获取邮箱用户有发送代表
Get mailboxes user has Send On-Behalf to
我正在尝试使用 PowerShell 获取终止用户有权访问的邮箱列表,然后删除该访问权限。一切正常,除了找到邮箱用户好吧,我想我不知道从 On-Behalf 中删除用户是否有效,因为我无法获得 list.have Send On-Behalf 访问权限。
我在开始时尝试了不同的东西,因此有一些额外的变量。
我正在使用 PowerShell 7.2 和 r运行 使用 Visual Studio 代码的脚本。
#Connect to O365 Exchange session
#$OnlineExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection
#Import-PSSession $OnlineExchSession -DisableNameChecking -AllowClobber | Out-Null
#Prompt for user to be terminated
$TerminatedUser = Read-Host -Prompt 'Input the username of the employee being terminated. (Example: bsaget)'
$UserMailbox = "$TerminatedUser@email.com"
$Mailbox = Get-Mailbox $TerminatedUser
$DN = $Mailbox.DistinguishedName
$Filter = "Members -like ""$DN"""
#Gather list of mailboxes the user is a member of
Write-Output " "
Write-Output "Full Permission for $TerminatedUser"
Write-Output "***************"
$FullPermission = Get-Mailbox | Get-MailboxPermission -User $TerminatedUser | Select-Object -ExpandProperty Identity
$FullPermission
#Gather list of mailboxes user has Send On-behalf permission to
Write-Output " "
Write-Output "Send On-behalf Permission for $TerminatedUser"
Write-Output "******************"
$OnBehalf = Get-Mailbox | where {$_.GrantSendOnBehalfTo -eq $TerminatedUser} | Select-Object -ExpandProperty Identity
$OnBehalf
#Gather list of mailboxes user has Send-As permission to
Write-Output " "
Write-Output "Send-As Permission for $TerminatedUser"
Write-Output "*************************"
$SendAs = Get-Mailbox | Get-RecipientPermission -Trustee $UserMailbox | Select-Object -ExpandProperty Identity
$SendAs
#Gather list of distribution groups user has permission to
Write-Output " "
Write-Output "Distribution Groups for $TerminatedUser"
Write-Output "*******************"
$DistributionGroups = Get-DistributionGroup -ResultSize Unlimited -Filter $Filter | Select-Object -ExpandProperty PrimarySmtpAddress
$DistributionGroups
#Remove Full Access for each mailbox
Write-Output " "
Write-Output "Removing Full Access Permission for $TerminatedUser"
forEach ($full in $FullPermission) {
Write-Output "Removing permission to $full"
Remove-MailboxPermission -Identity $full -User $TerminatedUser -AccessRights FullAccess -Confirm:$false #-WhatIf
}
#Remove SendAs for each mailbox
Write-Output " "
Write-Output "Removing SendAs Permission for $TerminatedUser"
forEach ($send in $SendAs) {
Write-Output "Removing permission to $send"
Remove-AdPermission -Identity $send -User $TerminatedUser -AccessRights SendAs #-WhatIf
}
#Remove Send On-Behalf for each mailbox
Write-Output " "
Write-Output "Removing Send On-Behalf Permission for $TerminatedUser"
forEach ($behalf in $OnBehalf) {
Write-Output "Removing permission to $behalf"
Set-Mailbox -Identity $behalf -GrantSendOnBehalfTo @{remove=$TerminatedUser} #-WhatIf
}
#Remove user from distribution lists
Write-Output " "
Write-Output "Removing distribution lists for $TerminatedUser"
forEach ($distro in $DistributionGroups) {
Write-Output "Removing permission to $distro"
Remove-DistributionGroupMember -Identity $distro -Member $TerminatedUser #-WhatIf
}
#Disconnect-ExchangeOnline
我没有收到此代码的任何错误,但 return 没有任何错误。我知道我正在测试的用户有来自 运行 的代表 Get-Mailbox -Identity clevername@email.com | %{$_.GrantSendOnBehalfTo} |英尺名称
我刚刚制作了这个简单的脚本,它删除了对共享邮箱的完全访问、发送方式和 SendOnBehalf 权限。试试看,让我知道你的想法。
$TerminatedUser = "" #Enter PrimarySmtpAddress of terminated user
$TerminatedUserAlias = "" #Enter mailbox alias for terminated user
$SharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox #Gets all shared mailboxes
foreach($Mailbox in $SharedMailboxes)
{
#Gets the different permissions on the mailbox for the Terminated User
$FullAccess = Get-MailboxPermission $Mailbox.Alias | ? {$_.User -match $TerminatedUser -and $_.AccessRights -eq "FullAccess"}
$SendAs = Get-RecipientPermission $Mailbox.Alias | ? {$_.Trustee -match $TerminatedUser -and $_.AccessRights -eq "SendAs"}
$SendOnBehalf = $Mailbox.GrantSendOnBehalfTo
#Removes Full Access permission for terminated user
if($FullAccess -ne $null)
{
Write-Host "Removing Full Access permissions for $TerminatedUser on $($Mailbox.Alias)" #You can export the mailbox and permission here to a file if you want. Only writing output to screen to demonstrate what will happen if you run this.
