Solved

Powershell to get shared mailboxes permissions

Posted on 2016-09-07
25
87 Views
Last Modified: 2016-09-20
Looking for the following in powershell...

List of all shared mailboxes with the following detail

1. Name
2. Email address
3. Owner
4. Last logon date
5. Last Logon user
6. List of users who have full access
7. List of users who have sendas
8. If possible, last accesa date

I have a working script but unable to get all the information in one go.
0
Comment
Question by:ARM2009
  • 12
  • 12
25 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 41789889
Which version of exchange..

How you going to identify the shared mailbox? is there any naming standard you use or is it created in a specific OU?
0
 

Author Comment

by:ARM2009
ID: 41790065
No specific OU ... Exch 2010

Search for all shared mailboxes
0
 
LVL 14

Expert Comment

by:Todd Nelson
ID: 41790630
Getting a list of shared mailboxes is the easy part...

Get-Mailbox -ResultSize Unlimited | Where-Object { $_.RecipientTypeDetails -eq "SharedMailbox" } | fl Name,PrimarySmtpAddress

Open in new window


And getting who has full permissions is simple enough...

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }

Open in new window


For me, the rest is a challenge that I can't test at the moment.

Let us know what you come up with.

P.S.  Shared mailboxes don't have an owner.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41791039
3. Owner
It depends how your organization is managing the owner details, some add the owner as manager, some add it in exchange custom attributes

For rest of the details you can use following code..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
	}
}) | Select Name,Email,FullMBXPerm,SendAS,Last*

Open in new window

1
 

Author Comment

by:ARM2009
ID: 41796155
Owner information is being pulled from the "Manager" info in AD.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41796868
I have added manager field..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = ($R | get-recipient).Manager.Name
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41798276
the manager info is not pulled via this script... its all blank. i have checked that that field has information. i can pull that via Quest powershell ...

any ideas what attributes it uses to store that info?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41798288
Can you run following command and post output?
Get-Recipient UserA | Select -exp Manager

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41798308
this gives the manager info on that particular account.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41798312
What about?
(Get-Recipient UserA).Manager.Name

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41798315
blank.... if i use (Get-Recipient UserA).Manager.Name
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 41798325
If this work (Get-Recipient UserA).Manager

The use..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = ($R | get-recipient).Manager
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41798996
that provided the information....  thanks

owner info comes as  - domain.com/People/HOU/MLC  (where MLC is the user name)
permissions come as  - domain\LBV,domain\BBK,domain\EJQ,domain\SFV  

is it possible to convert them to email address or upn in the same go. i can do in a seperate script... but if possible to do the conversion on the fly and display as email address.

let me know or else i will accept solution and close this. appreciate the help.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41799468
Change line
Owner = ($R | get-recipient).Manager

Open in new window

To
Owner = (Get-Mailbox ($R | get-recipient).Manager ).PrimarySmtpAddress

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 41799482
This might run little faster..
$RMailbox = Get-Recipient -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = (Get-Mailbox $R.Manager).PrimarySmtpAddress
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41800058
this one does not work...

i think since the manager info is more like the OU path.... it cant read that identity unless you parse it.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41800340
It does work for me in my lab.
Does this gives result..

(Get-Mailbox $(Get-Recipient UserA).Manager).PrimarySmtpAddress

Open in new window

0
 

Author Comment

by:ARM2009
ID: 41800468
yep that works on an individual acct :)
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41800486
OK.. I cannot think of any reason for why it's failing for bulk user, as I am not able to reproduce the issue..
0
 

Author Comment

by:ARM2009
ID: 41800489
No worries. Thanka
0
 

Author Comment

by:ARM2009
ID: 41800510
this is is how i am testing now...

Owner = (Get-Mailbox $(Get-Recipient $R).Manager).PrimarySmtpAddress
0
 

Author Comment

by:ARM2009
ID: 41800514
error as below

Cannot process argument transformation on parameter 'Identity'. Cannot convert the "AdobeWorkflow" value of type "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter".
    + CategoryInfo          : InvalidData: (:) [Get-Recipient], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-Recipient
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41800531
Owner = (Get-Mailbox $R.Manager).PrimarySmtpAddress

Owner = ($R.Manager | Get-Mailbox).PrimarySmtpAddress

Owner = (Get-Recipient $R.Manager).PrimarySmtpAddress

Owner = ($R.Manager | Get-Recipient).PrimarySmtpAddress

Owner = (Get-User $R.Manager).WindowsemailAddress

Owner = ($R.Manager | Get-User).WindowsemailAddress

Open in new window

All of these are working for me.. :-)
0
 

Author Comment

by:ARM2009
ID: 41804751
thanks....

this is what i get in the csv column for owner by using

Owner = (Get-Recipient $R.Manager -ResultSize Unlimited ).PrimarySmtpAddress

Owner
System.Object[]
0
 
LVL 40

Expert Comment

by:Subsun
ID: 41804808
Try..
Owner = (Get-Recipient $R.Manager -ResultSize Unlimited ).PrimarySmtpAddress | Out-String

Open in new window

0

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now