Finding PST Files on the Network – The Manual Way
Posted by James Allison in Exchange, Exchange 2010, IT Professional, Outlook, PST Files, PST Importer, PST Importing, PowerShell, SysAdmin, Tutorials, Windows PowerShell, email on 31-08-2010
Tags: email, Exchange, Exchange 2010, IT Professional, messages, Outlook, PST, PST Files, PST Importer, PST Importing, SysAdmin, Windows PowerShell
In the last part of this guide the process for importing a local PST file into exchange server was shown. However, in reality it is likely that these PST files are scattered liberally around your network on the hard drives of your users machines as a result of Outlooks personal archiving. Ideally – so that this process is transparent to your users, you’d like some way of finding all these PST files – pairing them up with their users, and importing them into the appropriate mailbox. Here I show you how.
To start this, we can query Active Directory for a list of all the machines attached to your domain. We can then use Windows Management Instrumentation (WMI) to search each of these machines for PST files. The file paths for these PSTs should hopefully give a clue as to which user they belong to, as they will be created in a directory path containing the username by default. We can also grab the file owner file attribute which should correlate with the file path.
This technique requires that all the machines in your network are switched on and accessible by WMI. A list of the machines which could not be queried can be provided as output
Notes about WMI:
By default WMI is blocked by the windows firewall in Windows 7 and 2008 R2. You’ll need to open up the ports on all your users’ machines. This can be done with the ‘netsh’ command, or through a change to group policy.
What are the implications of this? WMI is a powerful beast, and allows remote access to many aspects of a user’s machine. As such it could be considered a security vulnerability… It’s typically accessed though port 135. This not only permits access to WMI – but also any other DCOM components which may be installed on a machine, open for exploitation by Trojans and the like. Needless to say, the ports are blocked by default for a reason – so require careful consideration of the implications when opening. WMI will also not help you if the machines you wish to tinker with are subject to NAT (Network Address Translation). You’ll be unable to reach these machines. The following script generates a txt file (the filename defined on line 2) of all the computers on your domain to be searched. This can then be edited with notepad to remove those you don’t wish to search.
$strCategory = "computer"
$strOutput = "c:\computernames.txt"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")
$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
[bool]$firstOutput = $true
foreach ($objResult in $colResults)
{
$objComputer = $objResult.Properties;
if($firstOutput)
{
Write-output $objComputer.name | Out-File -filepath $strOutput
$firstOutput = $false;
}
else
{
Write-output $objComputer.name | Out-File -filepath $strOutput `
-append
}
}
The next script will generate a CSV (Comma separated values) detailing the network paths of the PSTS you need.
$strComputers = Get-Content -Path "c:\computernames.txt"
[bool]$firstOutput = $true
foreach($strComputer in $strComputers)
{
$colFiles = Get-Wmiobject -namespace "root\CIMV2" `
-computername $strComputer `
-Query "Select * from CIM_DataFile `
Where Extension = 'pst'"
foreach ($objFile in $colFiles)
{
if($objFile.FileName -ne $null)
{
$filepath = $objFile.Drive + $objFile.Path + $objFile.FileName + "." `
+ $objFile.Extension;
$query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" `
+ $filepath `
+ "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner"
$colOwners = Get-Wmiobject -namespace "root\CIMV2" `
-computername $strComputer `
-Query $query
$objOwner = $colOwners[0]
$user = $objOwner.ReferencedDomainName + "\" + $objOwner.AccountName
$output = $strComputer + "," + $filepath + "," + $user
if($firstOutput)
{
Write-output $output | Out-File -filepath c:\pstdetails.csv
$firstOutput = $false
}
else
{
Write-output $output | Out-File -filepath c:\pstdetails.csv -append
}
}
}
}
This script will take as input a text file containing a list of machine names (conveniently the output of the first script), and will generate a csv file of all the pst files found on those machines, and the owners associated with them.
Find PST files across your network quickly and easily with PST Importer 2010. To find out more and to download a free 14 day trial please visit:
www.red-gate.com/products/pst_importer_2010
[...] my next post I will go through finding PST files on your network the manual [...]
[...] the previous part of this guide we looked at gaining a list of PST files and machines. In this, the final part of this series, we [...]
[...] The second video in a series of 3 videos explaining how to use the Exchange Management Shell to import PST files into Exchange 2010 mailboxes. In this video we will take the list of machine names we created in the previous video and use WMI to search each of these for PST files. We will then record the location of these files and the file owners. Further information can be found in this article. [...]
[...] This is the third and final clip in this series explaining how to use the Exchange Management Shell to import PST files into Exchange 2010 mailboxes. In this video, now that we have a list of relevant machine names, as well as the names, owners and locations of PST files on those machines, we’ll run through a script to set up the Mailbox-Import requests from these PST files into their relevant mailboxes in Exchange. Further information can be found in this article. [...]