159 lines
7.3 KiB
PowerShell
159 lines
7.3 KiB
PowerShell
# Check if notifications@dataforth.com is a shared mailbox and authentication options
|
|
# This determines how the website should authenticate
|
|
|
|
Write-Host "[OK] Checking mailbox configuration..." -ForegroundColor Green
|
|
Write-Host ""
|
|
|
|
# Check if connected to Exchange Online
|
|
$Session = Get-PSSession | Where-Object { $_.ConfigurationName -eq "Microsoft.Exchange" -and $_.State -eq "Opened" }
|
|
if (-not $Session) {
|
|
Write-Host "[WARNING] Not connected to Exchange Online, connecting..." -ForegroundColor Yellow
|
|
Connect-ExchangeOnline -UserPrincipalName sysadmin@dataforth.com -ShowBanner:$false
|
|
}
|
|
|
|
Write-Host "================================================================"
|
|
Write-Host "1. MAILBOX TYPE"
|
|
Write-Host "================================================================"
|
|
|
|
$Mailbox = Get-Mailbox -Identity notifications@dataforth.com
|
|
|
|
Write-Host "[OK] Mailbox Details:"
|
|
Write-Host " Primary SMTP: $($Mailbox.PrimarySmtpAddress)"
|
|
Write-Host " Display Name: $($Mailbox.DisplayName)"
|
|
Write-Host " Type: $($Mailbox.RecipientTypeDetails)" -ForegroundColor Cyan
|
|
Write-Host " Alias: $($Mailbox.Alias)"
|
|
Write-Host ""
|
|
|
|
if ($Mailbox.RecipientTypeDetails -eq "SharedMailbox") {
|
|
Write-Host "[CRITICAL] This is a SHARED MAILBOX" -ForegroundColor Red
|
|
Write-Host " Shared mailboxes CANNOT authenticate directly!" -ForegroundColor Red
|
|
Write-Host ""
|
|
Write-Host "Options for website authentication:" -ForegroundColor Yellow
|
|
Write-Host " 1. Use a regular user account with 'Send As' permissions"
|
|
Write-Host " 2. Convert to regular mailbox (requires license)"
|
|
Write-Host " 3. Use Microsoft Graph API with OAuth"
|
|
$IsShared = $true
|
|
} elseif ($Mailbox.RecipientTypeDetails -eq "UserMailbox") {
|
|
Write-Host "[OK] This is a USER MAILBOX" -ForegroundColor Green
|
|
Write-Host " Can authenticate directly with SMTP AUTH" -ForegroundColor Green
|
|
$IsShared = $false
|
|
} else {
|
|
Write-Host "[WARNING] Mailbox type: $($Mailbox.RecipientTypeDetails)" -ForegroundColor Yellow
|
|
$IsShared = $false
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "2. SMTP AUTH STATUS"
|
|
Write-Host "================================================================"
|
|
|
|
$CASMailbox = Get-CASMailbox -Identity notifications@dataforth.com
|
|
|
|
Write-Host "[OK] Client Access Settings:"
|
|
Write-Host " SMTP AUTH Disabled: $($CASMailbox.SmtpClientAuthenticationDisabled)"
|
|
|
|
if ($CASMailbox.SmtpClientAuthenticationDisabled -eq $true) {
|
|
Write-Host " [ERROR] SMTP AUTH is DISABLED!" -ForegroundColor Red
|
|
if (-not $IsShared) {
|
|
Write-Host " [FIX] To enable: Set-CASMailbox -Identity notifications@dataforth.com -SmtpClientAuthenticationDisabled `$false" -ForegroundColor Yellow
|
|
}
|
|
} else {
|
|
Write-Host " [OK] SMTP AUTH is ENABLED" -ForegroundColor Green
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "3. LICENSE STATUS"
|
|
Write-Host "================================================================"
|
|
|
|
# Check licenses via Get-MsolUser or Microsoft Graph
|
|
try {
|
|
$MsolUser = Get-MsolUser -UserPrincipalName notifications@dataforth.com -ErrorAction SilentlyContinue
|
|
if ($MsolUser) {
|
|
Write-Host "[OK] License Status:"
|
|
Write-Host " Licensed: $($MsolUser.IsLicensed)"
|
|
if ($MsolUser.IsLicensed) {
|
|
Write-Host " Licenses: $($MsolUser.Licenses.AccountSkuId -join ', ')"
|
|
}
|
|
} else {
|
|
Write-Host "[WARNING] Could not check licenses via MSOnline module" -ForegroundColor Yellow
|
|
}
|
|
} catch {
|
|
Write-Host "[WARNING] MSOnline module not available" -ForegroundColor Yellow
