Exchange Shell – Finding Mailboxes With Send As And Full Access Permission…

ByRajith Enchiparambil

Exchange 2007 SP1 brings the option to configure Send-As and FullAccess permission to a mailbox using the EMC. I have come across scenarios where you have to find all users with send-as permission in your organization. Things are easy now with the help of powershell. Run the command in order to find out all users…

Exchange 2007 SP1 brings the option to configure Send-As and FullAccess permission to a mailbox using the EMC. I have come across scenarios where you have to find all users with send-as permission in your organization.

Things are easy now with the help of powershell. Run the command in order to find out all users who have send-as permission assigned to mailboxes other than their own.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) }

You can customize the output to get only the fields you need.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) } | Select Identity, User

You can export the output to a CSV file.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authorityself”) } | Select Identity, User | Export-CSV c:sendas.cvs

What if you want to find out all users who have FullAccess to other mailboxes in your organization.
Run the following command.

Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq “*fullaccess*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “*nt authorityself*”) }

Another variation of the above request is to find to which all mailboxes a user has fullaccess. For example, I have a user named Rajith Jose. I want to know to which all mailboxes Rajith Jose have full access to. Run the following for the same

Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq “*fullaccess*”) -and ($_.User -like “*rajith*”) }

You can always select the output by pipelining the above command to a select statement and export it to a csv file by using Export-CSV filepath switch.

Rajith Enchiparambil

Cloud Architect & Blogger with interests in Microsoft 365, Azure, AWS & PowerShell. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange. Follow me on Twitter, LinkedIn, or Facebook for the latest updates. For consultancy opportunities, drop me a line.

11 Comments

  1. How can we disable Send as Permission for Domain Admins? By default Domain Admin has permission SEND AS

    Reply
    1. Rajith Jose Enchiparambil says:

      Hi Saju,

      Domain Admins does not have Send As permission by default.

      Reply

  2. Hi ,

    I need a shell command to get mailbox permission with a CSV output as below please help.

    user ID Primarysmtpaddress which user has permission on user ID what permission

    Reply
    1. Rajith Enchiparambil says:

      Thanks Walid.

      Reply
  4. Rajith Jose Enchiparambil says:

    Thanks for pointing out the typo Rafael. I will amend it.

    Reply

  5. hey there, just wanted to mention that the csv export option above has an extension of cvs instead of csv – otherwise, exactly what I was looking for, thanks!

    -Rafael

    Reply

  7. Hey thanks for this post, this was a big help, do you have a exchange power shell book you recommend?

    i did change eq to LIKE in your command

    Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -like "*fullaccess*") -and ($_.User -like "*rajith*") }

    thats how it works for me

    Reply
  9. Anonymous says:

    Useful one Rajith. Keep up the good work.

    -Martin

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *