Powershell - Enumerate all mailboxes user has permissions to

Can someone help me with this please i would like to have a report that would enumerate all mailboxes a user "XYZ" has permissions to

Any mailbox permission = owner, editor, publishingeditor, etc...

Thanks !
Jean-François GuénetNetwork AdministratorAsked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
The Get-MailboxPermission shows what users have access directly on the mailbox. You are using a completely different command Get-MailboxFolderPermissions. These are permissions directly on the folder within the mailbox itself.

If you want to run the script against that cmdlet it needs to be modified slightly. See below...
Get-Mailbox -ResultSize "unlimited" | Get-MailboxFolderPermissions | ? {$_.User -like "*user1*"} | 
Select RunSpaceId, FolderName, User, AccessRights, Identity, 

Open in new window


Will.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Try the following command below...
Get-Mailbox -ResultSize "unlimited" | Get-MailboxPermissions | ? {$_.User -like "*user1*"} | 
Select Identity, User, AccessRights, IsInherited

Open in new window


If you want to export this results to a csv use the below command...
Get-Mailbox -ResultSize "unlimited" | Get-MailboxPermissions | ? {$_.User -like "*user1*"} | 
Select Identity, User, AccessRights, IsInherited | 
Export-csv "c:\mailboxpermissions.csv" -NoTypeInformation

Open in new window


Will.
0
 
Jean-François GuénetNetwork AdministratorAuthor Commented:
It don't return anything...

[PS] C:\Windows\system32>Get-MailboxFolderPermission -identity patrtrem | Format-List


RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Default
AccessRights : {None}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Anonymous
AccessRights : {None}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Manon Beaudoin
AccessRights : {PublishingEditor}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : NT:S-1-5-21-1467955570-1331981634-1851928258-1105
AccessRights : {Editor}
IsValid      : True
ObjectState  : New



[PS] C:\Windows\system32>Get-Mailbox -ResultSize "unlimited" | Get-MailboxPermission | ? {$_.User -like "manobeau"} |
>> Select Identity, User, AccessRights, IsInherited
>>
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>Get-Mailbox -ResultSize "unlimited" | Get-MailboxPermission | ? {$_.User -like "Manon Beaudoin"
} | Select Identity, User, AccessRights, IsInherited
[PS] C:\Windows\system32>
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Will SzymkowskiSenior Solution ArchitectCommented:
You need to copy/paste the script and save it as a .PS1. You also need to make sure that you are running this in the Exchange Management Shell. If you are running this in a Native Powershell Session you need to make sure that you have the appropriate Snap-ins for Exchange in the session as well for this to work.

I have tested this in my Lab and it works without issues.

ALso just to add, you need to make sure that when you run this script you will need to be in the location where you saved it.

You will also need to run the script like below

.\scriptname.ps1

You will also need to ensure that your Execution Policy is set to RemoteSigned as well.

Set-ExecutionPolicy RemoteSigned

Once you have done that you should have no issues at all.

Will.
0
 
Jean-François GuénetNetwork AdministratorAuthor Commented:
ive create the file ListUserMailboxAccess.ps1 and put in it

Get-Mailbox -ResultSize "unlimited" | Get-MailboxPermission | ? {$_.User -like "*manobeau*"} |
Select Identity, User, AccessRights, IsInherited

[PS] C:\Windows\system32>.\ListUserMailboxAccess.ps1

Identity                      User                          AccessRights                                    IsInherited
--------                      ----                          ------------                                    -----------
ville.blainville.qc.ca/Vil... BLAINVILLE\manobeau           {FullAccess}                                          False

It return only her mailbox and not other mailbox

Thanks for your help
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
So that being said she should only have access to her mailbox and nothing else.

You can verify this by manually checking other mailboxes you might think this account has access to.

Will.
0
 
Jean-François GuénetNetwork AdministratorAuthor Commented:
well if i do this

[PS] C:\Windows\system32>Get-MailboxFolderPermission -identity patrtrem | Format-List


RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Default
AccessRights : {None}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Anonymous
AccessRights : {None}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : Manon Beaudoin
AccessRights : {PublishingEditor}
IsValid      : True
ObjectState  : New

RunspaceId   : 4908e9b2-05f5-4880-bdfa-e99d7e4f539e
Identity     : xxx.xxx.xx.xx/Domain_Users/Patrick Tremblay:\
FolderName   : Top of Information Store
User         : NT:S-1-5-21-1467955570-1331981634-1851928258-1105
AccessRights : {Editor}
IsValid      : True
ObjectState  : New

She have access to patrtrem mailbox in Publishing editor

I want to know that information
0
 
Minecraft_ EndermanCommented:
This command is almost the same as what Will Szymkowski provided expect the Export section.

Get-Mailbox | Get-MailboxFolderPermission | where {$_.User -like "xyz"} | Select-object Identity,User,AccessRights | Export-CSV C:\permission.CSV

Good luck.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
As stated in my first post I had already added the export-csv command. The same was implied for the second one as well as I just forgot to add it to the script.

This was also done to test on screen. The user already knows how to export-csv based on my first comment.

Will.
0
 
Jean-François GuénetNetwork AdministratorAuthor Commented:
Thanks everything work fine

Here is my final code

#List All Mailbox Folder a users have access to

[CmdletBinding()]
param (
      [Parameter( Mandatory=$true)]
      [string]$User

)

Get-Mailbox -ResultSize "unlimited" | Get-MailboxFolderPermission | ? {$_.User -like $User} |
Select RunSpaceId, FolderName, User, AccessRights, Identity
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.