Le Café Central de Deva
let.us.share.develop.more... Deva blogs!!
In Exchange Server 2007/2010, you can use Exchange PowerShell cmdlets (especially using Get-Mailbox, Get-MailboxPermission, Get-ADPermission, Get-MailboxFolderPermission) to get a verity of info. I played with couple of the below in different scenarios and want to share the same with you – so that you can give a shot and make use of.
Scenario # 1: How to query permissions on a mailbox (testuser1)? > Get-MailboxPermission test1
Scenario #2: How to query permissions of all the mailboxes on a particular server? > Get-Mailbox –Server “ServerName” | Get-MailboxPermission
Scenario #3: How to query permissions of all the mailboxes? > Get-Mailbox | Get-MailboxPermission Note: This will get the list of all permissions (including SELF permissions and inherited permissions)
Scenario # 4: How to query permissions of all the mailboxes (filter out SELF and inherited permissions)? > Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false}
Scenario #5: How to query mailbox permissions and Security permissions (only enumerate permissions that are not Inherited)? > Get-Mailbox | Get-MailboxPermission | where {$_.IsInherited -eq $False} Note: The above query will get you the “explicitly assigned permissions”
Scenario #6: How to query the explicitly assigned permissions (filter out SELF permissions)? > Get-Mailbox | Get-MailboxPermission | where { ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) }
Scenario #7: How to query list of all mailboxes with Send-As permission assigned on them? > Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”)} | FT –Wrap Note: This will get the list of mailboxes with Send-As permission assigned. Also you can notice that it shows Send-As permissions assigned to SELF on all mailboxes also.
Scenario #8: How to query list of all mailboxes with Send-As permission assigned on them (filter out SELF and inherited permissions as similar to Scenario #4)? > Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT –Wrap
Scenario #9: How to query the permissions of shared calendar in Exchange 2010? > Get-MailboxFolderPermission –identity “mailboxaccount*:\Calendar” Note: If you just try Get-MailboxFolderPermission with identity with mailboxaccount won’t get you the above.
Scenario #10: How to query the users rights to a specific users mailbox? > Get-MailboxPermission –identity “username” | fl user, accessrights
Scenario #11: How to query the permissions for every users mailbox? > Get-MailboxPermission –identity * | fl user, identity, accessrights
Note: + Exporting the data: At anypoint of time, if you want to export the above results to a CSV file, then you can use “Export-csv”. Say, let we try with one of the above scenario – try with scenario # 2: > Get-Mailbox | Get-MailboxPermission | Export-csv C:\permissions.csv
+ Automation using .Net Framework: If you want to like to add Exchange management capabilities to your Microsoft .NET Framework–based applications then you can try the above by referring the following: http://msdn.microsoft.com/en-us/library/bb332449(v=exchg.80).aspx and http://msdn.microsoft.com/en-us/library/ff326159(v=exchg.140).aspx.
Happy PowerShelling and automation…!!