Today got a task to collect the users with Full Access and Send-As permission in my organization and didn’t expect that I can finish the task but PowerShell make it as simple.
You have to use the PowerShell command below to get all the users who have Full Mailbox Permission for the user mailboxes or shared mailboxes, etc. other than their own NT account.
Get-Mailbox –Resultsize “Unlimited” | Get-MailboxPermission | Where-Object {($_.AccessRights –like ‘FullAccess’) –and –not ($_.user –like ‘NT Authority\Self’)}
NB: If you have multiple domains and you have to collect the information of mailboxes in the entire domain then use the PowerShell commands below to verify the mailboxes in the entire Forest:
Set-ADServerSettings -ViewEntireForest $true
You may get more rows and columns in the result and you may not be able to view all those information. To check all the information, just append Export-CSV to export the result in a CSV file.
Get-Mailbox –Resultsize “Unlimited” | Get-MailboxPermission | Where-Object {($_.AccessRights –like ‘FullAccess’) –and –not ($_.user –like ‘NT Authority\Self’)} | Export-CSV <File path followed by file name.csv>
If you have to verify any particular user has Full Mailbox access to any other User mailbox or Shared mailbox, etc. then use the PowerShell command below:
Get-Mailbox –Resultsize ‘Unlimited’| Get-MailboxPermission | Where-Object {($_.Accessrights -like ‘FullAccess’) -and ($_.user -like ‘domain\SamAccount’)} | Export-CSV <File path followed by file name.csv>
You have to use the PowerShell commands below to get all the users who have Send-As permission for User Mailboxes or Shared Mailboxes, etc. other than their own NT Account.
Get-Mailbox –Resultsize “Unlimited” | Get-ADPermission | Where-Object {($_.Extendedrights -like ‘Send-As’) -and –not ($_.User -like “NT Authority\Self”)}
You may get more rows and columns in the result and you may not be able to view all those information. To check all the information, just append Export-CSV to export the output in a CSV file.
Get-Mailbox –Resultsize “Unlimited” | Get-ADPermission | Where-Object {($_.Extendedrights -like ‘Send-As’) -and –not ($_.User -like “NT Authority\Self”)} | Export-CSV <File path followed by file name.csv>
Get-Mailbox –Resultsize “Unlimited” | Get-ADPermission | Where-Object {($_.Extendedrights -like ‘Send-As’) -and ($_.User -like “Domain\SamAccount”)} | Export-CSV <File path followed by file name.csv>
Please share your thoughts by clicking Leave a Comment and if you like the articles in this site, please subscribe to get Email notification when a new article has published. Thank You.