Merge branch 'main' into RBA_GetRecp

microsoft · Jul 17, 2024 · 283acd7 · 283acd7
2 parents be0ba11 + 6c2203d
commit 283acd7
Show file tree

Hide file tree

Showing 16 changed files with 1,303 additions and 252 deletions.
diff --git a/.build/cspell-words.txt b/.build/cspell-words.txt
@@ -19,6 +19,7 @@ contoso
 CTMM
 Datacenter
 dcom
+DMARC
 Dsamain
 DTLS
 dumptidset
@@ -29,6 +30,7 @@ EICAR
 eicar
 Emotet
 emsmdb
+Entra
 EOMT
 Eseback
 Eventlog

diff --git a/Calendar/CalLogHelpers/CalLogCSVFunctions.ps1 b/Calendar/CalLogHelpers/CalLogCSVFunctions.ps1
@@ -19,6 +19,7 @@ $script:CalendarItemTypes = @{
     'IPM.Schedule.Meeting.Resp.Neg'                        = "Resp.Neg"
     'IPM.Schedule.Meeting.Resp.Tent'                       = "Resp.Tent"
     'IPM.Schedule.Meeting.Resp.Pos'                        = "Resp.Pos"
+    '(Occurrence Deleted)'                                 = "Exception.Deleted"
 }
 
 # ===================================================================================================

diff --git a/Calendar/CalLogHelpers/CalLogExportFunctions.ps1 b/Calendar/CalLogHelpers/CalLogExportFunctions.ps1
diff --git a/Calendar/CalLogHelpers/CalLogInfoFunctions.ps1 b/Calendar/CalLogHelpers/CalLogInfoFunctions.ps1
@@ -32,24 +32,22 @@ function SetIsRoom {
     param(
         $CalLogs
     )
-    [bool] $IsRoom = $false
 
+    # See if we have already determined this is a Room MB.
     if ($script:Rooms -contains $Identity) {
-        $IsRoom = $true
-        return $IsRoom
+        return $true
     }
 
     # Simple logic is if RBA is running on the MB, it is a Room MB, otherwise it is not.
     foreach ($CalLog in $CalLogs) {
-        Write-Verbose "Checking if this is a Room Mailbox. [$($CalLog.ItemType)] [$($CalLog.ExternalSharingMasterId)] [$($CalLog.LogClientInfoString)]"
-        if ($CalLog.ItemType -eq "IPM.Appointment" -and
+        Write-Verbose "Checking if this is a Room Mailbox. [$($CalLog.ItemClass)] [$($CalLog.ExternalSharingMasterId)] [$($CalLog.LogClientInfoString)]"
+        if ($CalLog.ItemClass -eq "IPM.Appointment" -and
             $CalLog.ExternalSharingMasterId -eq "NotFound" -and
             $CalLog.LogClientInfoString -like "*ResourceBookingAssistant*" ) {
-            $IsRoom = $true
-            return $IsRoom
+            return $true
         }
     }
-    return $IsRoom
+    return $false
 }
 
 <#

diff --git a/Calendar/CalLogHelpers/ExcelModuleInstaller.ps1 b/Calendar/CalLogHelpers/ExcelModuleInstaller.ps1
@@ -2,7 +2,8 @@
 # Licensed under the MIT License.
 
 # ===================================================================================================
-# Excel Functions
+# ImportExcel Functions
+# see https://github.com/dfinke/ImportExcel for information on the module.
 # ===================================================================================================
 function CheckExcelModuleInstalled {
     [CmdletBinding(SupportsShouldProcess=$true)]

diff --git a/Calendar/CalLogHelpers/ExportToExcelFunctions.ps1 b/Calendar/CalLogHelpers/ExportToExcelFunctions.ps1
diff --git a/Calendar/CalLogHelpers/Invoke-GetCalLogs.ps1 b/Calendar/CalLogHelpers/Invoke-GetCalLogs.ps1
@@ -30,6 +30,7 @@ $script:CustomPropertyNameList =
 "SendMeetingMessagesDiagnostics",
 "SentRepresentingDisplayName",
 "SentRepresentingEmailAddress",
+"Sensitivity",
 "LogTimestamp",
 "LogClientInfoString",
 "OriginalStartDate",

diff --git a/Calendar/CalLogHelpers/Invoke-GetMailbox.ps1 b/Calendar/CalLogHelpers/Invoke-GetMailbox.ps1
@@ -5,7 +5,6 @@ $WellKnownCN_CA = "MICROSOFT SYSTEM ATTENDANT"
 $CalAttendant = "Calendar Assistant"
 $WellKnownCN_Trans = "MicrosoftExchange"
 $Transport = "Transport Service"
-
 <#
 .SYNOPSIS
 Get the Mailbox for the Passed in Identity.
@@ -18,46 +17,59 @@ Might want to extend to do 'Get-MailUser' as well.
 function GetMailbox {
     param(
         [string]$Identity,
-        [string]$Organization
+        [string]$Organization,
+        [bool]$UseGetMailbox
     )
 
