0

Im trying to generate a report of mailbox permissions out of Exchange Online. Here is the code:

$SendAs = @()
$Mailboxes = Get-mailbox | where {$_.Identity -notlike "DiscoverySearchMailbox*"}

Foreach ($MB in $Mailboxes) {
    $SendAsTemp = Get-RecipientPermission $MB.userprincipalname | select identity,Trustee,AccessRights | `
        Where-Object {$_.Trustee -notlike "*\Self" -and $_.Trustee -notlike "S-1-5*"}
    if ($SendAsTemp) {
        $SendAs += New-Object psobject -Property @{
            Identity=$SendAsTemp.identity
            Mailbox=$MB.primarysmtpaddress
            Trustee=$SendAsTemp.Trustee
            AccessRights=$SendAsTemp.AccessRights
        }
    }
}

The problem is that the output ($SendAs) is this;

Mailbox              Trustee                                 AccessRights           Identity
shared@domain.com    {user1@domain.com, user2@domain.com}    {SendAs, SendAs}       {shared, shared}

Its adding the multiple trustee permissions of 'shared' to a single row. What I want is this;

Mailbox              Trustee                                 AccessRights           Identity
shared@domain.com    user1@domain.com                        SendAs                 shared
shared@domain.com    user2@domain.com                        SendAs                 shared

How do I achieve this?

Kav
  • 9
  • 2

1 Answers1

0

First of all, avoid using the increase assignment operator (+=) to create a collection as it is exponential expensive. Meaning, it gets more expensive with every iteration. Use the PowerShell pipeline instead.

For your specific issue you can simply iterate through the trustees, like:

$Mailboxes = Get-mailbox | where {$_.Identity -notlike "DiscoverySearchMailbox*"}

$SendAs = Foreach ($MB in $Mailboxes) {
    $SendAsTemp = Get-RecipientPermission $MB.userprincipalname | select identity,Trustee,AccessRights |
        Where-Object { $_.Trustee -notlike "*\Self" -and $_.Trustee -notlike "S-1-5*" }
    if ($SendAsTemp) {
        Foreach ($Trustee in @($SendAsTemp.Trustee)) {
            New-Object psobject -Property @{
                Identity = $SendAsTemp.identity
                Mailbox = $MB.primarysmtpaddress
                Trustee = $Trustee
                AccessRights = $SendAsTemp.AccessRights
            }
        }
    }
}

(Note that in this example whole mailbox entry will not be listed if it doesn't have any trustees at all.)

iRon
  • 20,463
  • 10
  • 53
  • 79
  • Thanks that works kinda, however now the accessrights and identity have multiple values. For example if there is 2 trustees, then in each row the accessrights field has '{SendAs, SendAs}'. Thanks for info re += performance issues. – Kav Aug 12 '20 at 06:56