Mohammed Wasay

Tag: all

  • Get All DCs in the Entire Forest

    Get All DCs in the Entire Forest

    Getting a know a new environment for a new client and I a quickly needed information about all domain controllers in the entire forest.

    Wrote a small little script to provide me all the information I needed:

    Import-Module ActiveDirectory

function Get-AllDCsInForest{
[CmdletBinding()]
param(
    [string]$ReferenceDomain = $env:USERDOMAIN
)
 
$ForestObj = Get-ADForest -Server $ReferenceDomain
foreach($Domain in $ForestObj.Domains) {
    Get-ADDomainController -Filter * -Server $Domain | select Domain,HostName,Site, IPv4Address, OperatingSystem, OperatingSystemVersion
     
}
 
}

Get-AllDCsInForest| Export-Csv -Path C:\Scripts\AllDcs.txt -NoTypeInformation

     

  • Grant & Revoke Access to Mailboxes

    There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
    Below I will demonstrate how to:

    • Grant an Admin access to a single mailbox
    • Grant an Admin access to all mailboxes
    • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)
    1. First make sure you have the remote signed execution policy set to true. You can do this by running PowerShell in admin mode and running: Set-ExecutionPolicy RemoteSigned
    2. Next, run the following to authenticate your self and import PowerShell commands to your local session:
      $LiveCred = Get-Credential
      $Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
      Import-PSSession $Session

    Grant an Admin access to a single mailbox

    Grant an Admin access to all mailboxes

    • Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User[email protected] -AccessRights fullaccess -InheritanceType all

    Revoke the above permissions

    • If you want to revoke permissions after granting them, simply replace the ‘Add-MailboxPermission‘ with ‘Remove-MailboxPermission‘ followed by the original command you entered to grant the permissions. For example, to grant [email protected] full access to [email protected], you would enter the command:
      Add-MailboxPermission [email protected] -User [email protected] -AccessRights FullAccess -InheritanceType All

     

    There is a switch you can use in conjunction with the above commands which will hide the user mailboxe from appearing in the mailbox-tree panel in Outlook (on the left side).

    -AutoMapping $false