Monday, June 9, 2014

Find who has Full Mailbox access and/or Send As permission on various mailboxes


Here is the cmdlet to find who has Full Mailbox access on one more more mailboxes in your environment and export the result to a CSV file.

Here is the cmdlet to find who has Send As permission on one or more mailboxes in your environment and export the result to a CSV file.

Get-Mailbox -ResultSize Unlimited | Get-ADPermission | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false -and $_.ExtendedRights -like “Send-As”} | Select Identity,User,@{Name=’Access Rights’;Expression={[String]$_.ExtendedRights}} | Export-Csv MailboxAccess.csv -NoTypeInformation


Now main question how to find Full Mailbox Access and Send As permission both together, you can run both of above cmdlets with minor modification in a one liner to get this accomplished.


Get-Mailbox -ResultSize Unlimited | %{Get-MailboxPermission $_.Name | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Select Identity,User,@{Name=’Access Rights’;Expression={[string]::join(‘, ‘, $_.AccessRights)}} | Export-Csv MailboxAccess.csv -NoTypeInformation -Append; Get-ADPermission $_.Name | Where {$_.user -notlike “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false -and $_.ExtendedRights -like “Send-As”} | Select Identity,User,@{Name=’Access Rights’;Expression={[String]$_.ExtendedRights}} | Export-Csv MailboxAccess.csv -NoTypeInformation -Append }

No comments:

Post a Comment