-    try {
-        Write-Verbose "Searching Get-Mailbox $(if (-not ([string]::IsNullOrEmpty($Organization))) {"with Org: $Organization"}) for $Identity."
+    if ($UseGetMailbox) {
+        $Cmdlet = "Get-Mailbox"
+    } else {
+        $Cmdlet = "Get-Recipient"
+    }
+    $params = @{Identity = $Identity
+        ErrorAction      = "SilentlyContinue"
+    }
 
-        if ($Identity -and $Organization) {
-            if ($script:MSSupport) {
-                Write-Verbose "Using Organization parameter"
-                $GetMailboxOutput = Get-Mailbox -Identity $Identity -Organization $Organization -ErrorAction SilentlyContinue
-            } else {
-                Write-Verbose "Using -OrganizationalUnit parameter"
-                $GetMailboxOutput = Get-Mailbox -Identity $Identity -OrganizationalUnit $Organization -ErrorAction SilentlyContinue
-            }
-        } else {
-            $GetMailboxOutput = Get-Mailbox -Identity $Identity -ErrorAction SilentlyContinue
+    try {
+        Write-Verbose "Searching $Cmdlet $(if (-not ([string]::IsNullOrEmpty($Organization))) {"with Org: $Organization"}) for $Identity."
+
+        if (-not ([string]::IsNullOrEmpty($Organization)) -and $script:MSSupport) {
+            Write-Verbose "Using Organization parameter"
+            $params.Add("Organization", $Organization)
+        } elseif (-not ([string]::IsNullOrEmpty($Organization))) {
+            Write-Verbose "Using -OrganizationalUnit parameter with $Organization."
+            $params.Add("Organization", $Organization)
         }
 
-        if (!$GetMailboxOutput) {
+        Write-Verbose "Running $Cmdlet with params: $($params.Values)"
+        $RecipientOutput = & $Cmdlet @params
+        Write-Verbose "RecipientOutput: $RecipientOutput"
+
+        if (!$RecipientOutput) {
             Write-Host "Unable to find [$Identity]$(if ($Organization -ne `"`" ) {" in Organization:[$Organization]"})."
             Write-Host "Trying to find a Group Mailbox for [$Identity]..."
-            $GetMailboxOutput = Get-Mailbox -Identity $Identity -ErrorAction SilentlyContinue -GroupMailbox
-            if (!$GetMailboxOutput) {
+            $RecipientOutput = Get-Mailbox -Identity $Identity -ErrorAction SilentlyContinue -GroupMailbox
+            if (!$RecipientOutput) {
                 Write-Host "Unable to find a Group Mailbox for [$Identity] either."
                 return $null
             } else {
-                Write-Verbose "Found GroupMailbox [$($GetMailboxOutput.DisplayName)]"
+                Write-Verbose "Found GroupMailbox [$($RecipientOutput.DisplayName)]"
             }
-        } else {
-            Write-Verbose "Found [$($GetMailboxOutput.DisplayName)]"
         }
 
-        if (CheckForNoPIIAccess($script:GetMailboxOutput.DisplayName)) {
-            Write-Host -ForegroundColor Magenta "No PII Access for [$Identity]"
+        if ($null -eq $script:PIIAccess) {
+            [bool]$script:PIIAccess = CheckForPIIAccess($RecipientOutput.DisplayName)
+        }
+
+        if ($script:PIIAccess) {
+            Write-Verbose "Found [$($RecipientOutput.DisplayName)]"
         } else {
-            Write-Verbose "Found [$($GetMailboxOutput.DisplayName)]"
+            Write-Verbose "No PII Access for [$Identity]"
         }
-        return $GetMailboxOutput
+
+        return $RecipientOutput
     } catch {
-        Write-Error "An error occurred while running Get-Mailbox: [$_]"
+        Write-Error "An error occurred while running ${Cmdlet}: [$_]"
     }
 }
 
@@ -84,13 +96,13 @@ function CheckIdentities {
     Write-Host "Preparing to check $($Identity.count) Mailbox(es)..."
 
