On a souvent besoin de connaitre les permissions affectées à une boite aux lettres.
Le script ci-dessous permet d’obtenir les droits mis en place par un administrateur
(send as , send on behalf, full access) ainsi que les droits donnés par l’utilisateur
via Outlook.
Voici le résultat:
Le script peut s’utiliser de deux façons.
Utilisation en indiquant un argument:
./getmailboxperm.ps1 jean@domaine.fr
Utilisation avec une invite de saisie:
Il faut bien entendu adapter le script au choix souhaité.
Bonne utilisation.
############################################################################
# Affiche les droits spécifiques sur une boites ainsi que les autorisations MAPI Exchange 2010
#############################################################################
#/*MBX Permission*/
#/*Utilisation avec argument (exemple) : ./getmailboxperm.ps1 pascal@domaine.fr
#$Email=$Args[0]
#/*Utilisation avec une invite de saisie
$Email = read-host -prompt "Entrez l'adresse de messagerie "
[string]$Mailbox = Get-Mailbox -Identity $Email
Write-Host
Write-Host "*******************************************************************************" -foregroundcolor yellow
Write-Host "*********** Autorisation sur la boite de $Email" -foregroundcolor red
Write-Host "*******************************************************************************" -foregroundcolor yellow
Write-Host
#/*Full Access*/
$FullAccess = Get-MailboxPermission $Email | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select User
Write-Host "Contrôle TOTAL:" -foregroundcolor Green
Write-Host
Foreach ($User in $FullAccess)
{
Write-Host $User.User
}
Write-host
#/*Send As*/
#Get-ADPermission -Identity $Sam | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and $_.Deny -eq $false} | ft Identity,User,ExtendedRights,IsInherited
$SendAs = Get-ADPermission -Identity $Mailbox | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and $_.Deny -eq $false} | Select User
Write-Host "Envoyer en tant que (send as):" -foregroundcolor Green
Write-host
Foreach ($User in $SendAs)
{
Write-Host $User.User
}
Write-Host
#/*Send on Behalf*/
#$SendOnBehalf = get-mailbox -Identity $Email | Select GrantSendOnBehalfTo
$SendOnBehalf = get-mailbox -Identity $Email | Select @{Name="SendOnBehalf";Expression={$_."GrantSendOnBehalfTo"}}
Write-Host "Envoyer de la part de:" -foregroundcolor Green
Write-Host
Foreach ($User in $SendOnBehalf)
{
Write-Host $User.SendOnBehalf
}
Write-Host
#/*MailboxFolders*/
$folders = Get-MailboxFolderStatistics -Identity $Email | Where {$_.Foldertype -ne "SyncIssues" -and $_.Foldertype -ne "Conflicts" -and $_.Foldertype -ne "LocalFailures" -and $_.Foldertype -ne "ServerFailures" -and $_.Foldertype -ne "RecoverableItemsRoot" -and $_.Foldertype -ne "RecoverableItemsDeletions" -and $_.Foldertype -ne "RecoverableItemsPurges" -and $_.Foldertype -ne "RecoverableItemsVersions" -and $_.Foldertype -ne "Root"} | select folderpath
Write-Host "Dossiers de la boîte :" -foregroundcolor Green
Write-Host
Foreach ($Folder in $folders)
{
Write-Host $Folder.Folderpath
}
Write-Host
#/*MAPI Permissions*/
Write-Host "MAPI Permissions:" -foregroundcolor Green
Write-Host
get-mailboxfolderpermission -identity $Email":\" | ft foldername, User, AccessRights
Foreach ($Folder in $folders)
{
$NormalizedFolder = $Folder.FolderPath.Replace("/","\")
$NormalizedIdentity = $Email + ":" + $NormalizedFolder
get-mailboxfolderpermission -identity $NormalizedIdentity | ft foldername, User, AccessRights
}