Get all configured delegations in your active directory (outlook delegations)

by A.K.in Microsoft active directory, Microsoft Exchange Serveron Posted on

The estimated reading time 1 minutes

Get all configured delegations in your active directory (outlook delegations)

Before migrations or other changes, it is always interesting to know which mailboxes are so-called substitutes. To remember where the user can put this:

 

This information is also written into an AD attribute and can thus be read out via Powershell (easiest way is on the domain controller in ISE or directly Powershell).
In newer server generations, the ActiveDirectory cmdlets are automatically imported (otherwise, start the „Import-Module ActiveDirectory” before running the script).

Get-ADObject -Filter * -Properties * -SearchBase "OU=DEMO,DC=demo02,DC=it-koehler,DC=com" | Where-Object {$_.publicDelegates -ne $null} | Select-Object DisplayName,userPrincipalName,mail,publicDelegates | Sort-Object DisplayName | ft -AutoSize -Wrap

In the attribute “publicDelegates”, delegations are set (and can thus also be read). Well the output is already not quite bad for the first overview.
My goal was to make it even more beautiful to format.

That is why I designed this script:

#distinguished name of the ou 
$distname = "OU=DEMO,DC=demo02,DC=it-koehler,DC=com"
$length = $distname.Length
$pd = (Get-ADObject -Filter * -Properties * -SearchBase "$distname" | Where-Object {$_.publicDelegates -ne $null}) 

#listview with distinguished name
Write-Host "##### Listview #####"
Write-Host " "
foreach ($delegates in $pd){
$ident = $delegates.DistinguishedName
$DisplayName = $delegates.DisplayName
$perm = @(Get-ADObject -Identity "$ident" -Properties *  | Select-Object publicDelegates -ExpandProperty publicDelegates | Out-String)
$perm = $perm
Write-Host "Get user delegation for"
Write-Host "User:" $DisplayName
Write-Host $perm
}


#tableoverview
Write-Host "##### Tableview #####"

foreach ($delegates in $pd){

$ident = $delegates.DistinguishedName
$DisplayName = $delegates.DisplayName
$perm = @(Get-ADObject -Identity "$ident" -Properties * | Select-Object SamAccountName,Mail,@{n='Delegations';e={$_.publicDelegates-replace '^CN=|,.*$'}} | Sort-Object SamAccountName)
$perm | ft -AutoSize -Wrap
}
pause

The script does not include large queries and error handling.

I’m looking forward for some suggestions.

Have fun.

 

Print Friendly, PDF & Email
Was this article helpful?
YesNo
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments