We have an existing Azure AD Connect synchronization with Microsoft 365 tenant. We did create…
Export mailbox permissions to CSV file
We like to export mailbox permissions to CSV file in Exchange Server. That’s because the company is merging with another company, and they asked us to check every mailbox permission. These are the mailboxes and the shared mailboxes permissions. We can sign in to Exchange Admin Center, open every mailbox, and write down the users’ permission. That will take time. What if we can run a powerful script that can do the work for us? In this article, you will learn how to export mailbox permissions to CSV file with PowerShell.
Table of contents
- Export mailbox permissions PowerShell script
- Prepare the export Exchange mailbox permissions script
- Export all mailbox permissions to CSV file
- Export mailbox permissions of selected user or users
- Export shared mailbox permissions to CSV file
- Export resources mailbox permissions to CSV file
- Export distribution group permissions to CSV file
- Conclusion
Export mailbox permissions PowerShell script
The script will scan the mailbox databases and check the mailboxes one by one. It will dump everything it does to a text file and export the permissions to the CSV file. The progress can take time, depending on the Exchange organization size. In my example, the script took 89 seconds to run. It did scan 38 items in total.
The script will check the permissions on the following:
- Mailboxes
- Distribution Groups
- Resource Mailboxes
- Shared Mailboxes
The script will export the following Exchange Mailbox permissions to CSV file:
- Send As
- Full Access
- Send On Behalf
The exported CSV file will contain the following information for each mailbox permissions:
- Display Name
- Primary SMTP Address
- Full Access permissions
- Send As permissions
- Send On Behalf permissions
Note: The export mailbox permissions PowerShell script works for Exchange Server 2010/2013/2016/2019.
Now that we have looked at what the script can do, our next step is to download and set it up. After that, we will run the script and check the exported results.
Prepare the export Exchange mailbox permissions script
Download the PowerShell script that Samuel F. Drey created from here (direct link) or here (GitHub). Place the script in the C:\scripts folder. Create a scripts folder if you don’t have one.
Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Export all mailbox permissions to CSV file
The default cmdlet is going to export the permissions of all mailboxes. These are the Mailboxes, Distribution Groups, Resource Mailboxes, and Shared Mailboxes.
Run Exchange Management Shell as administrator. Change the path to the scripts directory and run the script.
[PS] C:\>cd C:\scripts
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-20-22-28-
02.csv
Checking if user specified -DistributionGroupsOnly switch...
Beginning routing to dump mailbox Send As, Full Access, and Send On Behalf permissions
Getting all databases
Processing Database DB01
The full mailbox command launched is :
Get-Mailbox -resultsize unlimited -database "DB01"
Parsing 37 mailboxes...
Working on mailbox Amanda Morgan which Primary SMTP is Amanda.Morgan@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
Found one or more SendOnBehalf Permission ! Dumping ...
Working on mailbox Christopher Payne which Primary SMTP is Christopher.Payne@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
Found one or more SendOnBehalf Permission ! Dumping ...
Working on mailbox Mary Walsh which Primary SMTP is Mary.Walsh@exoip.com
No custom Send As permissions detected
No custom Full Access permissions detected
No custom SendOnBehalf permissions detectedAfter the script finishes, the CSV file will show up.
Verify the permissions in CSV file
The script will create two files after exporting the permissions. Find the exported CSV file.
Open the CSV file with your favorite program. I used Microsoft Excel. We can see the mailbox permissions in an easy view.
Export mailbox permissions of selected user or users
What if we like to export mailbox permissions for a single user or multiple users? If we run the above cmdlet, it will search the whole organization, and that will take time.
We will make use of the -MailboxList parameter and add the name of the user that we want to export the permissions from.
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1 -MailboxList "Christopher Payne"
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-00-47-47.csv
Checking if user specified -DistributionGroupsOnly switch...
Using -MailboxList parameter, checking mailboxes from that list (1 mailboxes in the list)
Processing mailbox Christopher Payne
SUCCESS - Successfully located mailbox Christopher Payne : its primary SMTP address is : Christopher.Payne@exoip.com
Working on mailbox Christopher Payne which Primary SMTP is Christopher.Payne@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
Found one or more SendOnBehalf Permission ! Dumping ...
saving file in C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-00-47-47.csv
The script took 2.5061906 seconds to execute...If we like to export permissions of more than one user, we need to add the users with a comma-separated.
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1 -MailboxList "Christopher Payne", "Emma Underwood"
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-00-48-28.csv
Checking if user specified -DistributionGroupsOnly switch...
Using -MailboxList parameter, checking mailboxes from that list (2 mailboxes in the list)
Processing mailbox Christopher Payne
SUCCESS - Successfully located mailbox Christopher Payne : its primary SMTP address is : Christopher.Payne@exoip.com
Working on mailbox Christopher Payne which Primary SMTP is Christopher.Payne@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
Found one or more SendOnBehalf Permission ! Dumping ...
