asked on remove mailbox send as permissions
Hello Experts,
I inadvertently granted "Send As" permissions to all mailboxes using this script:
Get-Mailbox | Set-Mailbox -GrantSendOnBehalfTo "$a", "$b", "$c", "$d"
Can you help me to reverse this, i.e., to remove all the "Send As" permissions for these string variables?
Any help would be appreciated. Thanks!
Alicia
I inadvertently granted "Send As" permissions to all mailboxes using this script:
Get-Mailbox | Set-Mailbox -GrantSendOnBehalfTo "$a", "$b", "$c", "$d"
Can you help me to reverse this, i.e., to remove all the "Send As" permissions for these string variables?
Any help would be appreciated. Thanks!
Alicia
ExchangeEmail ServersPowershell
Last Comment
Alicia Perillo
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Will,
I hesitate to run the command because I'm not sure if it will remove all "Send On Behalf" permissions. There are many mailboxes that have "Send On Behalf" permissions set up correctly. Can you answer this question?
Thanks,
Alicia
I hesitate to run the command because I'm not sure if it will remove all "Send On Behalf" permissions. There are many mailboxes that have "Send On Behalf" permissions set up correctly. Can you answer this question?
Thanks,
Alicia
This command will remove all SendOnBehalfOf permissions on all mailboxes.
Will.
Will.
ASKER
Okay, then can you give me a command to list all SendOnBehalf permissions. I can run that command and then I'll be able to re-do the correct SendOnBehalf permissions after I run: Get-Mailbox -ResultSize "unlimited" | Set-Mailbox -GrantSendOnBehalfTo $null
You can use the following command to accomplish this...
Will.
get-mailbox -resultsize "unlimited" | ? {$_.GrantSendOnBehalfTo -ne $null} | Select Name, GrantSendOnBehalfTo| Export-csv "c:\SendOnBehalf.csv" -NoTypeInformation
Will.
ASKER
The only problem is that as per my first post: I inadvertently granted all users incorrect SendOnBehalf permissions, so I need to know what users, i.e., individuals who had previous SendOnBehalf permissions. I need the results to show specifics, e.g., Mailbox and who has (individual user names) SendOnBehalf permissions for that Mailbox.
-Alicia
-Alicia
So you have basically overwritten all of the previous Send On Behalf Of users that were present. You did not += in the script? So you only see the new users that have been added.
Unfortunately, unless you have auditing enabled you will not be able to track those changes.
What you can try doing is using search-adminAuditLog. However this will only show you the changes that happened it will not show you the previous values that were changed.
For auditing like this you should have something in place like
http://www.lepide.com/lepideauditor/exchange.html
Will.
Unfortunately, unless you have auditing enabled you will not be able to track those changes.
What you can try doing is using search-adminAuditLog. However this will only show you the changes that happened it will not show you the previous values that were changed.
For auditing like this you should have something in place like
http://www.lepide.com/lepideauditor/exchange.html
Will.
ASKER
So, then we don't have an answer.
What's the protocol here? If I grant you the points for accepted answer then the next person who searches the site for a similar issue won't be getting good information.
Alicia
What's the protocol here? If I grant you the points for accepted answer then the next person who searches the site for a similar issue won't be getting good information.
Alicia
In your initial question
I have provided a way to remove these permissions using powershell for all mailboxes. However, if you have overwritten data within Exchange specifically then you need auditing software in place to track those changes.
So from my perspective the answer is half completed. So when closing you can grade the answer as you see fit based on the options i have provided.
Ultimately I have provided a solution to remove the permissions you had applied but there is no way of knowning what users were present before this change happened, unless you are using auditing software.
This cannot be done with powershell.
So from my end i have answered everything i can.
Will.
Can you help me to reverse this, i.e., to remove all the "Send On Behalf Of" (corrected) permissions for these string variables?
I have provided a way to remove these permissions using powershell for all mailboxes. However, if you have overwritten data within Exchange specifically then you need auditing software in place to track those changes.
So from my perspective the answer is half completed. So when closing you can grade the answer as you see fit based on the options i have provided.
Ultimately I have provided a solution to remove the permissions you had applied but there is no way of knowning what users were present before this change happened, unless you are using auditing software.
This cannot be done with powershell.
So from my end i have answered everything i can.
Will.
ASKER
Will,
I appreciate your help! Thanks!
Alicia
I appreciate your help! Thanks!
Alicia
Does this command remove all send on behalf of for all users even the users who are set up correctly?
Thanks,
Alicia