Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  Exchange 2007 Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online Microsoft Exchange Outlook   Click on the Category button to get more articles regarding that product.

Exchange-Powershell-list-all-user-who-have-a-Forward-or-Redirect-active

Posted by admin on 22.11.2023

List or change Inboxrules employee have > Automatic E-Mail forwards to private or external E-Mail systems.

Problem:

In Exchange, users are able to forward E-Mail themself to an external private account. This is a problem because of compliance and if you don’t have a DLP (Data Lost Prevention).

There are ways to prevent this (With a Mail Control Rule > Transport rule) or with a DRAC permission set. However then also some technical accounts which HAVE to mail copy external may get targeted. See below at end for a solution or at least a direction to go.

You do not see those in Exchange 2010/2013/2016 Web console or GUI. However you can see those with PowerShell.

Here is how to find out which users in the Organization have such a forward or Redirect active.

Powershell command:

Forwards

foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ForwardTo} | fl MailboxOwnerID,Name,ForwardTo >> d:\edv\exchange_Forward.txt }

Delegates

foreach ($i in (Get-Mailbox -ResultSize unlimited)) { Get-InboxRule -Mailbox $i.DistinguishedName | where {$_.ReDirectTo} | fl MailboxOwnerID,Name,RedirectTo >> d:\edv\exchange_Redirect.txt }

Another query which does not catch all

Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name, ForwardingAddress, DeliverToMailboxAndForward

 Prevent with RBAC from (Sike Fogarty – BPOS Support)

Source: https://blogs.technet.microsoft.com/lystavlen/2012/04/10/how-to-prevent-internal-users-from-autoforwaring-mails-to-external-recipients/

  1. New-ManagementRole -Name “Disable-Auto-Forward” -Parent MyBaseOptions
    Set-ManagementRoleEntry “Disable-Auto-ForwardSet-Mailbox” -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress –RemoveParameter
    Set-ManagementRoleEntry “Disable-Auto-ForwardNew-Inboxrule” -Parameters ForwardAsAttachmentTo,ForwardTo,RedirectTo –RemoveParameter

    Sign into the EAC click on Permissions > User Roles > Click on the Plus sign to add an additional Role Assignment Policy naming it whatever you want and under MyBaseOptions you will see the Disable-Auto-Forward option that you will want to place a check mark in. Save the Role Assignment Policy.

    Assign the Role Assignment Policy to the user(s) desired.

    How to change or remove the INBOX Forwarder user created:

    List the user if you know the name (See above if you don’t)

    Get-InboxRule -Mailbox user-alias |fl Name,Identity,ForwardTo,ForwardAsAttachmentTo

    Example:

    Get-InboxRule -Mailbox m.butsch |fl Name,Identity,ForwardTo,ForwardAsAttachmentTo

     Remove the Inbox rule you want:

    Remove-InboxRule -Mailbox user-alias -Identity “NAME_YOU_SEE_ABOVE_WITH_OTHER_QUERY”

    Remove-InboxRule -Mailbox m.butsch -Identity “Send to NSA automatic”



 Category published:  Exchange 2007 Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online Microsoft Exchange Outlook   Click on the Category button to get more articles regarding that product.

Related Post

Exchange Online SMTP Volumen Limiten für ausgehende E-Mail ab März 2025 – TERRL

Exchange Tenant, EXO, EWS Security change (Fehlervermeidung Security), 02-2025

Outlook.exe, delay in receive and sending E-Mail in cached mode how to solve with GPO

Template theme: Newsup by Themeansar (External Link, you will leave www.butsch.ch).