folder permissions and delegate access reports as opposed get-mailboxpermissions cmdlet

We suspect a user has granted access to their mailbox via delegate rights, or right clicking their mailbox > folder options > permissions > add.

From some testing, the shell commands i.e. get-mailboxpermissions do not seem to show permissions set this way. Is there any way you can retreive this information from a shell command or other powershell script?  it looks like there are 3 ways to set permissions to a mailbox, 2 via an exchange admin and 2 via outlook itself in delegates i.e. file > account settings > delegate access, and the other way right clicking a mailbox in outlook > folder options > permissions.

if get-mailboxpermission is only showing permissions set by an exchange admin, I need a way to list permissions set by the other 2 techniques, to get a full list of who can access their mailbox.  Logging into their mailbox via AD/Outlook is not an option at this stage.
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
Have you tried Get-MailboxFolderPermission?
0
pma111Author Commented:
Should that return all permissions, regardless of how they were set. There doesnt seem to be consistency, for example the get-mailboxfolder command does return information set via the "right clicking a mailbox in outlook > folder options > permissions", method, but then it doesnt return the same information via the "file > account settings > delegate access" method..
0
Guy LidbetterCommented:
That can be found in an AD Attribute... as below

get-aduser UserName -Properties * | select name, publicDelegates, publicDelegatesBL

Open in new window


publicDelegates – This attribute stores the user that was configured as a Delegate.  (Who is a Delegate of my mailbox)
publicDelegatesBL – This attribute stores which mailbox this user is a Delegate of. (What mailbox am I a Delegate of)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
do you have to supply domain username, or can email address suffice?
0
Guy LidbetterCommented:
For the AD attribute you would have to use the domain name or filter on the email address...

i.e.
get-aduser -filter {mail -like "email@domain.com"} -Properties * | select name, publicDelegates, publicDelegatesBL

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.