Link to home
Start Free TrialLog in
Avatar of sfcanderson
sfcandersonFlag for United States of America

asked on

Remove user access to multiple shared mailboxes all at once

Exchange 365

Is there a way in powershell to remove a user from all shared mailbox full access lists at once?  We're trying to clean things up and put in place new policies, but some users have 10, 20, 50 attached shared mailboxes and we would prefer not to have to go into each mailbox one at a time to remove them from the full access lists.

Thanks!
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Yep. If you create a CSV file that has a heading of "username" and put each username on a line, this should clear them all in one shot:

$users = import-csv <csv file path>
$sharedmbxs=get-mailbox | where {_.type -eq "Shared"}
foreach ($user in $users)
{
   foreach ($mbx in $sharedmbxs)
   {
      remove-mailboxpermission $mbx -user $user.username -accessrights fullaccess
   }
}

Open in new window


Haven't tested this, so there may be errors should work, though.
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
I would do it this way...

Create your csv file
Username    Mailbox
john              Mailbox1
joe                 Mailbox2
mike              Mailbox1
alice               Mailbox3
etc...

$Data = import-csv "c:\filename.csv"
ForEach ($User in $Data) {

     $User.Username
     $User.Mailbox

      Remove-MailboxPermission -Identity $User.Mailbox -User $User.Username -AccessRights FullAccess -InheritanceType All

}

Open in new window


Will.
Avatar of sfcanderson
sfcanderson
Flag of United States of America image

ASKER

What I'm more looking for is:

User is  Joe.Schmoe and he has 33 shared mailboxes attached in his Outlook.
Looking for powershell script to remove him from all shared mailboxes at once without having to list each of the mailbox names
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
This should be do-able. I have put something together that should work. See below...
$Mailboxes = Get-mailbox -ResultSize "unlimited"
$User = (read-host "type username to remove")
ForEach ($Mailbox in $Mailboxes) 
    {

        $MailboxesFound = Get-MailboxPermission -User $User | 
                             ? { ($_.AccessRights.ToString() -ne "NT AUTHORITY\SELF") -and ($_.Identity -notlike $User) -or ($_.AccessRights.ToString() -eq "FullAccess") } |
                             Select Identity, User, AccessRights

        $RemovePerms = $MailboxesFound | Export-Csv "c:\tempcsv.csv"

        ForEach ($ID in $RemovePerms) 
            {

                Remove-MailboxPermission -Identity $ID.Identity -User $ID.User -AccessRights $ID.AccessRights -InheritanceType All


      }

               Remove-Item "c:\tempcsv.csv" -force
}

Open in new window



Will.
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sfcanderson
sfcanderson
Flag of United States of America image

ASKER

Thank you so much for your hard work in putting together a script for this.  It has saved us many hours of work!