DCSIMG
List of Exchange 2003 Administrators - Shay Levy

Shay Levy

If you repeat it, PowerShell it!

List of Exchange 2003 Administrators


The following script lists all the groups or users that have been delegated as exchange admins at the organizational level. There are three types of administrative roles:

  • Exchange Full Administrator
  • Exchange Administrator
  • Exchange View Only Administrator


 

$cnc = (Get-QADObject (Get-QADRootDSE).ConfigurationNamingContext).DN
$DN = "CN=Microsoft Exchange,CN=Services,$cnc"

Get-QADPermission $DN -Inherited -SchemaDefault | `
Where-Object {$_.Rights.value__ -match '983551|131220|197119'} | `
Foreach-Object {

  $account = $_.AccountName
  $pso = "" | Select-Object User,Role
  $pso.user = $account

  switch($_.Rights.value__)
  {
    983551 { $pso.role="Exchange Full Administrator" }
    131220 { $pso.role="Exchange View Only Administrator" }
    197119 { $pso.role="Exchange Administrator" }
  }

 $pso
} 

User                     Role
----                     ----
DOMAIN\Exchange Services Exchange Full Administrator
DOMAIN\User1             Exchange View Only Administrator
DOMAIN\ShayL             Exchange Full Administrator
DOMAIN\Enterprise Admins Exchange Full Administrator

You can read more about Exchange administrative role permissions in Exchange 2003 HERE. In Exchange 2007 you can use the Get-ExchangeAdministrator cmdlet to retrieve information about the users or groups that have a particular Microsoft Exchange Server 2007 role.

Posted: Jul 23 2009, 07:42 PM by ScriptFanatic | with 1 comment(s)
תגים:, , , ,

Comments

johnny said:

Hello. Thank you for this great info! Keep up the good job!

# August 7, 2009 10:01 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 


Enter the numbers above: