Solved

List all shared mailboxes with users have full access

Posted on 2014-01-16
18
22,754 Views
1 Endorsement
Last Modified: 2014-02-03
Hello,
I would like to list all shared mailboxes with users who have the full access to using PowerShell in both Exchange and Office 365. I keel searching but could not find the one I want.
Could you please give me some hint how to get it.
Thanks,
1
Comment
Question by:dongocdung
  • 9
  • 6
  • 2
  • +1
18 Comments
 
LVL 9

Expert Comment

by:Benjamin MOREAU
ID: 39786879
....something like this :

Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } -and {$_.RecipientTypeDetails -eq "SharedMailbox"}
0
 

Author Comment

by:dongocdung
ID: 39786960
I run that command and got this error

Where-Object : A parameter cannot be found that matches parameter name 'and'.
At line:1 char:191
+ Get-Mailbox -Server "myservername" | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsI
nherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } -and <<<<  {$_.RecipientTypeDetails -eq "SharedMai
lbox"} | export-csv -path "c:\pst\mb.csv"
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
0
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 100 total points
ID: 39787673
Get-Mailbox -Server “youservername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)  -and ($_.RecipientTypeDetails -eq "SharedMailbox") }

sorry, i can't test on any Exchange at this moment; i think it's was a problem with "{ }" :)
0
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 400 total points
ID: 39788206
Drop the -Server “youservername”, use this instead:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-user $_.user).userprincipalname}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39788267
Moreau37: I run the command and export it to csv but the file csv is empty. I run command again without exporting and nothing returns.

k
m
Vasilcho:
I try to use the command that you recommend. it returns almost emplty.

c
0
 

Author Comment

by:dongocdung
ID: 39788297
Vasilcho: I know why because these mailboxes are regular mailboxes. I run that command again without specify the mailbox type and I got result. However, it did not show users who have full access to that mailbox. I also exported to csv but did not get anything I expected.
Thanks,

k
l
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 39788347
My example is using calculated fields to get the userprincipalname attribute, this one is suited for EO. Drop everything behind the last pipe (|) and work with that output (it will also be faster).
0
 

Author Comment

by:dongocdung
ID: 39788394
Do you have any idea to have Alias name in this list?

I have tried to use it in Exchange and Office 365 and it worked well on both. However, in office 365 powershell, I got the some strange numbers after the username
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 39788526
The problem is that the Get-mailboxpermissions cmdlet returns the delegate as "domain\account". This is why I was adding the calculated fields, to get something more useful. For the alias, add the following at the end:

ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited

Open in new window


So it should be:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="User";e={(get-mailbox $_.user).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:dongocdung
ID: 39788577
I run it before but could not get any user alias and it was empty field.

k
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 39788831
That's the old one, run the the one I gave in my previous post
0
 

Author Comment

by:dongocdung
ID: 39789007
it is the same.

p
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 39789262
Pfft, OK, again this will work for EO only. For On-prem Exchange, you need this:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-mailbox $_.user.rawidentity).alias}},AccessRights,IsInherited -AutoSize

Open in new window

0
 

Author Comment

by:dongocdung
ID: 39789307
Alias returns nothing in Exchange and users returns nothing in Office 365.
Thanks,

o
0
 

Author Comment

by:dongocdung
ID: 39789389
These mailboxes are not shared mailboxes. They are regular mailboxes which users have full access to.
0
 
LVL 38

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 400 total points
ID: 39789518
Doesnt make a difference. The above cmdlet works for me on 2013 box.. from time to time:

0
I have no idea why it works some time, and not the other. Probably some limitation of the one-liner. Storing the mailboxes in variable first seems to make a difference though, try like this:

$all = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$all | Get-MailboxPermission | ? {$_.User -ne "NT AUTHORITY\SELF" -and $_.IsInherited -ne $true -and $_.user -notlike "S-1-5-*" -and $_.AccessRights -eq "FullAccess"} | ft Identity,@{n="Alias";e={(get-recipient $_.user.rawidentity).alias}}, AccessRights,IsInherited -AutoSize

Open in new window


Are you sure the delegates are actual mailboxes? I've changed it to use get-recipient instead, which should cover all cases.
0
 

Author Comment

by:dongocdung
ID: 39789593
same result ;(
I am sure that these mailboxes have users which has full access to.
I changed recipient type to UserMailbox
Thanks,


 opp
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816525
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

If you don't know how to downgrade, my instructions below should be helpful.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now