M365 Migration | Exchange Inventory
Every company is dealing with it. Every company that is planning to do a migration needs a good prepare. Preparing the information to migrate and of course preparing the users. Let’s focus on the information from Exchange.
Current situation
A good migration starts with a good inventory. Which mailboxes are present, which resource mailboxes are we using, which send connectors are in play, which domains are accepted, who has what permissions on which mailbox etcetera etcetera.
This information is of course possible to write down from the portal. Just login to https://admin.exchange.microsoft.com or https://[exchangeserver]/ecp and you will be able to see all that information. Copy/Paste to Excel and you have an inventory. Most parts also possible to download from the web portal with a lot of information you don’t want.
Doing an inventory manually is a lot of work. So let’s automate that.
What do we need?
We would like to know the following information:
- User mailboxes included email addresses, statistics, permissions
- Shared mailboxes included email addresses, statistics, permissions
- Resource mailboxes included email addresses, statistics and permissions
- Mailusers with external forwards
- Mailcontacts
- Distribution lists with owners, moderators, permissions and members
- Unified groups with Teams or SharePoint url and members
- Accepted domains with SPF records and MX Records
- Inbound connectors
- Organization Relationships
- Transport rules
- Retention policies
- Retention policy tags
- Exporting to XLSX sheet
Connection
In a previous post, M365 Migration | Exchange Unattended App Registration, we created an App registration for Exchange Online to use unattended. For the connection we are going to use that information.
$connectionFile = "C:\Temp\connection-details.xml"
$ConnectionDetails = Import-CliXML $connectionFile
Connect-ExchangeOnline -AppId $Connectiondetails.clientId -CertificateThumbprint $Connectiondetails.thumbprint -Organization $connectionDetails.tenant
User/Shared/Resource mailboxes
When the connection is made, we will retrieve all mailboxes from Exchange Online
# getting all the mailboxes
$Mailboxes = Get-Mailbox -Resultsize Unlimited
$Mailusers = Get-MailUser -Resultsize Unlimited
$Mailcontacts = Get-Contact -Resultsize Unlimited
# creating a table to combine information
$MailboxesResult = @()
# processing all the mailboxes
ForEach ($Mailbox in $Mailboxes){
# getting statistics
$mailboxStatistics = Get-MailboxStatistics $Mailbox.Alias
# getting permissions
$permissions = Get-MailboxPermission -Identity $Mailbox.PrimarySMTPAddress | ? { ($_.IsInherited -eq $False) -and -not ($_.User -Like "NT AUTHORITY*") }
$fullAccess = $permissions | Where-Object { $permissions.AccessRights -eq "FullAccess" }
$permissions = Get-RecipientPermission -Identity $mailbox.PrimarySMTPAddress | ? { ($_.IsInherited -eq $False) -and -not ($_.Trustee -Like "NT AUTHORITY*") }
$SendAs = $permissions | Where-Object { $permissions.AccessRights -eq "SendAs" }
# combine eveything in a PSCustomObject
$item = [PSCustomObject]@{
Migrate = " "
Name = $mailbox.DisplayName
Type = $mailbox.RecipientTypeDetails
Enabled = $mailbox.isMailboxEnabled
usageLocation = $mailbox.usageLocation
PrimarySMTPAddress = $mailbox.PrimarySMTPAddress
legacyExchangeDN = $mailbox.LegacyExchangeDN
EmailAddresses = $mailbox.EmailAddresses -join ","
UserPrincipalName = $mailbox.UserPrincipalName
RetentionPolicy = $mailbox.RetentionPolicy
ForwardingAddress = $mailbox.ForwardingAddress
ForwardingSMTPAddress = $mailbox.ForwardingSMTPAddress
MailboxItems = $mailboxStatistics.ItemCount
DeletedItemsCount = $mailboxStatistics.DeletedItemsCount
MailboxSize = $mailboxStatistics.TotalItemSize
UseDatabaseQuotaDefaults = $mailbox.UseDatabaseQuotaDefaults
IssueWarningQuota = $mailbox.IssueWarningQuota
RulesQuota = $mailbox.RulesQuota
ExchangeGUID = $mailbox.ExchangeGUID
ArchiveQuota = $mailbox.ArchiveQuota
ArchiveWarningQuota = $mailbox.ArchiveWarningQuota
ArchiveGuid = $mailbox.ArchiveGuid
ProhibitSendQuota = $mailbox.ProhibitSendQuota
ProhibitSendReceiveQuota = $mailbox.ProhibitSendReceiveQuota
RecoverableItemsQuota = $mailbox.RecoverableItemsQuota
RecoverableItemsWarningQuota = $mailbox.RecoverableItemsWarningQuota
CalendarLoggingQuota = $mailbox.CalendarLoggingQuota
HiddenFromAddressListsEnabled = $mailbox.HiddenFromAddressListsEnabled
FullAccess = $($fullAccess.User) -join (",")
SendAs = $($sendas.Trustee) -join (",")
}
$MailboxesResult += $item
}
Mailusers
We are going to add Mailusers to the same table so the export will contain Mailboxes, Mailusers and Mailcontacts.
