• 1. London, UK
  • 2. New York, NY
  • 3. Sydney, Australia
  • 4. Melbourne, Australia
  • 5. Moscow, Russia
  • 6. Singapore
  • 7. Paris, France
  • 8. Chicago, IL
  • 9. Hong Kong
  • 10. Houston, TX

Tuesday, June 24, 2008

 

Exchange Quick Audit: mailboxes created in last 7 days

Posted by Bharat Suneja at 6:46 AM
I remember writing plenty of scripts to report on different things such as user accounts created every week/month, user accounts modified, accounts disabled, etc. for SOX compliance. Some of those scripts used to be rather long, and in hindsight— involved a lot more lines of code than an administrator should have to write. Although I had a lot of fun (and still do... albeit with PowerShell), I would totally understand if you said you never wanted to hear about things like Wscript, VBScript, WSH, COM objects, ADSI, and WMI ever again.


Let's take a look at how the shell (EMS) makes it so easy.

In this example, we need to get a list of all accounts created in the last 7 days. When a user account is created, its whenCreated attribute gets stamped with the time of creation. Here's how it can be used:

Get-User -resultsize unlimited | where {$_.WhenCreated -gt (get-date).adddays(-7)} | ft Name,whenCreated -Autosize

Similarly, when an AD object is changed, it's whenChanged attribute gets stamped with the time the change was made. This makes it easy to determine which objects were changed in a given period, a useful tool for auditing/reporting as well as troubleshooting. In the following example, we determine if any Receive Connectors were changed in the last 7 days.

Get-ReceiveConnector | where {$_.whenChanged -gt (get-date).adddays(-7)}

Another frequently required and requested report— how do I get a list of mailboxes that haven't been accessed in the last X days. Let's use 100 days as the value here:

Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -lt (get-date).AddDays(-100)} | ft displayName,lastlogontime,lastloggedonuseraccount,servername

Or mailboxes that have never been logged on to:

Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -eq $null | ft displayName,lastlogontime,lastloggedonuseraccount,servername

Note, you can filter mailboxes by Database or ServerName to restrict the results to a more manageable size.

Disconnected/Disabled Mailboxes
Next, let's list mailboxes disabled in the last 14 days:

Get-MailboxStatistics | Where {$_.DisconnectDate -gt (get-date).AddDays(-14)} | ft displayName,ServerName,DatabaseName,TotalItemSize -Autosize

Labels: , , ,

6 Comments:

June 25, 2008 12:56 PM
Anonymous Mauro Rita said...

First of all, Congratulations on writing a great blog and on "moving to the MotherShip".

Correct me if I'm wrong, but WhenCreated is the creation date of the AD object, not the mailbox's, right?

Is there a way to find the mailbox creation date with Powershell, without something like the following link?

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.exchange.development&mid=9b997efd-d3b3-4d18-a1a7-e3cfcbbf9d78 ?

Thank you.

 
July 1, 2008 8:22 AM
Blogger Bharat Suneja said...

Yes, whenCreated is the time the AD object (user account in this case) was created.

I started investigating the answer to your second question— something I asked myself as well when writing the post. Will update this post when I've narrowed that down.

 
August 12, 2008 3:37 PM
Anonymous Anonymous said...

Hi there,

I used the "get-mailboxstatistics | ft name,whenCreated" command

and I got the creation date. I'm assuming this is the mailbox creation date.

 
August 13, 2008 8:06 PM
Blogger Bharat Suneja said...

@Anonymous: Get-MailboxStatistics cmdlet does not return Name or WhenCreated properties. It does return DisplayName.

The only two timestamps it returns is LastLogonTime and LastLogoffTime.

The WhenCreated property returned by both Get-User and Get-Mailbox is the whenCreated attribute from the AD account - the time that the user account was created.

That may or may not be the time when the mailbox is created in the Mailbox Database (It's probably safe to assume that there's some latency between account creation time and mailbox creation in MDB).

Also consider cases where existing AD accounts are mailbox-enabled.

Looking for a reliable way to retrieve mailbox creation time.

 
September 29, 2008 8:50 AM
Blogger bapu said...

So how do I see the report does it txt file?

 
September 29, 2008 9:08 AM
Blogger Bharat Suneja said...

@Bapu: Outputs to the console window you issue the command in. You can pipe the output to a text file by using:
>MyFile.txt

Powershell also has the Export-CSV cmdlet.

 

Post a Comment

Links to this post:

Create a Link

<< Home