Solved

Query Mailboxes with full delegate access Exchange 2003

Posted on 2013-06-03
4
653 Views
Last Modified: 2013-09-01
Hi

I have been asked to provide a report of all users who have full delegate permissions assigned to their mailbox.  I am aware of running the ldifde query which will list all delegate access  based on the publicDelegate field in ADSIedit. This is not what I require as it lists all delegate rights (ie calendar rights etc not just full mailbox rights).  I need a query that will identify only users who have FULL delegate rights assigned to their mailbox (ie the full mailbox access permissions is ticked in  the Mailbox Rights tab) and who the users are that have these permissions .  I assume the best way of doing this is to run a query based on mailbox permissions, but not sure what tool or Exchange utility can do this.  Can anyone suggest an appropriate way of doing this, without requiring 3rd party tools.  We are running Exchange 2003 sp2 on Windows Server 2003 AD environment.
Thanks
0
Comment
Question by:Barnardos_2LS
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:Alexander Kireev
ID: 39218275
Hello,

You can use a "ADModify.NET" for export all Mailbox Reights from each mailbox.

Download & run the "ADModify.NET" on "Modify Attribute" mode. Select domain, DC and OU. Then select example user and go to "mailbox Rights" tab. Check "Export Mailbox Rights" and "Go!".

In a folder with "ADModify.NET" will create xml file "mbxrights.xml".

Inside the XML file you need follow part "NotInherited":

- <NotInherited>
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_ASSOC_EXT_ACCT|Allowed" />
  <Entry Trustee="NT AUTHORITY\SELF" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_READ_PERMISSIONS|Allowed" />
  <Entry Trustee="XXX\XXX" Mask="ACE_MB_FULL_ACCESS|Allowed ACE_MB_DELETE_MB_STORAGE|Allowed" />
  </NotInherited>


Article: http://www.msexchange.org/articles-tutorials/exchange-server-2003/tools/ADModify-Change-Exchange-Specific-AD-User-Attributes.html
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 39218439
Thanks Chestor2.  I have tested this for one user and it does extract the relevant Mailbox rights to an xml file, and if I was running the report for a small number of users then this may be a work around, however I need to extract the information from over 7,000 mailboxes and therefore not being an expert on how to manipulate xlm files not sure if it would be possible to extract the key information from the created xlm file which I would imagine would be very large containing all Mailbox rights for over 7000 users.  I would therefore like to keep the post open for now and see if there is an easier query based solution which extracts only mb_full_access permissions for the relevant mailboxes.
0
 
LVL 4

Accepted Solution

by:
Alexander Kireev earned 500 total points
ID: 39218460
You can use Excel (as an XML table) for parse this XML file. It is not difficult.
You can't get needed information in more userfriendly format.
0
 
LVL 1

Author Closing Comment

by:Barnardos_2LS
ID: 39456859
Thanks for your help.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now