Link to home
Start Free TrialLog in
Avatar of Andy Andy
Andy AndyFlag for India

asked on

Mailbox Delegation List

Hello Team,

We are going into Hybrid Environment which having Exchange 2013 and O365

So before moving to O365, i need to know the list, which mailbox having access to other mailbox and also to any shared or Room mailboxes.

As you know, to get that work properly , we need to move both mailbox on O365 so that delegation will work properly.
Like if user having access on 4 shared mailbox, so we need to move all shared mailbox as well as user mailbox to cloud

I need permission like, Read, write, Sendas,full as etc. all delegation permission report of all mailbox in Exchange

Exchange 2013 currently having, with 25000 Mailboxes

Please suggest a script that we can use to generate the report and use in migration

Thanks,
Addy
Avatar of M A
M A
Flag of United States of America image

Hi Addy,
Please try this
Get-Mailbox | Get-MailboxPermission

Open in new window

To export use the below
Get-Mailbox | Get-MailboxPermission | Export-csv C:\mailboxpermissions.csv

Open in new window


Thanks
MAS
For your requirement, you have to export MailboxPermission and MailboxFolderpermission.
Below are basic simple scripts.

I. Mailbox Permission  (for 25,000 mailboxes)
          Get-mailbox -Resultsize Unlimited | get-mailboxpermission | Select Identity,User,{$_.accessrights},IsInherited | export-csv c:\reports\mbx-Permission.csv

II. MailboxFolderpermission
         https://blogs.technet.microsoft.com/samdrey/2014/03/06/exchange-200720102013-using-get-mailboxfolderpermissions-to-export-mapi-permissions-of-folders-for-a-given-mailbox/
Avatar of Andy Andy

ASKER

i am getting below error

get-mailboxpermission : Exception of type 'System.OutOfMemoryException' was thrown.

Thanks,
Addy
Hi Addy,
According to the error posted above, the server memory is not enough.
Please check this for server role and calculate memory/CPU requirement.
https://blogs.technet.microsoft.com/exchange/2013/05/14/released-exchange-2013-server-role-requirements-calculator/

Did you run the command I posted which will list 1000 items?
i need a list of mailbox permission of whole environment  which mailbox having access on another mailbox , like any room, shared or any user mailbox
i am running the command through client machine..
Please suggest the script that will give results of all Permissions user have on another mailbox.

i need this for planning the mailbox migration, so that we move mailbox which having access on each other.
Hi Addy,
we have provided the command due to lack of memory it is not running in your PC.
Please run the same in server and let us know.

Thanks
MAS
i need a full as , Send as, read, write, that user have on anyother user mailbox,shared and room mailbox.

Could you give me server specifically

Thanks,
Andy
i need a full as , Send as, read, write, that user have on anyother user mailbox,shared and room mailbox.

Could you give me server specifically

Thanks,
Andy
Get-Mailbox -server <server01> -ResultSize unlimited  | Get-MailboxPermission | Export-csv C:\mailboxpermissions.csv

Open in new window


Please try from server.
so according to you, it will permission of all users on all other mailboxes, including send-as , fullas, delegation etc ?
this was the script which i use to run earlier, which give better results for all type of permissions, But this not give any results in the columns. dont know what is the issue , could you correct it pls


Get-Mailbox -server abc1 -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[string]::join(', ', $_.AccessRights)}} | Export-Csv -NoTypeInformation mailboxpermissions.csv
Please post the screenshot if you dnot mind.
yes sure, so here it it. after running the above script i am getting below report as attachment.
 in access rights, it giving me results like System.Collections.ArrayList

if this get sorted, this script is wonderful as per my expectation..


earlier i was using the same, but dont know, why it not give access rights
Attachment(screenshot) please.
sorry my mistake
Capture.JPG
Get-Mailbox -server abc1 -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRights}} | Export-Csv -NoTypeInformation mailboxpermissions.csv

Open in new window


try this?
still it same result, as mentioned earlier..
can you provide some screenshot?

i also wonder, where do you run the script? Office 365 tenant or exchange on-premises?
i am running from Remote powershell.. earlier the same script give me the perfect result.. but not now
you can try putting into scriptblock

Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRights}} } | | Export-Csv -NoTypeInformation mailboxpermissions.csv



https://blogs.technet.microsoft.com/exchange/2015/11/02/running-powershell-cmdlets-for-large-numbers-of-users-in-office-365/
i will check this and revert you
Hello Jian,

So exactly same to be run in powershell as a .ps1 file..

thank u
do it means it help or not?
i am asking.. can i run this script... is it complete script??
yes, it can be
it gives me error, i pasted below contant in text and rename to .ps1 , but it not run, it hit the erro

===========================================
Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-Mailbox -resultsize unlimited | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,{$_.AccessRights}} } | | Export-Csv -NoTypeInformation mailboxpermissions.csv
==============================================
Hello Jian,

Could you please help me in this
I have to rewrite the script to a more scalable

it need to run as exchange powershell


$file = "c:\temp\item.csv"
New-item $file -itemtype file -force
$message = "Identity, User, Access"
$message > $file

$mailboxes = get-mailbox -resultsize unlimited
foreach ($mailbox in $mailboxes) {
$temp = Get-Mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name="Access";Expression={$_.AccessRights}}
IF (($temp | measure).count -gt 0) {
foreach ($t in $temp){
$message = $($t.Identity.tostring()) + ", " + $($t.User.tostring()) +", " + $($t.Access.tostring())
$message >> $file
}
}
}

Open in new window

Hello all,

i am getting below error while running the script

Cannot process argument transformation on parameter 'Identity'. Cannot convert value "ASJPTO-Internet_connection_card_T02" to type
"Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter". Error: "Cannot convert hashtable to an object of the following type:
Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter. Hashtable-to-Object conversion is not supported in restricted language mode or a
section."
    + CategoryInfo          : InvalidData: (:) [Get-Mailbox], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-Mailbox
    + PSComputerName        : abc.xyz.com
still going on.
IS this happen on every account? or just one account?

is there any thing in the output file?


I rewrite this with a lot of troubleshooting echo to find out which part goes wrong.


write-host "generating file"
$file = "c:\temp\item.csv"
New-item $file -itemtype file -force
$message = "Identity, User, Access"
$message > $file

write-host "get all mailboxes"
$mailboxes = get-mailbox -resultsize unlimited

write-host "start collecting information"
$i = 0
foreach ($mailbox in $mailboxes) {
$i++
write-host "$i mailbox exist?"
Get-Mailbox $mailbox

write-host "$i collecting access"
$temp = Get-Mailbox $mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name="Access";Expression={$_.AccessRights}}

write-host "$i is there any access?"
IF (($temp | measure).count -gt 0) {
foreach ($t in $temp){
$message = $($t.Identity.tostring()) + ", " + $($t.User.tostring()) +", " + $($t.Access.tostring())
$message >> $file
}

}
write-host "$i finish

}
this is happing with every account.. erorr was keep coming when i use old script.. so i stop it..
in output file nothing came up.. only column headings
use the new script, as i want to know which line of code got issues.
this is the error i am getting


Desktop\scriptmailbox.ps1:28 char:12
+ write-host "$i finish
+            ~~~~~~~~~~
The string is missing the terminator: ".
Desktop\scriptmailbox.ps1:12 char:34
+ foreach ($mailbox in $mailboxes) {
+                                  ~
Missing closing '}' in statement block or type definition.
    + CategoryInfo          : ParserError: (:) [], ParseException
    + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString
ASKER CERTIFIED SOLUTION
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks , it not worked well, but i dont want to exceed on it.
Many thanks for support
Avatar of Rich Creavy
Rich Creavy

I have been using EE only recently, but are most of the questions posted with a tone of entitlement like this one? I am surprised at how much the OP expected for FREE on this site, yet didn't put in any effort to solve the issue on his own.
its not like that EE is very helpful .. this question i closed because i have a workaround of it and this is pending from long time.. so i decided to close it.
My point is that you expected a lot while speaking to other commenters as if they were your employee and they owed you a project at work.
And EE hasn't been very helpful? That stinks. I think this site is great and have used a lot of good pieces of information from here.
Sorry my mistake, it is type mistake, i mean that EE is very helpful, .. it is really nice subscription with them , i recommend many of my friends
Understood. I'm sorry to comment off-topic. Have a good day!