I simply get no results from the command, If I use a oneliner like
get-adgroup -filter {name -eq $i -and ObjectClass -eq “group”} I get the proper result.
also when I convert the string to an Customobject and try to use it with “$i.name” in the foreach it doesn’t work, it only works when I use the oneliner as well. I even can see the proper output of $i when I add write-output $i. But not in the foreach.
Seems like the problem is with using the variable in the foreach loop, but I can’t figure out how to manipulate the command that I get the whished result. I would be more than happy if there is any smarter solution for getting a result all permission groups of exchange. We are in an enterprise and the output of “Get-MailboxPermission *” is super heavy.
Why are you doing this on an Exchange server, using the Exchange cmdlet for user group info that is on the DC?
Now, I am not saying you can’t do this from an Exchange server, especially if you have RSAT ADDS enabled.
There are better ways to more completely get user / group membership info.
With foreach ouput $i, I saw a list which where looking like $mbxperm,
there I was expecting everything is right cause I saw rows between Domainname\ and username
Thanks Alex, using $mbxperm[1] I found out that the split not really worked. I got
“domainname
username”
as a result which showed me that the split didn’t work properly so I used -replace now instead.
Thanks for your input, your thoughts are really insightfull.
This confirms my feeling that Exchange is not the right place for it BUT,
so far I don’t have an working alternative. If I get your function your command gives me where the user have rights but I need only all security groups which are used for settings permissions on Exchange resources. Your input is really great thanks for these insights.
[/quote]
No this would mean Security Groups which are used for granting SendAs or FullAccess rights to Mailboxes and resources.
f.e.
Group1 with member xyz, yax
is used on Maibox asdf@domain.com to grant SendAs rights to Group1. And from my understand these security groups don’t have “Exchange” necessarily in their DN.