Generating Report of Users with Forwarding Activated and who the mail is being forwarded to

Question

Hi,

The built in report for forwarded users does not return any results for our environment, likely because we mainly use Exchange Online. I am attempting to generate my own report but struggling to get results. I have added a custom column that will list the user who is receiving the mail via forwarding. I have the following currently:

# Set search criteria
$criteria = New-AdmCriteria @(
    "adm-LinkedMailbox",
    "adm-PublicFolderMailbox"
)
$criteria.AddType("user", {mailboxType -eq "any"})
$Context.DirectorySearcher.AddCriteria($criteria)

# Custom column identifiers
$forwardedUser = "{4a7d1b39-bfb6-4935-a3e8-a36aaf57294d}"

# Build the report
try
{
    $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
    while ($Context.MoveNext($searchIterator))
    {
        $searchResult = $searchIterator.Current
        $user = $Context.BindToObjectBySearchResult($searchResult)

        try {
            # Get forward to
            $mailboxParams = $user.GetMailParameters()
            $deliveryOptions = $mailboxParams.MailFlowSettings.DeliveryOptions
            $forwardToDN = $deliveryOptions.ForwardingAddress.DistinguishedName

            #Bind to user        
            if ($forwardToDN) {
                $forwardedRecipient = $context.BindToObjectByDN($forwardToDN)
                $columnValues = @{
                    $forwardedUser = $forwardedRecipient
                }
                $Context.Items.Add($user, $columnValues, $NULL)
            }
        } catch {
            Continue
        }
    }
}
finally
{
    if ($searchIterator) { $searchIterator.Dispose() }
}

Could you please point me in the direction of where I am going wrong?

Thanks, Gareth

Comments

Hello Gareth,

For us to suggest a solution, please, specify whether the report will only include items with on-premises Exchange mailboxes. If not, should the report include linked mailboxes, public folder mailboxes and all the users with mailboxes and the Forward to option enabled.

Any additional information will be much appreciated.

---

Hi, thanks for your response. This report should include mailboxes that are Exchange only, we run a hybrid environment that will shortly be migrated to cloud only. The report should only include user mailboxes - both standard and converted to shared mailboxes.

Essentially I only need the following columns: User | mail | Forwarded User

A nice to have would be a list of users who have full access delegation to the mailbox delegation if possible, this could just be a list of display names delimited with ; if that's easier.

Answer 1

Hello Gareth,

Thank you for specifying. You can find the script for the report below. In the script:

• $forwardedUserColumnID - Specifies the identifier of the custom column that will contain the Forward to account. The column must be of the Directory object type.
• $fullAccessUserColumnID- Specifies the identifier of the custom column that will contain the accounts that have full access permissions over the mailbox. The column must be of the Text type.

# Custom column identifiers
$forwardedUserColumnID = "{4a7d1b39-bfb6-4935-a3e8-a36aaf57294d}" # TODO: modify me
$fullAccessUserColumnID = "{a2a66ae6-bc5b-423a-9c5f-ddb460b20710}" # TODO: modify me

# Build citeria
$criteria = New-AdmCriteria "adm-LinkedMailbox", "adm-PublicFolderMailbox", "user" {mailboxType -ne "none"}
$Context.DirectorySearcher.AddCriteria($criteria)

try
{
    # Execute search
    $searchResultIterator = $Context.DirectorySearcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()    
}
finally
{
    # Release resources
    if ($searchResultIterator){ $searchResultIterator.Dispose() }
}

foreach ($searchResult in $searchResults)
{
    $user = $context.BindToObjectBySearchResult($searchResult)

    try
    {
        # Get forward to
        $mailboxParams = $user.GetMailParameters()
        $deliveryOptions = $mailboxParams.MailFlowSettings.DeliveryOptions
        $forwardToGUID = $deliveryOptions.ForwardingAddress.ObjectGUID

        if ($NULL -eq $forwardToGUID)
        {
            continue
        }
        $forwardToColumnValue = $Context.BindToObject("Adaxes://<GUID=$forwardToGUID>")

        # Get Full Access permissions
        $objectReferences = $mailboxParams.MailboxRights.GetTrusteesGrantedRights("ADM_EXCHANGE_MAILBOX_RIGHTS_FULL_ACCESS")
        $fullAccessDisplayNames = @()

        foreach ($objectReference in $objectReferences)
        {
            $sid = $objectReference.ObjectSid
            if ([System.String]::IsNullOrEmpty($sid))
            {
                continue
            }
            elseif ([Softerra.Adaxes.Utils.WellKnownSecurityPrincipalInfo]::IsWellKnown($sid))
            {
                continue
            }

            # Get object display name
            try
            {
                # Bind to object
                $object = $Context.BindToObject("Adaxes://<SID=$sid>")
                $displayName = $object.Get("displayName")
                $fullAccessDisplayNames += $displayName
            }
            catch
            {
                continue
            }            
        }

        $fullAccessColumnValue = [System.String]::Join(";", $fullAccessDisplayNames)
        $columnValues = @{$forwardedUserColumnID = $forwardToColumnValue.Get("distinguishedName"); $fullAccessUserColumnID = $fullAccessColumnValue}
        $Context.Items.Add($searchResult, $columnValues, $NULL)
    }
    catch
    {
        continue
    }
}