Skip to main content


Showing posts from June, 2013

EWS Powershell default Mailbox Folder ACE audit script

The default Access Control Entry ACE in an Exchange Mailbox Folder DACL controls the rights that all authenticated users have to a particularity mailbox folder. Generally from a security perspective its something you don't want users to use as they may not understand when then set this ACE they are giving all people access to certain information. Eg Giving the default user reviewer rights to your Inbox means everyone in the Exchange org can now read mailbox in you Inbox which may not provide much privacy to your email. The following script will enumerate the permissions on every folder in a Mailbox and then produce a report of the folders where the default ACE isn't set to none. For most users the only folder that should show up in the report in the calendar folder. This script uses EWS but you could also use the Exchange Management Shell Get-MailboxFolderPermission cmdlet. To run this script you need to feed is with a CSV file that contains the SMTPAddress of the Mailboxes y

EWS Findpeople workaround for reading the Offline Address Book in Office365 / Exchange Online

A couple of weeks ago I posted this about using the new FindPeople operation in EWS with Exchange 2013 to enumerate through the Global Address List. As I mentioned one pain point around using this new operation on Office365 is that you need to know the AddressList Id which there is no way of dynamically getting via EWS. This has been bugging me for a while so I started thinking about some ways of working around this and one method I found that did work is you can obtain the Id for the Offline Address Book and then query this (which is mostly as good as querying the Online GAL). To Get the Id of the Offline Address book what you first need to do is use AutoDiscover to get the External OAB url, Then use a normal Get request on this url for the oab.xml file. Then you can parse from the OAB.xml file the Guid value of the OAB which you can transform into an AddressList id that you can then use with EWS to query the OAB. The following C# sample use the EWS Managed API for Autodiscover and

EWS/Powershell Recoverable Items age report for Exchange 2010/13

With Single Item Recovery in Exchange 2010 and Exchange 2013, the Recoverable Items Folder in an Exchange Mailbox becomes one of the things you may want to pay some more special attention to in the course of managing the disk resource that are being consumed within your Exchange Org. The following is a script that does another take on ItemAge reporting by basically crawling every item in a folder and then grouping the DateTimeRecieved (to get the age of the Item) and the ModifiedTime(which is when its deleted). The script produces a report like the following for the Mailbox you run it against To use the script you just need to enter the SMTPAddress of the Mailbox you want to run it against and as long as you have rights to the mailbox you should get a report. I've put a download of the script here the code looks like ## Get the Mailbox to Access from the 1st commandline argument       $MailboxName  =  $args [0]      ## Load Managed API dll      Add-Type -Path 
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.