我需要枚举嵌入在 Get-AdPermission
属性“ExtendedRights”中的权限。
我如何扩展这个多值对象内的属性并显示它们?
通常我会看到这样的命令:
Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like "*Send-As*")} | Fl
但现在我的情况是,我只是想报告授予用户的权限(可以是发送方式,也可以是接收方式)
答案1
我知道这个方法很老套,而且解决方案有效,但这里有一些额外的信息。该命令不起作用的原因是“Send-As”字符串位于 $_.ExtendedRights.RawIdentity 中。您需要的命令是:
Get-Mailbox | Get-ADPermission | where {$_.ExtendedRights.RawIdentity -eq "Send-As"} | fl identity,user,extendedrights,accessrights
用于获取所有已启用邮件的公用文件夹的“发送为”权限的附加命令。请务必将 DC=contoso,DC=com 替换为您组织的域名
Get-ADObject -SearchBase "CN=Microsoft Exchange System Objects,DC=contoso,DC=com" -Filter 'ObjectClass -eq "publicFolder"'| % { Get-ADPermission -identity $_.DistinguishedName } | Where-Object {$_.ExtendedRights.RawIdentity -eq "Send-As"} | fl identity,user,extendedrights,accessrights
答案2
附加此内容ft identity,user,extendedrights,accessrights
使我能够看到扩展的权利:
[PS] C:\Scripts\Exchange>Get-ReceiveConnector | Get-ADPermission | where {$_.User -like '*anonymous*'} | ft identity,user,extendedrights,accessrights
Identity User ExtendedRights AccessRights
-------- ---- -------------- ------------
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Authoritative-Domain-Sender} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Accept-Any-Sender} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-SMTP-Submit} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Accept-Headers-Routing} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Store-Create-Named-Properties} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Create-Public-Folder} {ExtendedRight}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {GenericRead}
CAS01\Default HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {GenericRead}
CAS01\Client HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Store-Create-Named-Properties} {ExtendedRight}
CAS01\Client HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {ms-Exch-Create-Public-Folder} {ExtendedRight}
CAS01\Client HUBCAS01 NT AUTHORITY\ANONYMOUS LOGON {GenericRead}