How to find who are are all having full mailbox rights on all the mailbox (but not in single mailbox) in exchange 2007 server. I know how to find for single mailbox. ThanksFunnyghost

Not sure if this will do what you want but how about this? Get-MailboxPermission * | Where {$_.AccessRights -eq "FullAccess"} or Get-MailboxPermission -Identity * | Where {$_.AccessRights -eq "FullAccess"}Chris Morgan

get-MailboxPermission -Identity 'CN=T71014,OU=Small Business Channel,OU=DLX-Users,DC=e-deluxe,DC=com' Identity User AccessRights IsInherited Deny -------- ---- ------------ ----------- ---- e-deluxe.com/DLX-... NT AUTHORITY\SELF {FullAccess, Rea... False False e-deluxe.com/DLX-... E-DELUXE\d000480 {FullAccess} False False e-deluxe.com/DLX-... E-DELUXE\d000506 {FullAccess} False False e-deluxe.com/DLX-... E-DELUXE\DDGLWM01$ {ReadPermission} True False e-deluxe.com/DLX-... E-DELUXE\migrator {FullAccess, Del... True False e-deluxe.com/DLX-... E-ROOT\Exchange S... {FullAccess} True True e-deluxe.com/DLX-... E-DELUXE\Domain A... {FullAccess} True True e-deluxe.com/DLX-... E-ROOT\Domain Admins {FullAccess} True True e-deluxe.com/DLX-... E-ROOT\Enterprise... {FullAccess} True True e-deluxe.com/DLX-... E-ROOT\Exchange O... {FullAccess} True True e-deluxe.com/DLX-... E-DELUXE\ExchSrv1 {FullAccess} True True e-deluxe.com/DLX-... E-ROOT\ExchSrv1 {FullAccess} True True e-deluxe.com/DLX-... E-ROOT\Exchange P... {ReadPermission} True False e-deluxe.com/DLX-... E-ROOT\Exchange S... {FullAccess} True False e-deluxe.com/DLX-... NT AUTHORITY\NETW... {ReadPermission} True False e-deluxe.com/DLX-... E-ROOT\ExchSrv1 {FullAccess, Del... True False e-deluxe.com/DLX-... E-ROOT\Exchange S... {ReadPermission} True False e-deluxe.com/DLX-... E-ROOT\Exchange O... {FullAccess, Del... True False e-deluxe.com/DLX-... E-ROOT\Exchange V... {ReadPermission} True False e-deluxe.com/DLX-... E-DELUXE\ExchSrv1 {FullAccess, Del... True False e-deluxe.com/DLX-... NT AUTHORITY\Auth... {ReadPermission} True False e-deluxe.com/DLX-... E-ROOT\Enterprise... {FullAccess, Del... True False e-deluxe.com/DLX-... E-ROOT\Domain Admins {FullAccess, Del... True False For single user, I can able to generate it in powershell. But how we can generate it entire user in OU? ThanksFunnyghost

The above I sent will give you everyone in the domain. Below i tried out in my 2010 lab and it worked. So I assume it will work on your 07 server as the parameters should be available Get-Mailbox -OrganizationalUnit "OU=Admin Accounts,OU=Administration,dc=mylab,dc=ad" | Get-MailboxPermission | Where {($_.AccessRights -eq 'FullAccess') -and -not ($_.User -like "NT AUTHORITY\*")} I tossed in that -not to get rid of system accounts from the output. Also if you want to filter by different properties you can use properties from the -Filter parameter. The below article gives you the different filter options. http://technet.microsoft.com/en-us/library/bb738155(EXCHG.80).aspx Example of a filtered command would like something like this: Get-Mailbox -Filter {EmailAddresses -like '*@domain.com} | Get-MailboxPermission | Where {($_.AccessRights -eq 'FullAccess') -and -not ($_.User -like "NT AUTHORITY\*")} hthChris Morgan

Hi FunnyGhost, I have done the local test and I think Chris’s reply will help you. And here is a good article for you. How to: List Mailboxes with Full Mailbox Access Permission Assigned. Best regards, SerenaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Get-Mailbox -Server "SERVER NAME" -resultsize unlimited | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and -not ($_.User -like "NT AUTHORITY\SELF") -and ($_.IsInherited -eq $false) } |select User, identity | Export-Csv c:\FULL_MAILBOX_ACCESS_PERMISSION_ASSIGNED.csv Funnyghost

I am guessing that my response didnt help you at all considering you unmarked my response as the answer. Chris Morgan

Not like that dude. Really you and Serena's response helped me. People may get confused by seeing your response as the answer. Thats why I have unmarked. Though you response has given me some ideas but it is not the exact answer for this thread. Below is the correct script for this thread. So to avoid confusion I did unmark. Get-Mailbox -Server "SERVER NAME" -resultsize unlimited | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and -not ($_.User -like "NT AUTHORITY\SELF") -and ($_.IsInherited -eq $false) } |select User, identity | Export-Csv c:\FULL_MAILBOX_ACCESS_PERMISSION_ASSIGNED.csv If my action hurt you, I am extremly sorry!!! ThanksFunnyghost