Solved

Powershell Exchange Cmdlet Help

Posted on 2012-03-15
5
795 Views
Last Modified: 2012-03-19
I'm trying to run a PowerShell cmdlet that will tell me where a specific user (usera) has any kind of permission directly tied to a mailbox.

I'm trying to run the cmdlet below but it continues to fail. I want to find any mailbox where that user has ANY permission (Full Access, Delete Item, etc) and return it to a csv file.

Anyone know what I'm doing wrong?? Thanks!


[PS] C:\Windows\system32>Get-Mailbox -resultsize Unlimited | Get-MailboxPermission | where {$_.User -like "DOMAIN\usera"} | Export-Csv C:\Admin\usera.csv
0
Comment
Question by:brendan-amex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
suriyaehnop earned 167 total points
ID: 37727662
1st when you try the cmdlet:

Get-MailboxPermission name | Format-List

Open in new window


The result will look like this:

AccessRights    : {FullAccess, DeleteItem, ReadPermission, ChangePermission, ChangeOwner
Deny            : False
InheritanceType : All
User            : domain\Enterprise Admins
Identity        : domain.com/User A
IsInherited     : True
IsValid         : True
ObjectState     : Unchanged

Try this:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | where {$_.AccessRights -eq 'FullAccess'} | Format-Table User,Identity >C:\Filename.txt

Open in new window

0
 

Author Comment

by:brendan-amex
ID: 37727683
I only want it to show me where "usera"  has any kind of permissions on a mailbox, where can I add that in here? Also I want to output it to a CSV, so I assume just changing the txt to csv...
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 333 total points
ID: 37728145
Hi,
Try the below mentioned codes:

 Get-Mailbox -Server "<servername>"  -resultsize "Unlimited" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | ft @{Name="Identity";expression={($_.Identity -split "/")[-1]}}, User -AutoSize 

Open in new window


Get-Mailbox | Get-MailboxPermission | ?{($_.AccessRight 
s -eq "FullAccess") -and ($_.User -like 'DOMAIN\user') -and ($_.IsInherited -eq $false)} | ft Id* 

Open in new window



Refer:
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/a9cd79ff-eda6-4527-af25-e50149e2242c/
http://forums.msexchange.org/m_1800520833/mpage_1/key_/tm.htm#1800520833
http://exchangepedia.com/2008/02/how-to-list-mailboxes-with-full-mailbox-access-permission-assigned.html

HTH

Regards,
Prem
0
 
LVL 17

Assisted Solution

by:Premkumar Yogeswaran
Premkumar Yogeswaran earned 333 total points
ID: 37728152
0
 

Author Closing Comment

by:brendan-amex
ID: 37739552
Thanks for your help guys. The command I ended up using is this one:

Get-MailboxPermission -ResultSize Unlimited -Identity * | where {$_.User -like "ACCOUNTS\brendan"} | Format-Table User,Identity >C:\Admin\117.txt
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question