none
Remove Full Access Permissions of one account from few random mailboxes powershell command

    Question

  • Hi,

    I am having an issue while auditing our exchange services. We have AD account which was previously used for email archiving solution and no more in use now. While checking randomly from EMC on users "Full access permission" i found that account having Full Mailbox Access permission.

    The first thing:-

    I don't know exactly on how many users that account have access, and for this I want a list of users on which that ID (ID for email archiving) have full access permission.

    After that

    2nd thing:-

    Any possibility to remove that ID ONLY from those specific mailboxes without removing the default permissions?


    Regards, Sarfraz Aslam



    Thursday, April 19, 2018 6:50 AM

Answers

  • Hi Sarfraz,

    Try the following commands:

    1.List all mailboxes to which a particular user has Full Access permissions

    Get-Mailbox -ResultSize Unlimited |Get-MailboxPermission -User "AD Account for Email archiving"

    2.Remove the permission:

    Get-Mailbox -ResultSize Unlimited |Get-MailboxPermission -User "AD Account for Email archiving" |Remove-MailboxPermission

    Hope this helps,


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Sarfraz Aslam Friday, April 20, 2018 3:56 AM
    Friday, April 20, 2018 3:09 AM
    Moderator
  • Hi Sarfraz,

    Try the following command:

    Get-Mailbox UserName |Get-mailboxPermission -User "Archiving ID" |Remove-mailboxpermission


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Sarfraz Aslam Friday, April 20, 2018 4:29 AM
    Friday, April 20, 2018 4:22 AM
    Moderator

All replies

  • Hi Sarfraz,

    Try the following commands:

    1.List all mailboxes to which a particular user has Full Access permissions

    Get-Mailbox -ResultSize Unlimited |Get-MailboxPermission -User "AD Account for Email archiving"

    2.Remove the permission:

    Get-Mailbox -ResultSize Unlimited |Get-MailboxPermission -User "AD Account for Email archiving" |Remove-MailboxPermission

    Hope this helps,


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Sarfraz Aslam Friday, April 20, 2018 3:56 AM
    Friday, April 20, 2018 3:09 AM
    Moderator
  • Thanks for your kind reply.

    I think this is the command i was looking for, unfortunately it does not show complete text in EMS console. Kindly let me know the command to export results in csv.

    Further, please let me know the remove permission command for individual ID as well, so that i can test it on one account prior before executing on the whole mailboxes.


    Regards, Sarfraz Aslam

    Friday, April 20, 2018 3:27 AM
  • Hi Sarfraz,

    Try the following command:

    Get-Mailbox UserName |Get-mailboxPermission -User "Archiving ID" |Remove-mailboxpermission


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Sarfraz Aslam Friday, April 20, 2018 4:29 AM
    Friday, April 20, 2018 4:22 AM
    Moderator
  • I have tried this command and worked;

    Remove-MailboxPermission -Identity "***" -User "Archiving ID" -AccessRights FullAccess -InheritanceType All

    Is it Okay as well?


    Regards, Sarfraz Aslam

    Friday, April 20, 2018 4:29 AM
  • It's Ok as well.

    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 20, 2018 6:06 AM
    Moderator
  • Thanks for your valuable support.

    Regards, Sarfraz Aslam

    Friday, April 20, 2018 6:23 AM