remove mailbox send as permissions

Hello Experts,

I inadvertently granted "Send As" permissions to all mailboxes using this script:
Get-Mailbox | Set-Mailbox -GrantSendOnBehalfTo "$a", "$b", "$c", "$d"

Can you help me to reverse this, i.e., to remove all the "Send As" permissions for these string variables?

Any help would be appreciated.  Thanks!

Alicia
Alicia PerilloAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
This is pretty easy to accomplish. Use the following command below...
Get-Mailbox -ResultSize "unlimited" | Set-Mailbox -GrantSendOnBehalfTo $null

Open in new window


This will remove -GrantSendOnBehalfTo for all mailboxes for any users that had this permission applied.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alicia PerilloAuthor Commented:
Will,

Does this command remove all send on behalf of for all users even the users who are set up correctly?

Thanks,

Alicia
0
Alicia PerilloAuthor Commented:
Will,

I hesitate to run the command because I'm not sure if it will remove all "Send On Behalf" permissions.  There are many mailboxes that have "Send On Behalf" permissions set up correctly. Can you answer this question?  

Thanks,
Alicia
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Will SzymkowskiSenior Solution ArchitectCommented:
This command will remove all SendOnBehalfOf permissions on all mailboxes.

Will.
0
Alicia PerilloAuthor Commented:
Okay, then can you give me a command to list all SendOnBehalf permissions.  I can run that command and then I'll be able to re-do the correct SendOnBehalf permissions after I run: Get-Mailbox -ResultSize "unlimited" | Set-Mailbox -GrantSendOnBehalfTo $null
0
Will SzymkowskiSenior Solution ArchitectCommented:
You can use the following command to accomplish this...
get-mailbox -resultsize "unlimited" | ? {$_.GrantSendOnBehalfTo -ne $null} | Select Name, GrantSendOnBehalfTo| Export-csv "c:\SendOnBehalf.csv" -NoTypeInformation

Open in new window


Will.
0
Alicia PerilloAuthor Commented:
The only problem is that as per my first post: I inadvertently granted all users incorrect SendOnBehalf permissions, so I need to know what users, i.e., individuals who had previous SendOnBehalf permissions.  I need the results to show specifics, e.g., Mailbox and who has (individual user names) SendOnBehalf permissions for that Mailbox.  

-Alicia
0
Will SzymkowskiSenior Solution ArchitectCommented:
So you have basically overwritten all of the previous Send On Behalf Of users that were present. You did not += in the script? So you only see the new users that have been added.

Unfortunately, unless you have auditing enabled you will not be able to track those changes.

What you can try doing is using search-adminAuditLog. However this will only show you the changes that happened it will not show you the previous values that were changed.

For auditing like this you should have something in place like
http://www.lepide.com/lepideauditor/exchange.html

Will.
0
Alicia PerilloAuthor Commented:
So, then we don't have an answer.

What's the protocol here?  If I grant you the points for accepted answer then the next person who searches the site for a similar issue won't be getting good information.  

Alicia
0
Will SzymkowskiSenior Solution ArchitectCommented:
In your initial question

Can you help me to reverse this, i.e., to remove all the "Send On Behalf Of" (corrected) permissions for these string variables?

I have provided a way to remove these permissions using powershell for all mailboxes. However, if you have overwritten data within Exchange specifically then you need auditing software in place to track those changes.

So from my perspective the answer is half completed. So when closing you can grade the answer as you see fit based on the options i have provided.

Ultimately I have provided a solution to remove the permissions you had applied but there is no way of knowning what users were present before this change happened, unless you are using auditing software.

This cannot be done with powershell.

So from my end i have answered everything i can.

Will.
0
Alicia PerilloAuthor Commented:
Will,

I appreciate your help!  Thanks!

Alicia
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.