folder permissions and delegate access reports as opposed get-mailboxpermissions cmdlet

We suspect a user has granted access to their mailbox via delegate rights, or right clicking their mailbox > folder options > permissions > add.

From some testing, the shell commands i.e. get-mailboxpermissions do not seem to show permissions set this way. Is there any way you can retreive this information from a shell command or other powershell script?  it looks like there are 3 ways to set permissions to a mailbox, 2 via an exchange admin and 2 via outlook itself in delegates i.e. file > account settings > delegate access, and the other way right clicking a mailbox in outlook > folder options > permissions.

if get-mailboxpermission is only showing permissions set by an exchange admin, I need a way to list permissions set by the other 2 techniques, to get a full list of who can access their mailbox.  Logging into their mailbox via AD/Outlook is not an option at this stage.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Have you tried Get-MailboxFolderPermission?
pma111Author Commented:
Should that return all permissions, regardless of how they were set. There doesnt seem to be consistency, for example the get-mailboxfolder command does return information set via the "right clicking a mailbox in outlook > folder options > permissions", method, but then it doesnt return the same information via the "file > account settings > delegate access" method..
Guy LidbetterCommented:
That can be found in an AD Attribute... as below

get-aduser UserName -Properties * | select name, publicDelegates, publicDelegatesBL

Open in new window

publicDelegates – This attribute stores the user that was configured as a Delegate.  (Who is a Delegate of my mailbox)
publicDelegatesBL – This attribute stores which mailbox this user is a Delegate of. (What mailbox am I a Delegate of)

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
do you have to supply domain username, or can email address suffice?
Guy LidbetterCommented:
For the AD attribute you would have to use the domain name or filter on the email address...

get-aduser -filter {mail -like ""} -Properties * | select name, publicDelegates, publicDelegatesBL

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.