Exchange 2010 get Mailbox Permissions

 

Exchange 2010 MailboxPermission

Last time we explained how to add permissions to mailbox or mailbox folder in Microsoft Exchange 2010.

But what if we need to check users permissions for mailboxes ?

To check permissions assigned to mailbox we need to use Get-MailboxPermission CMDlet.

But if we run:

Get-MailboxPermission JSmith

we will get list of all permissions including owner and inherited permissions

W can filter permissions by adding where with specified options like below, where we don’t want to get owners permissions and inherited permissions in output list:

Get-MailboxPermission JSmith | where {$_.user.ToString() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}

 

If we need to check all mailboxes on server MX01 we need to add Get-Mailbox and pipline output to Get-MailboxPermission like below:

Get-Mailbox -server MX01 -ResutlSize Unlimited | Get-MailboxPermission JSmith | where {$_.user.ToString() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}

 

To check only Send-As permissions we can run following command:

Get-Mailbox -server MX01 -ResultSize Unlimited | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User.ToString() -like “NT AUTHORITY\SELF”)}

 

But if we want to list permissions to mailbox folder we have to use Get-MailboxFolderPermission CMDlet and choose folder to check.

This example will check permissions to JSmith mailbox calendar folder:

Get-MailboxFolderPermission –identity “JSmith*:\Calendar”

 

 

Exchange 2010 list mailboxes with Full Access or Send As permissions assigned

 

In previous post Exchange 2010 Mailbox Folder Permissions we explained how to add permissions to mailbox or mailbox folder.

After a while, when you add permissions to mailbox you will forget mailbox, permissions and users.

 

Exchange 2010 get list of mailboxes with assigned permissions

 

If you want to get list of all mailboxes with assigned Full Access permisions you need to use example like below:

Get-Mailbox -Server “MX01” -ResultSize Unlimited | Get-MailboxPermission | where {($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and ($_.User.ToString() -ne “NT AUTHORITY\SELF”)}

Above example will list all mailboxes on server MX01 and check assigned permissions to those mailboxes. If any of those mailboxes will have assigned Full Access permission which is not Inherited and permission is not for user “NT Authority\Self” (it means for mailbox owner) then you will receive list of mailboxes with user account name and permissions.

 

We can also check belowed permissions instead of Full Access:

Continue reading

Exchange 2010 SP1 Mailbox Folder Permission

 

Sometimes in Microsoft Exchange environment we need to add user permission to other user mailbox.

We can add Full Access permission to mailbox like below:

Add-MailboxPermissions -Identity Mailbox1 -User JSmith -AccessRights FullAccess -InheritanceType all

 

But what if we don’t want to add permissions to all folders in mailbox but only to a one mailbox folder.

With Microsoft Exchange 2010 SP1 we can add permission to specified folder for user or Security Group, (Add-MailboxFolderPermission) we can remove (Remove-MailboxFolderPermission) and also we can change this permissions (Set-MailboxFolderPermission).

To add Reviewer permissions to User1 on Inbox folder of mailbox “John Smith” we can use:

Add-MailboxFolderPermission -identity j.smith@domain.com:\Inbox -User User1 -AccessRights ReadItems

 

Now we can check permissions to John Smith Inbox folder like below:

Get-MailboxFolderPermission -Identity j.smith@domain.com:\Inbox

 

We can change permissions for User1 to mailbox Inbox folder using Set-MailboxFolderPermission from Reviewer to FolderVisible:

Set-MailboxFolderPermission -Identity j.smith@domain.com:\Inbox -User User1 -AccessRights FolderVisible

Continue reading