Query Mailboxes with full delegate access Exchange 2003

Hi

I have been asked to provide a report of all users who have full delegate permissions assigned to their mailbox.  I am aware of running the ldifde query which will list all delegate access  based on the publicDelegate field in ADSIedit. This is not what I require as it lists all delegate rights (ie calendar rights etc not just full mailbox rights).  I need a query that will identify only users who have FULL delegate rights assigned to their mailbox (ie the full mailbox access permissions is ticked in  the Mailbox Rights tab) and who the users are that have these permissions .  I assume the best way of doing this is to run a query based on mailbox permissions, but not sure what tool or Exchange utility can do this.  Can anyone suggest an appropriate way of doing this, without requiring 3rd party tools.  We are running Exchange 2003 sp2 on Windows Server 2003 AD environment.
Thanks
LVL 1
Barnardos_2LSAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Alexander KireevConnect With a Mentor IT ArchitectCommented:
You can use Excel (as an XML table) for parse this XML file. It is not difficult.
You can't get needed information in more userfriendly format.
0
 
Alexander KireevIT ArchitectCommented:
Hello,

You can use a "ADModify.NET" for export all Mailbox Reights from each mailbox.

Download & run the "ADModify.NET" on "Modify Attribute" mode. Select domain, DC and OU. Then select example user and go to "mailbox Rights" tab. Check "Export Mailbox Rights" and "Go!".

In a folder with "ADModify.NET" will create xml file "mbxrights.xml".

Inside the XML file you need follow part "NotInherited":

- <NotInherited>
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_ASSOC_EXT_ACCT|Allowed" />
  <Entry Trustee="NT AUTHORITY\SELF" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_READ_PERMISSIONS|Allowed" />
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_DELETE_MB_STORAGE|Allowed" />
  </NotInherited>


Article: http://www.msexchange.org/articles-tutorials/exchange-server-2003/tools/ADModify-Change-Exchange-Specific-AD-User-Attributes.html
0
 
Barnardos_2LSAuthor Commented:
Thanks Chestor2.  I have tested this for one user and it does extract the relevant Mailbox rights to an xml file, and if I was running the report for a small number of users then this may be a work around, however I need to extract the information from over 7,000 mailboxes and therefore not being an expert on how to manipulate xlm files not sure if it would be possible to extract the key information from the created xlm file which I would imagine would be very large containing all Mailbox rights for over 7000 users.  I would therefore like to keep the post open for now and see if there is an easier query based solution which extracts only mb_full_access permissions for the relevant mailboxes.
0
 
Barnardos_2LSAuthor Commented:
Thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.