Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Exchange / Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

April 5, 2022 ExchangeMicrosoft 365Office 365PowerShell

Get a List of Mailboxes a User Has Access to in Exchange/Microsoft 365

When auditing mailbox permissions in an Exchange Server organization or Microsoft 365 tenant (Exchange Online), the administrator needs to find all the mailboxes that a particular user has access to. In this article, we will take a look at some PowerShell scripts to get a list of mailboxes (and particular Outlook folder) a specific user has access permissions to.

Contents:
  • List All Exchange or Microsoft 365 Mailboxes a User Can Access to
  • How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

List All Exchange or Microsoft 365 Mailboxes a User Can Access to

Use the Get-MailboxPermission cmdlet to get a list of permissions assigned to a mailbox.

Previously, we showed how to manage mailboxes and folders permissions in Exchange/Microsoft 365.

Open a PowerShell console and connect remotely to your on-premises Exchange Server or Microsoft 365 (Exchange Online).

The command below displays a list of users having permission to access the specified mailbox:

get-mailboxpermission -identity t.muller@woshub.onmicrosoft.com |ft -AutoSize

get-mailboxpermission - check mailbox permissions using powershell

In this example, you can see that Grady and Henrietta have assigned the Full Access permissions to the specified mailbox. The permissions are assigned manually (not inherited), since IsInherited = False.

You can display a full report on the permissions assigned to mailboxes and show it in a convenient Out-GridView table:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Out-GridView

Using the following PowerShell command, you can find and list mailboxes in your Exchange organization or tenant that a specific user has Full Access permissions to:

Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission -User Henrietta | ft User,Identity,AccessRights

List all mailboxes to which a particular user has access to (AccessRights)

In this example, we have found that a user has been assigned Full Access to three mailboxes (the Identity column).

In Microsoft 365, you can use the new Exchange Online PowerShell v2 (EXO V2) module cmdlets to get this list:

Get-EXOMailbox -ResultSize Unlimited | Get-EXOMailboxPermission -Identity $_.Identity | Where-Object {$_.User -eq "Henrietta@woshub.onmicrosoft.com"}

You can use filters by the mailbox type. It will make your search faster. To do it, add the –RecipientTypeDetails option to the Get-EXOMailbox or Get-Mailbox command and specify the mailbox type you want to search for:

  • DiscoveryMailbox
  • EquipmentMailbox
  • GroupMailbox
  • LegacyMailbox
  • LinkedMailbox
  • LinkedRoomMailbox
  • RoomMailbox
  • SchedulingMailbox
  • SharedMailbox
  • TeamMailbox
  • UserMailbox

For example:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox| Get-MailboxPermission -User "Henrietta" | ft User,Identity,AccessRights

To find mailboxes a user has SendAs permissions on:

Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee Henrietta

You can also find mailboxes with Send on behalf permissions enabled:

Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match "Henrietta"}

You can use Exchange audit logging and Azure sign-in logs to get information about user activities in other users’ mailboxes.

How to List Mailbox Folders a User Can Access to on Exchange/Microsoft 365?

In addition to assigning permissions to the entire Exchange (Microsoft 365) mailbox, you can grant access to a specific mailbox folder. For example, only to the Inbox or Calendar folder. When auditing user permissions, sometimes you have to find not only mailboxes with FullAccess permissions but also specific folders in users’ mailboxes that other users have access to.

You can get a list of folders in the specified mailbox by using the Get-MailboxFolderStatistics cmdlet. Then you can use the Get-MailboxFolderPermission to list folder permissions.

The following PowerShell script checks all mailboxes in your organization and lists the folders (including subfolders) a user has access to.

In Exchange organizations with a large number of mailboxes, the script may work slowly. It is recommended to pre-filter the list of mailboxes or check it in parts. The size of the mailbox and the number of folders in them also affect script performance when you get information about a folder using Get-MailboxFolderStatistics.

$user_find_permissions= "*Henrietta Fischer*"
$allpermissions = @()
$MBXs= Get-Mailbox -ResultSize Unlimited
Foreach ($MBX in $MBXs){
$MBXfolders=Get-MailboxFolderStatistics $MBX.PrimarySmtpAddress |select Name
Foreach ($MBXfolder in $MBXfolders){
try {
$folder=$MBX.PrimarySmtpAddress + ":\" + $MBXfolder.name
$folderpermessions= Get-MailboxFolderPermission -Identity $folder -ErrorAction Stop | where {($_.user -like $user_find_permissions)}
$allpermissions += $folderpermessions
}
catch {
Continue
}
}
}
$allpermissions | select Identity, FolderName, User,AccessRights

Find an assigned folder permissions in mailboxes using Get-MailboxFolderPermission

This PowerShell script will list all folders in other users’ mailboxes a particular user has access to. The mailbox name (Identity), FolderName, and assigned folder permissions (Editor, Reviewer, etc.) are displayed.

You can use the Search-Mailbox or New-ComplianceSearch cmdlets to search and delete specific email messages in user mailboxes.

Also, you can use the new Get-EXOMailbox, Get-EXOMailboxFolderPermission, and Get-EXOMailboxFolderStatistics cmdlets in the EXOv2 module for Microsoft 365.

0 comment
7
Facebook Twitter Google + Pinterest
previous post
Disable Automatic Restart on System Failure in Windows 10/11
next post
How to Allow or Deny Workstation Logons for AD Users?

Related Reading

Configuring Event Viewer Log Size on Windows

May 24, 2023

How to Detect Who Changed the File/Folder NTFS...

May 24, 2023

How to Create, Change, and Remove Local Users...

May 17, 2023

View Success and Failed Local Logon Attempts on...

May 2, 2023

Fix: “Something Went Wrong” Error When Installing Teams

May 2, 2023

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configuring Event Viewer Log Size on Windows

    May 24, 2023
  • How to Detect Who Changed the File/Folder NTFS Permissions on Windows?

    May 24, 2023
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server

    May 23, 2023
  • Allow Non-admin Users RDP Access to Windows Server

    May 22, 2023
  • How to Create, Change, and Remove Local Users or Groups with PowerShell?

    May 17, 2023
  • Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

    May 16, 2023
  • View Success and Failed Local Logon Attempts on Windows

    May 2, 2023
  • Fix: “Something Went Wrong” Error When Installing Teams

    May 2, 2023
  • Querying Windows Event Logs with PowerShell

    May 2, 2023
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD

    April 25, 2023

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Outlook Keeps Asking for Password on Windows
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016?
  • Whitelist Domains and Email Addresses on Exchange Server and Microsoft 365
  • Moving Exchange Mailboxes to Different Database
  • FAQ: Licensing Microsoft Exchange Server 2019/2016
  • How to Cleanup, Truncate or Move Log Files in Exchange Server 2013/2016/2019?
  • Search and Delete Emails from User Mailboxes on Exchange Server (Microsoft 365) with PowerShell
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top