Reputation: 61
How to add SAMAccountName to output?
Stuck on how to add SAMAccounts (AD usernames) to the results, can anyone help, currently getting no results in the list SamAccountName?
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where
{$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq
$false} |
Select Identity,User,SamAccountName,@{Name='Access Rights';Expression=
{[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation
C:\temp\mailboxpermissions1.csv
No results showing for SAMAccountName
Upvotes: 0
Views: 2188
Answers (2)
Reputation: 16096
You can get SamAccountName using Get-Mailbox cmdlet.
((Get-Mailbox -Filter '*')[0] | Get-Member).Name
# Results
<#
PS C:\Scripts> ((Get-Mailbox -Filter '*')[0] | Get-Member).Name
...
RoomMailboxAccountEnabled
RulesQuota
SamAccountName
SCLDeleteEnabled
...
#>
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
# Results
<#
Get-Mailbox -Filter '*' | ForEach {$PSItem.SamAccountName}
Administrator
...
#>
It just does not get passed down the pipeline as being stated here...
Example:
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property '*'
# Results
<#
AccessRights : {FullAccess, ReadPermission}
Deny : False
InheritanceType : All
User : NT AUTHORITY\SELF
Identity : contoso.com/Users/Administrator
IsInherited : False
IsValid : True
ObjectState : Unchanged
...
#>
So, try it this way...
(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-MailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# Results
<#
Identity User SamAccountName Access Rights
-------- ---- -------------- -------------
contoso.com/Users/Administrator NT AUTHORITY\SELF Administrator FullAccess, ReadPermission
...
#>
Update for the OP
As for you comment...
Hi, this errors out : Invoke-Command : Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax. For a description of the filter parameter syntax see the command help. "*" at position 1."
… as noted from my comment before this update.
The sample is all raw normal PowerShell, and should work local or remote (as long as you have PSRemoting setup properly and you are local admin on the remote box and you are running this as that admin)
If you run this …
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited}
or this...
Invoke-Command -ComputerName ex01 -ScriptBlock {(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName}
Or this...
Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited | Select-Object -Property SamAccountName}
... by itself in your environment over a PSRemoting session, what happens?
If you are doing your PSRemoting session, like this...
$ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Kerberos -Credential $Creds
Import-PSSession $ExpSession
Then you don't need the Invoke-Command at all, since the cmdlets are already proxied to your workstation. Just run the code as is.
Example - Implicit PSRemoting session, leveraging -Prefix
This -prefix is not absolutely required, it's just a habit I've standardize on using for all my implicit remote sessions. The -prefix is recommend if you are using say both Exchange Online cmdlets and the Exchange on-prem cmdlets on the same box to avoid confusion and errors.):
($ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Default)
<#
Id Name ComputerName State ConfigurationName Availability
-- ---- ------------ ----- ----------------- ------------
8 Session8 ex01.contoso... Opened Microsoft.Exchange Available
#>
Import-PSSession $ExpSession -Prefix 'EXP'
<#
WARNING: The names of some imported commands from the module 'tmp_zucxz5zd.0ee' include unapproved verbs that might make them less discoverable. To find the commands wi
th unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 tmp_zucxz5zd.0ee {Add-EXPADPermission, Add-EXPAvai...
#>
(Get-ExpMailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
ForEach{Get-ExpMailboxPermission -Identity $PSItem} |
Where-Object {
$PSItem -ne 'NT AUTHORITY\SELF' -and
$PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}
# The results would be the same as my original response.
Upvotes: 0
Reputation: 8889
SamAccountName is not available through Get-Mailbox or Get-MailboxPermission but you can get it with Get-User with calculated property, see example:
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission |
where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
Select Identity,User,@{N="SamAccountName";E={(Get-User $_.Identity).SamAccountName}},@{Name='Access Rights';Expression= {[string]::join(', ', $_.AccessRights)}} |
Export-Csv -NoTypeInformation C:\temp\mailboxpermissions1.csv
Upvotes: 2
Related Questions
- Get sAMAccount from AD with powershell
- Get samaccountname from display name - but with extras
- Get Samaccountname from display name into .csv
- Powershell function to generate samAccountName
- Pull Samaccount name from get-adprincipal powershell
- Get SamAccountName from AD
- Get SamAccountName from list of various names
- Powershell retrieve User Login Name, not samAccountname
- Powershell - SET-ADUSER Modify samaccountname
- Powershell script only converting last sAmAccountname to name