You can use PowerShell and the Microsoft 365 Exchange Online PowerShell module to retrieve the members of Exchange groups in your Microsoft 365 tenant. Here's an example script that reads a list of group names from a text file and exports the group members to a CSV file:

# Install the Exchange Online PowerShell module if not already installed
if (-not (Get-Module -Name ExchangeOnlineManagement -ErrorAction SilentlyContinue)) {
    Install-Module -Name ExchangeOnlineManagement -Force
}
 
# Connect to Exchange Online
Connect-ExchangeOnline
 
# Path to the text file containing the group names
$groupListFile = "C:\Path\To\GroupList.txt"
 
# Path to save the CSV file with group members
$outputCsvFile = "C:\Path\To\GroupMembers.csv"
 
# Read the list of group names from the text file
$groupNames = Get-Content $groupListFile
 
# Iterate through each group and retrieve its members
$groupMembers = foreach ($groupName in $groupNames) {
    Get-DistributionGroupMember -Identity $groupName |
    Select-Object DisplayName, UserPrincipalName
}
 
# Export the group members to a CSV file
$groupMembers | Export-Csv -Path $outputCsvFile -NoTypeInformation

Make sure to replace `“C:\Path\To\GroupList.txt”` with the actual path to your text file containing the group names. Also, set the desired path for the output CSV file by modifying `“C:\Path\To\GroupMembers.csv”`.

The script installs the Exchange Online PowerShell module if it's not already installed, connects to Exchange Online, retrieves the group names from the text file, and then retrieves the members for each group using the `Get-DistributionGroupMember` cmdlet. The member details (display name and user principal name) are stored in the `$groupMembers` variable. Finally, the script exports the group members to a CSV file using the `Export-Csv` cmdlet.

Please note that you'll need to have the necessary administrative rights and permissions to execute these commands in your Microsoft 365 tenant.

To determine the type of mailbox or group in Microsoft 365 using PowerShell, you can use the `Get-Mailbox` and `Get-DistributionGroup` cmdlets. Here's an example script that reads a list of email addresses from a text file and retrieves the corresponding mailbox or group type:

# Connect to Exchange Online
Connect-ExchangeOnline
 
# Path to the text file containing the email addresses
$emailListFile = "C:\Path\To\EmailList.txt"
 
# Read the list of email addresses from the text file
$emailAddresses = Get-Content $emailListFile
 
# Iterate through each email address and determine the mailbox or group type
$addressTypes = foreach ($address in $emailAddresses) {
    # Check if it's a mailbox
    $mailbox = Get-Mailbox -Identity $address -ErrorAction SilentlyContinue
    if ($mailbox) {
        [PSCustomObject]@{
            Address = $address
            Type = "Mailbox"
        }
    }
    else {
        # Check if it's a distribution group
        $group = Get-DistributionGroup -Identity $address -ErrorAction SilentlyContinue
        if ($group) {
            [PSCustomObject]@{
                Address = $address
                Type = "Distribution Group"
            }
        }
        else {
            [PSCustomObject]@{
                Address = $address
                Type = "Unknown"
            }
        }
    }
}
 
# Output the address types
$addressTypes

Make sure to replace `“C:\Path\To\EmailList.txt”` with the actual path to your text file containing the email addresses.

The script connects to Exchange Online, reads the email addresses from the text file, and then iterates through each email address. It checks if the address belongs to a mailbox using the `Get-Mailbox` cmdlet and if it belongs to a distribution group using the `Get-DistributionGroup` cmd

The `Get-Mailbox` cmdlet doesn't directly support filtering based on the “GrantSendOnBehalfTo” property. Instead, we can use a workaround to achieve the desired result. Here's an updated version of the script with the necessary modifications:

# Connect to Exchange Online
Connect-ExchangeOnline
 
# Path to the text file containing the group names
$groupListFile = "C:\Path\To\GroupList.txt"
 
# Output file path for the CSV
$outputFile = "C:\Path\To\Output.csv"
 
# Read the list of group names from the text file
$groupNames = Get-Content $groupListFile
 
# Create an empty array to store the group members
$groupMembers = @()
 
# Iterate through each group name
foreach ($groupName in $groupNames) {
    # Get the group object
    $group = Get-Mailbox -Identity $groupName -ErrorAction SilentlyContinue
 
    # Check if the group is a Shared Mailbox
    if ($group -and $group.RecipientTypeDetails -eq "SharedMailbox") {
        # Get the group members
        $members = Get-RecipientPermission -Identity $group.DistinguishedName |
                   Where-Object { $_.AccessRights -contains "FullAccess" -and $_.IsInherited -eq $false } |
                   Select-Object User
 
        # Add the group members to the array
        $groupMembers += $members
    }
}
 
# Export the group members to a CSV file
$groupMembers | Export-Csv -Path $outputFile -NoTypeInformation
 
# Disconnect from Exchange Online
Disconnect-ExchangeOnline

In this updated version, we're using the `Get-RecipientPermission` cmdlet to retrieve the permissions of the Shared Mailbox. We filter the permissions to only include users with “FullAccess” rights who are not inherited. Then, we select the “User” property to get the members' information.

