forked from timmcmic/DLConversionV2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Get-onPremFullMailboxAccess.ps1
144 lines (106 loc) · 4.94 KB
/
Get-onPremFullMailboxAccess.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<#
.SYNOPSIS
This function locates any mailbox level permissions on the DL to be migrated.
.DESCRIPTION
This function locates any mailbox level permissions on the DL to be migrated.
.PARAMETER originalDLConfiguration
The mail attribute of the group to search.
.OUTPUTS
Returns a list of all objects with send-As rights and exports them.
.EXAMPLE
Get-onPremFullMailboxAccess -originalDLConfiguration DLConfig
#>
Function Get-onPremFullMailboxAccess
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory = $true)]
$originalDLConfiguration,
[Parameter(Mandatory = $false)]
$collectedData=$NULL
)
#Declare function variables.
[array]$functionPermissions=@()
$functionRecipients=@()
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "BEGIN Get-onPremFullMailboxAccess"
Out-LogFile -string "********************************************************************************"
if ($collectedData -eq $NULL)
{
#Start function processing.
try {
out-logfile -string "Gathering all on premises mailboxes."
$functionRecipients = invoke-command {get-mailbox -resultsize unlimited}
}
catch {
out-logfile -string "Error attempting to invoke command to gather all recipients."
out-logfile -string $_ -isError:$TRUE
}
#We now have all the mailbox recipients.
try {
out-logfile -string "Test for mailbox permissions."
$ProgressDelta = 100/($functionRecipients.count); $PercentComplete = 0; $MbxNumber = 0
foreach ($recipient in $functionRecipients)
{
$MbxNumber++
write-progress -activity "Processing Recipient" -status $recipient.primarySMTPAddress -PercentComplete $PercentComplete
$PercentComplete += $ProgressDelta
if ($functionCounter -gt 1000)
{
#Implement function counter for long running operations - pause for 5 seconds every 1000 queries.
out-logfile -string "Invoking 5 second sleep for powershell recovery."
start-sleep -seconds 5
$functionCounter=0
}
else
{
$functionCounter++
}
$functionPermissions+= invoke-command {Get-MailboxPermission -identity $args[0] -user $args[1]}-ArgumentList $recipient.identity,$originalDLConfiguration.samAccountName
}
}
catch {
out-logfile -string "Error attempting to invoke command to gather all mailbox permissions."
out-logfile -string $_ -isError:$TRUE
}
write-progress -activity "Processing Recipient" -completed
}
elseif ($collectedData -ne $NULL)
{
try
{
out-logfile -string "Testing for full mailbo access rights.."
$ProgressDelta = 100/($collectedData.count); $PercentComplete = 0; $MbxNumber = 0
foreach ($recipient in $collectedData)
{
$MbxNumber++
write-progress -activity "Processing Recipient" -status $recipient.identity -PercentComplete $PercentComplete
$PercentComplete += $ProgressDelta
if ($recipient.user.tostring() -notlike "*S-1-5-21*")
{
#Need to ignore anything that looks like a SID / orphaned entry.
$stringTest = $recipient.user.split("\")
if ($stringTest[1] -eq $originalDLConfiguration.samAccountName)
{
out-logfile -string ("Full mailbox access permission found - recording."+$recipient.identity)
$functionPermissions+=$recipient
}
}
}
}
catch
{
out-logfile -string "Error attempting to invoke command to gather all send as permissions."
out-logfile -string $_ -isError:$TRUE
}
write-progress -Activity "Processing Recipient" -Completed
}
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "END Get-onPremFullMailboxAccess"
Out-LogFile -string "********************************************************************************"
if ($functionPermissions.count -gt 0)
{
return $functionPermissions
}
}