This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 78%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Hi Experts,
I need the script :
How to extract List of all Users Who Have Full Access, Send As and Send on Behalf to Other Exchange Mailboxes.
It is Okay, if there is separate command for these access.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @Mohammad Ashraful Haque ,
According to my research, we cannot directly obtain the permissions of the user's mailbox to other mailboxes.We can know whether each user mailbox contains the "Full Access", "Send As" and "Send on Behalf" permissions of other mailboxes through the permissions assigned to other users on each user's mailbox.
We could run the following script to get the permission between user mailbox:
Full Access:
$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"')
foreach ($mailbox in $mailboxes)
{ Get-MailboxPermission -Identity $mailbox.alias -ResultSize Unlimited | ?{($_.IsInherited -eq $false) -and ($_.User -ne "NT AUTHORITY\SELF") -and ($_.AccessRights -like "FullAccess")} | select Identity, User, AccessRights }
Send As:
$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"')
foreach ($mailbox in $mailboxes)
{ Get-ADPermission -Identity $mailbox.alias | ? { $_.ExtendedRights -like "*send*" -and -not ($_.User -match "NT AUTHORITY") -and ($_.IsInherited -eq $false)} | select Identity,User,ExtendedRights }
Send On Behalf:
Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"') | select Alias, GrantSendOnBehalfTo
The following screenshots in the test in lab environment:
Full Access:
Send As:
Send On Behalf:
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Mohammad Ashraful Haque ,
I am writing here to confirm with you how thing going now?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Mohammad Ashraful Haque ,
I am writing here to confirm with you how thing going now?
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Anyway of getting the original mailbox user name? The Identity field is too long since the users are buried in OU's in my AD.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 65%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWV%3C/text%3E%3C/svg%3E)
The one for SendAs in Exchange online is the following. Code below for shared mailboxes
$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "SharedMailbox"')
foreach ($mailbox in $mailboxes)
{ Get-RecipientPermission -Identity $mailbox.alias | Where-Object { $_.AccessRights -like "*send*" -and -not ($_.Trustee -match "NT AUTHORITY") -and ($_.IsInherited -eq $false)} | select Identity,Trustee,AccessRights }