Forum Discussion
Getting shared mailboxes with no delegates in Powershell
Delegates can have a different meaning, are you referring to granting mailbox-level access (Full access) or folder-level access? For both of these scenarios you can easily use PowerShell to get a list of "undelegated" mailboxes, but the cmdlets you will have to use are a bit different.
Hm, for this scenario perhaps a better way will be to do a message trace instead? I mean you might have shared mailboxes that nobody can access (no permissions granted), however they might still be receiving messages, isn't thing something you want to account for?
- Hi Vasil,
Yeah definitely but I don't think a message trace would be the way to go. I'm not looking to delete them before checking with the site users and that's why I'd like to see a list of shared mailboxes that are just sitting there in 365 that nobody has been delegated access to. I doubt it'd be a large number but we have too many shared mailboxes for me to go through all of them one by one.Well, here's a quick sample of what you can do with PowerShell:
Get-Mailbox -RecipientTypeDetails SharedMailbox |select PrimarySmtpAddress,@{n="FullAccess";e={ (Get-MailboxPermission $_.PrimarySmtpAddress | ? {($_.User -ne "NT AUTHORITY\SELF") -and ($_.IsInherited -ne $true) -and ($_.AccessRights -match "FullAccess") -and -not ($_.User -like "S-1-5*")}).User -join "," }} |? {!$_.FullAccess}It's a one-liner, so a bit ugly, but should get the job done. Do note that it will take a long time to run if you have a large number of mailboxes. Also it doesn't cover any folder-level permissions, if you want these included best go with a full-blown script. I have few samples posted on the TechNet Gallery, you can easily adapt them.