Forum Discussion

David Kamp's avatar
David Kamp
Copper Contributor
May 07, 2018

Mailbox Delegation question

Hi

 I have a PowerShell question.

We have a need to verify that all mailboxes have a special service account listed as Full Access Delegate.  Can someone suggest a PowerShell command that will list all accounts that do "not" have this special service account as a delegate?

This is what I am trying with so far but cannot get it to work.

 

Get-Mailbox -ResultSize unlimited | Get-MailboxPermission | ? {$_.User -notmatch 'special.svc@mydomain.org' -and $
_.AccessRights -contains "FullAccess"}

admin
office 365

4 Replies

Sort By
  • mderooij's avatar
    mderooij
    MVP
    May 07, 2018

    All roads lead to Rome, but you want to check the set of permissions per mailbox, not the whole population. Then you can filter if that set contains a FullAccess for specified user. If there are results, the delegation exists, if not then not. Also, you might want to leave the inherited permissions out, resulting in something like (for readability, I didn't turn it into a one-liner :) ):

    $account= 'special.svc@mydomain.org'
Get-Mailbox -ResultSize Unlimited | ForEach-Object {
$Object = [PSCustomObject]@{
Name= $_.Identity
DelegationFound= [bool]( Get-MailboxPermission $_.Identity -User $account | Where {$_.AccessRights -contains 'FullAccess' -and -not $_.IsInherited})
}
Write-Output $Object
}

     

    • Avishek Jana's avatar
      Avishek Jana
      Copper Contributor
      Sep 25, 2019
      is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like
    • David Kamp's avatar
      David Kamp
      Copper Contributor
      May 07, 2018
      Michel
      I have tried your command and cannot get it to run.
      I get errors indicating that :
      + ... Object = [PSCustomObject]@{Name= $_.Identity DelegationFound= [bool] ...
      + ~~~~~~~~~~~~~~~~
      Unexpected token 'DelegationFound=' in expression or statement.
      • Avishek Jana's avatar
        Avishek Jana
        Copper Contributor
        Sep 25, 2019
        is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like ..

Resources