Extract Mailbox Permission With user mailbox details RRS feed

  • Question

  • hi There,

    this is my 1st time writing a Powershell script, my object is to extract all  the mailbox permission and other attribute for any mailbox under the domain.name only. When i run this powershell it took more that 2 hours and most of the time the session will restarted and i need to login again.  end on the day i never successfully manage to get the information i needed. 

    Can someone help me to check on my script and let me know if i miss anything. 

    get-MailboxPermission -ResultSize:Unlimited -Identity "*@domain.name" | where { ($_.User -like '*@*')   } | Foreach-Object{

        $mbx = $_

        $user = Get-Mailbox -RecipientTypeDetails 'usermailbox' -ResultSize unlimited -Identity "*@domain"

        New-Object -TypeName PSObject -Property @{

            identity = $mbx.identity

           AccessRights = $mbx.accessrights

           displayname =$user.Displayname

           user = $mbx.user

        CustomAttribute10 =$user.CustomAttribute10

        CustomAttribute11 =$user.CustomAttribute11

        CustomAttribute12 =$user.CustomAttribute12 


    Thursday, June 27, 2019 4:09 PM

All replies

  • Please do not post colorized code.  Use the code posting tool provided.  Please edit your post and fix it.  The code is unreadable with most browsers and cannot be copied correctly.


    Thursday, June 27, 2019 4:54 PM
  • 1. start with  single mailbox information until ure satisfied with results

    2. Use get-mailbox | get-mailboxpermission

    3. You really dont want go through all mailboxes each loop 

    4. Look only for records which are not inherited 

    Start with this idea:

    $mbxs = get-mailbox -resultsize unlimited

    foreach ($mbx in $mbxs)


    $perm = get-mailboxpermission $mbx |?{!$_.isinherited}


    Thursday, June 27, 2019 7:35 PM
  • Get-Mailbox | Get-MailboxPermission | ?{$_.user.tostring() -ne "NT AUTHORITY\SELF" -and !$_.IsInherited} |
    select identity,user,@{n='Access Rights';e={[string]::join(', ', $_.AccessRights)}}

    This is basic report. If u need aditional info (custom attribute etc) u need to modify it in your own.  

    • Edited by Mekac Friday, June 28, 2019 6:43 AM
    Friday, June 28, 2019 6:41 AM
  • Add "-RecipientTypeDetails UserMailbox" to that Get-Mailbox cmdlet. :-)

    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Friday, June 28, 2019 3:47 PM
  • You can try pre-built script to address your requirement. Following script will report mailbox permissions like Full access, SendAs, SendOnBehalf along with most required attributes like UPN, Display Name, Mailbox Type, Admin Roles, etc. Advanced filters are available to get the more granular report.

    Export Mailbox permission to CSV

    Sample Output:Export mailbox permission

    Saturday, June 29, 2019 6:58 AM