Solved

List all shared mailboxes with users have full access

Posted on 2014-01-16
18
24,830 Views
1 Endorsement
Last Modified: 2014-02-03
Hello,
I would like to list all shared mailboxes with users who have the full access to using PowerShell in both Exchange and Office 365. I keel searching but could not find the one I want.
Could you please give me some hint how to get it.
Thanks,
1
Comment
Question by:dongocdung
  • 9
  • 6
  • 2
  • +1
18 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 39786879
....something like this :

Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } -and {$_.RecipientTypeDetails -eq "SharedMailbox"}
0
 

Author Comment

by:dongocdung
ID: 39786960
I run that command and got this error

Where-Object : A parameter cannot be found that matches parameter name 'and'.
At line:1 char:191
+ Get-Mailbox -Server "myservername" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsI
nherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } -and <<<<  {$_.RecipientTypeDetails -eq "SharedMai
lbox"} | export-csv -path "c:\pst\mb.csv"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
0
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 100 total points
ID: 39787673
Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)  -and ($_.RecipientTypeDetails -eq "SharedMailbox") }

sorry, i can't test on any Exchange at this moment; i think it's was a problem with "{ }" :)
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 400 total points
ID: 39788206
Drop the -Server “youservername”, use this instead:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-user $_.user).userprincipalname}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788267
Moreau37: I run the command and export it to csv but the file csv is empty. I run command again without exporting and nothing returns.

k
m
Vasilcho:
I try to use the command that you recommend. it returns almost emplty.

c
0
 

Author Comment

by:dongocdung
ID: 39788297
Vasilcho: I know why because these mailboxes are regular mailboxes. I run that command again without specify the mailbox type and I got result. However, it did not show users who have full access to that mailbox. I also exported to csv but did not get anything I expected.
Thanks,

k
l
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788347
My example is using calculated fields to get the userprincipalname attribute, this one is suited for EO. Drop everything behind the last pipe (|) and work with that output (it will also be faster).
0
 

Author Comment

by:dongocdung
ID: 39788394
Do you have any idea to have Alias name in this list?

I have tried to use it in Exchange and Office 365 and it worked well on both. However, in office 365 powershell, I got the some strange numbers after the username
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788526
The problem is that the Get-mailboxpermissions cmdlet returns the delegate as "domain\account". This is why I was adding the calculated fields, to get something more useful. For the alias, add the following at the end:

ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited

Open in new window


So it should be:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788577
I run it before but could not get any user alias and it was empty field.

k
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39788831
That's the old one, run the the one I gave in my previous post
0
 

Author Comment

by:dongocdung
ID: 39789007
it is the same.

p
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39789262
Pfft, OK, again this will work for EO only. For On-prem Exchange, you need this:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-mailbox $_.user.rawidentity).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39789307
Alias returns nothing in Exchange and users returns nothing in Office 365.
Thanks,

o
0
 

Author Comment

by:dongocdung
ID: 39789389
These mailboxes are not shared mailboxes. They are regular mailboxes which users have full access to.
0
 
LVL 40

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 400 total points
ID: 39789518
Doesnt make a difference. The above cmdlet works for me on 2013 box.. from time to time:

0
I have no idea why it works some time, and not the other. Probably some limitation of the one-liner. Storing the mailboxes in variable first seems to make a difference though, try like this:

$all = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$all | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-recipient $_.user.rawidentity).alias}}, AccessRights,IsInherited -AutoSize

Open in new window


Are you sure the delegates are actual mailboxes? I've changed it to use get-recipient instead, which should cover all cases.
0
 

Author Comment

by:dongocdung
ID: 39789593
same result ;(
I am sure that these mailboxes have users which has full access to.
I changed recipient type to UserMailbox
Thanks,


 opp
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816525
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Office365 DirSync setup questions 4 33
Email Header Detail 12 55
Recycle MSExchnge powershell app Pool 2 17
Exchange 2010 and 2016 Coexistance 1 22
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Find out what you should include to make the best professional email signature for your organization.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question