Wednesday, 14 September 2016

Check which Exchange Mailboxes a User has Full Access or Send As Permissions On using Powershell

As an exchange administrator, you may occassionally need to know which mailboxes a particular user has Full Mailbox Access or Send As permissions to. This may be required as part of an audit, or to simply copy an existing users permissions for a new user you are setting up/creating.

The script below helps to accomplish this, as there is no in-built/easy way to view which mailboxes a particular user has access to - ie. Full Mailbox Access, or Send As permissions

First you need to specify the user whose existing access we are checking, using the $user variable. We use the wildcard "*" to essentially match any name that contains what is between the *'s - the users first name, last name or alias should work.

$user = "*peter*"

Next we run the get-mailbox cmdlet against all mailboxes in exchange, to query the permissions on each mailbox to see if this user exists in the respective permissions list.

There are two separate commands to do this - one to check for Full Access permissions, and the other to check for Send As permissions

get-mailbox -resultsize unlimited | get-mailboxpermission | where {$_.user -like $user} | select Identity, AccessRights

get-mailbox -resultsize unlimited | get-adpermission | where {($_.user -like $user) -and ($_.ExtendedRights -like "*Send-As*")} | select Identity, ExtendedRights

If any matches are found, the results will be displayed showing their Identity (ie. name) and the Access Rights level they have

No comments:

Post a Comment