Public Distribution Group and Mailbox Forward Report

Purpose

The Public Distribution List and Mailbox Forward Reports are developed to enhance security auditing in Microsoft 365’s Exchange Online and on-premises Exchange environments.​

• Public Distribution List Report: This automates the generation of reports identifying distribution lists that are open to external senders. Such openness can expose organizations to risks like phishing, whaling, and other social engineering attacks. By listing these distribution lists and their members, administrators can proactively manage and mitigate potential vulnerabilities.​

• Mailbox Forward Report: This focuses on detecting user and shared mailboxes that have configured forwarding SMTP addresses. Unauthorized forwarding can be a vector for insider threats and data exfiltration. The report aids in identifying such configurations, allowing for timely intervention to protect sensitive information.​

Together, these tools provide IT administrators and security professionals with automated solutions to monitor and secure their Exchange environments against external and internal threats.​

Installation

1. Download or make copy of script here
2. Take note of the script’s path
3. Open PowerShell as an administrator
4. Use Set-ExecutionPolicy -ExecutionPolicy <VALUE> -Scope <VALUE> to change to acceptable Execution Policy
5. Optional: Navigate to directory location of script using cd command (Example: cd “C:\MyFolder”)
6. Run PowerShell Script (See Usage Examples):

   .\<scriptname>.ps1 -Parameter1 <VALUE> -Parameter2 <VALUE>

   C:\MyFolder\<scriptname>.ps1 -Parameter1 <VALUE> -Parameter2 <VALUE>

Parameters

-Domains

Specifies the email domains to be used for filtering external members. This parameter accepts a comma-separated list of domains. If not provided, the script will end.

---

-onpremEX

Skips the connection to Exchange Online sessions entirely for Exchange Management Shell. Use this switch if you want to use for Exchange On-Premise.

---

-OutputPath

Allows the user to specify the location and name of the exported file.

Usage Examples

Run the function to generate a report for Exchange Online examples

.\dlmailboxfwdreport.ps1

.\dlmailboxfwdreport.ps1 -Domains "domain1.com,domain2.com"

.\dlmailboxfwdreport.ps1 -Domains "domain1.com,domain2.com" -OutputPath "C:\Reports\ReportName.csv"

Run the function to generate a report for Exchange On-Premise examples

.\dlmailboxfwdreport.ps1 -onpremEX 

.\dlmailboxfwdreport.ps1 -Domains "domain1.com,domain2.com" -onpremEX

.\dlmailboxfwdreport.ps1 -Domains "domain1.com,domain2.com" -OutputPath "C:\Reports\ReportName.csv" -onpremEX 

Demo

Terminal view

Important Note: Shown after connecting to Exchange Online or skipping for Exchange On-premise and providing email domains

Report in directory

Important Note: CSV report will show as publicDLreport_yyyy-MM-dd_HHmmss.csv or mailboxfwdreport_yyyy-MM-dd_HHmmss.csv in current directory of terminal if -OutputPath not specified.

CSV Report for Public Distribution Lists in Microsoft Excel

Important Note: PrimarySMTPAddress will show empty for internal members still apart of group with no mailbox. This will show an error in terminal and will be excluded from CSV report.

CSV Report for Mailbox Forwarding in Microsoft Excel

NOTES

Supported Versions

-- Exchange Online PowerShell V2 module, version 2.0.4 or later

-- Powershell 7 or later

-- Exchange Server 2013, 2016, and 2019

Exchange Online Prerequisites to Run:

Install Exchange Online Powershell module

Install-Module ExchangeOnlineManagement -Force

Please Note: This will require restart of terminal after install. Only use for first time accessing Exchange Online via Powershell on local machine.

Disclaimers

-- The -onpremEX switch is required when running function in Exchange Management Shell

-- For Exchange Online, you must include your Microsoft 365 tenant's onmicrosoft domain(s) to be considered internal in report

-- For Exchange Online, report results may vary due to dependency on Microsoft online services and data

-- Always test the script in a non-production environment first.

-- Review the script's code and understand its functionality before execution.

-- The script may require specific permissions or elevated privileges to run correctly.

-- The script's behavior may vary depending on the system configuration and environment.

Contributing

Open to all collaboration 🙏🏽

Please follow best practice outlined below:

1. Fork from the main branch only
2. Once forked, make branch from main with relevant topic
3. Make commits to improve project on branch with detailed notes
4. Test, test, test and verify
5. Push branch to main in your Github project
6. Test, test, test and verify
7. Open pull request to main with details of changes (screenshots if applicable)

Once steps complete, I will engage to discuss changes if required and evaluate readiness for merge. Cases where pull requests are closed, I will provide detailed notes on the why and provide direction for your next pull request.

How to support? Buy me coffee ☕️ via Paypal

License

MIT License