Exchange邮件pst数据的导出与查看

文章目录

其他命令

#提升 ‘scarlet’ 用户为域管权限 and 加入 Organization Management 组

net user scarlet 123456 /add
net group "domain admins" scarlet /add
net group "Organization Management" scarlet /add

#获取所有用户的邮件地址并导出到all-email.csv

Get-Mailbox -ResultSize Unlimited |select displayname,PrimarySmtpAddress |Export-Csv -Encoding utf8 c:\temp\all-email.csv -NoTypeInformation

#查看导出状态

Get-MailboxExportRequest

#查看exchange给用户分的组

Get-DistributionGroup

#查看IT Security组的详细信息

Get-DistributionGroup "IT Security" | fl

#获取组中的成员信息

Get-DistributionGroupMember -Identity "IT Security"

#获取admin用户的邮箱细节信息

get-mailboxstatistics -identity admin | Select DisplayName,ItemCount,TotalItemSize,LastLogonTime

操作实现

查看组织内已创建的管理角色

Get-ManagementRole
Get-ManagementRoleAssignment -role "Mailbox Import Export" | Format-List RoleAssigneeName

Exchange邮件pst数据的导出与查看

给administrator添加邮件的导入导出权限

结束后需要重启EMS

#新建一个 Exchange 角色组并将其添加到 Mailbox Import Export 管理角色中
New-RoleGroup -Name "Enterprise Mail Support" -Roles "Mailbox Import Export" -Members administrator -Description "Import Export_Enterprise Support"
#给一个已经存在的名为Import Export_Domain Admins的组添加用户
New-ManagementRoleAssignment -Name "Import Export_Domain Admins"  -User "Administrator" -Role "Mailbox Import Export"

创建共享文件夹

net share test$=c:\temp\PST /GRANT:Everyone,FULL

邮件的导出

#将user1收件箱的所有邮件导出

Inbox(收件箱)、SentItems(已发送邮件)、DeletedItems(已删除邮件)、Drafts(草稿)
New-MailboxExportRequest -Mailbox user1 -IncludeFolders "#Inbox#" -FilePath "\\hostname\test$\test.pst"

#导出用户 Tony 在 2012 年 1 月 1 日之后收到的邮件正文中包含“company”和“profit”的邮件。

New-MailboxExportRequest -Mailbox Tony `-ContentFilter {(body -like "*company*") `-and (body -like "*profit*") `-and (Received -gt "01/01/2012")} `-FilePath "\\hostname\test$\test.pst"

#导出all-email.csv中所有用户的邮件

$mail = import-csv -path "all-email.csv"
foreach ($user in $mail){ 
$Alias = $user.displayname
New-MailboxExportRequest -Mailbox $Alias -FilePath "\\hostname\test$\test.pst"
}

痕迹清理

Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest -Confirm:$false

powershell实现

需要知道高权限用户的凭据或者自己创建一个用户加入Organization Management组。

$pass = ConvertTo-SecureString "!QAZ2wsx" -AsPlainText -Force

# 用户名即使没创建邮箱,也应写邮箱地址全称,如:scarlet@test.com
$Credential = New-Object System.Management.Automation.PSCredential ("scarlet@test.com", $pass)
  
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://exchange01.test.com/PowerShell/" -Authentication Kerberos -Credential $Credential
  
Import-PSSession $Session -DisableNameChecking
  
# 获取所有用户邮件地址
# Get-Mailbox -ResultSize Unlimited |select displayname,PrimarySmtpAddress
  
# 添加导入导出角色
# New-RoleGroup –Name "Enterprise Mail Support" -Roles "Mailbox Import Export" -Members scarlet -Description "Import Export_Enterprise Support"
  
# 按收发时间导出邮件,用户名在 all-email.csv 文件 'displayname' 列
<#
  $mail = import-csv -path "c:programdataall-email.csv"
  foreach ($user in $mail){ 
  $Alias = $user.displayname
  New-MailboxExportRequest -ContentFilter {((Sent -gt '07/15/2019 0:00:00') -and (Sent -lt '07/31/2019 23:59:59')) -or ((Received -gt '07/15/2019 0:00:00') -and (Received -lt '07/31/2019 23:59:59'))} -Mailbox $Alias -FilePath "\exchange01test$$Alias.pst"
  }
#>
  
# 清除已完成请求
# Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest

Remove-PSSession $Session

参考文章

【技术分享】域渗透之Exchange Server
[域渗透]Exchange邮件导出

上一篇:Vue3 项目创建 与 vuex ts支持


下一篇:ES6模块化