May 07 2018 05:21 AM
Hi
I have a PowerShell question.
We have a need to verify that all mailboxes have a special service account listed as Full Access Delegate. Can someone suggest a PowerShell command that will list all accounts that do "not" have this special service account as a delegate?
This is what I am trying with so far but cannot get it to work.
Get-Mailbox -ResultSize unlimited | Get-MailboxPermission | ? {$_.User -notmatch 'special.svc@mydomain.org' -and $
_.AccessRights -contains "FullAccess"}
May 07 2018 08:20 AM - edited May 07 2018 08:24 AM
All roads lead to Rome, but you want to check the set of permissions per mailbox, not the whole population. Then you can filter if that set contains a FullAccess for specified user. If there are results, the delegation exists, if not then not. Also, you might want to leave the inherited permissions out, resulting in something like (for readability, I didn't turn it into a one-liner 🙂 😞
$account= 'special.svc@mydomain.org' Get-Mailbox -ResultSize Unlimited | ForEach-Object { $Object = [PSCustomObject]@{ Name= $_.Identity DelegationFound= [bool]( Get-MailboxPermission $_.Identity -User $account | Where {$_.AccessRights -contains 'FullAccess' -and -not $_.IsInherited}) } Write-Output $Object }
May 07 2018 09:42 AM
Sep 25 2019 08:02 AM
Sep 25 2019 08:02 AM