?
Solved

List all shared mailboxes with users have full access

Posted on 2014-01-16
18
Medium Priority
?
28,871 Views
1 Endorsement
Last Modified: 2014-02-03
Hello,
I would like to list all shared mailboxes with users who have the full access to using PowerShell in both Exchange and Office 365. I keel searching but could not find the one I want.
Could you please give me some hint how to get it.
Thanks,
1
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 2
  • +1
18 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 39786879
....something like this :

Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } -and {$_.RecipientTypeDetails -eq "SharedMailbox"}
0
 

Author Comment

by:dongocdung
ID: 39786960
I run that command and got this error

Where-Object : A parameter cannot be found that matches parameter name 'and'.
At line:1 char:191
+ Get-Mailbox -Server "myservername" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsI
nherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } -and <<<<  {$_.RecipientTypeDetails -eq "SharedMai
lbox"} | export-csv -path "c:\pst\mb.csv"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
0
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 400 total points
ID: 39787673
Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)  -and ($_.RecipientTypeDetails -eq "SharedMailbox") }

sorry, i can't test on any Exchange at this moment; i think it's was a problem with "{ }" :)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 42

Accepted Solution

by:
Vasil Michev (MVP) earned 1600 total points
ID: 39788206
Drop the -Server “youservername”, use this instead:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-user $_.user).userprincipalname}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788267
Moreau37: I run the command and export it to csv but the file csv is empty. I run command again without exporting and nothing returns.

k
m
Vasilcho:
I try to use the command that you recommend. it returns almost emplty.

c
0
 

Author Comment

by:dongocdung
ID: 39788297
Vasilcho: I know why because these mailboxes are regular mailboxes. I run that command again without specify the mailbox type and I got result. However, it did not show users who have full access to that mailbox. I also exported to csv but did not get anything I expected.
Thanks,

k
l
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39788347
My example is using calculated fields to get the userprincipalname attribute, this one is suited for EO. Drop everything behind the last pipe (|) and work with that output (it will also be faster).
0
 

Author Comment

by:dongocdung
ID: 39788394
Do you have any idea to have Alias name in this list?

I have tried to use it in Exchange and Office 365 and it worked well on both. However, in office 365 powershell, I got the some strange numbers after the username
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39788526
The problem is that the Get-mailboxpermissions cmdlet returns the delegate as "domain\account". This is why I was adding the calculated fields, to get something more useful. For the alias, add the following at the end:

ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited

Open in new window


So it should be:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788577
I run it before but could not get any user alias and it was empty field.

k
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39788831
That's the old one, run the the one I gave in my previous post
0
 

Author Comment

by:dongocdung
ID: 39789007
it is the same.

p
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39789262
Pfft, OK, again this will work for EO only. For On-prem Exchange, you need this:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-mailbox $_.user.rawidentity).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39789307
Alias returns nothing in Exchange and users returns nothing in Office 365.
Thanks,

o
0
 

Author Comment

by:dongocdung
ID: 39789389
These mailboxes are not shared mailboxes. They are regular mailboxes which users have full access to.
0
 
LVL 42

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 1600 total points
ID: 39789518
Doesnt make a difference. The above cmdlet works for me on 2013 box.. from time to time:

0
I have no idea why it works some time, and not the other. Probably some limitation of the one-liner. Storing the mailboxes in variable first seems to make a difference though, try like this:

$all = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$all | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-recipient $_.user.rawidentity).alias}}, AccessRights,IsInherited -AutoSize

Open in new window


Are you sure the delegates are actual mailboxes? I've changed it to use get-recipient instead, which should cover all cases.
0
 

Author Comment

by:dongocdung
ID: 39789593
same result ;(
I am sure that these mailboxes have users which has full access to.
I changed recipient type to UserMailbox
Thanks,


 opp
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816525
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
New style of hardware planning for Microsoft Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question