Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

Query Mailboxes with full delegate access Exchange 2003

Hi

I have been asked to provide a report of all users who have full delegate permissions assigned to their mailbox.  I am aware of running the ldifde query which will list all delegate access  based on the publicDelegate field in ADSIedit. This is not what I require as it lists all delegate rights (ie calendar rights etc not just full mailbox rights).  I need a query that will identify only users who have FULL delegate rights assigned to their mailbox (ie the full mailbox access permissions is ticked in  the Mailbox Rights tab) and who the users are that have these permissions .  I assume the best way of doing this is to run a query based on mailbox permissions, but not sure what tool or Exchange utility can do this.  Can anyone suggest an appropriate way of doing this, without requiring 3rd party tools.  We are running Exchange 2003 sp2 on Windows Server 2003 AD environment.
Thanks
0
Barnardos_2LS
Asked:
Barnardos_2LS
  • 2
  • 2
1 Solution
 
Alexander KireevIT ArchitectCommented:
Hello,

You can use a "ADModify.NET" for export all Mailbox Reights from each mailbox.

Download & run the "ADModify.NET" on "Modify Attribute" mode. Select domain, DC and OU. Then select example user and go to "mailbox Rights" tab. Check "Export Mailbox Rights" and "Go!".

In a folder with "ADModify.NET" will create xml file "mbxrights.xml".

Inside the XML file you need follow part "NotInherited":

- <NotInherited>
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_ASSOC_EXT_ACCT|Allowed" />
  <Entry Trustee="NT AUTHORITY\SELF" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_READ_PERMISSIONS|Allowed" />
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_DELETE_MB_STORAGE|Allowed" />
  </NotInherited>


Article: http://www.msexchange.org/articles-tutorials/exchange-server-2003/tools/ADModify-Change-Exchange-Specific-AD-User-Attributes.html
0
 
Barnardos_2LSAuthor Commented:
Thanks Chestor2.  I have tested this for one user and it does extract the relevant Mailbox rights to an xml file, and if I was running the report for a small number of users then this may be a work around, however I need to extract the information from over 7,000 mailboxes and therefore not being an expert on how to manipulate xlm files not sure if it would be possible to extract the key information from the created xlm file which I would imagine would be very large containing all Mailbox rights for over 7000 users.  I would therefore like to keep the post open for now and see if there is an easier query based solution which extracts only mb_full_access permissions for the relevant mailboxes.
0
 
Alexander KireevIT ArchitectCommented:
You can use Excel (as an XML table) for parse this XML file. It is not difficult.
You can't get needed information in more userfriendly format.
0
 
Barnardos_2LSAuthor Commented:
Thanks for your help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now