Solved

List all shared mailboxes with users have full access

Posted on 2014-01-16
18
25,540 Views
1 Endorsement
Last Modified: 2014-02-03
Hello,
I would like to list all shared mailboxes with users who have the full access to using PowerShell in both Exchange and Office 365. I keel searching but could not find the one I want.
Could you please give me some hint how to get it.
Thanks,
1
Comment
Question by:dongocdung
  • 9
  • 6
  • 2
  • +1
18 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 39786879
....something like this :

Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } -and {$_.RecipientTypeDetails -eq "SharedMailbox"}
0
 

Author Comment

by:dongocdung
ID: 39786960
I run that command and got this error

Where-Object : A parameter cannot be found that matches parameter name 'and'.
At line:1 char:191
+ Get-Mailbox -Server "myservername" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsI
nherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } -and <<<<  {$_.RecipientTypeDetails -eq "SharedMai
lbox"} | export-csv -path "c:\pst\mb.csv"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
0
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 100 total points
ID: 39787673
Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)  -and ($_.RecipientTypeDetails -eq "SharedMailbox") }

sorry, i can't test on any Exchange at this moment; i think it's was a problem with "{ }" :)
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 400 total points
ID: 39788206
Drop the -Server “youservername”, use this instead:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-user $_.user).userprincipalname}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788267
Moreau37: I run the command and export it to csv but the file csv is empty. I run command again without exporting and nothing returns.

k
m
Vasilcho:
I try to use the command that you recommend. it returns almost emplty.

c
0
 

Author Comment

by:dongocdung
ID: 39788297
Vasilcho: I know why because these mailboxes are regular mailboxes. I run that command again without specify the mailbox type and I got result. However, it did not show users who have full access to that mailbox. I also exported to csv but did not get anything I expected.
Thanks,

k
l
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788347
My example is using calculated fields to get the userprincipalname attribute, this one is suited for EO. Drop everything behind the last pipe (|) and work with that output (it will also be faster).
0
 

Author Comment

by:dongocdung
ID: 39788394
Do you have any idea to have Alias name in this list?

I have tried to use it in Exchange and Office 365 and it worked well on both. However, in office 365 powershell, I got the some strange numbers after the username
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788526
The problem is that the Get-mailboxpermissions cmdlet returns the delegate as "domain\account". This is why I was adding the calculated fields, to get something more useful. For the alias, add the following at the end:

ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited

Open in new window


So it should be:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788577
I run it before but could not get any user alias and it was empty field.

k
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788831
That's the old one, run the the one I gave in my previous post
0
 

Author Comment

by:dongocdung
ID: 39789007
it is the same.

p
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39789262
Pfft, OK, again this will work for EO only. For On-prem Exchange, you need this:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-mailbox $_.user.rawidentity).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39789307
Alias returns nothing in Exchange and users returns nothing in Office 365.
Thanks,

o
0
 

Author Comment

by:dongocdung
ID: 39789389
These mailboxes are not shared mailboxes. They are regular mailboxes which users have full access to.
0
 
LVL 40

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 400 total points
ID: 39789518
Doesnt make a difference. The above cmdlet works for me on 2013 box.. from time to time:

0
I have no idea why it works some time, and not the other. Probably some limitation of the one-liner. Storing the mailboxes in variable first seems to make a difference though, try like this:

$all = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$all | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-recipient $_.user.rawidentity).alias}}, AccessRights,IsInherited -AutoSize

Open in new window


Are you sure the delegates are actual mailboxes? I've changed it to use get-recipient instead, which should cover all cases.
0
 

Author Comment

by:dongocdung
ID: 39789593
same result ;(
I am sure that these mailboxes have users which has full access to.
I changed recipient type to UserMailbox
Thanks,


 opp
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816525
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out what the Office 365 disclaimer function is, why you would use it and its limited ability to create Office 365 signatures.
Read this checklist to learn more about the 15 things you should never include in an email signature.
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question