Share mailboxes and distribution groups audit review

Question

This is what I am trying to achieve:

1. Gather a list of all shared mailboxes
2. Check if there are any members and if not send an email to me.
3. Loop through each one and send an email to the mailbox (if there are members) to check if it is still required.
4. If the members feel it is no longer required then ask them to approve deletion of the mailbox or reject if still required.

As above, same process for distribution groups although appreciate the approval email will go to all members.

Is there a way Adaxes could achieve this so I can continually audit this on a schedule say every X months for all mailboxes or X months from when the item was created.

Answer 1

Hello,

Unfortunately, there is no possibility to achieve the desired using built-in functionality. PowerShell scripts are required. The first two points can be done using a PowerShell script executed in a scheduled task. For the third point, it is possible to send an email notification to shared mailbox members. However, there is no possibility to automate the part where the mailbox members report if the mailbox is still required. Regarding the fourth point, it is possible to submit the deletion of the mailbox for approval, but the operation will be executed if a single user approves the request. There is no possibility to have a collective approval of a request. As such, the whole workflow still requires a significant amount of manual work and there is no straight way of implementing it in Adaxes.

Comments

Thanks for your response.

I think it can still be useful just for points 1-3 but as you say the not actually act ask for any approvals. Is there a script availabel that already achieves this?

Or, could we execute a deletion of the mailbox on a schedule which requires approval that is sent to the mailbox only but before the approval is sent have an email beforehand sent to the mailbox advising on the acions they need to take as a collective e.g. Warn them about the incoming deletion approval and if the mailbx is still required then reject the request. I am not concerned for this to be a collective approval.

---

Hello,

I think it can still be useful just for points 1-3 but as you say the not actually act ask for any approvals. Is there a script availabel that already achieves this?

Unfortunately, there are no such scripts in our repository.

Or, could we execute a deletion of the mailbox on a schedule which requires approval that is sent to the mailbox only but before the approval is sent have an email beforehand sent to the mailbox advising on the acions they need to take as a collective e.g. Warn them about the incoming deletion approval and if the mailbx is still required then reject the request. I am not concerned for this to be a collective approval.

You can create a scheduled task that sends an email notification and deletes the mailbox account. To run the actions on shared mailboxes, you can scope the scheduled task over a business unit members. The business unit will include the required mailboxes based on criteria. For details on how to create business units, have a look at the following tutorial: https://www.adaxes.com/help/ViewAndManageObjectsCollectively. Then you can create a business rule triggering Before deleting a user. In the rule, a PowerShell script will get the mailbox members and submit the operation for approval with the retrieved members as approvers. For information on how to submit an approval request in a script, have a look at the SubmitForApproval method of the ExecuteScriptContext class: https://www.adaxes.com/sdk/ExecuteScriptContextClass/#SubmitForApproval_details. The business rule should also be scoped over the members of the business unit with the required mailboxes.