I need to know which Exchange User Mailbox is currently accessed by more than one person other than the user display name itself. Here is my code:
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") -and -not ($_.User -like '*Discovery Management*') } |
Select @{Name="User Name";expression={(Get-Recipient $_.user.tostring()).displayname}}, Identity,AccessRights,PrimarySMTPAddress | Export-Csv C:\Results.csv -NoTypeInformation
What needs fixing here?
Although using -and -not
is correct, I'd not say it's not the most elegant approach as there are contrary operators to -like
and -eq
(which was suggested by @Paxz in now deleted comments). Your where
statement could be modified to something like:
Where-Object { ($_.AccessRights -like "*FullAccess*") -and (-not $_.IsInherited) -and ($_.User -ne "NT AUTHORITY\SELF") -and ($_.User -notlike '*Discovery Management*') }
# from
($_.AccessRights -eq "FullAccess")
# to
($_.AccessRights -like "*FullAccess*")
to include the situation when user has one or more access entry in AccessRight
(although I'm not sure if it's needed in real life). Your code would filter {FullAccess, ReadPermission}
as it's not equal to FullAccess
.
# from
($_.IsInherited -eq $false)
# to
(-not $_.IsInherited)
Why? More elegant. IsInherited
is boolean value you can directly use -not
.
# from
-and -not ($_.User -like "NT AUTHORITY\SELF")
# to
-and ($_.User -ne "NT AUTHORITY\SELF")
Why? like
/notlike
is not needed here, you can use -ne
directly.
# from
-and -not ($_.User -like '*Discovery Management*')
# to
-and ($_.User -notlike '*Discovery Management*')
similar as above but I'm not sure what values are possible here so I haven't changed to -ne
.
Also, in your Select-Object
you use PrimarySMTPAddress
which won't work as permission entry doesn't have such parameter. You'll have to use similar approach as you used for User Name
(also, I don't think that .ToString()
is necessary in that case):
@{Name="PrimarySMTPAddress";expression={(Get-Recipient $_.user).PrimarySMTPAddress}}