我想将具有SendAs权限的每个用户输出到邮箱。但是,我想使用primarySMTPAddress作为标识符,该标识符未在Get-ADPermission cmdlet中公开。
如何修改这行代码:
$SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and !$_.IsInherited} | % {$_.User}
我试过这样的事情,但无济于事:
$SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and !$_.IsInherited} | % {$_.User}
$sendAs| %{$uSendAs += ($(if($uSendAs){";"}) + (Get-mailbox $_))}
我正在尝试将其合并到此脚本中:
$OutFile = "C:\scripts\export.txt"
"DisplayName" + "," + "Alias" + "," + "Primary SMTP" + "," + "Full Access" + "," + "Send As" + "," + "Send on Behalf" | Out-File $OutFile -Force
$Mailboxes = Get-Mailbox -ResultSize:Unlimited | Select Identity, Alias, DisplayName, DistinguishedName, primarysmtpaddress
ForEach ($Mailbox in $Mailboxes)
{
$SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and !$_.IsInherited} | % {$_.User}
$FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq "FullAccess" -and !$_.IsInherited} | % {$_.User}
$sendbehalf=Get-Mailbox $Mailbox.Identity | select-object -expand grantsendonbehalfto | select-object -expand rdn | % {$_.User}
if (!$SendAs -and !$FullAccess -and !$sendbehalf){continue}
$Mailbox.DisplayName + "," + $Mailbox.Alias + "," + $Mailbox.primarysmtpaddress + "," + $FullAccess + "," + $SendAs + "," + $sendbehalf | Out-File $OutFile -Append
}
答案 0 :(得分:0)
使用Get-Recipient,因为权限可以授予个人或群组。所以,它会是这样的:
Get-ADPermission $Mailbox.Identity | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select @{n='Identity';e={(Get-Recipient $_.Identity).PrimarySmtpAddress}}