Solved

Looking to remove the sendas permission for 1000's of users.

Posted on 2011-02-28
6
473 Views
Last Modified: 2012-05-11
We have a user that has the ability to sendas for everyone in our domain (don't ask why).  This user is changing departments and we need to take away her rights to sendas all users.  We prefer not to use the -deny option but rather to remove her access.  Any suggestions on how this can be accomplished through Powershell?

Thanks.
0
Comment
Question by:laverneuniv
6 Comments
 
LVL 4

Expert Comment

by:geieea
Comment Utility
I think this will work:

Get-Mailbox | Remove-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) }
0
 
LVL 8

Expert Comment

by:pmorton23
Comment Utility
how was the send as rights granted to all users for that one user. the easiest way to give someone send as rights is to allow that at the domain level or the user is in an exchange admin group. either way look at the domain permissions and check all exchange groups. remove user from those groups.
0
 
LVL 4

Expert Comment

by:geieea
Comment Utility
No, something more like this:

Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) } | Select Identity, User, Deny | Export-CSV c:\send-As.csv

Then use the csv to run:

Remove-ADPermission -Identity userfromcsv -User JaneDoe -ExtendedRights "send as"
0
 

Accepted Solution

by:
laverneuniv earned 0 total points
Comment Utility
We had some problems with your suggestion, but we got it work with this.  Perhaps I did something wrong on your suggestion.

# Add the Active Directory Management and Exchange Cmdlets into Powershell
#Add-PSSnapin Quest.ActiveRoles.ADManagement

$accts = Get-QADUser -SearchRoot "ou=users,ou=,dc=,dc=local" -SizeLimit 0
foreach($user in $accts){
      Remove-ADPermission -Identity $user.name -user "domain\user (the person whose permissions you want to remove" -ExtendedRights "send as" -confirm:$false | Out-Host
      
}
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
A procedure for exporting installed hotfix details of remote computers using powershell
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now