Exchange 2010 get Mailbox Permissions


Exchange 2010 MailboxPermission

Last time we explained how to add permissions to mailbox or mailbox folder in Microsoft Exchange 2010.

But what if we need to check users permissions for mailboxes ?

To check permissions assigned to mailbox we need to use Get-MailboxPermission CMDlet.

But if we run:

Get-MailboxPermission JSmith

we will get list of all permissions including owner and inherited permissions

W can filter permissions by adding where with specified options like below, where we don’t want to get owners permissions and inherited permissions in output list:

Get-MailboxPermission JSmith | where {$_.user.ToString() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}


If we need to check all mailboxes on server MX01 we need to add Get-Mailbox and pipline output to Get-MailboxPermission like below:

Get-Mailbox -server MX01 -ResutlSize Unlimited | Get-MailboxPermission JSmith | where {$_.user.ToString() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}


To check only Send-As permissions we can run following command:

Get-Mailbox -server MX01 -ResultSize Unlimited | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User.ToString() -like “NT AUTHORITY\SELF”)}


But if we want to list permissions to mailbox folder we have to use Get-MailboxFolderPermission CMDlet and choose folder to check.

This example will check permissions to JSmith mailbox calendar folder:

Get-MailboxFolderPermission –identity “JSmith*:\Calendar”



Exchange 2010 list mailboxes with Full Access or Send As permissions assigned


In previous post Exchange 2010 Mailbox Folder Permissions we explained how to add permissions to mailbox or mailbox folder.

After a while, when you add permissions to mailbox you will forget mailbox, permissions and users.


Exchange 2010 get list of mailboxes with assigned permissions


If you want to get list of all mailboxes with assigned Full Access permisions you need to use example like below:

Get-Mailbox -Server “MX01” -ResultSize Unlimited | Get-MailboxPermission | where {($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and ($_.User.ToString() -ne “NT AUTHORITY\SELF”)}

Above example will list all mailboxes on server MX01 and check assigned permissions to those mailboxes. If any of those mailboxes will have assigned Full Access permission which is not Inherited and permission is not for user “NT Authority\Self” (it means for mailbox owner) then you will receive list of mailboxes with user account name and permissions.


We can also check belowed permissions instead of Full Access:

Continue reading