Processing mailbox Emma Underwood
SUCCESS - Successfully located mailbox Emma Underwood : its primary SMTP address is : Emma.Underwood@exoip.com
Working on mailbox Emma Underwood which Primary SMTP is Emma.Underwood@exoip.com
No custom Send As permissions detected
No custom Full Access permissions detected
No custom SendOnBehalf permissions detected
saving file in C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-00-48-28.csv
The script took 4.8661493 seconds to execute...Export shared mailbox permissions to CSV file
In the first part, we have seen how to export the permissions of all the mailboxes. In the second part, we did export the permissions of a single user or specified users. It’s possible to only export the shared mailboxes permissions.
Let’s make use of the -SharedMailboxes parameter.
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1 -SharedMailboxes
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-22-12-
30.csv
Checking if user specified -DistributionGroupsOnly switch...
Beginning routing to dump mailbox Send As, Full Access, and Send On Behalf permissions
Getting all databases
Processing Database DB01
Specified Resource Mailboxes parameter ? False
Specified SharedMailboxes parameter ? True
The full mailbox command launched is :
Get-Mailbox -resultsize unlimited -database "DB01" -RecipientTypeDetails SharedMailbox
Parsing 3 mailboxes...
Working on mailbox Shared Info which Primary SMTP is sharedinfo@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
No custom SendOnBehalf permissions detected
Working on mailbox Shared Sales which Primary SMTP is sharedsales@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
No custom SendOnBehalf permissions detected
Working on mailbox Shared HR which Primary SMTP is sharedhr@exoip.com
Found one or more SendAs Permission ! Dumping ...
Found one or more Full Access Permission ! Dumping ...
No custom SendOnBehalf permissions detected
saving file in C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-22-12-30.csv
The script took 7.904148 seconds to execute...Export resources mailbox permissions to CSV file
What if we only want to export the resources mailboxes permissions?
We can make use of the -ResourceMailboxes parameter.
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1 -DistributionGroupsOnly
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-22-40-28.csv
Checking if user specified -DistributionGroupsOnly switch...
User specified the -DistribugionGroupsOnly switch. Beginning Distribution Groups SendAs / GrantSendOnBehalfTo permissions dump...
Getting all distribution Groups
Testing whether the user set the -IncludeDynamic boolean parameter to $false ($true by default)
User didn't specify the -IncludeDynamic or set -IncludeDynamic to $false - including Dynamic DLs
Working on Distribution Group Management which Primary SMTP is Management@exoip.com
No custom Send As permissions detected
Found one or more SendOnBehalf Permission ! Dumping ...
saving file in C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-21-22-40-28.csv
The script took 2.8954808 seconds to execute...Export distribution group permissions to CSV file
As of last, we like to export the distribution group permissions to CSV file.
We can use the -DistributionGroupsOnly parameter.
[PS] C:\scripts>.\Export-MailboxFASAPermissions.ps1 -DistributionGroupsOnly
********************** Beginning execution ***********************
Testing if Exchange tools are present
CommandType Name Version Source
----------- ---- ------- ------
Function Get-Mailbox 1.0 ex01-2016.exoip.local
Exchange tools are present !
True
Exchange Tools present ! continuing to test if user specified Output file
Not Output file specified, using the script standard name C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-20-22-45-18.csv
Checking if user specified -DistributionGroupsOnly switch...
User specified the -DistribugionGroupsOnly switch. Beginning Distribution Groups SendAs / GrantSendOnBehalfTo permissions dump...
Getting all distribution Groups
Testing whether the user set the -IncludeDynamic boolean parameter to $false ($true by default)
User didn't specify the -IncludeDynamic or set -IncludeDynamic to $false - including Dynamic DLs
Working on Distribution Group Management which Primary SMTP is Management@exoip.com
No custom Send As permissions detected
Found one or more SendOnBehalf Permission ! Dumping ...
saving file in C:\scripts\Export-MailboxFASAPermissions.ps1_2020-05-20-22-45-18.csv
The script took 2.259128 seconds to execute...That’s it!
Read more: Export mailbox folder permissions to CSV file »
Conclusion
You learned how to export mailbox permissions to CSV file. It’s a great PowerShell script that gathers the Exchange Server mailbox permissions of all mailboxes or single mailboxes. The next time you want to audit an Exchange organization, don’t forget to check the permissions with the PowerShell script.
Did you enjoy this article? You may also like How to fix Exchange Server disk space full. Don’t forget to follow us and share this article.
What Others Are Reading
Hi Ali,
to include the old 2010 servers of my customers environment I’ve changed the line as following.
It seems to work too 😉
“$Databases = Get-MailboxDatabase”
to
“$Databases = Get-MailboxDatabase -IncludePreExchange2013”
Oliver
Great, and thanks for letting us know!
Hi
Is it possible to adapt this script to run in and Exchange Online (Microsoft 365/Office 365).
What changes would need to be put in place?
Thanks
JS
For Microsoft 365/Office 365, use the script in the article Export Office 365 mailbox permissions to CSV.
When i need the OU of every user as seperate column? how would this work?
thank you