Link to home
Create AccountLog in
Avatar of timgreen7077
timgreen7077

asked on

Exchange Shell Scripting

We have alot of shared mailboxes, and all these mailboxes sit on the same mailbox database. Some of the mailboxes have multiple users with full manage access given via exchange, but some of the mailboxes only have just one user with full manage access given via exchange. The purpose of the shared mailboxes was so that 2 or more users would be granted access and not just a single user. Is there a script or cmdlet available to assist me in getting all shared mailboxes on the shared mailbox db that has only one user with full manage access instead of 2 or more?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

You're going to have to help me out here, I know what you need to do, but I don't have Exchange so I can't just build the code for you.

First you need to identify all those shared mailboxes. Are the set-up as that type? If so, this should find them:
Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited

Open in new window

The next step is to get the permissions for each of those mailboxes. Start off with one of them, something you already know about, or just the first in the list. This will let us construct the filter which lets you find what you want.
$FirstSharedMailbox = Get-Mailbox -RecipientTypeDetails SharedMailbox |Select-Object -First 1
$FirstSharedMailbox | Get-MailboxPermission | Where-Object { $_.AccessRights -eq 'FullAccess' } | Format-List *

Open in new window

So this is where I need your help. You are likely to find you get more than manually added users there. You may also see something like IsInherited in the result. Do you?

The goal is to get down to a list of permissions that have been explicitly assigned to that mailbox. If we can get that all we need do is count them to figure out whether or not you're interested in that mailbox or not.

Please let me know how you get on.

Chris
Avatar of timgreen7077
timgreen7077

ASKER

This is the script I attempt to use but it continues to give an error:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in Get-Mailbox) | {Get-MailboxPermission $mailbox | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\output\FullMailboxAccessPermissions.csv"

This is the error:
Unexpected token 'in' in expression or statement.
At line:1 char:95
+ Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | foreach ($mailbox in <<<<  Get-Mailbox) | {Get-MailboxPermission $mailbox
 | Where-Object ($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -pat
h "c:\output\FullMailboxAccessPermissions.csv"
    + CategoryInfo          : ParserError: (in:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

Let me know what you think.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Yep you are correct since I don't have PS3 it only return 1 result. Can you script this with Exchange Management Shell with PS 2.0?
This script got it working thanks for all your help and suggestions:

Get-Mailbox -ResultSize Unlimited | where {($_.Database -like '*RES*')} | Get-
MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -
eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ',
$_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv