A comprehensive PowerShell script for documenting Microsoft Exchange Server environments, including on-premises Exchange, Exchange Online, and hybrid configurations. This script generates detailed CSV and HTML reports suitable for infrastructure documentation, compliance auditing, and analysis.
- On-Premises Exchange Server (2013, 2016, 2019)
- Exchange Online (Microsoft 365)
- Hybrid Exchange environments
- Exchange Online Protection (EOP) settings
- SMTP Relay Configuration: Complete send/receive connector documentation
- Exchange Web Services (EWS): Virtual directory configurations and certificates
- Certificate Management: All Exchange certificates with expiration tracking
- Transport Security: TLS settings, authentication methods, and security policies
- Client Connectivity: All virtual directories (OWA, ECP, ActiveSync, EWS, OAB, Autodiscover, MAPI, PowerShell)
- Federation and Hybrid: Complete hybrid configuration and organization relationships
- Exchange server inventory and roles
- Database configurations (mailbox, public folder)
- Database Availability Groups (DAG)
- Transport connectors (send/receive)
- Virtual directories (OWA, ECP, ActiveSync, etc.)
- Transport rules and policies
- Accepted domains and email address policies
- Hybrid configuration details
- Client access services
- Mailbox statistics and distribution
- Exchange Certificates: All certificates with expiration dates and services
- SMTP Relay Configuration: Complete send/receive connector settings
- EWS and Client Access: All virtual directories with authentication methods
- Transport Security: TLS certificates, authentication mechanisms
- Federation Configuration: Organization relationships and sharing policies
- Retention and Compliance: Retention policies, tags, and journal rules
- Address Lists and OABs: Complete directory service configuration
- Throttling and Mobile Policies: Client access and device management
- Management Roles: Security and administrative role assignments
- Organization configuration
- Tenant information and accepted domains
- Mailbox plans and policies
- Transport rules and connectors
- Exchange Online Protection settings
- Anti-spam and anti-malware policies
- Microsoft Defender for Office 365 policies
- Mobile device policies
- Data Loss Prevention (DLP) policies
- Retention and quarantine policies
- Detailed mailbox and group statistics
- SMTP Relay for Cloud: Inbound/outbound connectors for hybrid scenarios
- DKIM Configuration: Domain-based message authentication
- Advanced Threat Protection: Complete Defender for Office 365 settings
- Connection Filtering: IP allow/block lists and connection policies
- Anti-Phishing Policies: Advanced phishing protection settings
- Audit Configuration: Admin audit logging and compliance settings
- CSV Report: Machine-readable format for data analysis
- HTML Report: Interactive, professional report with collapsible sections
- Comprehensive Statistics: Summary dashboards and detailed breakdowns
- Certificate Expiration Alerts: Automatic detection of expired and expiring certificates
- Security Configuration Review: Complete authentication and TLS settings
- SMTP Relay Documentation: All inbound/outbound connectors with security settings
- Transport Rule Analysis: Complete mail flow rule documentation
The script will automatically check for and optionally install required modules:
```powershell Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser ```
```powershell Install-Module -Name Microsoft.Graph -Scope CurrentUser ```
- Exchange Organization Management role
- Local administrator rights on Exchange server (for PowerShell remoting)
- Exchange Administrator role
- Global Administrator role (for full feature access)
- Security Administrator role (for Defender for Office 365 features)
-
Download the script ```bash git clone https://github.com/yourusername/exchange-documentation-script.git cd exchange-documentation-script ```
-
Set execution policy (if needed) ```powershell Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser ```
-
Install required modules (script will prompt if needed) ```powershell Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser Install-Module -Name Microsoft.Graph -Scope CurrentUser ```
```powershell .\Exchange-Documentation-Script.ps1 -Environment Online -OutputPath "C:\Reports" ```
```powershell .\Exchange-Documentation-Script.ps1 -Environment OnPremises -ExchangeServer "exchange01.contoso.com" -OutputPath "C:\Reports" ```
```powershell .\Exchange-Documentation-Script.ps1 -Environment Both -ExchangeServer "exchange01.contoso.com" -OutputPath "C:\Reports" ```
```powershell .\Exchange-Documentation-Script.ps1 -Environment Online -TenantId "contoso.onmicrosoft.com" -OutputPath "C:\Reports" ```
