I remember writing plenty of scripts to report on different things such as user accounts created every week/month, user accounts modified, accounts disabled, etc. for SOX compliance. Some of those scripts used to be rather long, and in hindsight— involved a lot more lines of code than an administrator should have to write. Although I had a lot of fun (and still do… albeit with PowerShell), I would totally understand if you said you never wanted to hear about things like Wscript, VBScript, WSH, COM objects, ADSI, and WMI ever again.
Let’s take a look at how the shell (EMS) makes it so easy.
In this example, we need to get a list of all accounts created in the last 7 days. When a user account is created, its whenCreated attribute gets stamped with the time of creation. Here’s how it can be used:
Get-User -resultsize unlimited | where {$_.WhenCreated -gt (get-date).adddays(-7)} | ft Name,whenCreated -Autosize
Similarly, when an AD object is changed, it’s whenChanged attribute gets stamped with the time the change was made. This makes it easy to determine which objects were changed in a given period, a useful tool for auditing/reporting as well as troubleshooting. In the following example, we determine if any Receive Connectors were changed in the last 7 days.
Get-ReceiveConnector | where {$_.whenChanged -gt (get-date).adddays(-7)}
Another frequently required and requested report— how do I get a list of mailboxes that haven’t been accessed in the last X days. Let’s use 100 days as the value here:
Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -lt (get-date).AddDays(-100)} | ft displayName,lastlogontime,lastloggedonuseraccount,servername
Or mailboxes that have never been logged on to:
Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -eq $null | ft displayName,lastlogontime,lastloggedonuseraccount,servername
Note, you can filter mailboxes by Database or ServerName to restrict the results to a more manageable size.
Disconnected/Disabled Mailboxes
Next, let’s list mailboxes disabled in the last 14 days:
Get-MailboxStatistics | Where {$_.DisconnectDate -gt (get-date).AddDays(-14)} | ft displayName,ServerName,DatabaseName,TotalItemSize -Autosize
Update 8/18/2011: Exchange 2010 includes the WhenMailboxCreated property for mailboxes, which makes this easier. The property doesn’t change when a mailbox is moved to another mailbox database.
The good news is, WhenMailboxCreated is a filterable property! This means we don’t need to run Get-Mailbox -ResultSize Unlimited to retrieve all mailboxes and then pipe the results to the Where-Object cmdlet to do the filtering. The filtering can occur on server-side.
This command retrieves all mailboxes created after 8/3/2011.
Get-Mailbox -Filter {WhenMailboxCreated -gt “8/3/2011”} | ft Name,WhenMailboxCreated -Auto
{ 7 comments… read them below or add one }
First of all, Congratulations on writing a great blog and on “moving to the MotherShip”.
Correct me if I’m wrong, but WhenCreated is the creation date of the AD object, not the mailbox’s, right?
Is there a way to find the mailbox creation date with Powershell, without something like the following link?
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.exchange.development∣=9b997efd-d3b3-4d18-a1a7-e3cfcbbf9d78 ?
Thank you.
Yes, whenCreated is the time the AD object (user account in this case) was created.
I started investigating the answer to your second question— something I asked myself as well when writing the post. Will update this post when I’ve narrowed that down.
Hi there,
I used the “get-mailboxstatistics | ft name,whenCreated” command
and I got the creation date. I’m assuming this is the mailbox creation date.
@Anonymous: Get-MailboxStatistics cmdlet does not return Name or WhenCreated properties. It does return DisplayName.
The only two timestamps it returns is LastLogonTime and LastLogoffTime.
The WhenCreated property returned by both Get-User and Get-Mailbox is the whenCreated attribute from the AD account – the time that the user account was created.
That may or may not be the time when the mailbox is created in the Mailbox Database (It’s probably safe to assume that there’s some latency between account creation time and mailbox creation in MDB).
Also consider cases where existing AD accounts are mailbox-enabled.
Looking for a reliable way to retrieve mailbox creation time.
So how do I see the report does it txt file?
@Bapu: Outputs to the console window you issue the command in. You can pipe the output to a text file by using:
>MyFile.txt
Powershell also has the Export-CSV cmdlet.
Thanks for sharing nice scripts to report on different things such as user accounts created every week or month, user accounts modified, accounts disabled etc for SOX compliance. You can try automate utility ( http://www.mailboxaccessauditing.com/ ) to find out the mailbox creation date.