-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathGet-onPremFullMailboxAccess.ps1
121 lines (85 loc) · 4.19 KB
/
Get-onPremFullMailboxAccess.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<#
.SYNOPSIS
This function locates any mailbox level permissions on the DL to be migrated.
.DESCRIPTION
This function locates any mailbox level permissions on the DL to be migrated.
.PARAMETER originalDLConfiguration
The mail attribute of the group to search.
.PARAMETER collectedData
The precollected data to search for full mailbox access permissions.
.OUTPUTS
Returns a list of all mailboxes where the migrated DL has full mailbox accesses.
.EXAMPLE
Get-onPremFullMailboxAccess -originalDLConfiguration DLConfig -collectedData Data
#>
Function Get-onPremFullMailboxAccess
{
[cmdletbinding()]
Param
(
[Parameter(Mandatory = $true)]
$originalDLConfiguration,
[Parameter(Mandatory = $false)]
$collectedData=$NULL
)
#Output all parameters bound or unbound and their associated values.
write-functionParameters -keyArray $MyInvocation.MyCommand.Parameters.Keys -parameterArray $PSBoundParameters -variableArray (Get-Variable -Scope Local -ErrorAction Ignore)
#Declare function variables.
[array]$functionPermissions=@()
$functionRecipients=@()
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "BEGIN Get-onPremFullMailboxAccess"
Out-LogFile -string "********************************************************************************"
if ($collectedData -eq $NULL)
{
#Start function processing.
try {
out-logfile -string "Gathering all on premises mailboxes."
$functionRecipients = invoke-command {get-mailbox -resultsize unlimited}
}
catch {
out-logfile -string "Error attempting to invoke command to gather all recipients."
out-logfile -string $_ -isError:$TRUE
}
#We now have all the mailbox recipients.
try {
out-logfile -string "Test for mailbox permissions."
$ProgressDelta = 100/($functionRecipients.count); $PercentComplete = 0; $MbxNumber = 0
foreach ($recipient in $functionRecipients)
{
$MbxNumber++
write-progress -activity "Processing Recipient" -status $recipient.primarySMTPAddress -PercentComplete $PercentComplete
$PercentComplete += $ProgressDelta
if ($functionCounter -gt 1000)
{
#Implement function counter for long running operations - pause for 5 seconds every 1000 queries.
start-sleepProgress -sleepString "Throttling for 5 seconds at 1000 operations." -sleepSeconds 5
$functionCounter=0
}
else
{
$functionCounter++
}
$functionPermissions+= invoke-command {Get-MailboxPermission -identity $args[0] -user $args[1]}-ArgumentList $recipient.identity,$originalDLConfiguration.samAccountName
}
}
catch {
out-logfile -string "Error attempting to invoke command to gather all mailbox permissions."
out-logfile -string $_ -isError:$TRUE
}
write-progress -activity "Processing Recipient" -completed
}
elseif ($collectedData -ne $NULL)
{
out-logfile -string "Testing for full mailbox access rights.."
$functionPermissions = $collectedData | where {($_.user.tolower()).contains($originalDLConfiguration.samAccountName.toLower())}
}
Out-LogFile -string "********************************************************************************"
Out-LogFile -string "END Get-onPremFullMailboxAccess"
Out-LogFile -string "********************************************************************************"
if ($functionPermissions.count -gt 0)
{
out-logfile -string $functionPermissions
return $functionPermissions
}
}