else {$i++;}
}
}
if($j -eq 0) { Write-host "The given mailbox doesn't have any permissions configured on your public folders. Checking if there are any permissions granted on mailbox folders..." -ForegroundColor Yellow
#Search for permissions granted on mailbox folders.
foreach ($mbx2 in Get-Mailbox -ResultSize Unlimited)
{
$folders = Get-MailboxFolderStatistics $mbx2.guid.guid| ? { $_.ContainerClass -eq "IPF.Note" -or $_.ContainerClass -eq "IPF.Appointment" -or $_.ContainerClass -eq "IPF.Contact"} | select name
foreach ($name in $folders.name) {
$k=0;
if ($name -ne "Top of Information Store" -and $name -ne "Sync Issues" -and $name -ne "Conflicts" -and $name -ne "Local failures" -and $name -ne "Server failures" -and $name -ne "SearchDiscoveryHoldsFolder" -and $name -ne "SearchDiscoveryHoldsUnindexedItemFolder" -and $name -ne "United States holidays" -and $name -ne "United Kingdom holidays")
{
(Get-MailboxFolderPermission "$($mbx2.guid.guid):\$name").User | % {
if ($_.ADRecipient.PrimarySmtpAddress -eq $mbx) {
write-host "Permissions found on the mailbox $($mbx2.PrimarySmtpAddress), folder $($name)" -ForegroundColor white
$l++;
$out2 = (Get-MailboxFolderPermission "$($mbx2.guid.guid):\$name").User[$k].ADRecipient.DelegateListLink
if($out2) { Write-host "The following mailboxes have the mailbox $mbx automapped:`n" $out2 -ForegroundColor White }
else {
Write-host "There isn't any mailbox that has the mailbox $mbx automapped" -ForegroundColor Yellow
$perm2 = Get-MailboxPermission $mbx | ? {$_.AccessRights -eq "FullAccess" -and $_.User -notlike "EURPRD*" -and $_.User -notlike "S-*" -and $_.User -notlike "NT Authority*"}
if($perm2) { Write-host "However, the users below have full access rights on the mailbox $mbx" -ForegroundColor White; $perm2; }
else { write-host "Moreover, there aren't any users that have full access rights on the mailbox $mbx" -ForegroundColor Yellow }
}
break;
}
else {$k++;}
}
}
}
if ($l -ne 0) {break;}
}
}
if($j -eq 0 -and $l -eq 0) {Write-host "In order to be able to determine if Automapping is enabled or not, proceed with assigning the mailbox $mbx permissions on a public folder or on a mailbox folder" -ForegroundColor Yellow }
Comments
- Anonymous
April 25, 2017
cool stuff thanks