locked
shared mailbox permissions RRS feed

  • Question

  • Hi All

    Please do correct me with the syntaxes

    1.Add/Remove FullAccess to a user:

    Add-MailboxPermission -Identity "Shared Mailbox" -User user1@contoso.com -AccessRights FullAccess -InheritanceType All -AutoMapping $True
    Remove-MailboxPermission -Identity "Shared Mailbox" -User user1@contoso.com -AccessRights FullAccess


    2.Add/Remove Send As permission:

    Add-RecipientPermission "Shared Mailbox" -AccessRights SendAs -Trustee "user1@contoso.com"
    Remove-RecipientPermission "Shared Mailbox" -AccessRights SendAs -Trustee "user1@contoso.com"

    3. List users who has Full Access ad SendAs and export to csv file( i want to export display name,upn,alias and email address in output)

    Get-MailboxPermission SharedMailbox | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | export-csv c:\output.csv
    Get-AdPermission SharedMailbox |where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.ExtendedRights -eq "Send-As"} | export-csv c:\output.csv

    Wednesday, December 18, 2019 6:10 AM

Answers

  • Hi,

    1. Correct.

    2. Correct.

    3.1 Correct.

    3.2 Get-AdPermission is available only in on-premises Exchange. For Exchange online, you need to use Get-RecipientPermission 

    Get-RecipientPermission shared | where{$_.Trustee -ne "NT AUTHORITY\SELF" -and $_.AccessControlType -eq "Allow"}

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, December 19, 2019 6:14 AM
  • Hi,

    You can use this script which will help you to export shared mailbox permissions like full access, send as and send on behalf. Also, it supports more advanced filtering options to filter specific permissions.

    Export Shared Mailbox Permissions to CSV File

    The exported file contains Display Name, User Principal Name, Primary SMTP Address, Email Aliases, Delegated permission, and Delegates. 

    I hope this will help you.


    • Edited by Kathy Cooper Saturday, January 4, 2020 11:11 AM
    • Marked as answer by Risingflight Sunday, April 26, 2020 6:36 AM
    Saturday, January 4, 2020 11:09 AM

All replies

  • Please check this article: https://technethub.com/how-to-export-user-mailbox-permissions-shared-mailbox-permissions-and-calendar-folder-permissions-using-powershell-office365-exchange-online/

    Tweak the commands a bit, pipe it to Export-csv if needed to export it to a CSV file.


    Best Regards
    Jatin Makhija (Blog:technethub.com)

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered"Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    Wednesday, December 18, 2019 10:14 PM
  • Hi,

    1. Correct.

    2. Correct.

    3.1 Correct.

    3.2 Get-AdPermission is available only in on-premises Exchange. For Exchange online, you need to use Get-RecipientPermission 

    Get-RecipientPermission shared | where{$_.Trustee -ne "NT AUTHORITY\SELF" -and $_.AccessControlType -eq "Allow"}

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, December 19, 2019 6:14 AM
  • Hi,

    I am writing here to confirm with you how thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, December 23, 2019 8:28 AM
  • Hi,

    You can use this script which will help you to export shared mailbox permissions like full access, send as and send on behalf. Also, it supports more advanced filtering options to filter specific permissions.

    Export Shared Mailbox Permissions to CSV File

    The exported file contains Display Name, User Principal Name, Primary SMTP Address, Email Aliases, Delegated permission, and Delegates. 

    I hope this will help you.


    • Edited by Kathy Cooper Saturday, January 4, 2020 11:11 AM
    • Marked as answer by Risingflight Sunday, April 26, 2020 6:36 AM
    Saturday, January 4, 2020 11:09 AM
  • if i have shared mailboxes in text file, will the below syntax work.

    input.txt is in the below format

    sharedmailbox1@contoso.com
    sharedmailbox2@contoso.com
    shardmailbox3@contoso.com


    ./GetSharedMailboxPermissions.ps1 -FullAccess -MBNamesFile C:/input.txt 
    ./GetSharedMailboxPermissions.ps1 -SendAs -MBNamesFile C:/input.txt
    ./GetSharedMailboxPermissions.ps1 -SendonBehalf -MBNamesFile C:input.txt

    Monday, January 6, 2020 12:01 AM
  • Yes. It will work.

    If you want to list all permissions(for specific shared mailboxes) in single output file, you can run script as follows
    ./GetSharedMailboxPermissions.ps1 -MBNamesFile c:/inputfile.txt
    Monday, January 6, 2020 7:39 AM