Want to List Office 365 Mailbox Permissions?

Hello Everyone-

 

 

Let’s say you want to get mailbox permissions on a cloud mailbox- easy enough right? Well- when you look at the user you will see it is actually the samaccount name in O365- which has a partial section of the name and then a bunch of numbers. Not really useful. You can take this user and run get-user “samaccountname” and get the actual identity. But how do you get all that in one csv or get a list of all mailbox permissions?

 

I was messing around with this since someone asked me if it was possible.. and here is what I came up with.

 

$dan=get-mailboxpermission “dan”

$dan | select-object accessrights,user,@{Name="userprincipalname";Expression={get-user$_.user }} |Export-Csv c:\temp\test4.csv –notypeinformation

The report will look like this: ** so we ADD the 3rd column after we perform a lookup for the value

AccessRights

User

userprincipalname

FullAccess,  ReadPermission

NT  AUTHORITY\SELF

 

FullAccess

NAMPR04A001\Deleg50549-408661602

Delegate2

FullAccess

NAMPR04A001\dante50549-335097617

dantest3

 

 

What if you have a lot of mailboxes you want to find out about?

 

Here is a good option as well..

$dan=get-mailbox|get-mailboxpermission

$dan | select-object identity,accessrights,user,@{Name="userprincipalname";Expression={get-user $_.user }} |Export-Csv c:\temp\test5.csv –notypeinformation

 

The report will look like this now: (Including identity to indicate what mailbox we get permissions for)

 

Identity

AccessRights

User

userprincipalname

activesynctest1

FullAccess,  ReadPermission

NT  AUTHORITY\SELF

 

dan

FullAccess,  ReadPermission

NT  AUTHORITY\SELF

 

dan

FullAccess

NAMPR04A001\Deleg50549-408661602

Delegate2

dan

FullAccess

NAMPR04A001\dante50549-335097617

dantest3

 

** So you will notice there are some unresolved accounts. These are the system managed accounts. However the accounts added by the tenant administrators will be resolved.

Hope this helps someone out there.