Generate a list of who has access to a mailbox

I'm trying to figure out a powershell script that will basically generate out a list of mailboxes from exchange that have Full Access and/or SendAs access being provided to other users or groups and to list what those users or groups are next to it, perhaps into HTML or Excel since something like this probably couldn't output to Grid or be readable in the shell?
I came across this and I don't think it's doing what it's doing this.

Get-Mailbox -Server “e12postcard” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) }

Open in new window


As you can see in the code, I believe the "e12postcard" is supposed to be the name of the Exchange server, correct? Found that snippet from http://exchangepedia.com/2008/02/how-to-list-mailboxes-with-full-mailbox-access-permission-assigned.html.
garryshapeAsked:
Who is Participating?
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
Hi,

Check the link below to find the list of mailboxes with send As permission

http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/

Regards,
Prem
Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV test.csv

Open in new window

0
 
LindySCommented:
The problem with using where { ($_.AccessRights -eq “FullAccess”)}, is it will only show users with Full Access only. Not users that have any other combination of permissions like Full Access and Read Permissions.

This is what I use to get all non-inherited permissions on all mailboxes on the server. You can export to a csv, but I prefer the table format for this command.


Get-Mailbox -Server "e12postcard"  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.IsInherited -eq $false) } | where { ($_.User -notlike 'NT AUTHORITY\SELF') } | ft @{Name="Mailbox";expression={($_.Identity )}}, User,AccessRights -autosize | Out-File mailboxrights.txt -Width 375
0
 
garryshapeAuthor Commented:
Does the -server switch have to be followed by the Exchange server name in quotes?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LindySCommented:
Yes, if you have multiple exchabge servers you need to run the command against each one.
Use the -append switch after the filename to put the output in the same file. Otherwise it will overwrite the file for each server.
There may be a way to run it against all servers at once, but I haven't figured it out yet.
0
 
LindySCommented:
Also, if you're going to append the file, it would be a good idea to remove the autosize switch.
The sizes may be different on each server and mess up the formatting when you open it in Excel.
0
 
Premkumar YogeswaranAnalyst II - System AdministratorCommented:
Hi,

If you are running the query in the exchange server than the -server switch not required, if you are using the EMS from the different server than you need to use the server switch.

Regards,
Prem
0
 
garryshapeAuthor Commented:
Thank you guys.
This is so helpful and useful!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.