-1
Stuck on how to add SAMAccounts (AD usernames) to the results, can anyone help?
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where
{$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
Select Identity,User,Username,@{Name='Access Rights';Expression=
{[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation
C:\temp\mailboxpermissions1.csv
Top
Posted 2019-06-24T10:33:41.970
Reputation: 11
0
You cross posted this to stackexchange and here was my answer for you here as well and for those inclined to not bounce over to the link.
You can get SamAccountName using Get-Mailbox cmdlet.
((Get-Mailbox -Filter '*')[0] | Get-Member).Name
# Results
<#
PS C:\Scripts> ((Get-Mailbox -Filter '*')[0] | Get-Member).Name
...
RoomMailboxAccountEnabled
RulesQuota
SamAccountName
SCLDeleteEnabled
...
#>
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
# Results
<#
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
Administrator
...
#>
It just does not get passed down the pipeline as being stated here... Example:
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property '*'
# Results
<#
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : contoso.com/Users/Administrator
IsInherited : False
IsValid : True
ObjectState : Unchanged
...
#>
So, try it this way...
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# Results
<#
Identity User SamAccountName Access Rights
-------- ---- -------------- -------------
contoso.com/Users/Administrator NT AUTHORITY\SELF Administrator FullAccess, ReadPermission
...
#>
Update for the OP
As for you comment...
Hi, this errors out : Invoke-Command : Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax. For a description of the filter parameter syntax see the command help. "*" at position 1."
… as noted from my comment before this update.
The sample is all raw normal PowerShell, and should work local or remote (as long as you have PSRemoting setup properly and you are local admin on the remote box and you are running this as that admin)
If you run this …
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited}
or this...
Invoke-Command -ComputerName ex01 -ScriptBlock {(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName}
Or this...
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited | Select-Object -Property SamAccountName}
... by itself in your environment over a PSRemoting session, what happens?
If you are doing your PSRemoting session, like this...
$ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Kerberos -Credential $Creds
Import-PSSession $ExpSession
Then you don't need the Invoke-Command at all, since the cmdlets are already proxied to your workstation. Just run the code as is.
Example - Implicit PSRemoting session, leveraging -Prefix
This -prefix is not absolutely required, it's just a habit I've standardize on using for all my implicit remote sessions. The -prefix is recommend if you are using say both Exchange Online cmdlets and the Exchange on-prem cmdlets on the same box to avoid confusion and errors.):
($ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Default)
<#
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
8 Session8 ex01.contoso... Opened Microsoft.Exchange Available
#>
Import-PSSession $ExpSession -Prefix 'EXP'
<#
WARNING: The names of some imported commands from the module 'tmp_zucxz5zd.0ee' include unapproved verbs that might make them less discoverable. To find the commands wi
th unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 tmp_zucxz5zd.0ee {Add-EXPADPermission, Add-EXPAvai...
#>
(Get-ExpMailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-ExpMailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# The results would be the same as my original response.
postanote
Posted 2019-06-24T10:33:41.970
Reputation: 1 783
Recieve the following error:
Invoke-Command : Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax. For a description of the filter parameter syntax see the command help. "*" at position 1." – Top – 2019-06-25T10:31:25.397