Solved

Looking to remove the sendas permission for 1000's of users.

Posted on 2011-02-28
6
482 Views
Last Modified: 2012-05-11
We have a user that has the ability to sendas for everyone in our domain (don't ask why).  This user is changing departments and we need to take away her rights to sendas all users.  We prefer not to use the -deny option but rather to remove her access.  Any suggestions on how this can be accomplished through Powershell?

Thanks.
0
Comment
Question by:laverneuniv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:geieea
ID: 35002311
I think this will work:

Get-Mailbox | Remove-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) }
0
 
LVL 8

Expert Comment

by:pmorton23
ID: 35002320
how was the send as rights granted to all users for that one user. the easiest way to give someone send as rights is to allow that at the domain level or the user is in an exchange admin group. either way look at the domain permissions and check all exchange groups. remove user from those groups.
0
 
LVL 4

Expert Comment

by:geieea
ID: 35002352
No, something more like this:

Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) } | Select Identity, User, Deny | Export-CSV c:\send-As.csv

Then use the csv to run:

Remove-ADPermission -Identity userfromcsv -User JaneDoe -ExtendedRights "send as"
0
 

Accepted Solution

by:
laverneuniv earned 0 total points
ID: 35041064
We had some problems with your suggestion, but we got it work with this.  Perhaps I did something wrong on your suggestion.

# Add the Active Directory Management and Exchange Cmdlets into Powershell
#Add-PSSnapin Quest.ActiveRoles.ADManagement

$accts = Get-QADUser -SearchRoot "ou=users,ou=,dc=,dc=local" -SizeLimit 0
foreach($user in $accts){
      Remove-ADPermission -Identity $user.name -user "domain\user (the person whose permissions you want to remove" -ExtendedRights "send as" -confirm:$false | Out-Host
      
}
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35331153
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question