is there a script to show who a user has delegated to his/her inbox? Additionally is there a way to remove delegation without logging in as the user? I'm not talking about the send as and full mailbox permissions I can see in the EMC.

On Fri, 1 Oct 2010 19:29:23 +0000, philldogger wrote: >is there a script to show who a user has delegated to his/her inbox? Additionally is there a way to remove delegation without logging in as the user? I'm not talking about the send as and full mailbox permissions I can see in the EMC. You can look at the publicDelegates and publicDelegatesBL properties on a mailbox to see who the delegates are. You can look at any mailbox and the publicDelegatesBL and see the mailboxes for which this one is a delegate. This assumes, of course, that the delegates are added and remove properly. Delegate are also represented by hidden rules in a mailbox, so enve if the delegates property is emptye it's sill possible that the mailbox things there are delegates. To get at those hidden rules requires you to either create a profile and open the mailbox, or to write code to look at the folders in the mailbox for the permissions assigned to those delgates. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Using the EWS managed API: $MailboxName = "<smtp address of mailbox to check>" $uri=[system.URI] “https://<CAS server name>/ews/exchange.asmx” $dllpath = "C:\Program Files\Microsoft\Exchange\Web Services\1.0\Microsoft.Exchange.WebServices.dll" [void][Reflection.Assembly]::LoadFile($dllpath) $fcPropset = new-object Microsoft.Exchange.WebServices.Data.PropertySet`([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties) $service = new-object Microsoft.Exchange.WebServices.Data.ExchangeService`([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2007_SP1) $service.Url = $uri #$service.TraceEnabled = $true $del = $service.getdelegates($mailboxname,$true) $del.delegateuserresponses |% { $_.delegateuser.userid.displayname $_.delegateuser.userid.sid $_.delegateuser.userid.primarysmtpaddress $_.delegateuser.permissions } You can also add and remove delegates.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

is there anyway to show which users in exchange are using Delegation?

AFAIK, you'd have to go through all the mailboxes and see which ones return delegates. It wouldn't be too hard to for-each the script through an address collection, you'd just need to run it using an account that has rights to all the mailboxes.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

I'm not much of a script guru, what would that look like to have it pull from a csv full of aliases and output in to a csv format? thanks

I can work something up, but I'm I won't be back in the office where I could test it for a couple of days.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

That'd be great...thnx for the help

any luck testing this mjolinor?

I may get to it this evening. I was out of the office for a few days. and came back to... Ever seen "Finding Nemo"? I feel like I'm surrounded by the seagulls. Mine! Mine! Mine! Mine! Mine![string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

LOL...yes my kids (and secretly me) love that part

mjo if you don't have time to work on this...no worries, I can always just repost the question again as I need to generate a report for management soon. Just let me know...thanks

I decided to use CSVDE and just grab the publicdelegate and publicdelegatebl info from AD into a spreadsheet. thanks

So my report from AD for publicdelegates clearly wasn't good enough as it only showed who was using delegates, but no permission info :( So back to square one. I'd love it mjolinor if there is some way to take your script above and export it out to a csv as well as have it read a list of aliases from a CSV to run against. thanks!

Maybe this will help, Glen's scripts are usually pretty good Exchange Reverse Permission audit Powershell Gui version 2 Exchange 2007 http://gsexdev.blogspot.com/2008/10/exchange-reverse-permission-audit.html

that is controller by the attribute: ms-Exch-Public-Delegates this attrubute of a user lists delegates. if this is a single user use ADSIEDIT.Dhruv

that is controller by the attribute: ms-Exch-Public-Delegates this attrubute of a user lists delegates. if this is a single user use ADSIEDIT.Dhruv

Running against a list of aliases isn't a problem. Exporting the data to .csv will be more difficult, since the results will be "jagged" - ie there won't be a fixed number of results returned for each mailbox, or even a fixed number of permissions returned for each delegate found.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Running against a list of aliases isn't a problem. Exporting the data to .csv will be more difficult, since the results will be "jagged" - ie there won't be a fixed number of results returned for each mailbox, or even a fixed number of permissions returned for each delegate found.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Running against a list of aliases isn't a problem. Exporting the data to .csv will be more difficult, since the results will be "jagged" - ie there won't be a fixed number of results returned for each mailbox, or even a fixed number of permissions returned for each delegate found.[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "