[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 502
  • Last Modified:

Exchange 2007 - How to determine what mailboxes a user has access permissions to

We currently use Exchange 2007 for our email system.  One of the problems we are having is how to determine what other mailboxes a user has access to in Exchange.  I know I can user the get-mailboxpermission command to see what access I have granted to that user but how to I reverse this so I can run a script that will show me the mailboxes that he has given himself access to or better yet other people that have given him proxy access to their mailbox.  

Let me know if there is something I can do.

Capt.
0
capt_morgan
Asked:
capt_morgan
  • 3
  • 2
1 Solution
 
sandeep_narkhedeCommented:
at the top of my head I cannot think really innovative , however here's a direction

run get-mailbox -server servername | get-mailboxpermission |ft

this will give hyou a tabular form of all the permissions for all the mailboxes on the server, you might need to import it to csv & do some filtering
0
 
capt_morganAuthor Commented:
sandeep_narkhede,

I ran the command and it produced the result similar to that shown below.    It does not tell me from the command what mailboxes "usera" has access proxy access to.     Also, on a side note how to do expand the "identity" field so I can see the whole name in the filed instead of it cutting off the name at the end liek this "blah.bh/bhUser..."

Identity             User                 AccessRights                                                 IsInherited Deny
--------             ----                 ------------                                                              ----------- ----
blah.bh/bhUser... NT AUTHORITY\SELF    {FullAccess, ReadPermission}        False       False
blah.bh/bhUser... blah\usera     {FullAccess}                                                    False       False
blah.bh/bhUser... blah\userb     {FullAccess}                                                    True        False
0
 
sandeep_narkhedeCommented:
pipe the outout to Export-Csv C:\Export.csv file
0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
gupnitCommented:
Hi,
Refer blog from Amit, it should guide and help you: http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/
Thanks
Nitin Gupta
0
 
capt_morganAuthor Commented:
Gupnit,

The URL you sent was good  for showing all users that have "SendAs" but I still have some questions.   I need to have the script modified so I can run it against a single user and determine if he has eitehr FULL, MODIFY or READ access to other users mailboxes.   This is an HR thing that they want me to do but from the script I see there is no way to extract that information.   I tried to send an email to Amit on thsi but have not received a response back.    

Do you have any addtion help you can provide on this.

Thanks for your help.
Capt
0
 
capt_morganAuthor Commented:
Nitin,

I went to the web site that you directed me to in an earlier response and did not see what I needed.  However, I emailed the web site owner, Amit and asked him my specific question.  Her came back with the answer I needed.  Thanks Nina for giving me direction.  

Here is what Amit gave me.

Apologies for the late response, I was on vacation.

You can follow couple of below articles to search reverse Full Mailbox Access/Send-As permissions for a user on all mailboxes and similar way other permissions.
http://exchangepedia.com/blog/2008/02/how-to-list-mailboxes-with-full-mailbox.html
http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now