For shared mailboxes there are a whole host of reasons why you would want to export all the permissions from Shared Mailboxes. It could be that you are creating a migration strategy to Office 365 and need to know what mailboxes should be migrated with what users. Or simply to understand who has access into these mailboxes. The problem comes from standard reports that it is riddled with inherited permissions like NT_AUTHORITY\SELF and similar mailboxes that certainly won’t help that kind of report. So I have written a small script that will create a CSV file that filters out all the junk. Run this on any of the Exchange servers in your Org to obtain a complete report. It will create the CSV with Send-As and FullAccess permissions, using the ‘^’ as a delimiter. Import into Excel once you are done.
$OutFile = “C:\Reports\PermissionExport2.txt” “DisplayName” + “^” + “Alias” + “^” + “Full Access” + “^” + “Send As” | Out-File $OutFile -Force $Mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:unlimited | Select Identity, Alias, DisplayName, DistinguishedName ForEach ($Mailbox in $Mailboxes) { $SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like “Send-As” -and $_.User -notlike “NT AUTHORITY\SELF” -and !$_.IsInherited} | % {$_.User} $FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq “FullAccess” -and !$_.IsInherited} | % {$_.User} $Mailbox.DisplayName + “^” + $Mailbox.Alias + “^” + $FullAccess + “^” + $SendAs | Out-File $OutFile -Append }