Dump-RBAC.ps1

#Exchange #Exchange2010 #Powershell

So I have been meaning to post this for a while, so here it is.  I have a need to dump out the RBAC permissions for Exchange 2010 so I could see who had what.  So here is is.  The output is a HTML file.  You will need to create a folder called C:ps for it save it to.

Enjoy .. feedback welcome Winking smile

 

$Error.Clear()
#########################################################################################
$AppName = "Dump-RBAC.ps1"
$AppVer  = "v1.0 [4th Feburary 20111]"
#
#v1.0  05 Aug 2011 : A Script is born

#This script exports relevant RBAC information and generate a webpage
##########################################################################################

##########################################################################################
#Load the Exchange 2010 bits & bobs
#########################################################################################
$xPsCheck = Get-PSSnapin | Select Name | Where {$_.Name -Like "*Exchange*"}
If ($xPsCheck -eq $Null) {Add-PsSnapin Microsoft.Exchange.Management.PowerShell.e2010}

##########################################################################################
#Display script name and version
#########################################################################################
Write-host " " $AppName -NoNewLine -foregroundcolor Green
Write-Host ": " $AppVer -foregroundcolor Green
Write-host "`n Run on $ServerName at $Today by $xUser" -foregroundcolor Yellow
Write-Host "|——————————————————————-|`n"
Write-host "Log Folder: $DateFolder"

$RBACArray      = @()
$RBACCmd        = @()
$RoleGroupArray = @()

$tmpCols = Get-ManagementRoleAssignment
$tmpCols | group RoleAssigneeName | sort name | Select Name | ForEach{$feName = $_.Name; $feName = $feName.Replace(" ","");$xHTML += "<td>" + $fename + "</td>"}

$x=@();$x+="RoleName"; $tmpCols | group RoleAssigneeName | sort name | Select Name | ForEach{$feName = $_.Name; $feName = $feName.Replace(" ","");$x += $fename}

$tmpgmr = Get-ManagementRole | Sort Name
Write-Host "Getting Management Role Information"
ForEach($tmpRole in $tmpgmr){
  $tmpName = $tmpRole.Name
  Write-Host $tmpName
  $tmpArray = "" | Select $x
  $tmpCmd   = "" | Select RoleName, Commands

  ($tmpRole).RoleEntries | ForEach {$tmpcmd.Commands += $_.Name + " | "}

  $tmparray.RoleName = $tmpName #$_.Role
  $tmpCmd.RoleName   = $tmpName

  $gmra = $tmpCols | where {$_.Role -eq "$TmpName"}
  $gmra | sort RoleAssigneeName | ForEacH{$yy = $_.RoleAssigneeName;
    $yy = $yy.Replace(" ","")
    $tmparray.$yy = "x"
  }
  $RBACArray += $tmpArray
  $RBACCmd   += $tmpcmd
}

$tmpRoleGroups = $tmpCols | Where {$_.RoleAssigneeType -eq "RoleGroup"} | Group RoleAssigneeName | Select Name | Sort Name
$tmpRoleGroups | ForEach{
  $tmpmem = ""
  $tmpRG = "" | Select Name, Members
  $tmpRG.Name = $_.Name
  $tmpRG.Name
  $tmpGroup = Get-Group $tmpRG.Name
  $tmpGroupMembers = $tmpGroup.Members
  $tmpGroupMembers | ForEach{$tmpRG.Members += $_.Name + " | "}
  $RoleGroupArray += $tmpRG
}

$today = Get-Date
$HtmlHeader = "
<Style>
  TABLE{border-width: 1px;padding: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
  TD{border-width: 1px;padding: 1px;border-style: solid;border-color: black;}
  TH{font-family:’Arial’;font-size:12px;border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color:peachpuff;layout-flow:vertical-ideographic;Text-align:left}
  TR{font-family:’Arial’;font-size:10px}
  P{font-family:’Arial’;}
</Style>
<TITLE>Exchange Server 2010 RBAC</TITLE>"
$z="<B><FONT size=’2′ face=’VERDANA’>Exchange Server 2010 RBAC Information</B></FONT><BR><FONT size=’1′ face=’VERDANA’>Last updated: $today</FONT></font><HR size=6 color=Green>"
$xhtml = $RBACArray | ConvertTo-Html -head $HtmlHeader  -Title "Exchange Server 2010 RBAC" -body $z -PreContent "<FONT size=’2′ face=’VERDANA’>"

$txtYELLOW = @()
$i=0; $xHTML | foreach{IF ($_ -like "*<td>x</td>*"){ $txtYELLOW += $i}; $i++}
$txtYELLOW | ForEach{$xHTML[$_] = $xHTML[$_].Replace("<td>x</td>","<td bgcolor=Yellow align=center><B>x</B></td>")}

$xHTML += "<HR>"
$xHTML += $RBACCmd | ConvertTo-Html -Fragment

$xHTML += "<HR>"
$xHTML += $RoleGroupArray  | ConvertTo-Html -Fragment

$xhtml | out-file c:psrbac.html

Comments

  1. Thanks for sharing, this is great! The html for the column headings isn’t rendering properly, but that may just be due to the copy/paste. I’ll have to go over the code more thoroughly. You do seem to have some variables defined outside of the script – the Write-Host lines use $ServerName, $Today, $xUser, and $DateFolder, which just come out blank in the output.

    Write-host “`n Run on $ServerName at $Today by $xUser” -foregroundcolor Yellow
    Write-Host “|——————————————————————-|`n”
    Write-host “Log Folder: $DateFolder”

    [PS] D:>E:ScriptsDump-RBAC.ps1
    Dump-RBAC.ps1: v1.0 [4th February 2011]

    Run on at by
    |———————–|

    Log Folder:
    Getting Management Role Information
    Active Directory Permissions
    Address Lists
    ApplicationImpersonation
    Audit Logs
    Cmdlet Extension Agents

    Thanks, this is very useful!

  2. IE8 doesn’t render the style setting “layout-flow:vertical-ideographic” properly when I double-click on the file, but it does render it properly if I create a shortcut and point it to the file via a UNC path. Also, both Firefox and Chrome just seem to ignore that setting completely, and display the text horizontally.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: