Add 12 AI-generated PowerShell scripts with documentation

⚠️ IMPORTANT: These scripts are AI-GENERATED and UNTESTED

Exchange Scripts (5):
- Get-MailboxPermissions.ps1: Audit delegate access permissions
- Get-InactiveMailboxes.ps1: Identify stale mailboxes
- Compare-MailboxDatabases.ps1: Database health comparison
- Export-DistributionGroups.ps1: Distribution group inventory
- Get-MailflowStats.ps1: Transport log analysis

Active Directory Scripts (3):
- Get-ADUserLastLogon.ps1: True LastLogon across all DCs
- Export-OUStructure.ps1: OU hierarchy with GPO links
- Compare-ADGroupMemberships.ps1: Compare user group memberships

System Maintenance Scripts (4):
- Get-ServerInventory.ps1: Hardware/software inventory report
- Monitor-DiskSpace.ps1: Disk space monitoring with alerts
- Backup-ExchangeCertificates.ps1: Certificate backup to PFX
- Test-ExchangeHealth.ps1: Aggregated Exchange health checks

Documentation:
- Updated CLAUDE.md with AI-generated scripts section
- Added AI-GENERATED-SCRIPTS.md with warnings and testing guide

All scripts include prominent warnings and follow established patterns
from existing scripts. Require thorough testing before production use.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

AI-GENERATED-SCRIPTS.md

@@ -0,0 +1,95 @@
+# AI-Generated Scripts - Important Notice
+
+⚠️ **WARNING: The scripts listed below were generated by Claude AI and have NOT been tested in production environments.**
+
+These scripts were created to complement the existing manually-written scripts in this repository. While they follow established patterns and best practices, **they require thorough review and testing before use in any production environment**.
+
+## AI-Generated Scripts List
+
+### Exchange Scripts
+| Script | Purpose | Risk Level |
+|--------|---------|------------|
+| `Get-MailboxPermissions.ps1` | Audit mailbox delegate access (SendAs, SendOnBehalf, FullAccess) | Low (read-only) |
+| `Get-InactiveMailboxes.ps1` | Identify stale mailboxes based on LastLogonTime | Low (read-only) |
+| `Compare-MailboxDatabases.ps1` | Database health comparison with alerting | Low (read-only) |
+| `Export-DistributionGroups.ps1` | Complete distribution group inventory | Low (read-only) |
+| `Get-MailflowStats.ps1` | Transport log analysis for message flow patterns | Low (read-only) |
+
+### Active Directory Scripts
+| Script | Purpose | Risk Level |
+|--------|---------|------------|
+| `Get-ADUserLastLogon.ps1` | True LastLogon query across all domain controllers | Medium (queries all DCs) |
+| `Export-OUStructure.ps1` | OU hierarchy documentation with GPO links | Low (read-only) |
+| `Compare-ADGroupMemberships.ps1` | Group membership comparison between users | Low (read-only) |
+
+### System Maintenance Scripts
+| Script | Purpose | Risk Level |
+|--------|---------|------------|
+| `Get-ServerInventory.ps1` | Hardware/software inventory with Word/HTML report | Low (read-only) |
+| `Monitor-DiskSpace.ps1` | Disk space monitoring with alerting | Low (read-only) |
+| `Backup-ExchangeCertificates.ps1` | Certificate export to PFX files | Medium (exports sensitive keys) |
+| `Test-ExchangeHealth.ps1` | Aggregated Exchange health checks | Low (read-only tests) |
+
+## Testing Recommendations
+
+### Before Production Use:
+
+1. **Review the Code**
+   - Examine the logic and ensure it fits your environment
+   - Check for hardcoded paths, IP ranges, or environment-specific assumptions
+   - Verify parameter defaults are appropriate
+
+2. **Test in Non-Production**
+   - Run scripts in a test environment first
+   - Verify output is accurate and complete
+   - Check performance impact (especially scripts that query all DCs or parse large logs)
+
+3. **Verify Prerequisites**
+   - Ensure required modules are available (Exchange Management Shell, Active Directory)
+   - Confirm appropriate permissions (RBAC roles, AD rights, Administrator)
+   - Test with and without optional parameters
+
+4. **Monitor Performance**
+   - Some scripts can be slow with large datasets:
+     - `Get-ADUserLastLogon.ps1` queries every domain controller
+     - `Get-MailflowStats.ps1` parses potentially large log files
+     - `Get-InactiveMailboxes.ps1` retrieves statistics for all mailboxes
+   - Consider running during maintenance windows or off-peak hours
+
+5. **Security Considerations**
+   - `Backup-ExchangeCertificates.ps1` exports private keys - store PFX files securely
+   - `Get-MailboxPermissions.ps1` may reveal sensitive access patterns
+   - Review output before sharing to ensure no credentials or secrets are exposed
+
+## How to Identify AI-Generated Scripts
+
+All AI-generated scripts include:
+1. Prominent warning in the `.SYNOPSIS` section: "⚠️ AI-GENERATED SCRIPT - UNTESTED"
+2. Console output warning when executed
+3. This file (`AI-GENERATED-SCRIPTS.md`) lists all AI-generated scripts
+
+## Manually Written Scripts (Production-Tested)
+
+The following scripts were manually written and have been used in production:
+- `Exchange/Exchange-Inventory.ps1`
+- `Exchange/Get-LargeMailboxes.ps1`
+- `Exchange/Get-MailboxesPerType.ps1`
+- `Exchange/Get-SMTPTraffic.ps1`
+- `ActiveDirectory/CopyADgroups.ps1`
+- `Misc/Fix-VSSBackup.ps1`
+
+## Reporting Issues
+
+If you find issues with AI-generated scripts, please:
+1. Document the issue (error messages, unexpected behavior, environment details)
+2. Note which script and version (check git commit)
+3. Consider fixing the issue and contributing back to the repository
+
+## License
+
+These scripts are provided as-is under the same license as the repository. No warranty is provided, express or implied.
+
+---
+
+**Last Updated**: 2025-10-15
+**Generated By**: Claude AI (Anthropic)