Solved

Exchange 2010 powershell

Posted on 2014-04-29
3
285 Views
Last Modified: 2014-04-30
How can I display a users access to other users items in exchange powershell. Example - it was reported that a user named Brian has access to other user's mailbox items. I want to run a report on the user Brian to see what he has access to besides his own mailbox items.

Thanks,
Brian
0
Comment
Question by:bbayachek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
Steven Harris earned 300 total points
ID: 40031071
You could use something along the lines of:

Get-Mailbox | Get-MailboxPermission | ?{($_.AccessRights -eq "FullAccess") -and ($_.User -like 'domainname\username') -and ($_.IsInherited -eq $false)} | ft Id* 

Open in new window


Replace "domainname\username" with that of the person in question.

This will query the user in question and retrieve a listing of mailboxes that the user has FullAccess permissions assigned.  Run on server...

Alternatively, another method is to run locally and query a particular server:

Get-Mailbox -Server “servername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “domainname\username”) }

Open in new window


Replacing "servername" and "domainname\username" respectively.
0
 
LVL 9

Expert Comment

by:Marshal Hubs
ID: 40031611
Microsoft Exchange Server 2010 provide the Get-MailboxPermission cmdlet that can be used to check the permissions granted on a mailbox to any user.

You need to run the following cmdlet to see what access Brian has besides his own mailbox items.

Get-MailboxPermission -Identity "User-Id" | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-CSV -NoTypeInformation C:\permissions.csv
0
 
LVL 4

Expert Comment

by:SEHC
ID: 40031982
I have used this command in the past and it worked for me.


Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv


this will be for everyone you will just need to clean it up in Excel.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question