Solved

List all shared mailboxes with users have full access

Posted on 2014-01-16
18
23,708 Views
1 Endorsement
Last Modified: 2014-02-03
Hello,
I would like to list all shared mailboxes with users who have the full access to using PowerShell in both Exchange and Office 365. I keel searching but could not find the one I want.
Could you please give me some hint how to get it.
Thanks,
1
Comment
Question by:dongocdung
  • 9
  • 6
  • 2
  • +1
18 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 39786879
....something like this :

Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } -and {$_.RecipientTypeDetails -eq "SharedMailbox"}
0
 

Author Comment

by:dongocdung
ID: 39786960
I run that command and got this error

Where-Object : A parameter cannot be found that matches parameter name 'and'.
At line:1 char:191
+ Get-Mailbox -Server "myservername" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsI
nherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } -and <<<<  {$_.RecipientTypeDetails -eq "SharedMai
lbox"} | export-csv -path "c:\pst\mb.csv"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
0
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 100 total points
ID: 39787673
Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)  -and ($_.RecipientTypeDetails -eq "SharedMailbox") }

sorry, i can't test on any Exchange at this moment; i think it's was a problem with "{ }" :)
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 400 total points
ID: 39788206
Drop the -Server “youservername”, use this instead:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-user $_.user).userprincipalname}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788267
Moreau37: I run the command and export it to csv but the file csv is empty. I run command again without exporting and nothing returns.

k
m
Vasilcho:
I try to use the command that you recommend. it returns almost emplty.

c
0
 

Author Comment

by:dongocdung
ID: 39788297
Vasilcho: I know why because these mailboxes are regular mailboxes. I run that command again without specify the mailbox type and I got result. However, it did not show users who have full access to that mailbox. I also exported to csv but did not get anything I expected.
Thanks,

k
l
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39788347
My example is using calculated fields to get the userprincipalname attribute, this one is suited for EO. Drop everything behind the last pipe (|) and work with that output (it will also be faster).
0
 

Author Comment

by:dongocdung
ID: 39788394
Do you have any idea to have Alias name in this list?

I have tried to use it in Exchange and Office 365 and it worked well on both. However, in office 365 powershell, I got the some strange numbers after the username
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39788526
The problem is that the Get-mailboxpermissions cmdlet returns the delegate as "domain\account". This is why I was adding the calculated fields, to get something more useful. For the alias, add the following at the end:

ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited

Open in new window


So it should be:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:dongocdung
ID: 39788577
I run it before but could not get any user alias and it was empty field.

k
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39788831
That's the old one, run the the one I gave in my previous post
0
 

Author Comment

by:dongocdung
ID: 39789007
it is the same.

p
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39789262
Pfft, OK, again this will work for EO only. For On-prem Exchange, you need this:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-mailbox $_.user.rawidentity).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39789307
Alias returns nothing in Exchange and users returns nothing in Office 365.
Thanks,

o
0
 

Author Comment

by:dongocdung
ID: 39789389
These mailboxes are not shared mailboxes. They are regular mailboxes which users have full access to.
0
 
LVL 39

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 400 total points
ID: 39789518
Doesnt make a difference. The above cmdlet works for me on 2013 box.. from time to time:

0
I have no idea why it works some time, and not the other. Probably some limitation of the one-liner. Storing the mailboxes in variable first seems to make a difference though, try like this:

$all = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$all | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-recipient $_.user.rawidentity).alias}}, AccessRights,IsInherited -AutoSize

Open in new window


Are you sure the delegates are actual mailboxes? I've changed it to use get-recipient instead, which should cover all cases.
0
 

Author Comment

by:dongocdung
ID: 39789593
same result ;(
I am sure that these mailboxes have users which has full access to.
I changed recipient type to UserMailbox
Thanks,


 opp
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816525
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Updating Exchange Virtual Directory. 4 26
Changing Print Orientation in Outlook 5 21
Exchange 2013 not searching 9 35
Change reply to address in Office 365 3 20
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …
how to add IIS SMTP to handle application/Scanner relays into office 365.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now