Check if a user account have permissions on an Exchange mailbox
Check if a user account have permissions on an Exchange mailbox

The script below will help you to find if a group of users have permissions on a mailbox hosted on an Exchange server. The group list is built by querying a specific OU in the Active Directory. In the example, the OU distinguished name is : OU=Users,DC=domain,DC=net

The Exchange database defined in the variable $exch_db can be either specific or generic using wildcard :

  • $exch_db = “specific_Exch_dbname”

or

  • $exch_db = “Exch_dbname*”

The script will check if each user found in OU=Users,DC=domain,DC=net have permissions on a mailbox hosted on the Exchange db specified above. At the end, a csv file is created containing for each line :
Mailbox_Identity , AD user account , Mailbox_LegacyDN , Mailbox_size_in_MB

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
import-module activedirectory

$list = Get-ADUser -SearchBase "OU=Users,DC=domain,DC=net" -Filter *
$domain = "domain"
$exch_db = "your_exchange_dbnames*"
$exch_db_list = Get-MailboxDatabase | ? { $_.Name -like $exch_db}

$mailboxperm_array = @()
$mailboxperm = @()

$exch_db_list | % {
	$exch_dbname = $_.Name
	$mailboxdb = Get-mailbox -database $exch_dbname | select guid,LegacyExchangeDN,Name

	$mailboxdb | % { 
		$mb_guid = $_.Guid.tostring()
		$mb_legdn = $_.LegacyExchangeDN.tostring()
		$mailboxperm += Get-MailboxPermission $mb_guid | select Identity,User,@{label="LegacyDN";expression={$mb_legdn}},@{label="Guid";expression={$mb_guid}}
	}

	$mailboxperm_array += $mailboxperm | ? {if ($_.user -match "^$domain") { $list -match ($_.user).tostring().split("\")[1] } }
}

$mailboxsize_array = $mailboxperm_array | select Identity -uniq | % { get-mailbox $_.Identity | Get-MailboxStatistics | select LegacyDN,MailboxGuid, @{label="TotalSize(MB)";expression={($_.TotalDeletedItemSize.Value.ToMB() + $_.TotalItemSize.Value.ToMB())}} }

$array = @()
$mailboxperm_array | % { 
	$array += $_ | select Identity,user,LegacyDN,@{label="TotalSize";expression={ ((($mailboxsize_array) -match [regex]::escape($_.LegacyDN))|select "TotalSize(MB)")."TotalSize(MB)" }}  
}

$array | export-csv c:\temp\excharr.csv

Reference

Get-MailboxPermission

<>

My Powershell script categories

Check if a user account have permissions on an Exchange mailbox

Leave a Reply

Your email address will not be published.