     foreach ($Id in $Identity) {
-        $Account = GetMailbox -Identity $Id
+        $Account = GetMailbox -Identity $Id -UseGetMailbox $true
         if ($null -eq $Account) {
             # -or $script:MB.GetType().FullName -ne "Microsoft.Exchange.Data.Directory.Management.Mailbox") {
             Write-DashLineBoxColor "`n Error: Mailbox [$Id] not found on Exchange Online.  Please validate the mailbox name and try again.`n" -Color Red
             continue
         }
-        if (CheckForNoPIIAccess $Account.DisplayName) {
+        if (-not (CheckForPIIAccess($Account.DisplayName))) {
             Write-Host -ForegroundColor DarkRed "No PII access for Mailbox [$Id]. Falling back to SMTP Address."
             $IdentityList += $ID
             if ($null -eq $script:MB) {
@@ -104,11 +116,16 @@ function CheckIdentities {
             }
         }
         if ($Account.CalendarVersionStoreDisabled -eq $true) {
+            [bool]$script:CalLogsDisabled = $true
             Write-Host -ForegroundColor DarkRed "Mailbox [$Id] has CalendarVersionStoreDisabled set to True.  This mailbox will not have Calendar Logs."
             Write-Host -ForegroundColor DarkRed "Some logs will be available for Mailbox [$Id] but they will not be complete."
         }
         if ($Account.RecipientTypeDetails -eq "RoomMailbox" -or $Account.RecipientTypeDetails -eq "EquipmentMailbox") {
-            $script:Rooms += $Account.PrimarySmtpAddress.ToString()
+            if ($script:PIIAccess -eq $true) {
+                $script:Rooms += $Account.PrimarySmtpAddress.ToString()
+            } else {
+                $script:Rooms += $Id
+            }
             Write-Host -ForegroundColor Green "[$Id] is a Room / Equipment Mailbox."
         }
     }
@@ -262,14 +279,14 @@ function BetterThanNothingCNConversion {
 .SYNOPSIS
 Checks if an entries is Redacted to protect PII.
 #>
-function CheckForNoPIIAccess {
+function CheckForPIIAccess {
     param(
         $PassedString
     )
     if ($PassedString -match "REDACTED-") {
-        return $true
-    } else {
         return $false
+    } else {
+        return $true
     }
 }
 
@@ -314,7 +331,7 @@ function GetMailboxProp {
                     }
 
                     Write-Verbose "`t GetMailboxProp:[$Prop] :Found::[$ReturnValue]"
-                    if (CheckForNoPIIAccess($ReturnValue)) {
+                    if (-not (CheckForPIIAccess($ReturnValue))) {
                         Write-Verbose "No PII Access for [$ReturnValue]"
                         return BetterThanNothingCNConversion($PassedCN)
                     }

diff --git a/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1 b/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1
@@ -58,6 +58,11 @@ function CreateShortClientName {
         return $ShortClientName
     }
 
+    if ($LogClientInfoString -like "*EDiscoverySearch*") {
+        $ShortClientName = "EDiscoverySearch"
+        return $ShortClientName
+    }
+
     if ($LogClientInfoString -like "Client=EBA*" -or $LogClientInfoString -like "Client=TBA*") {
         if ($LogClientInfoString -like "*ResourceBookingAssistant*") {
             $ShortClientName = "ResourceBookingAssistant"

diff --git a/Calendar/CalLogHelpers/TimelineFunctions.ps1 b/Calendar/CalLogHelpers/TimelineFunctions.ps1
@@ -75,6 +75,11 @@ function BuildTimeline {
         Write-Host "Found $($script:EnhancedCalLogs.count) Log entries, only the $($InterestingCalLogs.count) Non-Ignorable entries will be analyzed in the TimeLine. `n"
     }
 
+    if ($script:CalLogsDisabled) {
+        Write-Host -ForegroundColor Red "Warning: CalLogs are disabled for this user, Timeline / CalLogs will be incomplete."
+        return
+    }
+
     Write-DashLineBoxColor "  TimeLine for: [$Identity]",
     "  Subject: $($script:GCDO[0].NormalizedSubject)",
     "  Organizer: $Script:Organizer",

