Solved

Powershell Exchange Cmdlet Help

Posted on 2012-03-15
5
789 Views
Last Modified: 2012-03-19
I'm trying to run a PowerShell cmdlet that will tell me where a specific user (usera) has any kind of permission directly tied to a mailbox.

I'm trying to run the cmdlet below but it continues to fail. I want to find any mailbox where that user has ANY permission (Full Access, Delete Item, etc) and return it to a csv file.

Anyone know what I'm doing wrong?? Thanks!


[PS] C:\Windows\system32>Get-Mailbox -resultsize Unlimited | Get-MailboxPermission | where {$_.User -like "DOMAIN\usera"} | Export-Csv C:\Admin\usera.csv
0
Comment
Question by:brendan-amex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
suriyaehnop earned 167 total points
ID: 37727662
1st when you try the cmdlet:

Get-MailboxPermission name | Format-List

Open in new window


The result will look like this:

AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner
Deny            : False
InheritanceType : All
User            : domain\Enterprise Admins
Identity        : domain.com/User A
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

Try this:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where {$_.AccessRights -eq 'FullAccess'} | Format-Table User,Identity >C:\Filename.txt

Open in new window

0
 

Author Comment

by:brendan-amex
ID: 37727683
I only want it to show me where "usera"  has any kind of permissions on a mailbox, where can I add that in here? Also I want to output it to a CSV, so I assume just changing the txt to csv...
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 333 total points
ID: 37728145
Hi,
Try the below mentioned codes:

 Get-Mailbox -Server "<servername>"  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | ft @{Name="Identity";expression={($_.Identity -split "/")[-1]}}, User -AutoSize 

Open in new window


Get-Mailbox | Get-MailboxPermission | ?{($_.AccessRight 
s -eq "FullAccess") -and ($_.User -like 'DOMAIN\user') -and ($_.IsInherited -eq $false)} | ft Id* 

Open in new window



Refer:
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a9cd79ff-eda6-4527-af25-e50149e2242c/
http://forums.msexchange.org/m_1800520833/mpage_1/key_/tm.htm#1800520833
http://exchangepedia.com/2008/02/how-to-list-mailboxes-with-full-mailbox-access-permission-assigned.html

HTH

Regards,
Prem
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 333 total points
ID: 37728152
0
 

Author Closing Comment

by:brendan-amex
ID: 37739552
Thanks for your help guys. The command I ended up using is this one:

Get-MailboxPermission -ResultSize Unlimited -Identity * | where {$_.User -like "ACCOUNTS\brendan"} | Format-Table User,Identity >C:\Admin\117.txt
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question