Forum Discussion
RobertFormodi
Feb 21, 2020Copper Contributor
Difficult to find which distribution group was assigned to which shared mailbox
I have hundred of distribution groups which functional as delegation groups for manage full access and send as permission for shared mailboxes. Is there any available powershell script or any which a...
RobertFormodi
Feb 24, 2020Copper Contributor
VasilMichev, Yes I know this solution but I have a lot of stale delegation groups and need to know exactly which groups are in still used and have function and which not. Maybe I should query the all production shared mailboxes and collects their groups in a csv what you described. After that another script import this csv and would check data and create new csv with the really live shared mailboxes and their groups, thus the rest are the stale.
VasilMichev
Feb 24, 2020MVP
Well how do you tell which is "live" and which is "stale"?
- RobertFormodiFeb 25, 2020Copper Contributor
VasilMichev We have hybrid Exchange and basically used synced AD accounts and synced on-premise distributiongroups (delegation groups) for the shared mailbox setup. When the shared mailbox and its AD account deactivated the associate distribution groups or named delegation groups remained and were not deactivated as the shared mailbox. These delegation groups are what I call or named stale delegation groups and there are hundred.
My basic problem I would need to write a powershell script which one by one goes through the existing synced groups and examines whether there is a corresponding live shared mailbox.
So I would need the complete invers method of the "Get-MailboxPermission "primarysmtpaddress" | where {(($_.IsInherited -eq $false) -and ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT Authority\SELF") -and ($_.Deny -eq $false))} | select -expand User" and "Get-RecipientPermission "primarysmtpaddress" | where {(($_.IsInherited -eq $false) -and ($_.AccessRights -like "*SendAs*") -and ($_.Trustee -notlike 'NT Authority\SELF') -and ($_.AccessControlType -eq 'Allow'))} | select -expand Trustee" powershell query. Actually I need a powershell query where the input should be the primarysmtp address of the delagation group.