Solved

Looking to remove the sendas permission for 1000's of users.

Posted on 2011-02-28
6
480 Views
Last Modified: 2012-05-11
We have a user that has the ability to sendas for everyone in our domain (don't ask why).  This user is changing departments and we need to take away her rights to sendas all users.  We prefer not to use the -deny option but rather to remove her access.  Any suggestions on how this can be accomplished through Powershell?

Thanks.
0
Comment
Question by:laverneuniv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:geieea
ID: 35002311
I think this will work:

Get-Mailbox | Remove-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) }
0
 
LVL 8

Expert Comment

by:pmorton23
ID: 35002320
how was the send as rights granted to all users for that one user. the easiest way to give someone send as rights is to allow that at the domain level or the user is in an exchange admin group. either way look at the domain permissions and check all exchange groups. remove user from those groups.
0
 
LVL 4

Expert Comment

by:geieea
ID: 35002352
No, something more like this:

Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and ($_.User -like “JaneDoe”) } | Select Identity, User, Deny | Export-CSV c:\send-As.csv

Then use the csv to run:

Remove-ADPermission -Identity userfromcsv -User JaneDoe -ExtendedRights "send as"
0
 

Accepted Solution

by:
laverneuniv earned 0 total points
ID: 35041064
We had some problems with your suggestion, but we got it work with this.  Perhaps I did something wrong on your suggestion.

# Add the Active Directory Management and Exchange Cmdlets into Powershell
#Add-PSSnapin Quest.ActiveRoles.ADManagement

$accts = Get-QADUser -SearchRoot "ou=users,ou=,dc=,dc=local" -SizeLimit 0
foreach($user in $accts){
      Remove-ADPermission -Identity $user.name -user "domain\user (the person whose permissions you want to remove" -ExtendedRights "send as" -confirm:$false | Out-Host
      
}
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35331153
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question