How to obtain user principal names from canonical name of objects

Question

When I run below PowerShell command:

(Get-Mailbox -Identity SharedMailbox1).GrantSendOnBehalfTo

I get the following output:

contoso.local/NZ/Users/Internal/Test, User21
contoso.local/NZ/Users/Terminated/Test, User12
contoso.local/NZ/Users/Terminated/Test, User3
contoso.local/NZ/Users/Internal/Test, User6
contoso.local/NZ/Users/Internal/Test, User10

I would like to obtain UPN from this output in an array. Is there a way?

Answer 1

This is actually straightforward. The GrantSendOnBehalfTo property contains objects of type [Microsoft.Exchange.Data.Directory.ADObjectId] which are suitable to be piped other cmdlets in the Exchange Management Shell.

(Get-Mailbox SharedMailbox1).GrantSendOnBehalfTo |
Get-Mailbox |
Select-Object -ExpandProperty UserPrincipalName

A shorter but less readable version:

((Get-Mailbox SharedMailbox1).GrantSendOnBehalfTo | Get-Mailbox).UserPrincipalName

You can also use it in conjunction with the ActiveDirectory module. You just have to insure you're piping a string down the pipeline that the AD cmdlets will accept for their -Identity parameter. Of course, you can't go wrong using the DistinguishedName:

((Get-Mailbox SharedMailbox1).GrantSendOnBehalfTo.DistinguishedName | 
Get-ADObject -Properties UserPrincipalName).UserPrincipalName

I should point out that while rare it's possible to have a group in the GrantSendOnBehalfTo property. Groups do not have a UserPrincipalName attribute. you can get around that using Get-Recipient and filtering on Recipient Type:

(Get-Mailbox SharedMailbox1).GrantSendOnBehalfTo |
Get-Recipient | 
Where-Object{$_.RecipientType -eq "UserMailbox"} | 
Get-Mailbox | 
Select-Object -ExpandProperty UserPrincipalName

Or the AD version:

(Get-Mailbox SharedMailbox1).GrantSendOnBehalfTo.DistinguishedName | 
Get-ADObject -Properties UserPrincipalName | 
Where-Object{$_.objectClass -eq "user"} | 
Select-Object -ExpandProperty UserPrincipalName

There may be other object types too, but so long as you're filtering for user mailboxes you should be able to output correct data. Of course, these techniques can be expanded to report better if non-user/mailboxes are encountered etc...