Export Permissions from Shared Mailboxes


For shared mailboxes there are a whole host of reasons why you would want to export all the permissions from Shared Mailboxes. It could be that you are creating a migration strategy to Office 365 and need to know what mailboxes should be migrated with what users. Or simply to understand who has access into these mailboxes. The problem comes from standard reports that it is riddled with inherited permissions like NT_AUTHORITY\SELF and similar mailboxes that certainly won’t help that kind of report. So I have written a small script that will create a CSV file that filters out all the junk. Run this on any of the Exchange servers in your Org to obtain a complete report. It will create the CSV with Send-As and FullAccess permissions, using the ‘^’ as a delimiter. Import into Excel once you are done.

$OutFile = “C:\Reports\PermissionExport2.txt” “DisplayName” + “^” + “Alias” + “^” + “Full Access” + “^” + “Send As” | Out-File $OutFile -Force $Mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:unlimited | Select Identity, Alias, DisplayName, DistinguishedName ForEach ($Mailbox in $Mailboxes) { $SendAs = Get-ADPermission $Mailbox.DistinguishedName | ? {$_.ExtendedRights -like “Send-As” -and $_.User -notlike “NT AUTHORITY\SELF” -and !$_.IsInherited} | % {$_.User} $FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq “FullAccess” -and !$_.IsInherited} | % {$_.User} $Mailbox.DisplayName + “^” + $Mailbox.Alias + “^” + $FullAccess + “^” + $SendAs | Out-File $OutFile -Append }

Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)