locked
Delete-Mailbox permission to delete all users with Full Access that are -ne to User1 or User2@contsoso.com RRS feed

  • Question

  • Hello, 

    I am trying to clear down 30 shared mailboxes in O365, when i remove a user from full access and save, they come right back.

    I have tried deleting a single user with PS and they didn't return so it works in PS.  However I need to now delete all users from X mailbox who have FullAccess but they must -ne (Not equals) User1@contoso.com or Users2@Contoso.com because we have two service accounts which need to be left in each.

    Any help appreciated.  This is what i have used so far; 

    Remove-MailboxPermission -Identity vnosupplier.updates@maintel.co.uk -User michael.cripps@maintel.co.uk -AccessRights FullAccess

    Thanks, 

    Tuesday, November 5, 2019 11:18 AM

All replies

  • Hi,

    Thanks for your question.

    Maybe you can try the steps to solve your issue.

    1. Use "Get-mailbox" cmdlet to get all the mailbox objects.

    https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/get-mailbox?view=exchange-ps

    2. Next use "Get-MailboxPermission" cmdlet to get the permissions on the mailbox.

    https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/get-mailboxpermission?view=exchange-ps

    3. Then use "where-object" to filter out the mailbox with the fullcontrol permissions and don't equal to the service accounts.

    4. Finally, use the "Remove-MailboxPermission" cmdlet to remove the fullcontrol permissions on the mailbox objects filtered by the previous command.

    https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/remove-mailboxpermission?view=exchange-ps

    Best regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 5, 2019 12:08 PM
  • For single mailbox, you can try below commands :

    $mailbox = "sharedmailbox@contoso.com"
    $Permissions = Get-MailboxPermission -Identity $mailbox | Where { ($_.IsInherited -eq $False) -and ($_.AccessRights -like "*FullAccess*") -and -not ($_.User -like "NT AUTHORITY\SELF") }
    ForEach ($PermObj in $Permissions) {
    if($PermObj.User -ne "User1@contoso.com" -and $PermObj.User -ne "User2@contoso.com") {
    Remove-MailboxPermission -Identity $mailbox -User $PermObj.User -AccessRight FullAccess -InheritanceType All -Confirm:$false
    Write-Host $mailbox ":" $PermObj.User -ForegroundColor Green
    } 
    }

    For multiple mailboxes, you can keep the mailbox identities in CSV file and use the below commands.

    Your CSV content should be in below format :
    MailboxID
    "sharedmailbox1@contoso.com"
    "sharedmailbox2@contoso.com"
    "sharedmailbox3@contoso.com"

    Import-CSV "C:\remove-fullaccess.csv" | ForEach {
    $Permissions = Get-MailboxPermission -Identity $_."MailboxID" | Where { ($_.IsInherited -eq $False) -and ($_.AccessRights -like "*FullAccess*") -and -not ($_.User -like "NT AUTHORITY\SELF") }
    ForEach ($PermObj in $Permissions) {
    if($PermObj.User -ne "User1@contoso.com" -and $PermObj.User -ne "User2@contoso.com") {
    Remove-MailboxPermission -Identity $_."MailboxID" -User $PermObj.User -AccessRight FullAccess -InheritanceType All -Confirm:$false
    Write-Host $_."MailboxID" ":" $PermObj.User -ForegroundColor Green
    } 
    }
    } 
    Wednesday, November 6, 2019 11:59 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 6, 2019 9:47 AM