?
Solved

Generate a list of who has access to a mailbox

Posted on 2011-10-14
7
Medium Priority
?
473 Views
Last Modified: 2012-06-27
I'm trying to figure out a powershell script that will basically generate out a list of mailboxes from exchange that have Full Access and/or SendAs access being provided to other users or groups and to list what those users or groups are next to it, perhaps into HTML or Excel since something like this probably couldn't output to Grid or be readable in the shell?
I came across this and I don't think it's doing what it's doing this.

Get-Mailbox -Server “e12postcard” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) }

Open in new window


As you can see in the code, I believe the "e12postcard" is supposed to be the name of the Exchange server, correct? Found that snippet from http://exchangepedia.com/2008/02/how-to-list-mailboxes-with-full-mailbox-access-permission-assigned.html.
0
Comment
Question by:garryshape
  • 3
  • 2
  • 2
7 Comments
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 1000 total points
ID: 36972048
Hi,

Check the link below to find the list of mailboxes with send As permission

http://exchangeshare.wordpress.com/2008/09/01/how-to-find-all-mailboxes-with-send-as-permission-assigned/

Regards,
Prem
Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV test.csv

Open in new window

0
 
LVL 3

Assisted Solution

by:LindyS
LindyS earned 1000 total points
ID: 36972238
The problem with using where { ($_.AccessRights -eq “FullAccess”)}, is it will only show users with Full Access only. Not users that have any other combination of permissions like Full Access and Read Permissions.

This is what I use to get all non-inherited permissions on all mailboxes on the server. You can export to a csv, but I prefer the table format for this command.


Get-Mailbox -Server "e12postcard"  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.IsInherited -eq $false) } | where { ($_.User -notlike 'NT AUTHORITY\SELF') } | ft @{Name="Mailbox";expression={($_.Identity )}}, User,AccessRights -autosize | Out-File mailboxrights.txt -Width 375
0
 

Author Comment

by:garryshape
ID: 36976076
Does the -server switch have to be followed by the Exchange server name in quotes?
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 3

Expert Comment

by:LindyS
ID: 36976095
Yes, if you have multiple exchabge servers you need to run the command against each one.
Use the -append switch after the filename to put the output in the same file. Otherwise it will overwrite the file for each server.
There may be a way to run it against all servers at once, but I haven't figured it out yet.
0
 
LVL 3

Expert Comment

by:LindyS
ID: 36976147
Also, if you're going to append the file, it would be a good idea to remove the autosize switch.
The sizes may be different on each server and mess up the formatting when you open it in Excel.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 36977893
Hi,

If you are running the query in the exchange server than the -server switch not required, if you are using the EMS from the different server than you need to use the server switch.

Regards,
Prem
0
 

Author Closing Comment

by:garryshape
ID: 36980224
Thank you guys.
This is so helpful and useful!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Loops Section Overview
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question