Exchange 2007 - How to determine what mailboxes a user has access permissions to

Posted on 2009-02-10
Last Modified: 2012-05-06
We currently use Exchange 2007 for our email system.  One of the problems we are having is how to determine what other mailboxes a user has access to in Exchange.  I know I can user the get-mailboxpermission command to see what access I have granted to that user but how to I reverse this so I can run a script that will show me the mailboxes that he has given himself access to or better yet other people that have given him proxy access to their mailbox.  

Let me know if there is something I can do.

Question by:capt_morgan
    LVL 11

    Expert Comment

    at the top of my head I cannot think really innovative , however here's a direction

    run get-mailbox -server servername | get-mailboxpermission |ft

    this will give hyou a tabular form of all the permissions for all the mailboxes on the server, you might need to import it to csv & do some filtering

    Author Comment


    I ran the command and it produced the result similar to that shown below.    It does not tell me from the command what mailboxes "usera" has access proxy access to.     Also, on a side note how to do expand the "identity" field so I can see the whole name in the filed instead of it cutting off the name at the end liek this ""

    Identity             User                 AccessRights                                                 IsInherited Deny
    --------             ----                 ------------                                                              ----------- ---- NT AUTHORITY\SELF    {FullAccess, ReadPermission}        False       False blah\usera     {FullAccess}                                                    False       False blah\userb     {FullAccess}                                                    True        False
    LVL 11

    Accepted Solution

    pipe the outout to Export-Csv C:\Export.csv file
    LVL 32

    Expert Comment

    Refer blog from Amit, it should guide and help you:
    Nitin Gupta

    Author Comment


    The URL you sent was good  for showing all users that have "SendAs" but I still have some questions.   I need to have the script modified so I can run it against a single user and determine if he has eitehr FULL, MODIFY or READ access to other users mailboxes.   This is an HR thing that they want me to do but from the script I see there is no way to extract that information.   I tried to send an email to Amit on thsi but have not received a response back.    

    Do you have any addtion help you can provide on this.

    Thanks for your help.

    Author Comment


    I went to the web site that you directed me to in an earlier response and did not see what I needed.  However, I emailed the web site owner, Amit and asked him my specific question.  Her came back with the answer I needed.  Thanks Nina for giving me direction.  

    Here is what Amit gave me.

    Apologies for the late response, I was on vacation.

    You can follow couple of below articles to search reverse Full Mailbox Access/Send-As permissions for a user on all mailboxes and similar way other permissions.

    Featured Post

    Do email signature updates give you a headache?

    Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

    Join & Write a Comment

    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Outlook Free & Paid Tools
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now