Garry Shape
asked on
Generate a list of mailboxes a specific person has any access to
I've got some scripts for Exchange PowerShell but was actually wondering if it's possible to list any permission (Full Access or Send As) that a specific user or group has access to?
I have these scripts for generating lists in general:
How to generate a list of who has access to a mailbox (author: LindyS):
Generate a list of mailboxes with Send As permission (Author: premglitz):
I have these scripts for generating lists in general:
How to generate a list of who has access to a mailbox (author: LindyS):
Get-Mailbox -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.IsInherited -eq $false) } | where { ($_.User -notlike 'NT AUTHORITY\SELF') } | ft @{Name="Mailbox";expression={($_.Identity )}}, User,AccessRights -autosize | Out-File mailboxrights.txt -Width 375
Generate a list of mailboxes with Send As permission (Author: premglitz):
Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV test.csv
and for send as
Get-Mailbox | ?{ $_.GrantSendOnBehalfto -ne ""} | fl name,GrantSendOnBehalfto
Get-Mailbox | ?{ $_.GrantSendOnBehalfto -ne ""} | fl name,GrantSendOnBehalfto
ASKER
Does that ask for input or do you specify the mailbox you're querying when putting in the command?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah ok, do you think it's possible though to run the script to check against one particular user/group mailbox?
So say I don't want a whole list of the company, but instead just a report for permissions that "JSmith@domain.com" or group "ADSecurityGroup" has access to, anyway to run with those terms?
So say I don't want a whole list of the company, but instead just a report for permissions that "JSmith@domain.com" or group "ADSecurityGroup" has access to, anyway to run with those terms?
get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights