Tag: For

Determine the Management Roles and Commands a user can run in Exchange PowerShell

Scenario –  You want to see what Management Roles and Commands a user can run from Exchange PowerShell

Scriptlet:

#Determine management role assignments for an account
    $1= Get-ManagementRoleAssignment -RoleAssignee <username>
    $1 | Select Role

#Determine what commands are associated with that account
#For a Single Role
Get-ManagementRole Monitoring | FL
    Get-ManagementRole Monitoring | Select -ExpandProperty RoleEntries | Select Name
    Get-ManagementRole Monitoring | Select -ExpandProperty RoleEntries |Sort Name | Select name

#For Multiple Roles from $1
$Roles = @()
    $1.role.name | %{
        $n = $_
        $temp = Get-managementrole $n | Select -ExpandProperty RoleEntries |Sort Name | Select -expandproperty name    

        $temp | %{
            $c = $_
            $ServerObj = New-Object PSObject
            $ServerObj | Add-Member NoteProperty -Name “ManagementRole” -value $n
            $ServerObj | Add-member NoteProperty -Name “Command” -Value $c
            $Roles += $ServerObj
        }

       $n = $null
        $c = $null
    }

#Display $roles
    $roles | Sort Command | Select Command, ManagementRole

 

Exchange Activesync Monitor for Specific Devices

Scenario:  Monitor specific ActiveSync Devices and report when a device has not made a successful ActiveSync connection for over an hour.  Report the time in local time and not Greenwich.  

Script: I ran the following Exchange PS script every hour . Depending on your requirements, you may need to manipulate or move the script around.

#Format Date to Greenwich
$currentdate = get-date
$currentdate = $currentdate.Addhours(-1)
$currentdate = $currentdate.touniversaltime()

#Pull the devices that have not connected to LastSuccessSync in over an hour
$devices = get-activesyncdevicestatistics DeviceID  | Where {$_.LastSuccessSync -lt $currentdate} | Sort LastSuccessSync | Select DeviceID, DeviceOS, deviceFriendlyName, LastSuccessSync, LastSyncAttemptTime, DeviceModel, Identity

#For the device(s) found, format the information
ForEach ($entry in $devices){
$Device = “Device: “+$entry.DeviceFriendlyName
$DeviceOS = “Device OS:   “+$entry.DeviceOS
$DeviceLastAttempt = “Last Sync Attempt (EST):   “+$entry.LastSyncAttemptTime.ToLocalTime()
$DeviceLastSync = “Last Success Sync (EST):   “+$entry.LastSuccessSync.ToLocalTime()
$DeviceModel = “Device Model:   “+$entry.DeviceModel
$DeviceIdentity = “DeviceID:   “+$entry.Identity
$DeviceIdentity = $DeviceIdentity -replace “Domain/OU/”,””
$DeviceIdentity = $DeviceIdentity -replace “/ExchangeActiveSyncDevices/”,”_”
}

#Email the results if there is a device that has not reported in over 1 hour.
If ($Devices -ne $null){
$SmtpClient = new-object system.net.mail.smtpClient 
$MailMessage = New-Object system.net.mail.mailmessage 
$SmtpClient.Host = “smtp.domain.com” 
$mailmessage.from = (“EASMonitoring@domain.com”) 
#$mailmessage.To.add(“User@domain.com”) 
$mailmessage.Subject = “Alert: A mobile device has not connected to e-mail in over 60 minutes.”
$mailmessage.Body = “The mobile device below has not connected to e-mail in over 60 minutes.
$DeviceIdentity
$Device
$DeviceOS
$DeviceLastAttempt
$DeviceLastSync

$smtpclient.Send($mailmessage)
}