locked
Creating list of mailbox permissions with Get-mailboxpermission cmd RRS feed

  • Question

  • Hello All,
    I would like to know if there is a way to export all users who have full mailbox permssions, or send as permissions to specific mailboxes.  Basically, our company has many executive assistants that have full access to their bosses email accounts.  I'd like to get a list of who has access to what, in a format such as -
    User  | Mailbox Access Rights
    user1 | Full access for user4
    I've tried the following script which gives some info, but not exactly what im looking for:

    get-mailbox -resultsize unlimited | foreach {get-mailboxpermission $_.displayname} | select identity,accessrights | Export-Csv c:\permissions.csv

    Any help would be appreciated.
    Wednesday, November 18, 2009 3:21 PM

Answers

  • Hi
     
     For getting full Access rights  for all users use this one-liner 


    get-mailbox -resultsize unlimited | foreach {get-mailboxPermission $_.Identity |Where {$_.AccessRights -like '*FullAccess*'}} | select User, identity,accessrights | Export-Csv c:\permissions.csv

    Here the output will mean that User has AccessRights on Identity.

    Regards,

    Laeeq Qazi|Snr Software Engineer(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    • Proposed as answer by Laeeq Qazi Friday, November 20, 2009 11:02 AM
    • Marked as answer by Mike Shen Friday, November 27, 2009 8:39 AM
    Friday, November 20, 2009 10:48 AM
  • for Send As

    Get-Mailbox -ResultSize unlimited | Get-ADPermissions | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORIT\SELF" -and $_.Deny -eq $false} | ft Identity,User,IsInherited -AutoSize

    For Maibox Access Right

    Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "*fullaccess*") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authority\self*") }


    See below

    http://www.howexchangeworks.com/2009/07/exchange-shell-finding-mailboxes-with.html
    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    • Proposed as answer by Mike Shen Monday, November 23, 2009 6:29 AM
    • Marked as answer by Mike Shen Friday, November 27, 2009 8:39 AM
    Friday, November 20, 2009 11:33 AM

All replies

  • Hi
     
     For getting full Access rights  for all users use this one-liner 


    get-mailbox -resultsize unlimited | foreach {get-mailboxPermission $_.Identity |Where {$_.AccessRights -like '*FullAccess*'}} | select User, identity,accessrights | Export-Csv c:\permissions.csv

    Here the output will mean that User has AccessRights on Identity.

    Regards,

    Laeeq Qazi|Snr Software Engineer(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    • Proposed as answer by Laeeq Qazi Friday, November 20, 2009 11:02 AM
    • Marked as answer by Mike Shen Friday, November 27, 2009 8:39 AM
    Friday, November 20, 2009 10:48 AM
  • for Send As

    Get-Mailbox -ResultSize unlimited | Get-ADPermissions | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORIT\SELF" -and $_.Deny -eq $false} | ft Identity,User,IsInherited -AutoSize

    For Maibox Access Right

    Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "*fullaccess*") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authority\self*") }


    See below

    http://www.howexchangeworks.com/2009/07/exchange-shell-finding-mailboxes-with.html
    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    • Proposed as answer by Mike Shen Monday, November 23, 2009 6:29 AM
    • Marked as answer by Mike Shen Friday, November 27, 2009 8:39 AM
    Friday, November 20, 2009 11:33 AM
  • Hi,

    When i ran below Get-Mailboxpermission command it gives SendAs permissions as well. Still do we have to run Get-AdPermission to get the SendAs.

    Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation perm.csv

    Friday, September 30, 2016 7:30 AM