Windows OS Hub / Exchange / Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

February 10, 2023 ExchangeMicrosoft 365Office 365PowerShell

Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

When auditing mailbox permissions in an Exchange Server organization or Microsoft 365 tenant (Exchange Online), the administrator needs to find all the mailboxes that a particular user has access to. In this article, we will take a look at some PowerShell scripts to get a list of mailboxes (and particular Outlook folder) a specific user has access permissions to.

Contents:

List All Exchange or Microsoft 365 Mailboxes a User Can Access to

Use the Get-MailboxPermission cmdlet to get a list of permissions assigned to a mailbox.

Previously, we showed how to manage mailboxes and folders permissions in Exchange/Microsoft 365.

Open a PowerShell console and connect remotely to your on-premises Exchange Server or Microsoft 365 (Exchange Online).

The command below displays a list of users having permission to access the specified mailbox:

get-mailboxpermission -identity [email protected] |ft -AutoSize

get-mailboxpermission - check mailbox permissions using powershell

In this example, you can see that Grady and Henrietta have assigned the Full Access permissions to the specified mailbox. The permissions are assigned manually (not inherited), since IsInherited = False.

You can display a full report on the permissions assigned to mailboxes and show it in a convenient Out-GridView table:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Out-GridView

Using the following PowerShell command, you can find and list mailboxes in your Exchange organization or tenant that a specific user has Full Access permissions to:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User Henrietta | ft User,Identity,AccessRights

List all mailboxes to which a particular user has access to (AccessRights)

In this example, we have found that a user has been assigned Full Access to three mailboxes (the Identity column).

In Microsoft 365, you can use the new Exchange Online PowerShell v2 (EXO V2) module cmdlets to get this list:

Get-EXOMailbox -ResultSize Unlimited | Get-EXOMailboxPermission -Identity $_.Identity | Where-Object {$_.User -eq "[email protected]"}

You can use filters by the mailbox type. It will make your search faster. To do it, add the –RecipientTypeDetails option to the Get-EXOMailbox or Get-Mailbox command and specify the mailbox type you want to search for:

  • DiscoveryMailbox
  • EquipmentMailbox
  • GroupMailbox
  • LegacyMailbox
  • LinkedMailbox
  • LinkedRoomMailbox
  • RoomMailbox
  • SchedulingMailbox
  • SharedMailbox
  • TeamMailbox
  • UserMailbox

For example:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox| Get-MailboxPermission -User "Henrietta" | ft User,Identity,AccessRights

To find mailboxes a user has SendAs permissions on:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee Henrietta

You can also find mailboxes with Send on behalf permissions enabled:

Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match "Henrietta"}

You can use Exchange audit logging and Azure sign-in logs to get information about user activities in other users’ mailboxes.

How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

In addition to assigning permissions to the entire Exchange (Microsoft 365) mailbox, you can grant access to a specific mailbox folder. For example, only to the Inbox or Calendar folder. When auditing user permissions, sometimes you have to find not only mailboxes with FullAccess permissions but also specific folders in users’ mailboxes that other users have access to.

You can get a list of folders in the specified mailbox by using the Get-MailboxFolderStatistics cmdlet. Then you can use the Get-MailboxFolderPermission to list folder permissions.

The following PowerShell script checks all mailboxes in your organization and lists the folders (including subfolders) a user has access to.

In Exchange organizations with a large number of mailboxes, the script may work slowly. It is recommended to pre-filter the list of mailboxes or check it in parts. The size of the mailbox and the number of folders in them also affect script performance when you get information about a folder using Get-MailboxFolderStatistics.

$user_find_permissions= "*Henrietta Fischer*"
$allpermissions = @()
$MBXs= Get-Mailbox -ResultSize Unlimited
Foreach ($MBX in $MBXs){
$MBXfolders=Get-MailboxFolderStatistics $MBX.PrimarySmtpAddress |select Name
Foreach ($MBXfolder in $MBXfolders){
try {
$folder=$MBX.PrimarySmtpAddress + ":\" + $MBXfolder.name
$folderpermessions= Get-MailboxFolderPermission -Identity $folder -ErrorAction Stop | where {($_.user -like $user_find_permissions)}
$allpermissions += $folderpermessions
}
catch {
Continue
}
}
}
$allpermissions | select Identity, FolderName, User,AccessRights

Find an assigned folder permissions in mailboxes using Get-MailboxFolderPermission

This PowerShell script will list all folders in other users’ mailboxes a particular user has access to. The mailbox name (Identity), FolderName, and assigned folder permissions (Editor, Reviewer, etc.) are displayed.

You can use the Search-Mailbox or New-ComplianceSearch cmdlets to search and delete specific email messages in user mailboxes.

Also, you can use the new Get-EXOMailbox, Get-EXOMailboxFolderPermission, and Get-EXOMailboxFolderStatistics cmdlets in the EXOv2 module for Microsoft 365.

0 comment
7
Facebook Twitter Google + Pinterest

Related Reading

Create a No-Reply Email Address in Exchange Server/Microsoft...

November 27, 2023

How to Connect VPN Before Windows Logon

November 14, 2023

Send Emails with Microsoft Graph API and PowerShell

November 6, 2023

Zabbix: How to Get Data from PowerShell Scripts

October 27, 2023

Tracking Printer Usage with Windows Event Viewer Logs

October 19, 2023

Leave a Comment