Pau Lo
asked on
folder permissions and delegate access reports as opposed get-mailboxpermissions cmdlet
We suspect a user has granted access to their mailbox via delegate rights, or right clicking their mailbox > folder options > permissions > add.
From some testing, the shell commands i.e. get-mailboxpermissions do not seem to show permissions set this way. Is there any way you can retreive this information from a shell command or other powershell script? it looks like there are 3 ways to set permissions to a mailbox, 2 via an exchange admin and 2 via outlook itself in delegates i.e. file > account settings > delegate access, and the other way right clicking a mailbox in outlook > folder options > permissions.
if get-mailboxpermission is only showing permissions set by an exchange admin, I need a way to list permissions set by the other 2 techniques, to get a full list of who can access their mailbox. Logging into their mailbox via AD/Outlook is not an option at this stage.
From some testing, the shell commands i.e. get-mailboxpermissions do not seem to show permissions set this way. Is there any way you can retreive this information from a shell command or other powershell script? it looks like there are 3 ways to set permissions to a mailbox, 2 via an exchange admin and 2 via outlook itself in delegates i.e. file > account settings > delegate access, and the other way right clicking a mailbox in outlook > folder options > permissions.
if get-mailboxpermission is only showing permissions set by an exchange admin, I need a way to list permissions set by the other 2 techniques, to get a full list of who can access their mailbox. Logging into their mailbox via AD/Outlook is not an option at this stage.
Guy Lidbetter
Have you tried Get-MailboxFolderPermissio
ASKER
Should that return all permissions, regardless of how they were set. There doesnt seem to be consistency, for example the get-mailboxfolder command does return information set via the "right clicking a mailbox in outlook > folder options > permissions", method, but then it doesnt return the same information via the "file > account settings > delegate access" method..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
do you have to supply domain username, or can email address suffice?
For the AD attribute you would have to use the domain name or filter on the email address...
i.e.
i.e.
get-aduser -filter {mail -like "email@domain.com"} -Properties * | select name, publicDelegates, publicDelegatesBL