asked on
list permission of each O365 mailbox using PowerShell
Hello,
I am trying to use the below script to list other other user(s) who have permission of each mailbox.
The base O365 PS cmdlet I use is for example: get-mailboxpermission -identity user1@abc.com and I get
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
user1 NT AUTHORITY\SELF {FullAccess, ReadPermission} False False
user1 user2@abc.com {FullAccess} False False
************************************************************************************************************************************************************************
$datapath = "C:\scripts\results.csv"
$result = @()
Get-MsolUser -All | ForEach-Object {
$UPN = $_.userprincipalname
$getmailboxpermission = get-mailboxpermission -identity $UPN
[PSCustomObject]([ordered]@{
Permission = $getmailboxpermission
})
} | export-csv -NoTypeInformation -path $datapath
When I incorporate the cmdlet into the above script, I am just getting something like this in the Permission column.
Permission
System.Object[]
Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject
System.Object[]
Microsoft.Exchange.Management.RecipientTasks.MailboxAcePresentationObject
System.Object[]
Please advise. Thanks!
ASKER
I need to add more queries in my script such as department, title, forwarding address and so on and adding get-mailbox, get-msoluser...
Is it possible for you to incorporate your cmdlet "Get-MailboxPermission |
Select-Object -Property Identity, User, @{n='AccessRights'; e={$_.AccessRights -join ', '}}, IsInherited, Deny " into my sample script?
$datapath = "C:\scripts\results.csv"
$result = @()
Get-MsolUser -All | ForEach-Object {
$UPN = $_.userprincipalname
$getmailboxpermission = get-mailboxpermission -identity $UPN
[PSCustomObject]([ordered]@{
Permission = $getmailboxpermission
})
} | export-csv -NoTypeInformation -path $datapath
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
user1 NT AUTHORITY\SELF {FullAccess, ReadPermission} False False
user1 user2@abc.com {FullAccess} False False
ASKER
I will let you know my test result.
I appreciate for your help!!!
ASKER
$datapath = "C:\scripts\results.csv"
Get-MsolUser -All |
ForEach-Object {Get-MailboxPermission -Identity $_.UserPrincipalName} |
Select-Object -Property Identity, User, @{n='AccessRights'; e={$_.AccessRights -join ', '}}, IsInherited, Deny |
Export-Csv -NoTypeInformation -path $datapath
ASKER
If that error wasn't a one-off, try this:
$datapath = "C:\scripts\results.csv"
$msolUsers = Get-MsolUser -All
$msolUsers |
ForEach-Object {Get-MailboxPermission -Identity $_.UserPrincipalName} |
Select-Object -Property Identity, User, @{n='AccessRights'; e={$_.AccessRights -join ', '}}, IsInherited, Deny |
Export-Csv -NoTypeInformation -path $datapath
ASKER
One last question I would like to learn regarding this question if you dont mind. If I want to add a column that shows me whether the mailboxes in the identity is a shared or a user mailbox, do you think the below would work?
$datapath = "C:\scripts\results.csv"
Get-MsolUser -All |
ForEach-Object {Get-MailboxPermission -Identity $_.UserPrincipalName} {get-mailbox -identity $_UserPrincipalName} |
Select-Object -Property Identity, RecipientType, User ,@{n='AccessRights'; e={$_.AccessRights -join ', '}}, IsInherited, Deny |
Export-Csv -NoTypeInformation -path $datapath
ASKER
Can't test it at the moment, but you should be able to feed the results from Get-MsolUser directly to Get-MailboxPermission; from there, you can export the results pretty much directly.
Try it like this:
Open in new window