Auditing Exchange 2007 Mailbox Full Access Permissions with Powershell

powershell permissions audit exchange-server-2007
Jonny picture Jonny · Jan 4, 2010 · Viewed 14.8k times · Source

I on occasion I get asked to produce a list of users who have Full Access rights to a particular Exchange 2007 Mailbox. At the moment I am doing this manually, and I'd ideally like to do it with Powershell.

Is there anyway to produce a list of Full Access Permissions (and Send On Behalf rights would also be useful).

Thanks, Jonny

Answer

slipsec picture slipsec · Jan 4, 2010

Send-As permissions are stored in active directory, so it's a bit tricky to get at them. You could use Add-Member if you like to combine the properties you care about from the two results.

Full Access:

get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights

Send-As:

get-mailbox | %{$mailbox = $_; Get-ADPermission $mailbox.DistinguishedName | ?{$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF"}} | ft {$mailbox},user,{"Send-As"}

Related questions

Setting Inheritance and Propagation flags with set-acl and powershell

I am trying to mimic the action of right-clicking on a folder, setting "modify" on a folder, and having the permissions apply to the specific folder and subfolders and files. I'm mostly there using Powershell, however the inheritance is only …

Read More
PowerShell Setting advanced NTFS permissions

I'm trying to apply NTFS permissions that are defined in the 'Advanced' tab of the Windows security settings. One ACL $Rule is for This folder only and another one is for the Subfolders and files only. The permissions are heavily …

Read More
Sharing a folder and setting permissions in PowerShell

I need a script to run on Vista Ultimate to share an external drive and assign full control to Everyone. I've got a batch file to create the share using net share, but there doesn't seem to be a way …

Read More