Auditing Exchange 2007 Mailbox Full Access Permissions with Powershell

Jonny picture Jonny · Jan 4, 2010 · Viewed 14.8k times · Source

I on occasion I get asked to produce a list of users who have Full Access rights to a particular Exchange 2007 Mailbox. At the moment I am doing this manually, and I'd ideally like to do it with Powershell.

Is there anyway to produce a list of Full Access Permissions (and Send On Behalf rights would also be useful).

Thanks, Jonny

Answer

slipsec picture slipsec · Jan 4, 2010

Send-As permissions are stored in active directory, so it's a bit tricky to get at them. You could use Add-Member if you like to combine the properties you care about from the two results.

Full Access:

get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights

Send-As:

get-mailbox | %{$mailbox = $_; Get-ADPermission $mailbox.DistinguishedName | ?{$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF"}} | ft {$mailbox},user,{"Send-As"}