如何擴充“Get-ADPermission”的“ExtendedRights”屬性?

tag-icon tag-icon exchange-2010 powershell
如何擴充“Get-ADPermission”的“ExtendedRights”屬性?

我需要枚舉嵌入在 Get-AdPermission的屬性「ExtendedRights」中的權限。

如何擴展這個多值物件中的屬性並顯示它們?

通常我看到這樣的指令:

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like "*Send-As*")} | Fl

但現在我處於這樣的情況:我只想報告授予使用者的權限(可以是發送方式,也可以是接收方式)

答案1

我知道這是舊的並且解決方案有效,但這裡有一些額外的資訊。該指令不起作用的原因是「Send-As」字串位於 $_.ExtendedRights.RawIdentity 中。你想要的命令是:

Get-Mailbox | Get-ADPermission | where {$_.ExtendedRights.RawIdentity -eq "Send-As"} | fl identity,user,extendedrights,accessrights

用於取得所有啟用郵件的公用資料夾的「代理程式傳送」權限的額外命令。請務必將 DC=contoso,DC=com 替換為您組織的域名

Get-ADObject -SearchBase "CN=Microsoft Exchange System Objects,DC=contoso,DC=com" -Filter 'ObjectClass -eq "publicFolder"'| % { Get-ADPermission -identity $_.DistinguishedName } | Where-Object {$_.ExtendedRights.RawIdentity -eq "Send-As"} | fl identity,user,extendedrights,accessrights

答案2

附加此內容ft identity,user,extendedrights,accessrights可以讓我看到擴充功能的權利:

[PS] C:\Scripts\Exchange>Get-ReceiveConnector | Get-ADPermission | where {$_.User -like '*anonymous*'} | ft identity,user,extendedrights,accessrights

Identity                                          User                                              ExtendedRights                                    AccessRights
--------                                          ----                                              --------------                                    ------------
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-SMTP-Accept-Authoritative-Domain-Sender} {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-SMTP-Accept-Any-Sender}                  {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-SMTP-Submit}                             {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-Accept-Headers-Routing}                  {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-Store-Create-Named-Properties}           {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-Create-Public-Folder}                    {ExtendedRight}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                                                                        {GenericRead}
CAS01\Default HUBCAS01                       NT AUTHORITY\ANONYMOUS LOGON                                                                        {GenericRead}
CAS01\Client HUBCAS01                        NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-Store-Create-Named-Properties}           {ExtendedRight}
CAS01\Client HUBCAS01                        NT AUTHORITY\ANONYMOUS LOGON                      {ms-Exch-Create-Public-Folder}                    {ExtendedRight}
CAS01\Client HUBCAS01                        NT AUTHORITY\ANONYMOUS LOGON                                                                        {GenericRead}

相關內容