how to find full mailbox rights on all the mailbox in exchange 2007
How to find who are are all having full mailbox rights on all the mailbox (but not in single mailbox) in exchange 2007 server.
I know how to find for single mailbox.
ThanksFunnyghost
December 17th, 2010 1:02pm
Not sure if this will do what you want but how about this?
Get-MailboxPermission * | Where {$_.AccessRights -eq "FullAccess"}
or
Get-MailboxPermission -Identity * | Where {$_.AccessRights -eq "FullAccess"}Chris Morgan
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2010 1:34pm
get-MailboxPermission -Identity 'CN=T71014,OU=Small Business Channel,OU=DLX-Users,DC=e-deluxe,DC=com'
Identity User AccessRights IsInherited Deny
-------- ---- ------------ ----------- ----
e-deluxe.com/DLX-... NT AUTHORITY\SELF {FullAccess, Rea... False False
e-deluxe.com/DLX-... E-DELUXE\d000480 {FullAccess} False False
e-deluxe.com/DLX-... E-DELUXE\d000506 {FullAccess} False False
e-deluxe.com/DLX-... E-DELUXE\DDGLWM01$ {ReadPermission} True False
e-deluxe.com/DLX-... E-DELUXE\migrator {FullAccess, Del... True False
e-deluxe.com/DLX-... E-ROOT\Exchange S... {FullAccess} True True
e-deluxe.com/DLX-... E-DELUXE\Domain A... {FullAccess} True True
e-deluxe.com/DLX-... E-ROOT\Domain Admins {FullAccess} True True
e-deluxe.com/DLX-... E-ROOT\Enterprise... {FullAccess} True True
e-deluxe.com/DLX-... E-ROOT\Exchange O... {FullAccess} True True
e-deluxe.com/DLX-... E-DELUXE\ExchSrv1 {FullAccess} True True
e-deluxe.com/DLX-... E-ROOT\ExchSrv1 {FullAccess} True True
e-deluxe.com/DLX-... E-ROOT\Exchange P... {ReadPermission} True False
e-deluxe.com/DLX-... E-ROOT\Exchange S... {FullAccess} True False
e-deluxe.com/DLX-... NT AUTHORITY\NETW... {ReadPermission} True False
e-deluxe.com/DLX-... E-ROOT\ExchSrv1 {FullAccess, Del... True False
e-deluxe.com/DLX-... E-ROOT\Exchange S... {ReadPermission} True False
e-deluxe.com/DLX-... E-ROOT\Exchange O... {FullAccess, Del... True False
e-deluxe.com/DLX-... E-ROOT\Exchange V... {ReadPermission} True False
e-deluxe.com/DLX-... E-DELUXE\ExchSrv1 {FullAccess, Del... True False
e-deluxe.com/DLX-... NT AUTHORITY\Auth... {ReadPermission} True False
e-deluxe.com/DLX-... E-ROOT\Enterprise... {FullAccess, Del... True False
e-deluxe.com/DLX-... E-ROOT\Domain Admins {FullAccess, Del... True False
For single user, I can able to generate it in powershell. But how we can generate it entire user in OU?
ThanksFunnyghost
December 17th, 2010 1:38pm
The above I sent will give you everyone in the domain. Below i tried out in my 2010 lab and it worked. So I assume it will work on your 07 server as the parameters should be available
Get-Mailbox -OrganizationalUnit "OU=Admin Accounts,OU=Administration,dc=mylab,dc=ad" | Get-MailboxPermission | Where {($_.AccessRights -eq 'FullAccess') -and -not ($_.User -like "NT AUTHORITY\*")}
I tossed in that -not to get rid of system accounts from the output. Also if you want to filter by different properties you can use properties from the -Filter parameter. The below article gives you the different filter options.
http://technet.microsoft.com/en-us/library/bb738155(EXCHG.80).aspx
Example of a filtered command would like something like this:
Get-Mailbox -Filter {EmailAddresses -like '*@domain.com} | Get-MailboxPermission | Where {($_.AccessRights -eq 'FullAccess') -and -not ($_.User -like "NT AUTHORITY\*")}
hthChris Morgan
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2010 2:36pm
Hi FunnyGhost,
I have done the local test and I think Chris’s reply will help you. And here is a good article for you.
How to: List Mailboxes
with Full Mailbox Access Permission Assigned.
Best regards,
SerenaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
December 20th, 2010 5:02am
Get-Mailbox -Server "SERVER NAME" -resultsize unlimited | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and -not ($_.User -like "NT AUTHORITY\SELF") -and ($_.IsInherited -eq $false) } |select User, identity | Export-Csv c:\FULL_MAILBOX_ACCESS_PERMISSION_ASSIGNED.csv
Funnyghost
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2010 1:32am
I am guessing that my response didnt help you at all considering you unmarked my response as the answer.
Chris Morgan
December 28th, 2010 1:53pm
Not like that dude. Really you and Serena's response helped me. People may get confused by seeing your response as the answer. Thats why I have unmarked.
Though you response has given me some ideas but it is not the exact answer for this thread. Below is the correct script for this thread. So to avoid confusion I did unmark.
Get-Mailbox -Server "SERVER NAME" -resultsize unlimited | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and -not ($_.User -like "NT AUTHORITY\SELF") -and ($_.IsInherited -eq $false) } |select User, identity | Export-Csv c:\FULL_MAILBOX_ACCESS_PERMISSION_ASSIGNED.csv
If my action hurt you, I am extremly sorry!!!
ThanksFunnyghost
Free Windows Admin Tool Kit Click here and download it now
December 29th, 2010 8:32am