Mailbox Delegation question

Brass Contributor

Hi

 I have a PowerShell question.

We have a need to verify that all mailboxes have a special service account listed as Full Access Delegate.  Can someone suggest a PowerShell command that will list all accounts that do "not" have this special service account as a delegate?

This is what I am trying with so far but cannot get it to work.

 

Get-Mailbox -ResultSize unlimited | Get-MailboxPermission | ? {$_.User -notmatch 'special.svc@mydomain.org' -and $
_.AccessRights -contains "FullAccess"}

4 Replies

All roads lead to Rome, but you want to check the set of permissions per mailbox, not the whole population. Then you can filter if that set contains a FullAccess for specified user. If there are results, the delegation exists, if not then not. Also, you might want to leave the inherited permissions out, resulting in something like (for readability, I didn't turn it into a one-liner :) :(

$account= 'special.svc@mydomain.org'
Get-Mailbox -ResultSize Unlimited | ForEach-Object {
$Object = [PSCustomObject]@{
Name= $_.Identity
DelegationFound= [bool]( Get-MailboxPermission $_.Identity -User $account | Where {$_.AccessRights -contains 'FullAccess' -and -not $_.IsInherited})
}
Write-Output $Object
}

 

Michel
I have tried your command and cannot get it to run.
I get errors indicating that :
+ ... Object = [PSCustomObject]@{Name= $_.Identity DelegationFound= [bool] ...
+ ~~~~~~~~~~~~~~~~
Unexpected token 'DelegationFound=' in expression or statement.
is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like ..
is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like