Avatar of timgreen7077
 asked on

Exchange Shell Scripting

We have alot of shared mailboxes, and all these mailboxes sit on the same mailbox database. Some of the mailboxes have multiple users with full manage access given via exchange, but some of the mailboxes only have just one user with full manage access given via exchange. The purpose of the shared mailboxes was so that 2 or more users would be granted access and not just a single user. Is there a script or cmdlet available to assist me in getting all shared mailboxes on the shared mailbox db that has only one user with full manage access instead of 2 or more?

Avatar of undefined
Last Comment

8/22/2022 - Mon
Chris Dent

You're going to have to help me out here, I know what you need to do, but I don't have Exchange so I can't just build the code for you.

First you need to identify all those shared mailboxes. Are the set-up as that type? If so, this should find them:
Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited

Open in new window

The next step is to get the permissions for each of those mailboxes. Start off with one of them, something you already know about, or just the first in the list. This will let us construct the filter which lets you find what you want.
$FirstSharedMailbox = Get-Mailbox -RecipientTypeDetails SharedMailbox |Select-Object -First 1
$FirstSharedMailbox | Get-MailboxPermission | Where-Object { $_.AccessRights -eq 'FullAccess' } | Format-List *

Open in new window

So this is where I need your help. You are likely to find you get more than manually added users there. You may also see something like IsInherited in the result. Do you?

The goal is to get down to a list of permissions that have been explicitly assigned to that mailbox. If we can get that all we need do is count them to figure out whether or not you're interested in that mailbox or not.

Please let me know how you get on.


This is the script I attempt to use but it continues to give an error:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in Get-Mailbox) | {Get-MailboxPermission $mailbox | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\output\FullMailboxAccessPermissions.csv"

This is the error:
Unexpected token 'in' in expression or statement.
At line:1 char:95
+ Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in <<<<  Get-Mailbox) | {Get-MailboxPermission $mailbox
 | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -pat
h "c:\output\FullMailboxAccessPermissions.csv"
    + CategoryInfo          : ParserError: (in:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Let me know what you think.
Chris Dent

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Yep you are correct since I don't have PS3 it only return 1 result. Can you script this with Exchange Management Shell with PS 2.0?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

This script got it working thanks for all your help and suggestions:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | Get-
MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -
eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ',
$_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv