Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Generate a list of mailboxes a specific person has any access to

Posted on 2011-10-17
5
Medium Priority
?
322 Views
Last Modified: 2012-05-12
I've got some scripts for Exchange PowerShell but was actually wondering if it's possible to list any permission (Full Access or Send As) that a specific user or group has access to?

I have these scripts for generating lists in general:

How to generate a list of who has access to a mailbox (author: LindyS):
Get-Mailbox -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.IsInherited -eq $false) } | where { ($_.User -notlike 'NT AUTHORITY\SELF') } | ft @{Name="Mailbox";expression={($_.Identity )}}, User,AccessRights -autosize | Out-File mailboxrights.txt -Width 375

Open in new window


Generate a list of mailboxes with Send As permission (Author: premglitz):
Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV test.csv

Open in new window

0
Comment
Question by:garryshape
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Mahmoud Sabry
ID: 36980724
use this command

get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
0
 
LVL 12

Expert Comment

by:Mahmoud Sabry
ID: 36980733
and for send as

Get-Mailbox | ?{ $_.GrantSendOnBehalfto -ne ""} | fl name,GrantSendOnBehalfto
0
 

Author Comment

by:garryshape
ID: 36980816
Does that ask for input or do you specify the mailbox you're querying when putting in the command?
0
 
LVL 12

Accepted Solution

by:
Mahmoud Sabry earned 2000 total points
ID: 36980924
this give you report with all mailboxes in the domain

if your mailboxes larger than 1000 mailbox, then u need to add -resultsize 500000 after Get-Mailbox
0
 

Author Comment

by:garryshape
ID: 36980964
Ah ok, do you think it's possible though to run the script to check against one particular user/group mailbox?
So say I don't want a whole list of the company, but instead just a report for permissions that "JSmith@domain.com" or group "ADSecurityGroup" has access to, anyway to run with those terms?
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question