Need help with script to export shared mailbox full access permissions and security group membership.

All replies

• 

  

  0

  Sign in to vote

  A simple search will find many articles on how to do this:

  https://blogs.technet.microsoft.com/dpickett/2016/04/29/how-to-get-a-list-of-shared-mailboxes-and-users-with-permissions-to-those-mailboxes-in-exchange-online/

  ---

  \_(ツ)_/

  Wednesday, August 7, 2019 7:29 PM
• 

  

  0

  Sign in to vote

  I've seen that and it doesn't quite provide the data in a clean format.  I've searched and unless I'm not using the right search words, I'm not seeing anything that can do this.   I appreciate the response.  

  Thursday, August 8, 2019 12:43 PM
• 

  

  0

  Sign in to vote

  Try below, it might work for you:

  foreach($mailbox in (Get-Mailbox)) {
      foreach ($permission in (Get-MailboxPermission $mailbox | 
          Where-Object{$_.User -like "Domain\SG_*"})){
              Get-ADGroupMember $permission.User.ToString().split("\")[1]  |
                   Select-Object @{n="Mailbox"; e={$mailbox}}, @{n="Group"; e={$permission.User.ToString().split("\")[1]}}, @{n="Access"; e={$_.SamAccountName}} 
      }
  }

  
   
  Replace Get-Mailbox with the appropriate filters
  

  • Edited by DumbleD0re Friday, August 9, 2019 12:45 PM

  Friday, August 9, 2019 9:23 AM
• 

  

  0

  Sign in to vote

  I figured it out.  It looks for the security group that has full access, pulls the members out then grants them explicit full access and send as permissions.

  $sharedmailbox = Get-Mailbox -RecipientTypeDetails "shared" -ResultSize unlimited
  
  $SGMember = @()
  $sharedmailbox = $null
  $mb = $null
  $securitygroup = $null
  $SGmember = $null
  $securitygroup2 = $null
  $displayname = $null
  $members= $null
  $report = @()
  $user = $null
  $account = @()
  
  
  foreach ($mb in $sharedmailbox) { 
  
  
  $securitygroup = Get-Mailbox -id $mb | Get-MailboxPermission | where { ($_.User -like "domain\SG_*") } 
  
  $securitygroup2 = $securitygroup.User
  
  $SGMember = Get-DistributionGroupMember -Identity $securitygroup2
  
  
  $members = (@($SGMember).alias -join ',')
  
  $output = New-Object System.Object
  $output | Add-Member -Type NoteProperty -Name Mailbox -Value $($mb)
  $output | Add-Member -Type NoteProperty -Name "security group" -Value $($securitygroup2)
  $output | Add-Member -Type NoteProperty -Name "SG members" -Value $members
  
  
  $report += $output
  
  $account = $members.Split(",")
  
  foreach ($user in $account){
  
  
  Add-MailboxPermission -Identity "$mb" -User $user -AccessRights Fullaccess -InheritanceType all -Automapping $false
  Add-ADPermission -Identity "$mb" -User $user -AccessRights ExtendedRight -ExtendedRights "send as"
  }
  
  }
  
  
  $report | Export-Csv C:\scripts\MailboxAddUsersExplicitly.csv -NoTypeInformation

  
  

  
  

  • Proposed as answer by LeeSeenLiMicrosoft contingent staff Friday, September 6, 2019 12:49 PM
  • Marked as answer by David_G_A Friday, September 6, 2019 12:51 PM

  Friday, August 9, 2019 2:11 PM
• 

  

  0

  Sign in to vote

  Hi,

  Was your issue resolved?

  If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

  If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

  If no, please reply and tell us the current situation in order to provide further help.

  Best Regards,

  Lee

  ---

  Just do it.

  Friday, September 6, 2019 12:49 PM