How to get a list of all the Shared Mailboxes that a user have access to Exchange2010 | Exchange Management Shell or PowerShell?

Question

Get-Mailbox | Get-MailboxPermission -user

Get-Mailbox | Get-MailboxPermission -user | Where {$_.AccessRights -like "sendas*"}

Get-Mailbox | Get-ADPermission | Where {$_.extendedRights -like "send-as"}

All of the above commands does not work for me

Answer 1

I finally got it working with this script below, Run this script in Microsoft Exchange Management Shell make sure that execution policy is all granted before running the script in Management Shell

User with full access on User Mailboxes and Shared Mailboxes

Get-Mailbox | Get-MailboxPermission -user $user | Where {($.AccessRights -eq "FullAccess") -and -not ($.User -eq "NT AUTHORITY\SELF")} | Format-Table Identity,User

User with Send As access

Get-Mailbox | Get-ADPermission -user $user | Where {($.ExtendedRights -eq "*send-as*") -and -not ($.User -eq "NT AUTHORITY\SELF")} | Format-Table Identity,User

Answer 2

I would do something like this. It will output all shared mailboxes and the users that have access to it. For each user it displays the accessrights to the mailbox. Depending on the number of users and shared mailboxes, it might take a while to process.

(Because of the [ordered], you need Powershell version 3 or better. To use it in Powershell 2, remove the [ordered]. The order in wich the properties will be displayed is not guaranteed then.)

function Get-AllMailboxPermissions {
    $allMailboxes = Get-Mailbox -ResultSize Unlimited | Sort-Object Identity

    if ($allMailboxes.Count -eq 0) {
        Write-Warning "No mailboxes found."
        return
    }
    foreach ($box in $allMailboxes) {
        $perms = $box | Get-MailboxPermission |
                        Where-Object { $_.IsInherited -eq $false -and $_.User.ToString() -ne "NT AUTHORITY\SELF" -and $_.User.ToString() -notmatch '^S-1-' } |
                        Sort-Object User

        foreach ($prm in $perms) {
            $user = Get-Recipient -Identity $($prm.User.ToString()) -ErrorAction SilentlyContinue
            # skip inactive (deleted) users
            if ($user -and $user.DisplayName) { 
                $props = [ordered]@{
                    "Mailbox"      = "$($box.Identity)"
                    "User"         = $user.DisplayName
                    "AccessRights" = "$($prm.AccessRights -join ', ')"
                }
                New-Object PsObject -Property $props
            }
        }
    }
}

You would probably want to save this information in a csv file. In that case call the function like this:

Get-AllMailboxPermissions | Export-Csv -Path '<PATH-TO-OUTPUT.CSV>' -NoTypeInformation -Encoding UTF8 -Force

Tip: If you want to be able to open the csv in Excel by double-clicking it on the same machine, the Export-Csv cmdlet has a very useful switch -UseCulture. With this, the delimiter in the csv file will be the same Excel expects.