Following solution uses GraphViz application to visualize mailboxpermissions dependencies in the company.
Some time ago I published a scripts for reading mailbox permissions:
https://paweljarosz.wordpress.com/2016/03/04/script-to-check-mailbox-permissions/
and mailbox folder permissions:
https://paweljarosz.wordpress.com/2016/05/28/powershell-script-to-check-permissions-on-mailbox-folders-also-recursively/
If some of you are wondering what GraphViz is, a quick look on google graphics and phrase “graphviz”, gives us an idea of how gorgeous graphs it can create:
All the GraphViz needs is to have properly formatted input file – that’s it!
The need of having such script showed up as one time I was standing in front of migrating users to Exchange Online. I started to wonder how shall I visualize in a simply way, who need to be migrated together…
It was not an easy task, going though a excel/csv file, or even creating lists were not satisfying for me, so I started to think about it more, even during meals…
And then I found GraphViz:
http://www.graphviz.org/
It was looking really good! So now just a matter of quick reading about it checking if it will apply…
…reviewing the idea…
…some calculations…
And after all that research the idea became clear…
As I mentioned at the beginning, input file can be done with one of the mailbox permissions / mailbox folder permissions reading scripts – links provided on the top (you might need to change delimiters a little bit as I guess in these files are “;” but go for adventure and modify something :))
The proper input should look like:
So it has columns named “Mailbox”, “User” and “AccessRights”
And now the script. In organization I was building script for – it appeared that we have so many permissions I almost shat brikcs when I saw the actual output (graph)…
Just take a look by yourself, here is just a very small piece of graph when I was checking dependencies of just one mailbox – mine:
Let’s go closer:
Imagine now that whole dependency graph contained like 10 more same chunks/pieces, 10 more, 10 fuck*ng times!
Well, I needed somehow to…
So the idea of migrating people together in chunks fell down and broke into pieces :] but at least we have that nice script.
- First thing is to get GraphViz application and install it:
Here you can find it:
http://www.graphviz.org/Download_windows.php
After installation all you need to to read your mailbox permissions – you can choose to read it with scripts from links given at the beginning of that article.
2. Next thing, is to set up 3 variables:
$GraphImageFile = “GraphImageFile.png” -> this is the name/path of your output file – actual graph
$GraphGraphVizFile = “GraphVizFile.gv” -> this is the name/path of the input file that will be passed to GraphViz to visualize your data, it will look similar to this one:
$CSVPermissionsFile = “Permissions.csv” –> and finally this is the input file for the script – so output from your script that reads permissions from mailboxes
3. Having CSV we can start reading permissions, so here are some examples.
After running below:
.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz”
We will get:
Users mentioned in “Users” array will be marked on blue, nice arrows will show direction of permissions 🙂
After running:
.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -SingleUser $true
We will get:
And finally after running same but with “level” set to 1 we will get:
.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -Level 1
That will runthough the whole file ONLY ONE TIME, and what we will get would be something like:
So summing up – for me script does a good job when it comes to visualize data that would be actually really hard to see from a excel file.
It is just an easy script, please note that you can add here features like:
- adding description to each “connection” saying to which folder permissions are given
- reading mailboxes sizes and adding them to the graph so it can ease planing of migration of certain groups of people
- remember – possibilities are endless:
Script can be found on TechNet and GitHub.