Exchange 2007 SP1 brings the option to configure Send-As and FullAccess permission to a mailbox using the EMC. I have come across scenarios where you have to find all users with send-as permission in your organization.
Things are easy now with the help of powershell. Run the command in order to find out all users who have send-as permission assigned to mailboxes other than their own.
Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) }
You can customize the output to get only the fields you need.
Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) } | Select Identity, User
You can export the output to a CSV file.
Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) } | Select Identity, User | Export-CSV c:sendas.cvs
What if you want to find out all users who have FullAccess to other mailboxes in your organization.
Run the following command.
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq “*fullaccess*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “*nt authorityself*”) }
Another variation of the above request is to find to which all mailboxes a user has fullaccess. For example, I have a user named Rajith Jose. I want to know to which all mailboxes Rajith Jose have full access to. Run the following for the same
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq “*fullaccess*”) -and ($_.User -like “*rajith*”) }
You can always select the output by pipelining the above command to a select statement and export it to a csv file by using Export-CSV filepath switch.
How can we disable Send as Permission for Domain Admins? By default Domain Admin has permission SEND AS
Hi Saju,
Domain Admins does not have Send As permission by default.
Hi ,
I need a shell command to get mailbox permission with a CSV output as below please help.
user ID Primarysmtpaddress which user has permission on user ID what permission
Thanks for the Post, it gave me an idea for another one, check it out here: http://wp.me/p1UMfD-F
Thanks Walid.
Thanks for pointing out the typo Rafael. I will amend it.
hey there, just wanted to mention that the csv export option above has an extension of cvs instead of csv – otherwise, exactly what I was looking for, thanks!
-Rafael
Glad to know that it worked for you Scooby. Not a big fan of books. Try this free powershell videos at http://www.theucguy.net/2009/09/free-powershell-videos.html It gives you a good starting point.
Hey thanks for this post, this was a big help, do you have a exchange power shell book you recommend?
i did change eq to LIKE in your command
Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -like "*fullaccess*") -and ($_.User -like "*rajith*") }
thats how it works for me
Good
Useful one Rajith. Keep up the good work.
-Martin