Validate-AdaptiveScopesOPATHQuery.ps1⚓︎
This script can be used to validate advanced adaptive scopes queries written in OPATH.
Requirements⚓︎
- Ensure you've read the disclaimer and running the scripts sections of this documentation.
- To run this script, you must have the Exchange Online PowerShell module installed.
- You will be required to at least connect to Exchange Online, and will need permissions that allow you to run
Get-Mailbox
andGet-Recipient
. - To connect to Exchange Online using the Exchange Online PowerShell module, run:
Connect-ExchangeOnline
- If you use
-adaptiveScopeName
you will also need to connect to Security and Compliance Center PowerShell, and will need permissions that allow ou to runGet-AdaptiveScope
. - To connect to the Security and Compliance Center PowerShell module, run:
Connect-IPPSSession
Usage⚓︎
To run the script and enter an OPATH query using a GUI⚓︎
.\Validate-AdaptiveScopesOPATHQuery.ps1
To run the script and extract an OPATH query from an existing scope⚓︎
.\Validate-AdaptiveScopesOPATHQuery.ps1 -adaptiveScopeName [name of scope]
To run the script and supply a query via parameter⚓︎
.\Validate-AdaptiveScopesOPATHQuery.ps1 -rawQuery [OPATH query] -scopeType [User | Group]
Note
You must include -scopeType
when using -rawQuery
Optional parameters⚓︎
-exportCSV
: Exports full output of objects that match OPATH query to CSV file. No value is required with this parameter.-csvPath [path]
: Path to export Csv. Default value is c:\temp\
Known Limitations⚓︎
- Some properties exist for
Get-Mailbox
and some forGet-Recipient
. The script attempts to see if the query works withGet-Mailbox
first, then attempts to useGet-Recipient
. However, if properties are mixed (one that works only withGet-Mailbox
and one that works only withGet-Recipient
), the script will not be able to validate the query although mixing properties is supported with adaptive policy scopes. Review which cmdlet each property works with here.
Screenshots⚓︎
Download⚓︎
Access the script here
Changelog⚓︎
April 20th, 2022 (0f1348c)⚓︎
- Fixed bug where GuestMailUser objects would appear. These objects will not show in an adaptive scope and are not supported for retention policies.
- Rearranged output to improve readability
April 19th, 2022 (6681d82)⚓︎
- Added support for user shards. These are on prem users that have no license assigned and no mailbox exists in onprem or in EXO. As an example, service accounts. These are usually not used but they are included in adaptive scopes, so for validation we want to count them. To identify these types of users in your environment, run the following in EXO PS:
Get-User -RecipientTypeDetails User -ResultSize Unlimited
April 1st, 2022 (70213d8)⚓︎
- Added
-skipMixedPropertyDetection
and set it to default to True because it needs to be rewritten as it was causing issues
January 18th, 2022 (92cf440)⚓︎
- Added
-skipQuickValidation
switch which will skip entirely the quick validation check (which looks for common mistakes)
January 11th, 2022 (47823d2)⚓︎
- Added support for on-prem users in hybrid environment (MailUser)
- Added warning for inactive mailboxes discovered by Get-Recipient
- Added quick validation for mixed properties
January 5th, 2022 (39ad9d4)⚓︎
- Added support for SharedMailbox, EquipmentMailbox and RoomMailbox recipient types
- Rewrote analysis to provide stats for number of shared/resource mailboxes in addition to inactive/incorrectly licensed
November 7th, 2021 (6d829d5)⚓︎
- Updated documentation link
- Improved detection of inactive mailboxes
- Added total number of inactive mailboxes in query because of improvements
- Added detection of improperly licensed users (Experimental! This may incorrectly report depending on the license or add-on)
November 4th, 2021 (6c5e7c0)⚓︎
- Initial release