ForEach ($mailUser in $mailUsers) {
# licenses
# combine everything in a PSCustomObject
$item = [PSCustomObject]@{
Migrate = " "
Name = $mailuser.DisplayName
Type = $mailuser.RecipientTypeDetails
Enabled = if ($Mailuser.AccountDisabled -eq $false) { "TRUE" } else { "FALSE" }
usageLocation = $mailuser.usageLocation
PrimarySMTPAddress = $mailuser.PrimarySMTPAddress
legacyExchangeDN = $mailuser.LegacyExchangeDN
EmailAddresses = $mailuser.EmailAddresses -join ","
UserPrincipalName = $mailuser.UserPrincipalName
RetentionPolicy = $mailuser.RetentionPolicy
ForwardingAddress = $mailuser.ForwardingAddress
UseDatabaseQuotaDefaults = $mailuser.UseDatabaseQuotaDefaults
IssueWarningQuota = $mailUser.IssueWarningQuota
RulesQuota = $mailuser.RulesQuota
ExchangeGUID = $mailuser.ExchangeGUID
ArchiveQuota = $mailUser.ArchiveQuota
ArchiveWarningQuota = $mailUser.ArchiveWarningQuota
ArchiveGuid = $mailUser.ArchiveGuid
ProhibitSendQuota = $mailUser.ProhibitSendQuota
ProhibitSendReceiveQuota = $mailUser.ProhibitSendReceiveQuota
RecoverableItemsQuota = $mailuser.RecoverableItemsQuota
RecoverableItemsWarningQuota = $mailuser.RecoverableItemsWarningQuota
HiddenFromAddressListsEnabled = $mailuser.HiddenFromAddressListsEnabled
}
$MailboxesResult += $item
}
Mailcontacts
Mailcontacts are common used in environments to add external addresses to the Global Address List. It’s easier to find a contact in the Global Address Lists without having to know their email address. Users rely on these contacts often, so it is necessary to export them to be able to recreate them in the new environment
ForEach ($mailContact in $mailContacts) {
$item = [PSCustomObject]@{
Migrate = " "
Name = $mailContact.DisplayName
Type = $mailContact.RecipientTypeDetails
PrimarySMTPAddress = $mailContact.WindowsEmailAddress
ForwardingAddress = $mailContact.ForwardingAddress
HiddenFromAddressListsEnabled = $mailContact.HiddenFromAddressListsEnabled
}
$MailboxesResult += $item
}
Groups
# getting all type of groups
$unifiedGroups = Get-UnifiedGroup -Resultsize Unlimited
$distributionGroups = Get-DistributionGroup -ResultSize Unlimited
Unified groups
Unified groups are often related to SharePoint sites or Teams. They are used for collaboration. They will always have an associated team site, no matter where or how they are created.
# creating a table for export
$GroupResults= @()
# processing all groups
ForEach ($Group in $unifiedGroups) {
$members = $null
$members = Get-UnifiedGroupLinks -Linktype Members -identity $Group.PrimarySMTPAddress
$item = [PSCustomObject]@{
AccessType = $group.Accesstype
Group = "Unified"
DisplayName = $Group.DisplayName
Description = $group.Description
PrimarySMTPAddress = $group.PrimarySmtpAddress
EmailAddresses = $group.EmailAddresses -join ","
GroupTYpe = $Group.GroupType
RecipientType = $group.RecipientType
RecipientTypeDetails = $group.RecipientTypeDetails
GroupMemberCount = $group.GroupMemberCount
GroupExternalMemberCount = $group.GroupExternalMemberCount
AllowAddGuests = $group.AllowAddGuests
HiddenFromExchangeClientsEnabled = $group.HiddenFromExchangeClientsEnabled
ManagedBy = $group.ManagedBy -join ","
AuditLogAgeLimit = $group.AuditLogAgeLimit
ModeratedBy = $group.ModeratedBy
ModerationEnabled = $group.ModerationEnabled
SendModerationNotifications = $gorup.SendModerationNotifications
BypassModerationFromSendersOrMembers = $group.BypassModerationFromSendersOrMembers -join ","
SharePointSiteUrl = $group.SharePointSiteUrl
Language = $group.Language
SubscriptionEnabled = $group.SubscriptionEnabled
WelcomeMessageEnabled = $group.WelcomeMessageEnabled
ConnectorsEnabled = $group.ConnectorsEnabled
IsMembershipDynamic = $group.IsMembershipDynamic
ResourceBehaviorOptions = $group.ResourceBehaviorOptions -join ","
Members = $members.Displayname -join ","
}
$GroupResults += $item
}
Distribution lists
Oldskool groups with members internal and external. Used to send email to a group of users without sending it multiple times. The group can have settings like not everybody is allowed to sent to these groups. You can set that individually on each group.
