Looks for all mailboxes that have activesync device partnerships and then displays device information from these mailboxes only along with the mailbox owners identity in an easy to read format which can be customized.


$ActiveSyncDevices = @()
$mbx = get-casmailbox | ?{$_.hasactivesyncdevicepartnership -eq $true}
ForEach ($Mailbox in $mbx) {
Get-ActiveSyncDeviceStatistics -Mailbox $Mailbox.Identity –ErrorAction SilentlyContinue | Select DeviceFriendlyName, Devicetype, DeviceModel, DeviceOS, DeviceUserAgent | ForEach-Object { $_ | Add-Member –MemberType NoteProperty -Name "MailboxIdentity" -value $Mailbox;
$ActiveSyncDevices += $_ }
}
$ActiveSyncDevices | select DeviceType, DeviceModel, DeviceOS, MailboxIdentity | ft

 

Following up on my previous post on how to find out who has send-as rights on a mailbox, here’s how you can do the same for a distribution group.

Get-ADPermission -identity distributiongroupname | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

It’s essentially the same command. Instead of piping the mailbox object to the Get-ADPermission cmdlet, here you’re telling the Get-ADPermission cmdlet the name of the distribution group you want to find who has permissions for.

 

Here’s a quick way to find out who has send-as permissions on a particular mailbox

Get-Mailbox -identity mailboxname | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

You can also pipe in all mailboxes or a server or database to find out send-as permissions on all mailboxes as follows

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

Get-Mailbox -Server servername | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

 

To get a quick list of users in AD whose accounts are locked, you can use Quest Software’s free ActiveRoles Management Shell for Active Directory PS-Snapin. This snap-in simplifies a lot of the AD related functions through Powershell, finding locked user accounts is just one of them.

get-QADUser -Locked

© 2012 !NSFW Suffusion theme by Sayontan Sinha