Solved

Powershell Exchange - How to list all mailboxes Full Access permission from a particular user name ?

Posted on 2016-08-14
12
56 Views
Last Modified: 2016-10-18
Hi people,

I wonder if anyone here can share some Powershell script or tips in how to check if my AD user account got Full Permission access in some mailboxes ?

because for compliance reason, I need to audit if the certain AD user account has multiple Exchange mailbox Full access permission or not.

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41755800
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41755808
Thanks Sir,

in my case here I need to know all DOMAIN\User1 mailbox full access across 2850 Exchange mailboxes.

So how do I use that command above ?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41756154
get-mailbox -resultsize unlimited | get-mailboxpermission | where {$_.accessrights -conains 'FullAcess'}
1
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 16

Expert Comment

by:FOX
ID: 41756353
get-MailboxPermission username  -filter "accessrights -eq 'FullAccess'"  | ft samaccountname, displayname,emailaddress,AccessRights | out-file 'c:\temp\FullAccess.csv'
1
 
LVL 67

Expert Comment

by:sirbounty
ID: 41774887
I see I had a type-o - conains, should be -contains, but presumably you'd find that.
Any update?  Still need help?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41777313
Hi All,

The script doesn't work ?

get-MailboxPermission MyName  -filter "accessrights -eq 'FullAccess'"  | ft samaccountname, displayname,emailaddress,AccessRights | out-file 'c:\temp\FullAccess.csv'

Open in new window


A parameter cannot be found that matches parameter name 'Filter'.
    + CategoryInfo          : InvalidArgument: (:) [Get-MailboxPermission], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-MailboxPermission
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points (awarded by participants)
ID: 41777397
Did you try what I suggested?
get-mailbox -resultsize unlimited | get-mailboxpermission | where {$_.accessrights -conains 'FullAcess'}

Open in new window

1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41777398
Hi Sir,

I just required my own username and certain username not all username.

But yes I'll try it anyway.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41797634
Did my solution work for you?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41819651
Hi ITSystemEngineer - do you need further help or help closing the question?
0
 
LVL 1

Expert Comment

by:LinuxDude
ID: 41821851
List all mailboxes to which a particular user has Full Access permissions:
PS C:\> Get-Mailbox | Get-MailboxPermission -User vasil

List all shared/user/room/whatever mailboxes to which particular user has Full Access permissions:
PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox,SharedMailbox -ResultSize Unlimited | Get-MailboxPermission -User vasil
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41847916
I believe this answers the question - not sure why the OP never came back.
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question