Hi,
I on occasion I get asked to produce a list of users who have Full Access rights to a particular Exchange 2007 Mailbox. At the moment I am doing this manually, and I'd ideally like to do it with Powershell.
Is there anyway to produce a list of Full Access Permissions (and Send On Behalf rights would also be useful).
Thanks, Jonny
Send-As permissions are stored in active directory, so it's a bit tricky to get at them. You could use Add-Member if you like to combine the properties you care about from the two results.
Full Access:
get-mailbox | %{$foo = $_; Get-MailboxPermission $foo | ?{$_.AccessRights -eq "FullAccess" -and $_.IsInherited -eq $false}} | ft {$foo},User,AccessRights
Send-As:
get-mailbox | %{$mailbox = $_; Get-ADPermission $mailbox.DistinguishedName | ?{$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF"}} | ft {$mailbox},user,{"Send-As"}
In addition to Slipsecs answer there is an alternative to the Send-As permissions audit.
$(Get-Mailbox -Identity mailboxName).GrantSendOnBehalfTo | ft Name
This returns only manually added users and no auto generated ones.
Thanks again Slipsec with your help on this!