How to move arbitration mailboxes in Exchange Server 2010/2013/2016/2019? I recommend you move the arbitration…
Get mailbox permissions with PowerShell
Today’s article will show how to get mailbox permissions with PowerShell. The mailbox permissions that we can assign are Send As, Send on Behalf, and Full Access permissions. If you like to export the permissions with a script read the article Export mailbox permissions to CSV file. A couple of users are changing positions or they are going on holiday. The company likes to know who has access to their Exchange mailboxes. Learn how to get mailbox permissions for specific user with PowerShell.
Table of contents
Get mailbox permissions for specific user
We are going to get the mailbox permissions for a specific user. There are three permissions on a mailbox that a user can be assigned too. These permissions are:
- Send As
- Send On Behalf
- Full Access
Get mailbox permissions Send As
The Send As permission allows a delegate to send email from this mailbox. The message will appear to have been sent by the mailbox owner.
Run Exchange Management Shell as administrator. Copy the cmdlet and change the name after -Identity, after that run it.
[PS] C:\>Get-Mailbox -Identity "Amanda Morgan" | Get-ADPermission | ? { $_.ExtendedRights -like "*send*" -and -not ($_.User -match "NT AUTHORITY")} | ft -auto User,ExtendedRights
User ExtendedRights
---- --------------
EXOIP\kylie.davidson {Send-As}
EXOIP\boris.campbell {Send-As}Get mailbox permissions Send on Behalf
The Send on Behalf permission allows the delegate to send email on behalf of this mailbox. The From line in any message sent by a delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.
[PS] C:\>Get-Mailbox -Identity "Amanda Morgan" | % {$_.GrantSendOnBehalfTo} | ft Name
Name
----
Christopher PayneGet mailbox permissions Full Access
The Full Access permission allows a delegate to open this mailbox and behave as the mailbox owner.
[PS] C:\>Get-Mailbox -Identity "Amanda Morgan" | Get-MailboxPermission | ?{($_.IsInherited -eq $False) -and -not ($_.User -match "NT AUTHORITY")} | ft User,AccessRights
User AccessRights
---- ------------
EXOIP\Benetiz.Anees {FullAccess}In the next step, we are going to get the mailbox permissions in Exchange Admin Center.
Find mailbox permissions in Exchange Admin Center
Sign in to Exchange Admin Center. Click recipients in the feature pane and follow with mailboxes in the tab. Find the user in the list view and double-click on it.
Click mailbox delegation in the left panel. After that, we can check the permissions to the assigned users. The following users do have Send As, Send on Behalf, and Full Acces permissions to the mailbox of the user Amanda Morgan.
I hope that this article helped you to get mailbox permissions with PowerShell.
Conclusion
In this article, you learned how to get mailbox permissions with PowerShell. Run the cmdlets as shown in the article to get the assigned permissions to the mailbox. You can always check the mailbox permissions in Exchange Admin Center.
Did you enjoy this article? You may also like Attachment size limit in Exchange Server. Follow us on Twitter and LinkedIn to stay up to date with the latest articles.
What Others Are Reading
Hello Ali
Thank you for all your awesome blogs and articles.
It seems that the command “Get-Mailbox -Identity “Amanda Morgan” | Get-ADPermission” doesn’t work anymore. Here is the error:
The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
+ CategoryInfo : InvalidArgument: (Group Security:PSObject) [Get-ADPermission], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Get-ADPermission
This article is for Exchange Server on-premises.
To get all the mailbox permissions in Microsoft 365 – Exchange Online, follow the article: Export Office 365 mailbox permissions to CSV.
How to export/import this send-as permissions?