Need to write powershell commandlet that will get the MailBox permission and SendAs permission

All replies

• 

  

  0

  Sign in to vote

  Chris,

  the "SendAs" permission is actually named GrantSendOnBehalfTo and is a property of the mailbox object itself. So you can get it with something like this:

  Get-Mailbox -Identity <YourSamAccountName> | Select-Object -Property Name,GrantSendOnBehalfTo 

  
  

  ---

  Best regards

  (79,108,97,102|%{[char]$_})-join''

  
  

  • Edited by BOfH-666 Wednesday, October 18, 2017 9:41 PM
  • Proposed as answer by Albert LingMicrosoft contingent staff Tuesday, October 24, 2017 2:36 AM

  Wednesday, October 18, 2017 9:41 PM
• 

  

  0

  Sign in to vote

  Is it possible to filter for only those with GrantSendOnBehalfTo entries?  Otherwise this works.

  ---

  Chris Premo

  Wednesday, October 18, 2017 10:13 PM
• 

  

  0

  Sign in to vote

  Chris,

  the "SendAs" permission is actually named GrantSendOnBehalfTo and is a property of the mailbox object itself. So you can get it with something like this:

  Get-Mailbox -Identity <YourSamAccountName> | Select-Object -Property Name,GrantSendOnBehalfTo 

  
  

  ---

  Best regards

  (79,108,97,102|%{[char]$_})-join''

  
  

  GrantSendOnBehalfTo =/= SendAs !!!  

  Send on behalf will permit a user (in this case administrator) to send e-mails as another user, but it will show that it was send by administrator@contoso.com on behalf of user@contoso.com.

  Send as will give (to administrator@contoso.com ) the permission to send mail as another user ( user@contoso.com ). In this case the recipient will see only user@contoso.com in the from field. He will never know that administrator  send that e-mail ..

  To list SendAs permission, u should use get-adpermission cmdlet

  Get-Mailbox -Identity <account> | Get-ADPermission | ? { $_.ExtendedRights -like "*send*" } 

  
  

  • Edited by Mekac Wednesday, October 18, 2017 10:43 PM

  Wednesday, October 18, 2017 10:38 PM
• 

  

  0

  Sign in to vote

  I've tried the Get-ADPermission option, but this is only for an On-Prem Exchange server.  Ours is on O365 in the cloud.

  ---

  Chris Premo

  Wednesday, October 18, 2017 10:48 PM
• 

  

  0

  Sign in to vote

  Well, i have on-prem ..  

  According to this link, SendAs permissions on O365 can be set by command "Add-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

  So, isnt is possible to use Get-RecipientPermission as well to get what u need?  (Not having O365, just guessing)

  Wednesday, October 18, 2017 11:06 PM
• 

  

  0

  Sign in to vote

  Well, i have on-prem ..  

  According to this link, SendAs permissions on O365 can be set by command "Add-RecipientPermission <identity> -AccessRights SendAs -Trustee <user>

  So, isnt is possible to use Get-RecipientPermission as well to get what u need?  (Not having O365, just guessing)

  Yes there is Get-RecipientPermission:

  https://technet.microsoft.com/en-us/library/ff945795%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396
  

  
  

  • Edited by gpunktschmitz Thursday, October 19, 2017 5:25 AM

  Thursday, October 19, 2017 5:25 AM
• 

  

  0

  Sign in to vote

  So if I use this commandlet:

  Get-Mailbox-identity*@Our.Domain|selectIdentity,GrantSendOnBehalfTo|Export-Csv-Pathc:\Scripts\MailboxSendAsPermissions.csv-NoTypeInformation

  Is this giving me only the permissions of: Send on behalf  and Send as

  or is it only giving me Send on Behalf?  How do I tell the difference?

  ---

  Chris Premo

  Thursday, October 19, 2017 5:35 AM
• 

  

  0

  Sign in to vote

  So if I use this commandlet:

  Get-Mailbox-identity*@Our.Domain|selectIdentity,GrantSendOnBehalfTo|Export-Csv-Pathc:\Scripts\MailboxSendAsPermissions.csv-NoTypeInformation

  Is this giving me only the permissions of: Send on behalf  and Send as

  or is it only giving me Send on Behalf?  How do I tell the difference?

  ---

  Chris Premo

  SendAs and SendOnBehalf are similar permissions, but really different.  
  Statement from BOfH_666  "the "SendAs" permission is actually named GrantSendOnBehalfTo" is wrong. 

  SendAS is AD permission, SendOnBehalf Exchange permission.

  I explained the difference between these 2  in my earlier post.  

  
  

  • Edited by Mekac Thursday, October 19, 2017 6:24 AM
  • Proposed as answer by Albert LingMicrosoft contingent staff Tuesday, October 24, 2017 2:36 AM

  Thursday, October 19, 2017 6:12 AM
• 

  

  0

  Sign in to vote

  This is the coding I eventually found that gives me the information I needed for the SendAs:

  Get-Mailbox -ResultSize Unlimited | Get-RecipientPermission | Sort-Object Identity | ? {$_.Trustee -ne "NT AUTHORITY\SELF"}

  This is the coding I used to get the SendOnBehalfTo:

  Get-Mailbox -identity *@mydomain | select Identity,GrantSendOnBehalfTo | Sort-Object GrantSendOnBehalfTo

  ---

  Chris Premo

  • Marked as answer by ChrisPremo Thursday, October 26, 2017 2:05 PM

  Tuesday, October 24, 2017 3:59 PM
• 

  

  0

  Sign in to vote

  Hi,
  
  I'm checking how the issue is going, was your issue resolved?
  
  And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.
  
  Appreciate for your feedback.
  
  Best Regards,
  Albert Ling
  

  ---

  Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Thursday, October 26, 2017 8:17 AM