Archived Note: Combined function in Public Distribution Group and Mailbox Forward Report

Mailbox Forward Report

Purpose

In the face of escalating insider threats, the reporting of data breaches has become paramount for safeguarding organizational integrity. The most prevalent threat originates from employees misusing their access privileges for data exfiltration, often driven by personal gain.

To address these challenges at the mailbox level, this script is designed to automate the generation of a report on configured forwarding SMTP addresses for user or shared mailboxes.

For further reporting capabilities, refer to the Public Distribution List reporting feature, which allows security professionals to retrieve reports of all Distribution Lists open to external senders, enabling them to send mail to both internal and external recipients.

Installation

1. Download or make copy of script here
2. Take note of the script’s path
3. Open PowerShell as an administrator
4. Use Set-ExecutionPolicy -ExecutionPolicy <VALUE> -Scope <VALUE> to change to acceptable Execution Policy
5. Optional: Navigate to directory location of script using cd command (Example: cd “C:\MyFolder”)
6. Run PowerShell Script .\<scriptname>.ps1 or C:\MyFolder\<scriptname>.ps1

Parameters

-OutputPath

Allows the user to specify the location of the exported CSV file.

---

-Domains

Specifies the email domains to be used for filtering external members. This parameter accepts a comma-separated list of domains. If not provided, the script will end.

---

-onpremEX

Skips the connection to Exchange Online sessions entirely for Exchange Management Shell. Use this switch if you want to use for Exchange On-Premise.

Usage Examples

Run the function to generate a Mailbox Forward report for Exchange Online examples

mailboxfwdreport -Domains "domain1.com,domain2.com" -OutputPath "C:\Reports"

mailboxfwdreport -Domains "domain1.com,domain2.com"

---

Run the function to generate a Mailbox Forward report for Exchange On-Premise examples

mailboxfwdreport -Domains "domain1.com,domain2.com" -OutputPath "C:\Reports" -onpremEX 

mailboxfwdreport -Domains "domain1.com,domain2.com" -onpremEX

Demo

Report in directory

Important Note: CSV report will show as MailboxFWDReport_yyyyMMdd_HHmmss.csv in current directory of terminal if -OutputPath not specified.

CSV Report in Microsoft Excel

NOTES

Supported Versions

-- Exchange Online PowerShell V2 module, version 2.0.4 or later

-- Powershell 7 or later

-- Exchange Server 2013, 2016, and 2019

Exchange Online Prerequisites to Run:

Install Exchange Online Powershell module

Install-Module ExchangeOnlineManagement -Force

Please Note: This will require restart of terminal after install. Only use for first time accessing Exchange Online via Powershell on local machine.

Disclaimers

-- Always test the script in a non-production environment first.

-- Review the script's code and understand its functionality before execution.

-- The script may require specific permissions or elevated privileges to run correctly.

-- The script's behavior may vary depending on the system configuration and environment.

Contributing

Open to all collaboration 🙏🏽

Please follow best practice outlined below:

1. Fork from the main branch only
2. Once forked, make branch from main with relevant topic
3. Make commits to improve project on branch with detailed notes
4. Test, test, test and verify
5. Push branch to main in your Github project
6. Test, test, test and verify
7. Open pull request to main with details of changes (screenshots if applicable)

Once steps complete, I will engage to discuss changes if required and evaluate readiness for merge. Cases where pull requests are closed, I will provide detailed notes on the why and provide direction for your next pull request.

How to support? Buy me coffee ☕️ via Paypal

License

MIT License