Want to List Office 365 Mailbox Permissions?
Hello Everyone-
Let’s say you want to get mailbox permissions on a cloud mailbox- easy enough right? Well- when you look at the user you will see it is actually the samaccount name in O365- which has a partial section of the name and then a bunch of numbers. Not really useful. You can take this user and run get-user “samaccountname” and get the actual identity. But how do you get all that in one csv or get a list of all mailbox permissions?
I was messing around with this since someone asked me if it was possible.. and here is what I came up with.
$dan=get-mailboxpermission “dan”
$dan | select-object accessrights,user,@{Name="userprincipalname";Expression={get-user$_.user }} |Export-Csv c:\temp\test4.csv –notypeinformation
The report will look like this: ** so we ADD the 3rd column after we perform a lookup for the value
AccessRights |
User |
userprincipalname |
FullAccess, ReadPermission |
NT AUTHORITY\SELF |
|
FullAccess |
NAMPR04A001\Deleg50549-408661602 |
Delegate2 |
FullAccess |
NAMPR04A001\dante50549-335097617 |
dantest3 |
What if you have a lot of mailboxes you want to find out about?
Here is a good option as well..
$dan=get-mailbox|get-mailboxpermission
$dan | select-object identity,accessrights,user,@{Name="userprincipalname";Expression={get-user $_.user }} |Export-Csv c:\temp\test5.csv –notypeinformation
The report will look like this now: (Including identity to indicate what mailbox we get permissions for)
Identity |
AccessRights |
User |
userprincipalname |
activesynctest1 |
FullAccess, ReadPermission |
NT AUTHORITY\SELF |
|
dan |
FullAccess, ReadPermission |
NT AUTHORITY\SELF |
|
dan |
FullAccess |
NAMPR04A001\Deleg50549-408661602 |
Delegate2 |
dan |
FullAccess |
NAMPR04A001\dante50549-335097617 |
dantest3 |
** So you will notice there are some unresolved accounts. These are the system managed accounts. However the accounts added by the tenant administrators will be resolved.
Hope this helps someone out there.