```powershell .\Exchange-Documentation-Script.ps1 -Environment Online -AppId "12345678-1234-1234-1234-123456789012" -CertificateThumbprint "ABC123DEF456..." -TenantId "contoso.onmicrosoft.com" ```
```powershell $cred = Get-Credential .\Exchange-Documentation-Script.ps1 -Environment OnPremises -ExchangeServer "exchange01.contoso.com" -Credential $cred ```
```powershell .\Exchange-Documentation-Script-Enhanced.ps1 -Environment Both -OutputPath "C:\Reports" -IncludeDetailedStats ```
```powershell .\Exchange-Documentation-Script-Enhanced.ps1 -Environment OnPremises -ExchangeServer "exchange01.contoso.com" -IncludeDetailedStats ```
| Parameter | Type | Required | Description |
|---|---|---|---|
| `Environment` | String | Yes | Environment to document: `OnPremises`, `Online`, or `Both` |
| `OutputPath` | String | No | Output directory for reports (default: current directory) |
| `ExchangeServer` | String | No* | FQDN of Exchange server (*required for OnPremises) |
| `Credential` | PSCredential | No | Credentials for authentication |
| `TenantId` | String | No | Azure AD Tenant ID for Exchange Online |
| `AppId` | String | No | Application ID for certificate-based auth |
| `CertificateThumbprint` | String | No | Certificate thumbprint for certificate-based auth |
- Machine-readable format
- Each category as separate rows
- JSON-encoded data for complex objects
- Suitable for data analysis and automation
- Professional, interactive interface
- Collapsible sections for easy navigation
- Environment-specific color coding
- Summary statistics dashboard
- Responsive design for various screen sizes
- Print-friendly formatting
- Organization Configuration
- Exchange Servers
- Mailbox Databases
- Database Availability Groups
- Receive/Send Connectors
- Transport Rules
- Virtual Directories
- Hybrid Configuration
- Client Access Services
- Mailbox Statistics
- Organization Configuration
- Tenant Information
- Mailbox Plans
- Transport Configuration
- Security Policies (EOP, Defender for Office 365)
- Mobile Device Policies
- Compliance Policies
- Detailed Statistics
```powershell
Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber ```
```powershell
Get-PSSession | Remove-PSSession Disconnect-ExchangeOnline -Confirm:$false
Connect-ExchangeOnline ```
```powershell
winrm quickconfig
Test-NetConnection -ComputerName "exchange01.contoso.com" -Port 80 ```
- Ensure proper administrative roles are assigned
- For Exchange Online: Global Admin or Exchange Admin
- For On-Premises: Organization Management role
The script includes comprehensive error handling:
- Continues execution if individual data collection fails
- Logs warnings for failed operations
- Provides detailed error messages
- Ensures proper cleanup of connections
- Interactive Authentication: Prompts for credentials
- Certificate-Based Authentication: For unattended execution
- Credential Objects: For scripted scenarios
- Reports may contain sensitive configuration data
- Store reports in secure locations
- Consider encryption for sensitive environments
- Review reports before sharing
- Uses encrypted connections (HTTPS/TLS)
- Supports certificate-based authentication
- No credentials stored in script
```powershell
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\Scripts\Exchange-Documentation-Script.ps1 -Environment Online -OutputPath C:\Reports" $trigger = New-ScheduledTaskTrigger -Monthly -At "02:00AM" -DaysOfMonth 1 $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries Register-ScheduledTask -TaskName "Exchange Documentation" -Action $action -Trigger $trigger -Settings $settings ```
The script can be adapted for Azure Automation runbooks for cloud-based scheduling.
- Follow PowerShell best practices
- Include error handling for new features
- Update documentation for new parameters
- Test with multiple Exchange versions
- Complete SMTP Relay Documentation: Both on-premises and cloud connectors
- Exchange Certificate Monitoring: Expiration tracking and alerts
- EWS Virtual Directory Coverage: Complete client access documentation
- Enhanced Security Reporting: TLS, authentication, and certificate analysis
- Critical Alert System: Automatic identification of security issues
- Comprehensive Transport Rules: Complete mail flow rule documentation
- Federation and Hybrid Details: Organization relationships and sharing policies
- Enhanced Exchange Online support
- Added Microsoft Graph integration
- Improved HTML report design
- Added certificate-based authentication
- Enhanced error handling and logging
- Added module auto-installation
- Initial release
- Basic on-premises and Exchange Online support
- CSV and HTML report generation