Export All Users Permissions Across All Mailboxes included Folders – Exchange 2007/2010/2013 and Office 365 ( Exchange Online )

July 2, 2013
Random
0 Comments
paris

Modified from the tracked back URL , this goes through all mailbox’s on the Exchange server and export’s their Mailbox Access Perimissions to CSV Files inside C:\Export\ and also any extra folder permissions that have been assigned to any other folders :

(Blank Folder name means mailbox access! )

Source code

$Mailboxes = Get-Mailbox -ResultSize Unlimited
 
ForEach ($Mailbox in $Mailboxes) {
 
$MBXFolders = @() 
$MBXFoldersCorr = New-Object System.Collections.ArrayList 
$Permissions = @() 
$MBX_tocheck = "$Mailbox" $MBXFolders = Get-MailboxFolderStatistics 
$MBX_tocheck | select folderpath
 
$Permissions += Get-MailboxPermission -Identity "$Mailbox" | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
 
Select User,@{Name='AccessRights';Expression={[string]::join(', ', $_.AccessRights)}}
 
foreach ($item in $MBXFolders) {  $temp = $item.FolderPath  $temp = $Temp.Replace("/","\")  $MBXFoldersCorr.Add($temp) | out-null } foreach ($item in $MBXFoldersCorr) { Try {  $MailboxFolder = $MBX_tocheck + ":" + $item  $Permissions += $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights | where {
 
($_.AccessRights -notcontains “None”)})  } Catch {
 
 Continue  } }
 
 $Permissions | Select FolderName,User,@{Name='AccessRights';Expression={[string]::join(";", ($_.AccessRights))}}  | export-csv -path "C:\Export\
 
$MBX_tocheck.csv"
 
}

Get list of Full Access Mailbox permissions

Source code

Get-Mailbox | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | ft @{Name="Identity";expression={($_.Identity -split "/")[-1]}}, User -AutoSize

For Office 365

[pastacode lang=”powershell” manual=”%24Mailboxes%20%3D%20Get-Mailbox%20-ResultSize%20Unlimited%0A%20%0AForEach%20(%24Mailbox%20in%20%24Mailboxes)%20%7B%0A%20%0AGet-MailboxFolderPermission%20-identity%20%24Mailbox.name%20%7C%20Where%20AccessRights%20-ne%20%22None%22%20%7CFL%0A%20%0A%7D” message=”” highlight=”” provider=”manual”/]

Get all current Mailbox Forwards

Source code

Get-mailbox -ResultSize unlimited | select DisplayName,ForwardingAddress | where {$_.ForwardingAddress -ne $Null}

A cool feature to make this better , would be to email this report out to each user so they can see the permissions on their mailbox and alter themselves or speak to the helpdesk!

(No Ratings Yet)