Link to home
Start Free TrialLog in
Avatar of timgreen7077
timgreen7077

asked on

Exchange Shell Scripting

We have alot of shared mailboxes, and all these mailboxes sit on the same mailbox database. Some of the mailboxes have multiple users with full manage access given via exchange, but some of the mailboxes only have just one user with full manage access given via exchange. The purpose of the shared mailboxes was so that 2 or more users would be granted access and not just a single user. Is there a script or cmdlet available to assist me in getting all shared mailboxes on the shared mailbox db that has only one user with full manage access instead of 2 or more?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
You're going to have to help me out here, I know what you need to do, but I don't have Exchange so I can't just build the code for you.

First you need to identify all those shared mailboxes. Are the set-up as that type? If so, this should find them:
Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited

Open in new window

The next step is to get the permissions for each of those mailboxes. Start off with one of them, something you already know about, or just the first in the list. This will let us construct the filter which lets you find what you want.
$FirstSharedMailbox = Get-Mailbox -RecipientTypeDetails SharedMailbox |Select-Object -First 1
$FirstSharedMailbox | Get-MailboxPermission | Where-Object { $_.AccessRights -eq 'FullAccess' } | Format-List *

Open in new window

So this is where I need your help. You are likely to find you get more than manually added users there. You may also see something like IsInherited in the result. Do you?

The goal is to get down to a list of permissions that have been explicitly assigned to that mailbox. If we can get that all we need do is count them to figure out whether or not you're interested in that mailbox or not.

Please let me know how you get on.

Chris
Avatar of timgreen7077
timgreen7077

ASKER

This is the script I attempt to use but it continues to give an error:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in Get-Mailbox) | {Get-MailboxPermission $mailbox | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\output\FullMailboxAccessPermissions.csv"

This is the error:
Unexpected token 'in' in expression or statement.
At line:1 char:95
+ Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in <<<<  Get-Mailbox) | {Get-MailboxPermission $mailbox
 | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -pat
h "c:\output\FullMailboxAccessPermissions.csv"
    + CategoryInfo          : ParserError: (in:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Let me know what you think.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of timgreen7077
timgreen7077

ASKER

Yep you are correct since I don't have PS3 it only return 1 result. Can you script this with Exchange Management Shell with PS 2.0?
Avatar of timgreen7077
timgreen7077

ASKER

This script got it working thanks for all your help and suggestions:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | Get-
MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -
eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ',
$_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv