ivancarlos/gwauditor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

first load
Some checks failed
Build, Push, Publish / Build & Release (push) Failing after 2s
Details

Browse Source
This commit is contained in:
Ivan Carlos
2025-12-16 04:41:33 -03:00
parent 67a1ea6d3b
commit 8a51a27411
11 changed files with 1298 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

220
_script_MailboxDelegation.ps1 Normal file
View File

@@ -0,0 +1,220 @@
# Mailbox Delegation Script
param (
[string]$clientName,
[string]$GAMpath,
[string]$gamsettings,
[string]$datetime
)
[console]::OutputEncoding = [System.Text.Encoding]::UTF8
cls
Write-Host "### SCRIPT TO MANAGE MAILBOX DELEGATION, PLEASE FOLLOW INSTRUCTIONS ###"
Write-Host
Write-Host "GAM project selected: $clientName"
Write-Host "GAM application path: $GAMpath"
Write-Host "Project path: $gamsettings"
Write-Host "Date and time: $datetime"
Write-Host
function pause{ $null = Read-Host 'Press ENTER key to end script' }
Write-Host
function Check-AdminAddress {
param (
[string]$adminAddress
)
# Run GAM command to check if the admin address exists
$output = gam info user $adminAddress 2>&1
# Check the output for errors
if ($output -match "Does not exist" -or $output -match "Show Info Failed" -or $output -match "ERROR" -or $output -match "Super Admin: False") {
return $false
} else {
return $true
}
}
while ($true) {
# Prompt for the admin address
$adminAddress = Read-Host "Please enter the admin account"
# Check if the input is empty
if ([string]::IsNullOrWhiteSpace($adminAddress)) {
continue
}
# Check if the admin address exists
if (Check-AdminAddress -adminAddress $adminAddress) {
break
} else {
Write-Host "The admin account $adminAddress does not exist, or we have an ERROR. Please check credentials and try again."
}
}
function Check-AdminAuth {
param (
[string]$adminAddress
)
# Run GAM command to check if the admin address has auth
$output = gam user $adminAddress check serviceaccount 2>&1
# Check the output for errors
if ($output -match "Some scopes failed") {
return $false
} else {
return $true
}
}
while ($true) {
# Check if the admin address exists
if (Check-AdminAuth -adminAddress $adminAddress) {
break
} else {
Write-Host "The admin account $adminAddress does not have proper authorization, we will run the command again to let you authorize it:"
gam user $adminAddress check serviceaccount
}
}
# Function to check policy settings
function Check-PolicySettings {
param (
[string]$filter
)
# Run the GAM command and capture the output
$output = $(gam print policies filter "$filter" 2>&1)
# Check if the output contains the specified messages
if ($output -match "False,True,ADMIN" -or $output -match "False,False,ADMIN" -or $output -match "Got 0 Policies" -or $output -match "insufficient") {
Write-Host "WARNING: You can proceed but policies unreachable or mailbox delegation disabled."
Write-Host "Users may not be able to access the delegated mailbox."
Write-Host "Please check it in https://admin.google.com/ac/apps/gmail/usersettings"
Write-Host
return $false
} else {
Write-Host "Mailbox delegation is enabled, you are good to go."
Write-Host
return $true
}
}
# Define the filter
$filter = "setting.type.matches('.*gmail.mail_delegation')"
# Check policy settings
$policyCheck = Check-PolicySettings -filter $filter
# Function to check if a mailbox address exists
function Check-EmailAddress {
param (
[string]$sourceAddress
)
# Run GAM command to check if the mailbox address exists
$output = gam info user $sourceAddress 2>&1
# Check the output for errors
if ($output -match "Does not exist" -or $output -match "Show Info Failed" -or $output -match "ERROR") {
return $false
} else {
return $true
}
}
while ($true) {
# Prompt for the mailbox address
$sourceAddress = Read-Host "Please enter the mailbox address"
# Check if the input is empty
if ([string]::IsNullOrWhiteSpace($sourceAddress)) {
continue
}
# Check if the mailbox address exists
if (Check-EmailAddress -sourceAddress $sourceAddress) {
break
} else {
Write-Host "The mailbox $sourceAddress does not exist, it's a group, or we have an ERROR. Please check credentials and try again."
}
}
# Function to list delegates
function List-Delegates {
param (
[string]$sourceAddress
)
gam user $sourceAddress show delegates
}
# Function to add delegates
function Add-Delegates {
param (
[string]$sourceAddress
)
$delegatedAddress = Read-Host "Please enter the mailbox or group to enable access to $sourceAddress's mailbox"
gam user $sourceAddress add delegates $delegatedAddress
}
# Function to remove delegates
function Remove-Delegates {
param (
[string]$sourceAddress
)
$delegatedAddress = Read-Host "Please enter the mailbox or group to remove access to $sourceAddress's mailbox"
gam user $sourceAddress del delegates $delegatedAddress
}
# Menu options
while ($true) {
Write-Host
Write-Host "Select an option:"
Write-Host "1. List Delegates"
Write-Host "2. Add Delegates"
Write-Host "3. Remove Delegates"
Write-Host "4. Exit"
Write-Host
$choice = Read-Host "Enter your choice"
switch ($choice) {
1 {
List-Delegates -sourceAddress $sourceAddress
}
2 {
Add-Delegates -sourceAddress $sourceAddress
}
3 {
Remove-Delegates -sourceAddress $sourceAddress
}
4 {
Write-Host
Write-Host "### SCRIPT TO MANAGE MAILBOX DELEGATION COMPLETED ###"
$currentdate = Get-Date
$culture = [System.Globalization.CultureInfo]::GetCultureInfo("en-US")
$currentdate = $currentdate.ToString("dddd, dd MMMM yyyy HH:mm:ss", $culture)
# show info after running the script
Write-Host
Write-Host Project used by GAM: $clientName
Write-Host Actual date and time: $currentdate
Write-Host
pause
break
}
default {
Write-Host "Invalid option, please try again."
}
}
if ($choice -eq '4') {
break
}
}