Please give this updated script a try, and it should provide you with the membership details of the Shared Mailboxes listed in the text file.

You're correct, the `Select-Object Trustee` should be used instead of `Select-Object User` to retrieve the members' information. I apologize for the oversight.

I'm glad to hear that the rest of the script worked flawlessly for you. If you have any more questions or need further assistance, feel free to ask.

The purpose of the `Where-Object` filtering in the script is to retrieve only the mailbox permissions entries that meet specific criteria. Let's break down the filtering criteria used:

1. 1. `$_` represents the current pipeline object, which in this case is each mailbox permission entry.
2. 2. `AccessRights -contains “FullAccess”` checks if the mailbox permission includes the “FullAccess” access right. This ensures that only permissions with FullAccess are selected.
3. 3. `IsInherited -eq $false` checks if the permission is not inherited from a parent object. This excludes any permissions inherited from higher-level groups or objects, and only includes direct permissions set on the mailbox.

By combining these criteria, the script filters out any mailbox permissions that are not directly assigned and do not have FullAccess. This helps to ensure that only relevant mailbox permissions are included in the final result.

If you have specific requirements for filtering the mailbox permissions, you can adjust or remove this filtering as per your needs.

Certainly! Here's the modified script that includes the pair of addresses “SharedMailbox, Trustee” in the output CSV file:

$sharedMailboxes = Get-Content -Path "C:\path\to\sharedMailboxes.txt"
 
$result = foreach ($sharedMailbox in $sharedMailboxes) {
    $mailbox = Get-Mailbox -Identity $sharedMailbox
    $permissions = Get-MailboxPermission -Identity $sharedMailbox
 
    foreach ($permission in $permissions) {
        [PSCustomObject]@{
            SharedMailbox = $mailbox.PrimarySmtpAddress
            Trustee = $permission.User
        }
    }
}
 
$result | Export-Csv -Path "C:\path\to\output.csv" -NoTypeInformation

In this modified script, we iterate through each shared mailbox in the `sharedMailboxes` list and retrieve the mailbox object using `Get-Mailbox`. Then, we retrieve the mailbox permissions using `Get-MailboxPermission`. For each permission, we create a custom object that includes the pair of addresses “SharedMailbox, Trustee”. Finally, the result is exported to a CSV file using `Export-Csv`.

Make sure to replace `“C:\path\to\sharedMailboxes.txt”` with the actual path to your text file containing the shared mailbox addresses, and `“C:\path\to\output.csv”` with the desired path for the output CSV file.

I hope this meets your requirements! Let me know if you have any further questions.

# Connect to Exchange Online
Connect-ExchangeOnline
 
$sharedMailboxes = Get-Content -Path "C:\Users\Facundo\OneDrive - TandemStudio Cloud\APR\mailboxesQuery.txt"
 
$result = foreach ($sharedMailbox in $sharedMailboxes) {
    $mailbox = Get-Mailbox -Identity $sharedMailbox
    $permissions = Get-MailboxPermission -Identity $sharedMailbox
 
    foreach ($permission in $permissions) {
        [PSCustomObject]@{
            SharedMailbox = $mailbox.PrimarySmtpAddress
            Trustee = $permission.User
        }
    }
}
 
$result | Export-Csv -Path "C:\Users\Facundo\OneDrive - TandemStudio Cloud\APR\output_2.csv" -NoTypeInformation

getMailboxes.ps1

Connect-ExchangeOnline
 
$mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox
 
$result = foreach ($mailbox in $mailboxes) {
    $permissions = Get-MailboxPermission -Identity $mailbox.Identity
 
    foreach ($permission in $permissions) {
        [PSCustomObject]@{
            SharedMailbox = $mailbox.PrimarySmtpAddress
            Trustee = $permission.User
        }
    }
}
 
$result | Export-Csv -Path "C:\tmp\exchangeOnline_SharedMailboxes_Output.csv" -NoTypeInformation
 
$distributionLists = Get-DistributionGroup
 
$result = foreach ($distributionList in $distributionLists) {
    $groupMembers = Get-DistributionGroupMember -Identity $distributionList.Identity
 
    foreach ($member in $groupMembers) {
        [PSCustomObject]@{
            DistributionList = $distributionList.PrimarySmtpAddress
            Member = $member.Name
        }
    }
}
 
$result | Export-Csv -Path "C:\tmp\exchangeOnline_DistribGroups_Output.csv" -NoTypeInformation