Archive for Recoverd From Archive

List Members of a Dynamic Distribution List

This post was inspired by a post found on http://www.howexchangeworks.com/2009/10/task-listing-members-of-exchange-2007.html

But I have modified the commands some to get a better listing.

$group = Get-DynamicDistributionGroup –identity “AllStaff”

Get-Recipient –RecipientPreviewFilter $group.RecipientFilter | sort name | select name > d:\_temp\dlist_members.txt

These changes will give you an alphabetical list of members, with names only in the list.   I find this easier for managers to use to verify list membership.

The list we have uses the PO filed to filter it.  So we then just have to go to the user account and add specific text in the PO filed to add or remove them from the distribution list.

Script – Mailbox Audit

This is a script I wrote that will look for specific email accounts in an OU, and then send an email to all the people who have access to those email accounts.

#$ErrorActionPreference = "SilentlyContinue"
 $smtpServer = "[REMOVED]"
 $smtp = new-object Net.Mail.SmtpClient($smtpServer)
 $emailFrom = "mkieffer@[REMOVED]"

$a = get-user -OrganizationalUnit "[REMOVED]/Corp/Email Accounts" | where {$_.DistinguishedName -notlike '*OU=Contacts,OU=Email Accounts,OU=[REMOVED]' -and $_.DistinguishedName -notlike '*OU=Resources,OU=Email Accounts,OU=[REMOVED]'} | sort name

foreach ($item in $a) {

$mailboxName = $item.name
 $mailboxAddress = $item.WindowsEmailAddress
 $body = "We are in the process of auditing access rights to shared mailboxes. According to our audit, you have access to the mailbox ""$mailboxName"".

"
 $smtpAddresses = get-mailbox $mailboxName | select -expand EmailAddresses | %{$_.SmtpAddress}
 $body += "This mailbox has the following email addresses:
 $smtpAddresses

Primary Contact: [None Specified]

"
 $body += "The Following employees have full access to this mailbox:`r`n"
 $subject = ""
 $emailTo = "mkieffer@[REMOVED]"
 $subject = "Audit of mailbox $mailboxName ($mailboxAddress)"
 echo "$mailboxName ($mailboxAddress)"
 $b = get-mailboxpermission $item.Name | where {$_.AccessRights -like "*FullAccess*"}
 $newEmailTo = ""
 $emailcounter = 0
 foreach ($item2 in $b) {
 [String]$name = $item2.User
 $c = get-mailbox $name
 if ($c.OrganizationalUnit -eq "[REMOVED]/Corp/Users/Employees" -and $c.name -ne "Mike Kieffer" ) {
 [String]$email = $c.WindowsEmailAddress
 [String]$fname = $c.DisplayName
 echo "--> $fname ($email)"
 $body += $fname
 $body += [char]13
 if ($emailcounter -gt 0) {$newEmailTo += ", "}
 $newEmailTo += $email
 $emailcounter = $emailcounter + 1
 }
 }
 $body += "`r`nPlease reply to this email with the following information:
 1- If this mailbox is still needed or if this mailbox can be deleted.
 2- Who is the primary contact for this mailbox.
 3- Who needs to be added or removed from accessing this mailbox.
 4- If any of the email addresses associated with this mailbox are no longer used, and can be removed.
 5- Is the name of ""$mailboxName"" still approrpiate for this mailbox.

Thanks,
 Mike Kieffer
 IT Sr. Systems Administrator
 "
 echo $subject
 echo $body
 echo $newEmailTo
 $smtp.Send($emailFrom, $newEmailTo, $subject, $body)
 }

Of course, you will need to modify the script to work in your environment, but this is a good starting point.  Suggestions are welcomed on how to increase the usability of this script and also the effectiveness of it.

If you are unable to delete some of the users from the mailboxes during the audit, you may find this post helpful: Cannot remove ACE on object…

Script – Check Message Queue

note: following the transfer of this domain to the new owners, per user requests this article was recovered from the internet archive wayback machine, but may not be complete.

Here is a simple script I wrote that checks the message queue and then sends an email if the message queue goes over a specified limit. Read more

Exchange – Cannot remove ACE on object … because it is not present.

note: following the transfer of this domain to the new owners, per user requests this article was recovered from the internet archive wayback machine, but may not be complete.

I have run into a problem while doing some routine maintenance on some shared mailboxes for the company I work for.   During the maintenance process, we audit the list of users that have full mailbox rights to any shared mailbox.  In the process, I was trying to remove full permissions from several user accounts.  Here is what the Manage Full Access Permission screen looked like. Read more

Command to list all messages to a specific domain for the day

If you want to list all of the messages sent to a recipient with a specific domain, you can run this command. It will export a list of all message from 8:00AM – 5:00PM on 10/17/2009 that were to someone on the domainname.com domain. The list will be saved to c:\send.xls

get-transportserver | Get-MessageTrackingLog -ResultSize Unlimited -Start “10/17/2009 8:00AM” -End “11/17/2009 5:00PM” -eventid Send | WHERE {$_.recipients -like “*domainname.com*”} > “c:\send.xls”