• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 812
  • Last Modified:

Powershell to get shared mailboxes permissions

Looking for the following in powershell...

List of all shared mailboxes with the following detail

1. Name
2. Email address
3. Owner
4. Last logon date
5. Last Logon user
6. List of users who have full access
7. List of users who have sendas
8. If possible, last accesa date

I have a working script but unable to get all the information in one go.
0
ARM2009
Asked:
ARM2009
  • 12
  • 12
1 Solution
 
SubsunCommented:
Which version of exchange..

How you going to identify the shared mailbox? is there any naming standard you use or is it created in a specific OU?
0
 
ARM2009Author Commented:
No specific OU ... Exch 2010

Search for all shared mailboxes
0
 
Todd NelsonSystems EngineerCommented:
Getting a list of shared mailboxes is the easy part...

Get-Mailbox -ResultSize Unlimited | Where-Object { $_.RecipientTypeDetails -eq "SharedMailbox" } | fl Name,PrimarySmtpAddress

Open in new window


And getting who has full permissions is simple enough...

Get-Mailbox -ResultSize Unlimited | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"} | Get-MailboxPermission | Where-Object { $_.AccessRights -eq "FullAccess" }

Open in new window


For me, the rest is a challenge that I can't test at the moment.

Let us know what you come up with.

P.S.  Shared mailboxes don't have an owner.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
SubsunCommented:
3. Owner
It depends how your organization is managing the owner details, some add the owner as manager, some add it in exchange custom attributes

For rest of the details you can use following code..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
	}
}) | Select Name,Email,FullMBXPerm,SendAS,Last*

Open in new window

1
 
ARM2009Author Commented:
Owner information is being pulled from the "Manager" info in AD.
0
 
SubsunCommented:
I have added manager field..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = ($R | get-recipient).Manager.Name
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 
ARM2009Author Commented:
the manager info is not pulled via this script... its all blank. i have checked that that field has information. i can pull that via Quest powershell ...

any ideas what attributes it uses to store that info?
0
 
SubsunCommented:
Can you run following command and post output?
Get-Recipient UserA | Select -exp Manager

Open in new window

0
 
ARM2009Author Commented:
this gives the manager info on that particular account.
0
 
SubsunCommented:
What about?
(Get-Recipient UserA).Manager.Name

Open in new window

0
 
ARM2009Author Commented:
blank.... if i use (Get-Recipient UserA).Manager.Name
0
 
SubsunCommented:
If this work (Get-Recipient UserA).Manager

The use..
$RMailbox = Get-Mailbox -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = ($R | get-recipient).Manager
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 
ARM2009Author Commented:
that provided the information....  thanks

owner info comes as  - domain.com/People/HOU/MLC  (where MLC is the user name)
permissions come as  - domain\LBV,domain\BBK,domain\EJQ,domain\SFV  

is it possible to convert them to email address or upn in the same go. i can do in a seperate script... but if possible to do the conversion on the fly and display as email address.

let me know or else i will accept solution and close this. appreciate the help.
0
 
SubsunCommented:
Change line
Owner = ($R | get-recipient).Manager

Open in new window

To
Owner = (Get-Mailbox ($R | get-recipient).Manager ).PrimarySmtpAddress

Open in new window

0
 
SubsunCommented:
This might run little faster..
$RMailbox = Get-Recipient -RecipientTypeDetails Sharedmailbox -ResultSize Unlimited
$(Foreach ($R in $RMailbox){
$St = $R | Get-MailboxStatistics 
	New-Object PSObject -Property @{
		Name = $R.Name
		Email = $R.PrimarySmtpAddress
		LastLoggedOnUserAccount = $St.LastLoggedOnUserAccount
		LastLogonTime  = $St.LastLogonTime
		LastLogoffTime = $St.LastLogoffTime
		FullMBXPerm = ($R | Get-MailboxPermission |?{$_.AccessRights -like "Fullaccess" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		SendAs = ($R | Get-ADPermission |?{$_.ExtendedRights -like "Send-as" -and $_.User -NotMatch "(Self|SYSTEM|^S-1-5-)"} | %{$_.User.ToString()}) -join ","
		Owner = (Get-Mailbox $R.Manager).PrimarySmtpAddress
	}
}) | Select Name,Email,Owner,FullMBXPerm,SendAS,Last*

Open in new window

0
 
ARM2009Author Commented:
this one does not work...

i think since the manager info is more like the OU path.... it cant read that identity unless you parse it.
0
 
SubsunCommented:
It does work for me in my lab.
Does this gives result..

(Get-Mailbox $(Get-Recipient UserA).Manager).PrimarySmtpAddress

Open in new window

0
 
ARM2009Author Commented:
yep that works on an individual acct :)
0
 
SubsunCommented:
OK.. I cannot think of any reason for why it's failing for bulk user, as I am not able to reproduce the issue..
0
 
ARM2009Author Commented:
No worries. Thanka
0
 
ARM2009Author Commented:
this is is how i am testing now...

Owner = (Get-Mailbox $(Get-Recipient $R).Manager).PrimarySmtpAddress
0
 
ARM2009Author Commented:
error as below

Cannot process argument transformation on parameter 'Identity'. Cannot convert the "AdobeWorkflow" value of type "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox" to type "Microsoft.Exchange.Configuration.Tasks.RecipientIdParameter".
    + CategoryInfo          : InvalidData: (:) [Get-Recipient], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-Recipient
0
 
SubsunCommented:
Owner = (Get-Mailbox $R.Manager).PrimarySmtpAddress

Owner = ($R.Manager | Get-Mailbox).PrimarySmtpAddress

Owner = (Get-Recipient $R.Manager).PrimarySmtpAddress

Owner = ($R.Manager | Get-Recipient).PrimarySmtpAddress

Owner = (Get-User $R.Manager).WindowsemailAddress

Owner = ($R.Manager | Get-User).WindowsemailAddress

Open in new window

All of these are working for me.. :-)
0
 
ARM2009Author Commented:
thanks....

this is what i get in the csv column for owner by using

Owner = (Get-Recipient $R.Manager -ResultSize Unlimited ).PrimarySmtpAddress

Owner
System.Object[]
0
 
SubsunCommented:
Try..
Owner = (Get-Recipient $R.Manager -ResultSize Unlimited ).PrimarySmtpAddress | Out-String

Open in new window

0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 12
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now