Solved

Exchange 2010 powershell

Posted on 2014-04-29
3
284 Views
Last Modified: 2014-04-30
How can I display a users access to other users items in exchange powershell. Example - it was reported that a user named Brian has access to other user's mailbox items. I want to run a report on the user Brian to see what he has access to besides his own mailbox items.

Thanks,
Brian
0
Comment
Question by:bbayachek
3 Comments
 
LVL 18

Accepted Solution

by:
Steven Harris earned 300 total points
ID: 40031071
You could use something along the lines of:

Get-Mailbox | Get-MailboxPermission | ?{($_.AccessRights -eq "FullAccess") -and ($_.User -like 'domainname\username') -and ($_.IsInherited -eq $false)} | ft Id* 

Open in new window


Replace "domainname\username" with that of the person in question.

This will query the user in question and retrieve a listing of mailboxes that the user has FullAccess permissions assigned.  Run on server...

Alternatively, another method is to run locally and query a particular server:

Get-Mailbox -Server “servername” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “domainname\username”) }

Open in new window


Replacing "servername" and "domainname\username" respectively.
0
 
LVL 9

Expert Comment

by:Marshal Hubs
ID: 40031611
Microsoft Exchange Server 2010 provide the Get-MailboxPermission cmdlet that can be used to check the permissions granted on a mailbox to any user.

You need to run the following cmdlet to see what access Brian has besides his own mailbox items.

Get-MailboxPermission -Identity "User-Id" | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-CSV -NoTypeInformation C:\permissions.csv
0
 
LVL 4

Expert Comment

by:SEHC
ID: 40031982
I have used this command in the past and it worked for me.


Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv


this will be for everyone you will just need to clean it up in Excel.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question