Export All Users Permissions Across All Mailboxes included Folders – Exchange 2007/2010/2013 and Office 365 ( Exchange Online )

Modified from the tracked back URL , this goes through all mailbox’s on the Exchange server and export’s their Mailbox Access Perimissions to CSV Files inside C:\Export\ and also any extra folder permissions that have been assigned to any other folders :

(Blank Folder name means mailbox access! )


$Mailboxes = Get-Mailbox -ResultSize Unlimited
ForEach ($Mailbox in $Mailboxes) {
$MBXFolders = @() 
$MBXFoldersCorr = New-Object System.Collections.ArrayList 
$Permissions = @() 
$MBX_tocheck = "$Mailbox" $MBXFolders = Get-MailboxFolderStatistics 
$MBX_tocheck | select folderpath
$Permissions += Get-MailboxPermission -Identity "$Mailbox" | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
Select User,@{Name='AccessRights';Expression={[string]::join(', ', $_.AccessRights)}}
foreach ($item in $MBXFolders) {  $temp = $item.FolderPath  $temp = $Temp.Replace("/","\")  $MBXFoldersCorr.Add($temp) | out-null } foreach ($item in $MBXFoldersCorr) { Try {  $MailboxFolder = $MBX_tocheck + ":" + $item  $Permissions += $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights | where {
($_.AccessRights -notcontains “None”)})  } Catch {
 Continue  } }
 $Permissions | Select FolderName,User,@{Name='AccessRights';Expression={[string]::join(";", ($_.AccessRights))}}  | export-csv -path "C:\Export\


Get list of Full Access Mailbox permissions 

Get-Mailbox | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | ft @{Name="Identity";expression={($_.Identity -split "/")[-1]}}, User -AutoSize

For Office 365

$Mailboxes = Get-Mailbox -ResultSize Unlimited
ForEach ($Mailbox in $Mailboxes) {
Get-MailboxFolderPermission -identity $Mailbox.name | Where AccessRights -ne "None" |FL

Get all current Mailbox Forwards

Get-mailbox -ResultSize unlimited | select DisplayName,ForwardingAddress | where {$_.ForwardingAddress -ne $Null}

A cool feature to make this better , would be to email this report out to each user so they can see the permissions on their mailbox and alter themselves or speak to the helpdesk!

GD Star Rating
GD Star Rating

Tags: 365, Excel, Exchange 2007, exchange 2010, Exchange Online, Export All Users Permissions, Folder Permissions, Recursive

Trackback from your site.