Exchange 2010 list mailboxes with Full Access or Send As permissions assigned

This post is also available in: Polish

 

In previous post Exchange 2010 Mailbox Folder Permissions we explained how to add permissions to mailbox or mailbox folder.

After a while, when you add permissions to mailbox you will forget mailbox, permissions and users.

 

Exchange 2010 get list of mailboxes with assigned permissions

 

If you want to get list of all mailboxes with assigned Full Access permisions you need to use example like below:

Get-Mailbox -Server “MX01” -ResultSize Unlimited | Get-MailboxPermission | where {($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and ($_.User.ToString() -ne “NT AUTHORITY\SELF”)}

Above example will list all mailboxes on server MX01 and check assigned permissions to those mailboxes. If any of those mailboxes will have assigned Full Access permission which is not Inherited and permission is not for user “NT Authority\Self” (it means for mailbox owner) then you will receive list of mailboxes with user account name and permissions.

 

We can also check belowed permissions instead of Full Access:

  • DeletedItem
  • ReadPermission
  • ChangePermission
  • ChangeOwner
  • ExternalAccount
  • SendAs permission

 

List Exchange 2010 mailboxes with Send-As permission assigned:

Exchange Mailbox Send-As permission is an Active Directory permission and to check this permission we have to use Get-ADPermission cmdlet.

To get list of all mailboxes on serwer MX01 with assigned permissions Send-As you can use:

Get-Mailbox -server MX01 -ResultSize unlimited | Get-ADPermission | Where {$_.ExtendedRights -like “Send-As” -and $_.User.ToString() -ne “NT AUTHORITY\SELF” -and $_.Deny -eq $false} | ft Identity,User,IsInherited -AutoSize

 

More examples:

To check permissions assigned for users to mailbox mailbox1 use:

Get-MailboxPermission mailbox1

 

Print Friendly
Tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>