Hi Friday77,
Check the AdminAuditLogs to see by who and when it is getting added.
View the administrator audit log
Search the role group changes or administrator audit logs
Search-AdminAuditLog -StartDate 05/04/2015 -EndDate 10/04/2015 -ObjectID contoso.com/Users/NewUSerName1
Search-AdminAuditLog -Cmdlets Add-MailboxPermission -Parameters AccessRights -StartDate 05/04/2015 -EndDate 10/04/2015
Normally this wouldn't be the case, however you might want to have a look at this as well.
Get-CmdletExtensionAgent "Mailbox Permissions Agent"
Cmdlet extension agents are components in Microsoft Exchange Server 2013 invoked by Exchange 2013 cmdlets when the cmdlets run.
Agents can modify, replace, or extend functionality of Exchange Management Shell cmdlets. An agent can provide a value for a required parameter that isn't provided on a command, override a value provided by a user, perform other actions outside of the cmdlet
workflow while a cmdlet runs, and more.
You can use the Scripting agent
cmdlet extension agent in Exchange 2013 to insert your own scripting logic into the execution of Exchange cmdlets. Using the
Scripting agent
, you can add conditions, override values, and set up reporting.
Every Exchange 2013 server includes the file ScriptingAgentConfig.xml.sample in the <installation path>\V15\Bin\CmdletExtensionAgents folder. This file must be renamed to ScriptingAgentConfig.xml on every Exchange 2013 server if you enable
the Scripting Agent cmdlet extension agent.
If its still .xml.sample, no need to worry about it.