[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

Looking to remove the sendas permission for 1000's of users.

We have a user that has the ability to sendas for everyone in our domain (don't ask why).  This user is changing departments and we need to take away her rights to sendas all users.  We prefer not to use the -deny option but rather to remove her access.  Any suggestions on how this can be accomplished through Powershell?

Thanks.
0
laverneuniv
Asked:
laverneuniv
1 Solution
 
geieeaCommented:
I think this will work:

Get-Mailbox | Remove-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) }
0
 
pmorton23Commented:
how was the send as rights granted to all users for that one user. the easiest way to give someone send as rights is to allow that at the domain level or the user is in an exchange admin group. either way look at the domain permissions and check all exchange groups. remove user from those groups.
0
 
geieeaCommented:
No, something more like this:

Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) } | Select Identity, User, Deny | Export-CSV c:\send-As.csv

Then use the csv to run:

Remove-ADPermission -Identity userfromcsv -User JaneDoe -ExtendedRights "send as"
0
 
laverneunivAuthor Commented:
We had some problems with your suggestion, but we got it work with this.  Perhaps I did something wrong on your suggestion.

# Add the Active Directory Management and Exchange Cmdlets into Powershell
#Add-PSSnapin Quest.ActiveRoles.ADManagement

$accts = Get-QADUser -SearchRoot "ou=users,ou=,dc=,dc=local" -SizeLimit 0
foreach($user in $accts){
      Remove-ADPermission -Identity $user.name -user "domain\user (the person whose permissions you want to remove" -ExtendedRights "send as" -confirm:$false | Out-Host
      
}
0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now