Solved

Powershell Exchange - How to list all mailboxes Full Access permission from a particular user name ?

Posted on 2016-08-14
12
64 Views
Last Modified: 2016-10-18
Hi people,

I wonder if anyone here can share some Powershell script or tips in how to check if my AD user account got Full Permission access in some mailboxes ?

because for compliance reason, I need to audit if the certain AD user account has multiple Exchange mailbox Full access permission or not.

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41755800
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41755808
Thanks Sir,

in my case here I need to know all DOMAIN\User1 mailbox full access across 2850 Exchange mailboxes.

So how do I use that command above ?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41756154
get-mailbox -resultsize unlimited | get-mailboxpermission | where {$_.accessrights -conains 'FullAcess'}
1
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 16

Expert Comment

by:FOX
ID: 41756353
get-MailboxPermission username  -filter "accessrights -eq 'FullAccess'"  | ft samaccountname, displayname,emailaddress,AccessRights | out-file 'c:\temp\FullAccess.csv'
1
 
LVL 67

Expert Comment

by:sirbounty
ID: 41774887
I see I had a type-o - conains, should be -contains, but presumably you'd find that.
Any update?  Still need help?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41777313
Hi All,

The script doesn't work ?

get-MailboxPermission MyName  -filter "accessrights -eq 'FullAccess'"  | ft samaccountname, displayname,emailaddress,AccessRights | out-file 'c:\temp\FullAccess.csv'

Open in new window


A parameter cannot be found that matches parameter name 'Filter'.
    + CategoryInfo          : InvalidArgument: (:) [Get-MailboxPermission], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-MailboxPermission
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points (awarded by participants)
ID: 41777397
Did you try what I suggested?
get-mailbox -resultsize unlimited | get-mailboxpermission | where {$_.accessrights -conains 'FullAcess'}

Open in new window

1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41777398
Hi Sir,

I just required my own username and certain username not all username.

But yes I'll try it anyway.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41797634
Did my solution work for you?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41819651
Hi ITSystemEngineer - do you need further help or help closing the question?
0
 
LVL 1

Expert Comment

by:LinuxDude
ID: 41821851
List all mailboxes to which a particular user has Full Access permissions:
PS C:\> Get-Mailbox | Get-MailboxPermission -User vasil

List all shared/user/room/whatever mailboxes to which particular user has Full Access permissions:
PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox,SharedMailbox -ResultSize Unlimited | Get-MailboxPermission -User vasil
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41847916
I believe this answers the question - not sure why the OP never came back.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Here's a look at newsworthy articles and community happenings during the last month.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question