ForEach ($Group in $distributionGroups) {
$members = $null
$Members = Get-DistributionGroupMember -Identity $Group.DisplayName
$item = [PSCustomObject]
AccessType = $group.Accesstype
Group = "Distribution"
DisplayName = $Group.DisplayName
Description = $group.Description
PrimarySMTPAddress = $group.PrimarySmtpAddress
EmailAddresses = $group.EmailAddresses -join ","
GroupTYpe = $Group.GroupType
RecipientType = $group.RecipientType
RecipientTypeDetails = $group.RecipientTypeDetails
GroupMemberCount = $group.GroupMemberCount
GroupExternalMemberCount = $group.GroupExternalMemberCount
AllowAddGuests = $group.AllowAddGuests
HiddenFromExchangeClientsEnabled = $group.HiddenFromExchangeClientsEnabled
ManagedBy = $group.ManagedBy -join ","
AuditLogAgeLimit = $group.AuditLogAgeLimit
ModeratedBy = $group.ModeratedBy
ModerationEnabled = $group.ModerationEnabled
SendModerationNotifications = $gorup.SendModerationNotifications
BypassModerationFromSendersOrMembers = $group.BypassModerationFromSendersOrMembers -join ","
SharePointSiteUrl = $group.SharePointSiteUrl
Language = $group.Language
SubscriptionEnabled = $group.SubscriptionEnabled
WelcomeMessageEnabled = $group.WelcomeMessageEnabled
ConnectorsEnabled = $group.ConnectorsEnabled
IsMembershipDynamic = $group.IsMembershipDynamic
ResourceBehaviorOptions = $group.ResourceBehaviorOptions -join ","
Members = $Members.DisplayName -join ","
}
$groupInventory += $item
}
Accepted domains
Often, a company does not have only one domain as SMTP domain. Every domain has his own specific group users often, or are legacy from rebranding. Because the domain is still accepted and paid for, old senders are maybe still using these domains to sent email to a user.
# getting all accepted domains
$Accepteddomains = Get-AcceptedDomain
# table for export with combined information
$DomainsResult = @()
# processing each domain
ForEach ($Domain in $AcceptedDomains) {
$mxRecords = Resolve-DnsName -Name $domain.name -Type mx -ErrorAction SilentlyContinue
$spfRecords = Resolve-DnsName -Name $domain.name -Type TXT -ErrorAction SilentlyContinue | Where-Object { $_.Strings -like "v=spf*" }
# creating object for in table
$item = [PSCustomObject]@{
Name = $Domain.DomainName
Type = $Domain.DomainType
Default = $domain.Default
Record = "TXT"
Priority = ""
Recordname = ""
NameExchange = ""
TTL = ""
SPF = $spfRecords.strings -join " "
}
forEach ($record in $mxRecords) {
$item.Record = $record.Type
$item.Priority = $record.preference
$item.Recordname = $Record.name
$item.NameExchange = $record.NameExchange
$item.TTL = $Record.TTL
}
$DomainsResult += $item
}
Inbound Connectors
Inbound connectors accept email messages from remote domains that require specific configuration options.
$InboundConnectors = $null
[array]$InboundConnectors = Get-InboundConnector | Select Identity,Name, Enabled, ConnectorType, Comment, SenderIpAddresses, SenderDomains, RequireTls, RestrictDomainsToIpAddresses, RestrictDomainsToCertificate, CloudServiceMailEnabled, TreatMessagesAsInternal, TlsSenderCertificateName
$InboundConnectorsOutput = @()
##Output rules to variable
foreach ($InboundConnector in $InboundConnectors) {
$InboundConnectorsOutput += $InboundConnector
}
Organization Relationships
An organization relationship is a one-to-one relationship between businesses to allow users in each organization to view calendar availability information. When you set up the organization relationship, you’re responsible for setting up your side of the relationship.
