asked on

How to remove DeleteItem permission on exchange mailbox

Hi Experts, I've run an exchange powershell command to give me a listing of AccessRights for mailboxes on an Exchange 2010 server.

There are 2 users who have a listing for DeleteItem acccess from AD users who are disabled and who no longer have email boxes.

How can I remove those accesses, either through the command console or exchange powershell?

This is the powershell command I ran from this site http://exchangeserverpro.com/list-users-access-exchange-mailboxes/

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.cs

Henrik Johansson

The following should work to loop through the result and remove the permissions. Remove -WhatIf parameter to execute it instead of emulate what should happen.

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | % {$Id=$_.Identity; $u=$_.User; $p=$_.AccessRights; Remove-MailboxPermission $Id -User $User -AccessRights $p -WhatIf }

Open in new window

ChiIT

ASKER

Hi Henrik, where do I put the users account ID and also how does it know to only delete the DeleteItem permission?

ASKER CERTIFIED SOLUTION

Henrik Johansson

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial