svillardi
asked on
Audit user access to Exchange 2010 mailbox
User A is receiving email normally. User B is somehow accessing and forwarding User A's email to himself, but using their (User B) iPhone. I'm trying to figure out how.
How can I find out what access User A has to User B's email?
How can User B send user A's email to himself as himself?
I do not see any delegate access.
User B does not have AD permissions to anything but his own email.
How can he send someones else's email to himself if he doesn't have access to the email?
How can I find out what access User A has to User B's email?
How can User B send user A's email to himself as himself?
I do not see any delegate access.
User B does not have AD permissions to anything but his own email.
How can he send someones else's email to himself if he doesn't have access to the email?
ASKER
Get-ADPermission -Identity "username" | Where-Object {$_.extendedrights -like "*send*"} | ft identity, user
This gave me an error that the object could not be found. I used the username (without the quotes) and domain\username.
The other cmdlets came up null. No entries.
We're thinking that User B has user A's credentials. Is there a way to see what computer/device accessed the mailbox as well? Any other logs I can look at?
Get-ADPermission -Identity "username" | Where-Object {$_.extendedrights -like "*send*"} | ft identity, user
I justed this cmdlet and it works correctly. Be sure you didn't do a typo.
I justed this cmdlet and it works correctly. Be sure you didn't do a typo.
ASKER
Again I get the error: The operation couldn't be performed because object 'username' couldn't be found in host.domain.local
Not sure why.
Not sure why.
ASKER
Is there a specific log or cmdlet which would show a device ID, mac address or IP address that accessed my mailbox in the last 30 days?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
This is will get all forwarding rules associated with the mailbox. Run this against user A and user B mailboxes.
Get-Mailbox "username" | FL *forward*
This is will get "send as" permissions associated with the mailbox. Run this against user A and user B mailboxes.
Get-ADPermission -Identity "username" | Where-Object {$_.extendedrights -like "*send*"} | ft identity, user
This will get send on "behalf of" permissions, run against user A and user B mailboxes.
Get-Mailbox "username" | fl *behalf*