Andy Andy
asked on
Mailbox Delegation List
Hello Team,
We are going into Hybrid Environment which having Exchange 2013 and O365
So before moving to O365, i need to know the list, which mailbox having access to other mailbox and also to any shared or Room mailboxes.
As you know, to get that work properly , we need to move both mailbox on O365 so that delegation will work properly.
Like if user having access on 4 shared mailbox, so we need to move all shared mailbox as well as user mailbox to cloud
I need permission like, Read, write, Sendas,full as etc. all delegation permission report of all mailbox in Exchange
Exchange 2013 currently having, with 25000 Mailboxes
Please suggest a script that we can use to generate the report and use in migration
Thanks,
Addy
We are going into Hybrid Environment which having Exchange 2013 and O365
So before moving to O365, i need to know the list, which mailbox having access to other mailbox and also to any shared or Room mailboxes.
As you know, to get that work properly , we need to move both mailbox on O365 so that delegation will work properly.
Like if user having access on 4 shared mailbox, so we need to move all shared mailbox as well as user mailbox to cloud
I need permission like, Read, write, Sendas,full as etc. all delegation permission report of all mailbox in Exchange
Exchange 2013 currently having, with 25000 Mailboxes
Please suggest a script that we can use to generate the report and use in migration
Thanks,
Addy
For your requirement, you have to export MailboxPermission and MailboxFolderpermission.
Below are basic simple scripts.
I. Mailbox Permission (for 25,000 mailboxes)
Get-mailbox -Resultsize Unlimited | get-mailboxpermission | Select Identity,User,{$_.accessri ghts},IsIn herited | export-csv c:\reports\mbx-Permission. csv
II. MailboxFolderpermission
https://blogs.technet.microsoft.com/samdrey/2014/03/06/exchange-200720102013-using-get-mailboxfolderpermissions-to-export-mapi-permissions-of-folders-for-a-given-mailbox/
Below are basic simple scripts.
I. Mailbox Permission (for 25,000 mailboxes)
Get-mailbox -Resultsize Unlimited | get-mailboxpermission | Select Identity,User,{$_.accessri
II. MailboxFolderpermission
https://blogs.technet.microsoft.com/samdrey/2014/03/06/exchange-200720102013-using-get-mailboxfolderpermissions-to-export-mapi-permissions-of-folders-for-a-given-mailbox/
ASKER
i am getting below error
get-mailboxpermission : Exception of type 'System.OutOfMemoryExcepti on' was thrown.
Thanks,
Addy
get-mailboxpermission : Exception of type 'System.OutOfMemoryExcepti
Thanks,
Addy
Hi Addy,
According to the error posted above, the server memory is not enough.
Please check this for server role and calculate memory/CPU requirement.
https://blogs.technet.microsoft.com/exchange/2013/05/14/released-exchange-2013-server-role-requirements-calculator/
Did you run the command I posted which will list 1000 items?
According to the error posted above, the server memory is not enough.
Please check this for server role and calculate memory/CPU requirement.
https://blogs.technet.microsoft.com/exchange/2013/05/14/released-exchange-2013-server-role-requirements-calculator/
Did you run the command I posted which will list 1000 items?
ASKER
i need a list of mailbox permission of whole environment which mailbox having access on another mailbox , like any room, shared or any user mailbox
ASKER
i am running the command through client machine..
ASKER
Please suggest the script that will give results of all Permissions user have on another mailbox.
i need this for planning the mailbox migration, so that we move mailbox which having access on each other.
i need this for planning the mailbox migration, so that we move mailbox which having access on each other.
Hi Addy,
we have provided the command due to lack of memory it is not running in your PC.
Please run the same in server and let us know.
Thanks
MAS
we have provided the command due to lack of memory it is not running in your PC.
Please run the same in server and let us know.
Thanks
MAS
ASKER
i need a full as , Send as, read, write, that user have on anyother user mailbox,shared and room mailbox.
Could you give me server specifically
Thanks,
Andy
Could you give me server specifically
Thanks,
Andy
ASKER
i need a full as , Send as, read, write, that user have on anyother user mailbox,shared and room mailbox.
Could you give me server specifically
Thanks,
Andy
Could you give me server specifically
Thanks,
Andy
Get-Mailbox -server <server01> -ResultSize unlimited | Get-MailboxPermission | Export-csv C:\mailboxpermissions.csv
Please try from server.
ASKER
so according to you, it will permission of all users on all other mailboxes, including send-as , fullas, delegation etc ?
ASKER
this was the script which i use to run earlier, which give better results for all type of permissions, But this not give any results in the columns. dont know what is the issue , could you correct it pls
Get-Mailbox -server abc1 -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Acce ss Rights';Expression={[strin g]::join(' , ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Get-Mailbox -server abc1 -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Acce
Please post the screenshot if you dnot mind.
ASKER
yes sure, so here it it. after running the above script i am getting below report as attachment.
in access rights, it giving me results like System.Collections.ArrayLi st
if this get sorted, this script is wonderful as per my expectation..
earlier i was using the same, but dont know, why it not give access rights
in access rights, it giving me results like System.Collections.ArrayLi
if this get sorted, this script is wonderful as per my expectation..
earlier i was using the same, but dont know, why it not give access rights
Attachment(screenshot) please.
ASKER
sorry my mistake
Capture.JPG
Capture.JPG
Get-Mailbox -server abc1 -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRights}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
try this?
ASKER
still it same result, as mentioned earlier..
can you provide some screenshot?
i also wonder, where do you run the script? Office 365 tenant or exchange on-premises?
i also wonder, where do you run the script? Office 365 tenant or exchange on-premises?
ASKER
i am running from Remote powershell.. earlier the same script give me the perfect result.. but not now
you can try putting into scriptblock
Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRi ghts}} } | | Export-Csv -NoTypeInformation mailboxpermissions.csv
https://blogs.technet.microsoft.com/exchange/2015/11/02/running-powershell-cmdlets-for-large-numbers-of-users-in-office-365/
Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRi
https://blogs.technet.microsoft.com/exchange/2015/11/02/running-powershell-cmdlets-for-large-numbers-of-users-in-office-365/
ASKER
i will check this and revert you
ASKER
Hello Jian,
So exactly same to be run in powershell as a .ps1 file..
thank u
So exactly same to be run in powershell as a .ps1 file..
thank u
do it means it help or not?
ASKER
i am asking.. can i run this script... is it complete script??
yes, it can be
ASKER
it gives me error, i pasted below contant in text and rename to .ps1 , but it not run, it hit the erro
========================== ========== =======
Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRi ghts}} } | | Export-Csv -NoTypeInformation mailboxpermissions.csv
========================== ========== ==========
==========================
Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRi
==========================
ASKER
Hello Jian,
Could you please help me in this
Could you please help me in this
I have to rewrite the script to a more scalable
it need to run as exchange powershell
it need to run as exchange powershell
$file = "c:\temp\item.csv"
New-item $file -itemtype file -force
$message = "Identity, User, Access"
$message > $file
$mailboxes = get-mailbox -resultsize unlimited
foreach ($mailbox in $mailboxes) {
$temp = Get-Mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name="Access";Expression={$_.AccessRights}}
IF (($temp | measure).count -gt 0) {
foreach ($t in $temp){
$message = $($t.Identity.tostring()) + ", " + $($t.User.tostring()) +", " + $($t.Access.tostring())
$message >> $file
}
}
}
ASKER
Hello all,
i am getting below error while running the script
Cannot process argument transformation on parameter 'Identity'. Cannot convert value "ASJPTO-Internet_connectio n_card_T02 " to type
"Microsoft.Exchange.Config uration.Ta sks.Mailbo xIdParamet er". Error: "Cannot convert hashtable to an object of the following type:
Microsoft.Exchange.Configu ration.Tas ks.Mailbox IdParamete r. Hashtable-to-Object conversion is not supported in restricted language mode or a
section."
+ CategoryInfo : InvalidData: (:) [Get-Mailbox], ParameterBindin...mationEx ception
+ FullyQualifiedErrorId : ParameterArgumentTransform ationError ,Get-Mailb ox
+ PSComputerName : abc.xyz.com
i am getting below error while running the script
Cannot process argument transformation on parameter 'Identity'. Cannot convert value "ASJPTO-Internet_connectio
"Microsoft.Exchange.Config
Microsoft.Exchange.Configu
section."
+ CategoryInfo : InvalidData: (:) [Get-Mailbox], ParameterBindin...mationEx
+ FullyQualifiedErrorId : ParameterArgumentTransform
+ PSComputerName : abc.xyz.com
still going on.
IS this happen on every account? or just one account?
is there any thing in the output file?
I rewrite this with a lot of troubleshooting echo to find out which part goes wrong.
write-host "generating file"
$file = "c:\temp\item.csv"
New-item $file -itemtype file -force
$message = "Identity, User, Access"
$message > $file
write-host "get all mailboxes"
$mailboxes = get-mailbox -resultsize unlimited
write-host "start collecting information"
$i = 0
foreach ($mailbox in $mailboxes) {
$i++
write-host "$i mailbox exist?"
Get-Mailbox $mailbox
write-host "$i collecting access"
$temp = Get-Mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name="Acce ss";Expres sion={$_.A ccessRight s}}
write-host "$i is there any access?"
IF (($temp | measure).count -gt 0) {
foreach ($t in $temp){
$message = $($t.Identity.tostring()) + ", " + $($t.User.tostring()) +", " + $($t.Access.tostring())
$message >> $file
}
}
write-host "$i finish
}
is there any thing in the output file?
I rewrite this with a lot of troubleshooting echo to find out which part goes wrong.
write-host "generating file"
$file = "c:\temp\item.csv"
New-item $file -itemtype file -force
$message = "Identity, User, Access"
$message > $file
write-host "get all mailboxes"
$mailboxes = get-mailbox -resultsize unlimited
write-host "start collecting information"
$i = 0
foreach ($mailbox in $mailboxes) {
$i++
write-host "$i mailbox exist?"
Get-Mailbox $mailbox
write-host "$i collecting access"
$temp = Get-Mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name="Acce
write-host "$i is there any access?"
IF (($temp | measure).count -gt 0) {
foreach ($t in $temp){
$message = $($t.Identity.tostring()) + ", " + $($t.User.tostring()) +", " + $($t.Access.tostring())
$message >> $file
}
}
write-host "$i finish
}
ASKER
this is happing with every account.. erorr was keep coming when i use old script.. so i stop it..
in output file nothing came up.. only column headings
in output file nothing came up.. only column headings
use the new script, as i want to know which line of code got issues.
ASKER
this is the error i am getting
Desktop\scriptmailbox.ps1: 28 char:12
+ write-host "$i finish
+ ~~~~~~~~~~
The string is missing the terminator: ".
Desktop\scriptmailbox.ps1: 12 char:34
+ foreach ($mailbox in $mailboxes) {
+ ~
Missing closing '}' in statement block or type definition.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfS tring
Desktop\scriptmailbox.ps1:
+ write-host "$i finish
+ ~~~~~~~~~~
The string is missing the terminator: ".
Desktop\scriptmailbox.ps1:
+ foreach ($mailbox in $mailboxes) {
+ ~
Missing closing '}' in statement block or type definition.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks , it not worked well, but i dont want to exceed on it.
Many thanks for support
Many thanks for support
I have been using EE only recently, but are most of the questions posted with a tone of entitlement like this one? I am surprised at how much the OP expected for FREE on this site, yet didn't put in any effort to solve the issue on his own.
ASKER
its not like that EE is very helpful .. this question i closed because i have a workaround of it and this is pending from long time.. so i decided to close it.
My point is that you expected a lot while speaking to other commenters as if they were your employee and they owed you a project at work.
And EE hasn't been very helpful? That stinks. I think this site is great and have used a lot of good pieces of information from here.
ASKER
Sorry my mistake, it is type mistake, i mean that EE is very helpful, .. it is really nice subscription with them , i recommend many of my friends
Understood. I'm sorry to comment off-topic. Have a good day!
Please try this
Open in new window
To export use the belowOpen in new window
Thanks
MAS