Pages

Saturday, July 16, 2011

How to list Full Mailbox Access permission assigned

Today I have came up with a situation to generate report and send to higher management. The higher management needs to have a check on all the mailboxes and find out who else has full mailbox permission on xx mailboxes. I had to do a lot of work to consolidate the report but the PowerShell made my life easier to find the information.

In Exchange 2010 its pretty easy to get Full Mailbox information of a mailbox by using command Get-MailboxPermission. Use proper piping so that you can get what ever the result you are looking for.

Let us check with an examples,

eg.1 Get-mailbox –identity “prajeesh” |Get-MailboxPermission

This example will list who ever having permission on the mailbox of user ‘prajeesh’. This produces a long list of permissions – inherited and assigned explicitly to this mailbox.

If you don’t need the list of users who have permission inherited then you can use filter again. Check example 2.

eg 2. Get-mailbox –identity “prajeesh” | Get-MailboxPermission | where { $_.IsInherited -eq $false }

This example will list only the user who got permission particularly on this mailbox. If there is no user who got access in the mailbox level then you get a blank line.

eg 3. Get-Mailbox -Server “server1” | Get-MailboxPermission | where { $_.IsInherited -eq $false }

This example will help you to find permission on the mailboxes which is hosted on the server “server1”, please replace with the exact name of your sever when you try.

eg 4. Get-Mailbox -Server “server1” |Get-mailbox |Get-MailboxPermission |where {($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false)}

Here we get list of users with only “FullAccess” permission

eg 5 Get-Mailbox -Server “server1” |Get-mailbox |Get-MailboxPermission |where {($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false)} |Export-Csv Mbxpermission.csv -NoTypeInformation

This example is going export the list to a ‘csv’ file.

You may have question now, how can I export mailbox permission of all users from Exchange 2010 organization. Here you go…

eg 6.  Get-Mailboxdatabase |Get-mailbox |Get-MailboxPermission |where {($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false)} |Export-Csv Mbxpermission.csv -NoTypeInformation

Posted by at

3 comments:

  1. AnonymousApril 11, 2012 at 5:59 PM

    Its really useful, but what about exchange 2003

    ReplyDelete
  2. AnonymousJanuary 11, 2017 at 5:12 AM

    i want to check a user full mailbox access on other mailboxes. What command i run in Exchange 2010 management shell

    ReplyDelete

Subscribe to: Post Comments (Atom)