Exchange: Powershell list all user who have a Forward or Redirect active

by butsch 8. June 2016 19:34

List or change Inboxrules employee have > Automatic E-Mail forwards to private or external E-Mail systems.

Problem:

In Exchange 2010 users are able to forward E-Mail themself to an external private account. This is a problem because of compliance and if you don't have a DLP (Data Lost Prevention).

There are ways to prevent this (With a Mail Control Rule > Transport rule) or with a DRAC permission set. However then also some technical accounts which HAVE to mailcopy external may get targeted. See below at end for a solution or at least a direction to go.

You do not see those in Exchange 2010/2013/2016 Web console or GUI. However you can see those with Powershell.

 

 

This is what we talk about in Exchange2010 GUI.

Here is how to find out which users in the Organization have such a forward or Redirect active.

Powershell command:

Forwards

foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> d:\edv\exchange_Forward.txt }

Delegates

foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ReDirectTo} | fl MailboxOwnerID,Name,RedirectTo >> d:\edv\exchange_Redirect.txt }

Another query which does not catch all

Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name, ForwardingAddress, DeliverToMailboxAndForward

 

Prevent with RBAC from (Sike Fogarty - BPOS Support)

Source: https://blogs.technet.microsoft.com/lystavlen/2012/04/10/how-to-prevent-internal-users-from-autoforwaring-mails-to-external-recipients/

  1. New-ManagementRole -Name "Disable-Auto-Forward" -Parent MyBaseOptions
    Set-ManagementRoleEntry "Disable-Auto-ForwardSet-Mailbox" -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress –RemoveParameter
    Set-ManagementRoleEntry "Disable-Auto-ForwardNew-Inboxrule" -Parameters ForwardAsAttachmentTo,ForwardTo,RedirectTo –RemoveParameter

    Sign into the EAC click on Permissions > User Roles > Click on the Plus sign to add an additional Role Assignment Policy naming it whatever you want and under MyBaseOptions you will see the Disable-Auto-Forward option that you will want to place a check mark in. Save the Role Assignment Policy.

    Assign the Role Assignment Policy to the user(s) desired.

     

    How to change or remove the INBOX Forwarder user created:

    List the user if you know the name (See above if you don't)

    Get-InboxRule -Mailbox user-alias |fl Name,Identity,ForwardTo,ForwardAsAttachmentTo

    Example:

    Get-InboxRule -Mailbox m.butsch |fl Name,Identity,ForwardTo,ForwardAsAttachmentTo

     

    Remove the Inbox rule you want:

    Remove-InboxRule -Mailbox user-alias -Identity "NAME_YOU_SEE_ABOVE_WITH_OTHER_QUERY"

    Remove-InboxRule -Mailbox m.butsch -Identity "Send to NSA automatic"

     

     

Tags:

Exchange 2007 | Exchange 2010 | Exchange 2013

Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: