Windows OS Hub / Exchange / Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

April 5, 2022 ExchangeMicrosoft 365Office 365PowerShell

Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

When auditing mailbox permissions in an Exchange Server organization or Microsoft 365 tenant (Exchange Online), the administrator needs to find all the mailboxes that a particular user has access to. In this article, we will take a look at some PowerShell scripts to get a list of mailboxes (and particular Outlook folder) a specific user has access permissions to.

Contents:

List All Exchange or Microsoft 365 Mailboxes a User Can Access to

Use the Get-MailboxPermission cmdlet to get a list of permissions assigned to a mailbox.

Previously, we showed how to manage mailboxes and folders permissions in Exchange/Microsoft 365.

Open a PowerShell console and connect remotely to your on-premises Exchange Server or Microsoft 365 (Exchange Online).

The command below displays a list of users having permission to access the specified mailbox:

get-mailboxpermission -identity t.muller@woshub.onmicrosoft.com |ft -AutoSize

get-mailboxpermission - check mailbox permissions using powershell

In this example, you can see that Grady and Henrietta have assigned the Full Access permissions to the specified mailbox. The permissions are assigned manually (not inherited), since IsInherited = False.

You can display a full report on the permissions assigned to mailboxes and show it in a convenient Out-GridView table:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Out-GridView

Using the following PowerShell command, you can find and list mailboxes in your Exchange organization or tenant that a specific user has Full Access permissions to:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User Henrietta | ft User,Identity,AccessRights

List all mailboxes to which a particular user has access to (AccessRights)

In this example, we have found that a user has been assigned Full Access to three mailboxes (the Identity column).

In Microsoft 365, you can use the new Exchange Online PowerShell v2 (EXO V2) module cmdlets to get this list:

Get-EXOMailbox -ResultSize Unlimited | Get-EXOMailboxPermission -Identity $_.Identity | Where-Object {$_.User -eq "Henrietta@woshub.onmicrosoft.com"}

You can use filters by the mailbox type. It will make your search faster. To do it, add the –RecipientTypeDetails option to the Get-EXOMailbox or Get-Mailbox command and specify the mailbox type you want to search for:

  • DiscoveryMailbox
  • EquipmentMailbox
  • GroupMailbox
  • LegacyMailbox
  • LinkedMailbox
  • LinkedRoomMailbox
  • RoomMailbox
  • SchedulingMailbox
  • SharedMailbox
  • TeamMailbox
  • UserMailbox

For example:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox| Get-MailboxPermission -User "Henrietta" | ft User,Identity,AccessRights

To find mailboxes a user has SendAs permissions on:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee Henrietta

You can also find mailboxes with Send on behalf permissions enabled:

Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match "Henrietta"}

You can use Exchange audit logging and Azure sign-in logs to get information about user activities in other users’ mailboxes.

How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

In addition to assigning permissions to the entire Exchange (Microsoft 365) mailbox, you can grant access to a specific mailbox folder. For example, only to the Inbox or Calendar folder. When auditing user permissions, sometimes you have to find not only mailboxes with FullAccess permissions but also specific folders in users’ mailboxes that other users have access to.

You can get a list of folders in the specified mailbox by using the Get-MailboxFolderStatistics cmdlet. Then you can use the Get-MailboxFolderPermission to list folder permissions.

The following PowerShell script checks all mailboxes in your organization and lists the folders (including subfolders) a user has access to.

In Exchange organizations with a large number of mailboxes, the script may work slowly. It is recommended to pre-filter the list of mailboxes or check it in parts. The size of the mailbox and the number of folders in them also affect script performance when you get information about a folder using Get-MailboxFolderStatistics.

$user_find_permissions= "*Henrietta Fischer*"
$allpermissions = @()
$MBXs= Get-Mailbox -ResultSize Unlimited
Foreach ($MBX in $MBXs){
$MBXfolders=Get-MailboxFolderStatistics $MBX.PrimarySmtpAddress |select Name
Foreach ($MBXfolder in $MBXfolders){
try {
$folder=$MBX.PrimarySmtpAddress + ":\" + $MBXfolder.name
$folderpermessions= Get-MailboxFolderPermission -Identity $folder -ErrorAction Stop | where {($_.user -like $user_find_permissions)}
$allpermissions += $folderpermessions
}
catch {
Continue
}
}
}
$allpermissions | select Identity, FolderName, User,AccessRights

Find an assigned folder permissions in mailboxes using Get-MailboxFolderPermission

This PowerShell script will list all folders in other users’ mailboxes a particular user has access to. The mailbox name (Identity), FolderName, and assigned folder permissions (Editor, Reviewer, etc.) are displayed.

You can use the Search-Mailbox or New-ComplianceSearch cmdlets to search and delete specific email messages in user mailboxes.

Also, you can use the new Get-EXOMailbox, Get-EXOMailboxFolderPermission, and Get-EXOMailboxFolderStatistics cmdlets in the EXOv2 module for Microsoft 365.

0 comment
7
Facebook Twitter Google + Pinterest

Related Reading

Configuring Event Viewer Log Size on Windows

May 24, 2023

How to Detect Who Changed the File/Folder NTFS...

May 24, 2023

How to Create, Change, and Remove Local Users...

May 17, 2023

View Success and Failed Local Logon Attempts on...

May 2, 2023

Fix: “Something Went Wrong” Error When Installing Teams

May 2, 2023

Leave a Comment