Identify AD user account from Disconnect Exchange Mailbox

Question

I've been trying to do this for a while now. When Exchange mailboxes are disabled or soft-deleted they are disconnected from their AD user account object. We can reconnect them if we want to but is there a way to identify the AD user account it was associated with before disconnect ?.

I'm not an on-prem Exchange Administrator but have the necessary access for Recipient Configuration.

I've been able to use the displayName property from Get-MailboxStatistics results, but displayName is not a unique attribute (like distinguishedname, for instance).

I'm connecting to Exchange Server 2013 via PowerShell remote PSSession.

• I know LastLoggedOnUserAccount property is no longer an option with 2013.
• I see Mailbox auditing can help but this needs to be enabled per mailbox, this is out of my work scope and might add a big overhead in large organizations
• Search-MailboxAuditLog cmdlet is not visible for me in PowerShell my Exchange Management session

Any solution/workaround would be very much appreciated.

Answer 1

I cannot test this myself, but there is a property returned by Get-MailboxStatistics you could use, which is called MailboxGuid.

Below should get you a list of disconnected mailboxes where besides the DisplayName, the users EmailAddress and DistinghuishedName is returned.

Get-MailboxStatistics | Where-Object { $_.DisconnectReason } | ForEach-Object {   # get disconected mailboxes
    $email  = Get-User -Identity $_.MailboxGuid.Guid | Select-Object -ExpandProperty WindowsEmailAddress
    $userDN = Get-Mailbox -Identity $email | Select-Object -ExpandProperty DistinguishedName
    Select-Object DisconnectDate, DisconnectReason, DisplayName, 
                  @{Name = "EmailAddress"; Expression = { $email }},
                  @{Name = "DistinguishedName"; Expression = {$userDN }}
}