启用邮箱审核

时间:2018-08-16 21:14:25

标签: powershell security office365

运行此命令时,我在启用一些帐户进行审核时遇到错误。 

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"} |
    Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, Update FolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete , HardDelete, Update, MoveToDeletedItems

然后我在这里得到这个错误,

The operation couldn't be performed because 'Employee Name' matches multiple
entries.
+ CategoryInfo          : NotSpecified: (:) [Set-Mailbox], ManagementObjectAmbiguousException
+ FullyQualifiedErrorId : [Server=removed,RequestId=removed,TimeStamp=8/16/2018 8:54:51 PM] [FailureCategory=Cmdlet-ManagementObjectAmbiguousException] B88862F7,Microsoft.Exchange.Management.RecipientTasks.SetMailbox
+ PSComputerName        : outlook.office365.com

然后我正在运行此命令以查看启用了哪些功能的人

Get-Mailbox -ResultSize Unlimited |
    Select Name, AuditEnabled, AuditLogAgeLimit |
    Out-Gridview

弹出一个GUI并向我显示一些重复的Employee。这是因为我们有两个带有不同电子邮件箱的不同域名。示例:john@company1.com和john@company2.com。如何在PowerShell中启用这些重复的帐户?

1 个答案:

答案 0 :(得分:3)

我觉得很可笑,尽管它不能唯一地标识对象,但通过管道传递的identity参数是基于Name的:)(根据定义,Identity应该是唯一的!)。无论如何,我们需要做的就是将身份从名称更改为更具全局唯一性的内容,例如GUID。为此,我们可以在管道中添加一个步骤来更改Identity

Get-Mailbox...| Select -Property @{Name="Identity";Expression={$_.GUID.ToString()}}  | Set-Mailbox...

我正在做的是使用Select语句内的表达式将GUID转换为字符串,并将其作为Identity传递给管道。 Set-MailboxGUID当作Identity,并将更新正确的邮箱。

这样,您的代码就会变得清晰起来(为了清楚起见):

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox" -or RecipientTypeDetails -eq "SharedMailbox" -or RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "DiscoveryMailbox"}`
| Select -Property @{Name="Identity";Expression={$_.GUID.ToString()}} `
| Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermissions -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermissions, MailboxLogin, Create, SoftDelete , HardDelete, Update, MoveToDeletedItems
相关问题
最新问题