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "4. SEND AS PERMISSIONS (if shared mailbox)"
|
|
Write-Host "================================================================"
|
|
|
|
if ($IsShared) {
|
|
$SendAsPermissions = Get-RecipientPermission -Identity notifications@dataforth.com | Where-Object { $_.Trustee -ne "NT AUTHORITY\SELF" }
|
|
|
|
if ($SendAsPermissions) {
|
|
Write-Host "[OK] Users/Groups with 'Send As' permission:"
|
|
foreach ($Perm in $SendAsPermissions) {
|
|
Write-Host " - $($Perm.Trustee) ($($Perm.AccessRights))" -ForegroundColor Cyan
|
|
}
|
|
Write-Host ""
|
|
Write-Host "[SOLUTION] The website can authenticate using one of these accounts" -ForegroundColor Green
|
|
Write-Host " with 'Send As' permission, then send as notifications@dataforth.com" -ForegroundColor Green
|
|
} else {
|
|
Write-Host "[WARNING] No 'Send As' permissions configured" -ForegroundColor Yellow
|
|
Write-Host " Grant permission: Add-RecipientPermission -Identity notifications@dataforth.com -Trustee <user> -AccessRights SendAs" -ForegroundColor Yellow
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "================================================================"
|
|
Write-Host "RECOMMENDATIONS FOR WEBSITE AUTHENTICATION"
|
|
Write-Host "================================================================"
|
|
|
|
if ($IsShared) {
|
|
Write-Host ""
|
|
Write-Host "[OPTION 1] Use a service account with Send As permission" -ForegroundColor Cyan
|
|
Write-Host " 1. Create/use existing user account (e.g., sysadmin@dataforth.com)"
|
|
Write-Host " 2. Grant Send As permission:"
|
|
Write-Host " Add-RecipientPermission -Identity notifications@dataforth.com -Trustee sysadmin@dataforth.com -AccessRights SendAs"
|
|
Write-Host " 3. Website config:"
|
|
Write-Host " - SMTP Server: smtp.office365.com"
|
|
Write-Host " - Port: 587"
|
|
Write-Host " - Username: sysadmin@dataforth.com"
|
|
Write-Host " - Password: <sysadmin password>"
|
|
Write-Host " - From Address: notifications@dataforth.com"
|
|
Write-Host ""
|
|
Write-Host "[OPTION 2] Convert to regular mailbox (requires license)" -ForegroundColor Cyan
|
|
Write-Host " Set-Mailbox -Identity notifications@dataforth.com -Type Regular"
|
|
Write-Host " Then assign a license and enable SMTP AUTH"
|
|
Write-Host ""
|
|
Write-Host "[OPTION 3] Use Microsoft Graph API (OAuth - modern auth)" -ForegroundColor Cyan
|
|
Write-Host " Most secure but requires application changes"
|
|
|
|
} else {
|
|
Write-Host ""
|
|
Write-Host "[SOLUTION] This is a regular mailbox - can authenticate directly" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "Website SMTP Configuration:"
|
|
Write-Host " - SMTP Server: smtp.office365.com"
|
|
Write-Host " - Port: 587 (STARTTLS)"
|
|
Write-Host " - Username: notifications@dataforth.com"
|
|
Write-Host " - Password: <account password>"
|
|
Write-Host " - Authentication: Required"
|
|
Write-Host " - SSL/TLS: Yes"
|
|
Write-Host ""
|
|
|
|
if ($CASMailbox.SmtpClientAuthenticationDisabled -eq $false) {
|
|
Write-Host "[OK] SMTP AUTH is enabled - credentials should work" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host "If still failing, check:" -ForegroundColor Yellow
|
|
Write-Host " - Correct password in website config"
|
|
Write-Host " - Firewall allowing outbound port 587"
|
|
Write-Host " - Run Test-DataforthSMTP.ps1 to verify credentials"
|
|
} else {
|
|
Write-Host "[ERROR] SMTP AUTH is DISABLED - must enable first!" -ForegroundColor Red
|
|
Write-Host "Run: Set-CASMailbox -Identity notifications@dataforth.com -SmtpClientAuthenticationDisabled `$false" -ForegroundColor Yellow
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|