Exchange Shell - Finding Mailboxes With Send As And Full Access Permission...

Exchange 2007 SP1 brings the option to configure Send-As and FullAccess permission to a mailbox using the EMC. I have come across scenarios where you have to find all users with send-as permission in your organization.

Things are easy now with the help of powershell. Run the command in order to find out all users who have send-as permission assigned to mailboxes other than their own.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self") }

You can customize the output to get only the fields you need.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self") } | Select Identity, User

You can export the output to a CSV file.

Get-Mailbox | Get-ADPermission | Where-Object { ($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self") } | Select Identity, User | Export-CSV c:\sendas.cvs

What if you want to find out all users who have FullAccess to other mailboxes in your organization.
Run the following command.

Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "*fullaccess*") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authority\self*") }

Another variation of the above request is to find to which all mailboxes a user has fullaccess. For example, I have a user named Rajith Jose. I want to know to which all mailboxes Rajith Jose have full access to. Run the following for the same

Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "*fullaccess*") -and ($_.User -like "*rajith*") }

You can always select the output by pipelining the above command to a select statement and export it to a csv file by using Export-CSV filepath switch.