Exchange shell command to query shared mailbox permission by AD security group
I have searched for and not found exactly what I'm looking for. I need to search shared mailboxes by a known security group, to identify which shared mailbox(es) a particular AD security group has access to. I've found shell commands and scripts to output the permissions of all users/groups for all shared mailboxes, but I need to search for one security group at a time to see what mailbox it's been assigned to with Full Access.  Thanks i
April 13th, 2015 1:36pm

Just use the -User attribute:

PS C:\> Get-Mailbox | Get-MailboxPermission -User secgrp

Identity             User                 AccessRights                                                                                                            IsInherited Deny
--------             ----                 ------------                                                                                                            ----------- ----
Bathroom             secgrp               {FullAccess}                                                                                                            False       False

You can of course run this against only user/shared mailboxes as needed. Alternatively, you can look up the relevant AD attributes instead, as explained here: http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/mailbox-auto-mapping-exchange-server-2010-part2.htm

Free Windows Admin Tool Kit Click here and download it now
April 13th, 2015 3:45pm

Just use the -User attribute:

PS C:\> Get-Mailbox | Get-MailboxPermission -User secgrp

Identity             User                 AccessRights                                                                                                            IsInherited Deny
--------             ----                 ------------                                                                                                            ----------- ----
Bathroom             secgrp               {FullAccess}                                                                                                            False       False

You can of course run this against only user/shared mailboxes as needed. Alternatively, you can look up the relevant AD attributes instead, as explained here: http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/mailbox-auto-mapping-exchange-server-2010-part2.htm

  • Proposed as answer by jim-xuModerator Tuesday, April 14, 2015 5:47 AM
  • Marked as answer by B0ndoo7 16 hours 42 minutes ago
April 13th, 2015 7:43pm

We have a lot of DBs in a DAG, so I took your suggestion and modified it:

Get-MailboxDatabase | Get-Mailbox | Get-MailboxPermission -User <secgrp>

That worked!  Thank you very much.

Free Windows Admin Tool Kit Click here and download it now
April 14th, 2015 10:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics