How do i get information out of Exchange Online

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Liam Kemp Liam Kemp 8 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #34351
    Profile photo of Liam Kemp
    Liam Kemp
    Participant

    Hi All,
    I'm connected to exchange online with powershell. A client wants me to show all of the mailbox permissions for a large number of shared mailboxes to find out who has access.
    So I can

     Get-Mailbox | Get-MailboxPermission 

    But I can't run any Where-object {} script or Export-CSV, out-gridview, anything.

    Any ideas?

    Cheers
    Liam K

    #34353
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    Hi Liam,

    Can you give an example of the first few lines of what is actually resturned when you run the first command?

    #34355
    Profile photo of Liam Kemp
    Liam Kemp
    Participant

    Thanks Tim,

    Identity User AccessRights IsInherited Deny
    ———- ——- ——————- —————— ——
    John Smith NT AUTHORITY\SELF {FullAccess,ReadPermission} False False

    Bringing up all of the permissions is not a problem, that works fine. The problem is if I try to filter them with

    where-object {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} 

    or something like that. Where-Object does not exist in Exchange Online, nor do things like Export-CSV. What the client is after is a report of all the permissions on all the mailboxes that aren't "self" or inherited, which should leave only permissions that have been set by the admin.

    #34377
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Exchange Online lacks Where-Object because people tend to abuse it ;). In a case like this, you'd be engaging some serious processing power if you had a lot of mailboxes, and Microsoft doesn't want their servers bogged down like that.

    You're probably going to have to get a list of mailboxes, bring that over to your local computer, and then enumerate them. For each mailbox, you'll have to get its permissions and store that information locally.

    This gets easier if, instead of using Invoke-Command to run the commands, you implicitly remote the commands. That gives you deserialized objects on your computer – meaning you could run Where-Object, but the processing for that would happen locally, not remotely, so it'd work. So you'd start with your connection to Exchange as a PSSession, and then use Import-Module with that PSSession to bring the server module over to your computer (it doesn't actually copy the module).

    #34408
    Profile photo of Liam Kemp
    Liam Kemp
    Participant

    Thanks Don. I was connecting as a PSSession – but then I was entering the session, and hence could do nothing. Did it your way and it worked perfectly.
    Thankyou!

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.