Remove-MailboxPermission -Identity $Mailbox.Alias -User $TerminatedUser -AccessRights "FullAccess" #Removes full access permission on shared mailbox for terminated user
}
else
{
Write-Host "No Full Access permissions for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
}
#Removes Send As permission for the terminated user
if($SendAs -ne $null)
{
Write-Host "Removing Send As permission for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
Remove-RecipientPermission -Identity $Mailbox.Alias -Trustee $TerminatedUser -AccessRights "SendAs"
}
else
{
Write-Host "No Send As permissions for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
}
#Removes Send on behalf permisssion for the terminated user
if($SendOnBehalf -ne $null)
{
foreach($User in $SendOnBehalf)
{
if($User -eq $TerminatedUserAlias)
{
$SendOnBehalf.Remove($User)
Set-Mailbox -Identity $Mailbox.Alias -GrantSendOnBehalfTo $SendOnBehalf
}
}
}
}
我正在尝试使用 PowerShell 获取终止用户有权访问的邮箱列表,然后删除该访问权限。一切正常,除了找到邮箱用户好吧,我想我不知道从 On-Behalf 中删除用户是否有效,因为我无法获得 list.have Send On-Behalf 访问权限。
我在开始时尝试了不同的东西,因此有一些额外的变量。 我正在使用 PowerShell 7.2 和 r运行 使用 Visual Studio 代码的脚本。
#Connect to O365 Exchange session
#$OnlineExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential (Get-Credential) -Authentication Basic -AllowRedirection
#Import-PSSession $OnlineExchSession -DisableNameChecking -AllowClobber | Out-Null
#Prompt for user to be terminated
$TerminatedUser = Read-Host -Prompt 'Input the username of the employee being terminated. (Example: bsaget)'
$UserMailbox = "$TerminatedUser@email.com"
$Mailbox = Get-Mailbox $TerminatedUser
$DN = $Mailbox.DistinguishedName
$Filter = "Members -like ""$DN"""
#Gather list of mailboxes the user is a member of
Write-Output " "
Write-Output "Full Permission for $TerminatedUser"
Write-Output "***************"
$FullPermission = Get-Mailbox | Get-MailboxPermission -User $TerminatedUser | Select-Object -ExpandProperty Identity
$FullPermission
#Gather list of mailboxes user has Send On-behalf permission to
Write-Output " "
Write-Output "Send On-behalf Permission for $TerminatedUser"
Write-Output "******************"
$OnBehalf = Get-Mailbox | where {$_.GrantSendOnBehalfTo -eq $TerminatedUser} | Select-Object -ExpandProperty Identity
$OnBehalf
#Gather list of mailboxes user has Send-As permission to
Write-Output " "
Write-Output "Send-As Permission for $TerminatedUser"
Write-Output "*************************"
$SendAs = Get-Mailbox | Get-RecipientPermission -Trustee $UserMailbox | Select-Object -ExpandProperty Identity
$SendAs
#Gather list of distribution groups user has permission to
Write-Output " "
Write-Output "Distribution Groups for $TerminatedUser"
Write-Output "*******************"
$DistributionGroups = Get-DistributionGroup -ResultSize Unlimited -Filter $Filter | Select-Object -ExpandProperty PrimarySmtpAddress
$DistributionGroups
#Remove Full Access for each mailbox
Write-Output " "
Write-Output "Removing Full Access Permission for $TerminatedUser"
forEach ($full in $FullPermission) {
Write-Output "Removing permission to $full"
