Solved

Exchange 2010 powershell

Posted on 2014-04-29
3
286 Views
Last Modified: 2014-04-30
How can I display a users access to other users items in exchange powershell. Example - it was reported that a user named Brian has access to other user's mailbox items. I want to run a report on the user Brian to see what he has access to besides his own mailbox items.

Thanks,
Brian
0
Comment
Question by:bbayachek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
Steven Harris earned 300 total points
ID: 40031071
You could use something along the lines of:

Get-Mailbox | Get-MailboxPermission | ?{($_.AccessRights -eq "FullAccess") -and ($_.User -like 'domainname\username') -and ($_.IsInherited -eq $false)} | ft Id* 

Open in new window


Replace "domainname\username" with that of the person in question.

This will query the user in question and retrieve a listing of mailboxes that the user has FullAccess permissions assigned.  Run on server...

Alternatively, another method is to run locally and query a particular server:

Get-Mailbox -Server “servername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “domainname\username”) }

Open in new window


Replacing "servername" and "domainname\username" respectively.
0
 
LVL 10

Expert Comment

by:Marshal Hubs
ID: 40031611
Microsoft Exchange Server 2010 provide the Get-MailboxPermission cmdlet that can be used to check the permissions granted on a mailbox to any user.

You need to run the following cmdlet to see what access Brian has besides his own mailbox items.

Get-MailboxPermission -Identity "User-Id" | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-CSV -NoTypeInformation C:\permissions.csv
0
 
LVL 4

Expert Comment

by:SEHC
ID: 40031982
I have used this command in the past and it worked for me.


Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv


this will be for everyone you will just need to clean it up in Excel.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question