How to add SAMAccountName to output?

Stuck on how to add SAMAccounts (AD usernames) to the results, can anyone help, currently getting no results in the list SamAccountName?  The SamAccountName column is left blank but all other fields are populated. Using Exchange 2010 for anyone who needs the information.

The Identity field populates, the username of the user who has access to the Shared Mailbox populates, the level of access populates but the field that I require is the Identity AD Username (SAMaccount).


Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | 
where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | 
Select Identity,User,@{N="SamAccountName";E={(Get-User $_.Identity).SamAccountName}},@{Name='Access Rights';Expression= {[string]::join(', ', $_.AccessRights)}} | 
Export-Csv -NoTypeInformation C:\temp\mailboxpermissions1.csv

I have tried the following with no success:

Changing the code to:  

@{N="SamAccountName";E={(Get-ADUser $_.Identity).SamAccountName}}

Tried the following script however kept getting an error,  Invoke-Command : Cannot bind parameter 'Filter' to the target. Exception setting "Filter": "Invalid filter syntax. For
a description of the filter parameter syntax see the command help.
"*" at position 1."    :

(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName | 
ForEach{Get-MailboxPermission -Identity $PSItem} | 
Where-Object {
    $PSItem -ne 'NT AUTHORITY\SELF' -and 
    $PSItem.IsInherited -eq $false
} | Select-Object -Property Identity,User,
@{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
@{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}} | Export-Csv C:\temp\output500.csv -NoTypeInformation 

All I want is an export of Identity e.g., Identity SamAccount (AD account), Users who have access to this account and the priveleges. The only part that does not work is the samaccount and i have been at this for days!

  • OK, you posted this to Stackoverflow, stackexchange powersuers, and now here. The code sample you are showing, is the answer submitted on both.

    I also provided the results from the code which proves it works. Now, I ran my code directly on an Exchange server, not in a PSRemoting session. At no point did you state in the other post that you were doing this in a remote session, nor did you show this in your posted code sample, even here.

    The sample is all raw normal PowerShell, and should work local or remote (as long as you have PSRemoting setup properly and you are local admin on the remote box and you are running this as that admin)

    If you run this …

        Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited}

    or this...

        Invoke-Command -ComputerName ex01 -ScriptBlock {(Get-Mailbox -Filter '*' -ResultSize Unlimited).SamAccountName}

    Or this...

        Invoke-Command -ComputerName ex01 -ScriptBlock {Get-Mailbox -Filter '*' -ResultSize Unlimited | Select-Object -Property SamAccountName}

    ... by itself in your environment over a PSRemoting session, what happens?

    If you are doing your PSRemoting session, like this...

        $ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Kerberos -Credential $Creds

        Import-PSSession $ExpSession

    Then you don't need the Invoke-Command at all, since the cmdlets are already proxied to your workstation. Just run the code as is.

        ($ExpSession = New-PSSession -ConfigurationName 'Microsoft.Exchange' -ConnectionUri ("http://$Ex01Fqdn/PowerShell") -Authentication Default)

         Id Name            ComputerName    State         ConfigurationName     Availability
         -- ----            ------------    -----         -----------------     ------------
          8 Session8        ex01.contoso... Opened        Microsoft.Exchange       Available

        Import-PSSession $ExpSession -Prefix 'EXP'

        WARNING: The names of some imported commands from the module 'tmp_zucxz5zd.0ee' include unapproved verbs that might make them less discoverable. To find the commands wi
        the unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

        ModuleType Version    Name                                ExportedCommands                                                                                            
        ---------- -------    ----                                ----------------                                                                                            
        Script     1.0        tmp_zucxz5zd.0ee                    {Add-EXPADPermission, Add-EXPAvai...

        (Get-ExpMailbox -Filter '*' -ResultSize Unlimited).SamAccountName |
        ForEach{Get-ExpMailboxPermission -Identity $PSItem} |
        Where-Object {
            $PSItem -ne 'NT AUTHORITY\SELF' -and
            $PSItem.IsInherited -eq $false
        } | Select-Object -Property Identity,User,
        @{Name = 'SamAccountName';Expression = {(Get-ADUser -Identity $($PSitem.Identity -split '/')[-1]).SamAccountName}},
        @{Name = 'Access Rights';Expression = {[string]::join(', ', $PSItem.AccessRights)}}

        # Results
        Identity                              User                SamAccountName   Access Rights                      
        --------                              ----                --------------   -------------                            NT AUTHORITY\SELF   Administrator    FullAccess, ReadPermission