Remove-MailboxPermission -Identity $full -User $TerminatedUser -AccessRights FullAccess -Confirm:$false #-WhatIf
}
#Remove SendAs for each mailbox
Write-Output " "
Write-Output "Removing SendAs Permission for $TerminatedUser"
forEach ($send in $SendAs) {
Write-Output "Removing permission to $send"
Remove-AdPermission -Identity $send -User $TerminatedUser -AccessRights SendAs #-WhatIf
}
#Remove Send On-Behalf for each mailbox
Write-Output " "
Write-Output "Removing Send On-Behalf Permission for $TerminatedUser"
forEach ($behalf in $OnBehalf) {
Write-Output "Removing permission to $behalf"
Set-Mailbox -Identity $behalf -GrantSendOnBehalfTo @{remove=$TerminatedUser} #-WhatIf
}
#Remove user from distribution lists
Write-Output " "
Write-Output "Removing distribution lists for $TerminatedUser"
forEach ($distro in $DistributionGroups) {
Write-Output "Removing permission to $distro"
Remove-DistributionGroupMember -Identity $distro -Member $TerminatedUser #-WhatIf
}
#Disconnect-ExchangeOnline
我没有收到此代码的任何错误,但 return 没有任何错误。我知道我正在测试的用户有来自 运行 的代表 Get-Mailbox -Identity clevername@email.com | %{$_.GrantSendOnBehalfTo} |英尺名称
我刚刚制作了这个简单的脚本,它删除了对共享邮箱的完全访问、发送方式和 SendOnBehalf 权限。试试看,让我知道你的想法。
$TerminatedUser = "" #Enter PrimarySmtpAddress of terminated user
$TerminatedUserAlias = "" #Enter mailbox alias for terminated user
$SharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox #Gets all shared mailboxes
foreach($Mailbox in $SharedMailboxes)
{
#Gets the different permissions on the mailbox for the Terminated User
$FullAccess = Get-MailboxPermission $Mailbox.Alias | ? {$_.User -match $TerminatedUser -and $_.AccessRights -eq "FullAccess"}
$SendAs = Get-RecipientPermission $Mailbox.Alias | ? {$_.Trustee -match $TerminatedUser -and $_.AccessRights -eq "SendAs"}
$SendOnBehalf = $Mailbox.GrantSendOnBehalfTo
#Removes Full Access permission for terminated user
if($FullAccess -ne $null)
{
Write-Host "Removing Full Access permissions for $TerminatedUser on $($Mailbox.Alias)" #You can export the mailbox and permission here to a file if you want. Only writing output to screen to demonstrate what will happen if you run this.
Remove-MailboxPermission -Identity $Mailbox.Alias -User $TerminatedUser -AccessRights "FullAccess" #Removes full access permission on shared mailbox for terminated user
}
else
{
Write-Host "No Full Access permissions for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
}
#Removes Send As permission for the terminated user
if($SendAs -ne $null)
{
Write-Host "Removing Send As permission for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
Remove-RecipientPermission -Identity $Mailbox.Alias -Trustee $TerminatedUser -AccessRights "SendAs"
}
else
{
Write-Host "No Send As permissions for $TerminatedUser on $($Mailbox.Alias)" #Only writing output to screen to demonstrate what will happen if you run this.
}
#Removes Send on behalf permisssion for the terminated user
if($SendOnBehalf -ne $null)
{
foreach($User in $SendOnBehalf)
{
if($User -eq $TerminatedUserAlias)
{
$SendOnBehalf.Remove($User)
Set-Mailbox -Identity $Mailbox.Alias -GrantSendOnBehalfTo $SendOnBehalf
}
}
}
}