# getting organization relationships
$Relationships = $null
[array]$Relationships = Get-OrganizationRelationship | Select Name, Identity, DomainNames, Enabled,ArchiveAccessEnabled, FreeBusyAccessEnabled, FreebusyAccessLevel,FreeBusyAccessScope,MailboxMoveEnabled,MailboxMoveCapability,MailboxMovePublishedScopes, IdentityMoveEnabled,whenCreated
$RelationshipsOutput = @()
##Output rules to variable
foreach ($Relationship in $Relationships) {
$RelationshipsOutput += $Relationship
}
Transport rules
Transport rules are similar to the Inbox rules that are available in Outlook and Outlook on the web. The main difference is mail flow rules take action on messages while they’re in transit, not after the message is delivered to the mailbox.
# Transport rules
$Rules = $null
[array]$Rules = Get-TransportRule -ResultSize unlimited | select name, state, mode, priority, description, comments
$RulesOutput = @()
##Output rules to variable
foreach ($Rule in $Rules) {
$RulesOutput += $Rule
}
Retention policies
In Exchange Online, you can use retention policies to manage email lifecycle. Retention policies are applied by creating retention tags, adding them to a retention policy, and applying the policy to mailbox users
# retention policies
$policies = $null
$policyTags = $null
[array]$policies = Get-RetentionPolicy | Select Name, Identity, IsDefault, IsDefaultArbitrationMailbox, RetentionId, RetentionPolicyTagLinks
[array]$policyTags = Get-RetentionPolicyTag | Select Name, identity, Type, RetentionEnabled, Description, RetentionAction, AgeLimitForRetention, MoveToDestinationFolder, TriggerForRetention, JournalingEnabled, AddressForJournaling
$RetentionPolicies = @()
foreach ($policy in $policies) {
$item = [PSCustomObject]@{
Name = $policy.Name
Identity = $policy.identity
isDefault = $policy.isDefault
isDefaultArbitrationMailbox = $policy.isDefaultArbitrationMailbox
RetentionId = $policy.RetentionId
RetentionPolicyTagLinks = $policy.RetentionPolicyTagLinks -Join ";"
}
$RetentionPolicies += $item
}
Retention policy tags
$RetentionPolicyTags = @()
foreach ($tag in $policyTags) {
$RetentionPolicyTags += $tag
}
Export to Excel
Getting all the information with PowerShell is done, let’s combine it a single XSLX file
# installing the module for Excel
Import-Module ImportExcel -ErrorAction SilentlyContinue
$GetImportExcel = Import-Module ImportExcel
if (!($GetImportExcel)) {
Try {
Install-Module ImportExcel -Force -ErrorAction SilentlyContinue
}
Catch {
$InstallError = $_
Write-Output "ERROR: Cannot install ImportExcel module"
Write-Output "ERROR: $($InstallError.Exception)"
break
}
Write-Output "INFO: ImportExcel module installed ..."
}
else {
Write-Output "INFO: ImportExcel module already installed ..."
}
# setting export location
$tenant = (Get-OrganizationConfig).OrganizationalUnitRoot
$filename = "C:\temp\$(Get-Date -Format "yyyymmdd")-EXO-Inventory-$($tenant).xlsx"
# exporting and sorting objects to worksheets and xlsx file
$mailboxInventory | Sort-Object -Property "Name" |Export-Excel -Path $filename -WorksheetName "Identitys" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$groupInventory | Sort-Object -Property "DisplayName" | Export-Excel -Path $filename -WorksheetName "Groups" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$InboundConnectorsOutput | Export-Excel -Path $filename -WorksheetName "InboundConnectors" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$DomainsResult | Export-Excel -Path $filename -WorksheetName "Accepted Domains" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$RelationshipsOutput | Export-Excel -Path $filename -WorksheetName "Organization Relationship" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$RulesOutput | Sort-Object -Property "Priority" | Export-Excel -Path $filename -WorksheetName "Transport Rules" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$RetentionPolicies | Sort-Object -Property "Name" | Export-Excel -Path $filename -WorksheetName "RetentionPolicies" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow
$retentionPolicyTags | Sort-Object -Property "Name" | Export-Excel -Path $filename -WorksheetName "RetentionPolicyTags" -AutoSize -AutoFilter -FreezeTopRow -BoldTopRow