Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Exchange / Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

April 5, 2022 ExchangeMicrosoft 365Office 365PowerShell

Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

When auditing mailbox permissions in an Exchange Server organization or Microsoft 365 tenant (Exchange Online), the administrator needs to find all the mailboxes that a particular user has access to. In this article, we will take a look at some PowerShell scripts to get a list of mailboxes (and particular Outlook folder) a specific user has access permissions to.

Contents:
  • List All Exchange or Microsoft 365 Mailboxes a User Can Access to
  • How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

List All Exchange or Microsoft 365 Mailboxes a User Can Access to

Use the Get-MailboxPermission cmdlet to get a list of permissions assigned to a mailbox.

Previously, we showed how to manage mailboxes and folders permissions in Exchange/Microsoft 365.

Open a PowerShell console and connect remotely to your on-premises Exchange Server or Microsoft 365 (Exchange Online).

The command below displays a list of users having permission to access the specified mailbox:

get-mailboxpermission -identity t.muller@woshub.onmicrosoft.com |ft -AutoSize

get-mailboxpermission - check mailbox permissions using powershell

In this example, you can see that Grady and Henrietta have assigned the Full Access permissions to the specified mailbox. The permissions are assigned manually (not inherited), since IsInherited = False.

You can display a full report on the permissions assigned to mailboxes and show it in a convenient Out-GridView table:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Out-GridView

Using the following PowerShell command, you can find and list mailboxes in your Exchange organization or tenant that a specific user has Full Access permissions to:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User Henrietta | ft User,Identity,AccessRights

List all mailboxes to which a particular user has access to (AccessRights)

In this example, we have found that a user has been assigned Full Access to three mailboxes (the Identity column).

In Microsoft 365, you can use the new Exchange Online PowerShell v2 (EXO V2) module cmdlets to get this list:

Get-EXOMailbox -ResultSize Unlimited | Get-EXOMailboxPermission -Identity $_.Identity | Where-Object {$_.User -eq "Henrietta@woshub.onmicrosoft.com"}

You can use filters by the mailbox type. It will make your search faster. To do it, add the –RecipientTypeDetails option to the Get-EXOMailbox or Get-Mailbox command and specify the mailbox type you want to search for:

  • DiscoveryMailbox
  • EquipmentMailbox
  • GroupMailbox
  • LegacyMailbox
  • LinkedMailbox
  • LinkedRoomMailbox
  • RoomMailbox
  • SchedulingMailbox
  • SharedMailbox
  • TeamMailbox
  • UserMailbox

For example:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox| Get-MailboxPermission -User "Henrietta" | ft User,Identity,AccessRights

To find mailboxes a user has SendAs permissions on:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee Henrietta

You can also find mailboxes with Send on behalf permissions enabled:

Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match "Henrietta"}

You can use Exchange audit logging and Azure sign-in logs to get information about user activities in other users’ mailboxes.

How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

In addition to assigning permissions to the entire Exchange (Microsoft 365) mailbox, you can grant access to a specific mailbox folder. For example, only to the Inbox or Calendar folder. When auditing user permissions, sometimes you have to find not only mailboxes with FullAccess permissions but also specific folders in users’ mailboxes that other users have access to.

You can get a list of folders in the specified mailbox by using the Get-MailboxFolderStatistics cmdlet. Then you can use the Get-MailboxFolderPermission to list folder permissions.

The following PowerShell script checks all mailboxes in your organization and lists the folders (including subfolders) a user has access to.

In Exchange organizations with a large number of mailboxes, the script may work slowly. It is recommended to pre-filter the list of mailboxes or check it in parts. The size of the mailbox and the number of folders in them also affect script performance when you get information about a folder using Get-MailboxFolderStatistics.

$user_find_permissions= "*Henrietta Fischer*"
$allpermissions = @()
$MBXs= Get-Mailbox -ResultSize Unlimited
Foreach ($MBX in $MBXs){
$MBXfolders=Get-MailboxFolderStatistics $MBX.PrimarySmtpAddress |select Name
Foreach ($MBXfolder in $MBXfolders){
try {
$folder=$MBX.PrimarySmtpAddress + ":\" + $MBXfolder.name
$folderpermessions= Get-MailboxFolderPermission -Identity $folder -ErrorAction Stop | where {($_.user -like $user_find_permissions)}
$allpermissions += $folderpermessions
}
catch {
Continue
}
}
}
$allpermissions | select Identity, FolderName, User,AccessRights

Find an assigned folder permissions in mailboxes using Get-MailboxFolderPermission

This PowerShell script will list all folders in other users’ mailboxes a particular user has access to. The mailbox name (Identity), FolderName, and assigned folder permissions (Editor, Reviewer, etc.) are displayed.

You can use the Search-Mailbox or New-ComplianceSearch cmdlets to search and delete specific email messages in user mailboxes.

Also, you can use the new Get-EXOMailbox, Get-EXOMailboxFolderPermission, and Get-EXOMailboxFolderStatistics cmdlets in the EXOv2 module for Microsoft 365.

0 comment
6
Facebook Twitter Google + Pinterest
previous post
Disable Automatic Restart on System Failure in Windows 10/11
next post
How to Allow or Deny Workstation Logons for AD Users?

Related Reading

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Finding Duplicate E-mail (SMTP) Addresses in Exchange

January 27, 2023

How to Disable or Uninstall Internet Explorer (IE)...

January 26, 2023

How to Delete Old User Profiles in Windows?

January 25, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023
  • Adding Trusted Root Certificates on Linux

    January 9, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Outlook Keeps Asking for Password on Windows
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016?
  • Whitelist Domains and Email Addresses on Exchange Server and Microsoft 365
  • How to Cleanup, Truncate or Move Log Files in Exchange Server 2013/2016/2019?
  • Moving Exchange Mailboxes to Different Database
  • Fix: Microsoft Outlook Search Not Working on Windows 10/11
  • How to Delete or Rename Default Mailbox Database in Exchange Server?
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top