diff --git a/Calendar/Check-SharingStatus.ps1 b/Calendar/Check-SharingStatus.ps1
@@ -429,9 +429,9 @@ function GetReceiverInformation {
             # need to check if Get-CalendarValidationResult in the PS Workspace
             if ((Get-Command -Name Get-CalendarValidationResult -ErrorAction SilentlyContinue) -and
                 $null -ne $ReceiverCalEntries) {
-                Write-Host "Running cmdlet: Get-CalendarValidationResult -Version V2 -Identity $Receiver -SourceCalendarId $($ReceiverCalEntries[0].LocalFolderId) -TargetUserId $Owner -IncludeAnalysis 1 -OnlyReportErrors 1"
                 $ewsId_del= $ReceiverCalEntries[0].LocalFolderId
-                Get-CalendarValidationResult -Version V2 -Identity $Receiver -SourceCalendarId $ewsId_del -TargetUserId $Owner -IncludeAnalysis 1 -OnlyReportErrors 1
+                Write-Host "Running cmdlet: Get-CalendarValidationResult -Version V2 -Identity $Receiver -SourceCalendarId $ewsId_del -TargetUserId $Owner -IncludeAnalysis 1 -OnlyReportErrors 1 | FT -a GlobalObjectId, EventValidationResult  "
+                Get-CalendarValidationResult -Version V2 -Identity $Receiver -SourceCalendarId $ewsId_del -TargetUserId $Owner -IncludeAnalysis 1 -OnlyReportErrors 1 | Format-List UserPrimarySMTPAddress, Subject, GlobalObjectId, EventValidationResult, EventComparisonResult
             }
         }
 

diff --git a/Calendar/Get-CalendarDiagnosticObjectsSummary.ps1 b/Calendar/Get-CalendarDiagnosticObjectsSummary.ps1
@@ -26,6 +26,9 @@
 # .PARAMETER CaseNumber
 # Case Number to include in the Filename of the output.
 #
+# .PARAMETER ShortLogs
+# Limit Logs to 500 instead of the default 2000, in case the server has trouble responding with the full logs.
+#
 # .EXAMPLE
 # Get-CalendarDiagnosticObjectsSummary.ps1 -Identity [email protected] -MeetingID 040000008200E00074C5B7101A82E008000000008063B5677577D9010000000000000000100000002FCDF04279AF6940A5BFB94F9B9F73CD
 #
@@ -45,6 +48,7 @@ param (
     [string[]]$Identity,
     [switch]$ExportToExcel,
     [string]$CaseNumber,
+    [switch]$ShortLogs,
 
     [Parameter(Mandatory, ParameterSetName = 'MeetingID', Position = 1)]
     [string]$MeetingID,
@@ -79,11 +83,15 @@ Write-Verbose "Script Versions: $BuildVersion"
 . $PSScriptRoot\CalLogHelpers\ShortClientNameFunctions.ps1
 . $PSScriptRoot\CalLogHelpers\CalLogInfoFunctions.ps1
 . $PSScriptRoot\CalLogHelpers\CalLogExportFunctions.ps1
-. $PSScriptRoot\CalLogHelpers\ExcelModuleInstaller.ps1
 . $PSScriptRoot\CalLogHelpers\CreateTimelineRow.ps1
 . $PSScriptRoot\CalLogHelpers\FindChangedPropFunctions.ps1
 . $PSScriptRoot\CalLogHelpers\Write-DashLineBoxColor.ps1
 
+if ($ExportToExcel.IsPresent) {
+    . $PSScriptRoot\CalLogHelpers\ExcelModuleInstaller.ps1
+    . $PSScriptRoot\CalLogHelpers\ExportToExcelFunctions.ps1
+}
+
 # ===================================================================================================
 # Main
 # ===================================================================================================

diff --git a/Diagnostics/AVTester/Test-ExchAVExclusions.ps1 b/Diagnostics/AVTester/Test-ExchAVExclusions.ps1
@@ -466,7 +466,7 @@ while ($currentDiff -gt 0) {
 
             if ($ProcessModules.count -gt 0) {
                 foreach ($module in $ProcessModules) {
-                    $OutString = ("PROCESS: $($process.ProcessName) PID($($process.Id)) UNEXPECTED MODULE: $($module.ModuleName) COMPANY: $($module.Company)`n`tPATH: $($module.FileName)")
+                    $OutString = ("PROCESS: $($process.ProcessName) PID($($process.Id)) UNEXPECTED MODULE: $($module.ModuleName) COMPANY: $($module.Company)`n`tPATH: $($module.FileName)`n`tFileVersion: $($module.FileVersion)")
                     Write-Host "[FAIL] - $OutString" -ForegroundColor Red
                     if ($process.MainModule.ModuleName -eq "W3wp.exe") {
                         $SuspiciousW3wpProcessList += $OutString
-Original file line number
+Diff line change
@@ Expand Up / @@ -19,6 +19,7 @@ contoso @@
     CTMM
     Datacenter
     dcom
+    DMARC
     Dsamain
     DTLS
     dumptidset
@@ Expand All / @@ -29,6 +30,7 @@ EICAR @@
     eicar
     Emotet
     emsmdb
+    Entra
     EOMT
     Eseback
     Eventlog
@@ Expand Down @@