Exchange 2007 - How to determine what mailboxes a user has access permissions to
We currently use Exchange 2007 for our email system. One of the problems we are having is how to determine what other mailboxes a user has access to in Exchange. I know I can user the get-mailboxpermission command to see what access I have granted to that user but how to I reverse this so I can run a script that will show me the mailboxes that he has given himself access to or better yet other people that have given him proxy access to their mailbox.
Let me know if there is something I can do.
Capt.
Let me know if there is something I can do.
Capt.
ASKER
sandeep_narkhede,
I ran the command and it produced the result similar to that shown below. It does not tell me from the command what mailboxes "usera" has access proxy access to. Also, on a side note how to do expand the "identity" field so I can see the whole name in the filed instead of it cutting off the name at the end liek this "blah.bh/bhUser..."
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
blah.bh/bhUser... NT AUTHORITY\SELF {FullAccess, ReadPermission} False False
blah.bh/bhUser... blah\usera {FullAccess} False False
blah.bh/bhUser... blah\userb {FullAccess} True False
I ran the command and it produced the result similar to that shown below. It does not tell me from the command what mailboxes "usera" has access proxy access to. Also, on a side note how to do expand the "identity" field so I can see the whole name in the filed instead of it cutting off the name at the end liek this "blah.bh/bhUser..."
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
blah.bh/bhUser... NT AUTHORITY\SELF {FullAccess, ReadPermission} False False
blah.bh/bhUser... blah\usera {FullAccess} False False
blah.bh/bhUser... blah\userb {FullAccess} True False
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Refer blog from Amit, it should guide and help you: http://exchangeshare.wordp
Thanks
Nitin Gupta
Refer blog from Amit, it should guide and help you: http://exchangeshare.wordp
Thanks
Nitin Gupta
ASKER
Gupnit,
The URL you sent was good for showing all users that have "SendAs" but I still have some questions. I need to have the script modified so I can run it against a single user and determine if he has eitehr FULL, MODIFY or READ access to other users mailboxes. This is an HR thing that they want me to do but from the script I see there is no way to extract that information. I tried to send an email to Amit on thsi but have not received a response back.
Do you have any addtion help you can provide on this.
Thanks for your help.
Capt
The URL you sent was good for showing all users that have "SendAs" but I still have some questions. I need to have the script modified so I can run it against a single user and determine if he has eitehr FULL, MODIFY or READ access to other users mailboxes. This is an HR thing that they want me to do but from the script I see there is no way to extract that information. I tried to send an email to Amit on thsi but have not received a response back.
Do you have any addtion help you can provide on this.
Thanks for your help.
Capt
ASKER
Nitin,
I went to the web site that you directed me to in an earlier response and did not see what I needed. However, I emailed the web site owner, Amit and asked him my specific question. Her came back with the answer I needed. Thanks Nina for giving me direction.
Here is what Amit gave me.
Apologies for the late response, I was on vacation.
You can follow couple of below articles to search reverse Full Mailbox Access/Send-As permissions for a user on all mailboxes and similar way other permissions.
http://exchangepedia.com/blog/2008/02/how-to-list-mailboxes-with-full-mailbox.html
http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/
I went to the web site that you directed me to in an earlier response and did not see what I needed. However, I emailed the web site owner, Amit and asked him my specific question. Her came back with the answer I needed. Thanks Nina for giving me direction.
Here is what Amit gave me.
Apologies for the late response, I was on vacation.
You can follow couple of below articles to search reverse Full Mailbox Access/Send-As permissions for a user on all mailboxes and similar way other permissions.
http://exchangepedia.com/blog/2008/02/how-to-list-mailboxes-with-full-mailbox.html
http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/
run get-mailbox -server servername | get-mailboxpermission |ft
this will give hyou a tabular form of all the permissions for all the mailboxes on the server, you might need to import it to csv & do some filtering