Mailbox Delegation question

%3CLINGO-SUB%20id%3D%22lingo-sub-191034%22%20slang%3D%22en-US%22%3EMailbox%20Delegation%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191034%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3BI%20have%20a%20PowerShell%20question.%3C%2FP%3E%3CP%3EWe%20have%20a%20need%20to%20verify%20that%20all%20mailboxes%20have%20a%20special%26nbsp%3Bservice%20account%20listed%20as%20Full%20Access%20Delegate.%26nbsp%3B%20Can%20someone%20suggest%20a%20PowerShell%20command%20that%20will%20list%20all%20accounts%20that%20do%20%22not%22%20have%20this%20special%20service%20account%20as%20a%20delegate%3F%3C%2FP%3E%3CP%3EThis%20is%20what%20I%20am%20trying%20with%20so%20far%20but%20cannot%20get%20it%20to%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet-Mailbox%20-ResultSize%20unlimited%20%7C%20Get-MailboxPermission%20%7C%20%3F%20%7B%24_.User%20-notmatch%20'special.svc%40mydomain.org'%20-and%20%24%3CBR%20%2F%3E_.AccessRights%20-contains%20%22FullAccess%22%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-191034%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-191138%22%20slang%3D%22en-US%22%3ERe%3A%20Mailbox%20Delegation%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191138%22%20slang%3D%22en-US%22%3EMichel%3CBR%20%2F%3EI%20have%20tried%20your%20command%20and%20cannot%20get%20it%20to%20run.%3CBR%20%2F%3EI%20get%20errors%20indicating%20that%20%3A%3CBR%20%2F%3E%2B%20...%20Object%20%3D%20%5BPSCustomObject%5D%40%7BName%3D%20%24_.Identity%20DelegationFound%3D%20%5Bbool%5D%20...%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~%3CBR%20%2F%3EUnexpected%20token%20'DelegationFound%3D'%20in%20expression%20or%20statement.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-191102%22%20slang%3D%22en-US%22%3ERe%3A%20Mailbox%20Delegation%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-191102%22%20slang%3D%22en-US%22%3E%3CP%3EAll%20roads%20lead%20to%20Rome%2C%20but%20you%20want%20to%20check%20the%20set%20of%20permissions%20per%20mailbox%2C%20not%20the%20whole%20population.%20Then%20you%20can%20filter%20if%20that%20set%20contains%20a%20FullAccess%20for%20specified%20user.%20If%20there%20are%20results%2C%20the%20delegation%20exists%2C%20if%20not%20then%20not.%20Also%2C%20you%20might%20want%20to%20leave%20the%20inherited%20permissions%20out%2C%20resulting%20in%20something%20like%20(for%20readability%2C%20I%20didn't%20turn%20it%20into%20a%20one-liner%20%3A)%3C%2Fimg%3E%20%3A(%3C%2Fimg%3E%3C%2FP%3E%0A%3CPRE%3E%24account%3D%20'special.svc%40mydomain.org'%0AGet-Mailbox%20-ResultSize%20Unlimited%20%7C%20ForEach-Object%20%7B%0A%24Object%20%3D%20%5BPSCustomObject%5D%40%7B%0AName%3D%20%24_.Identity%0ADelegationFound%3D%20%5Bbool%5D(%20Get-MailboxPermission%20%24_.Identity%20-User%20%24account%20%7C%20Where%20%7B%24_.AccessRights%20-contains%20'FullAccess'%20-and%20-not%20%24_.IsInherited%7D)%0A%7D%0AWrite-Output%20%24Object%0A%7D%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-874630%22%20slang%3D%22en-US%22%3ERe%3A%20Mailbox%20Delegation%20question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874630%22%20slang%3D%22en-US%22%3Eis%20there%20any%20script%20from%20where%20i%20can%20provide%20input%20as%20a%20same%20account%20name%20or%20email%20address%20then%20script%20will%20give%20me%20output%20in%20csv%20format%20and%20gives%20you%20the%20details%20of%20all%20shared%2Flinked%2Fuser%20mailbox%20delegation.Please%20not%20script%20should%20have%20a%20option%20where%20i%20can%20specify%20the%20domain%20name%20like%20..%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi

 I have a PowerShell question.

We have a need to verify that all mailboxes have a special service account listed as Full Access Delegate.  Can someone suggest a PowerShell command that will list all accounts that do "not" have this special service account as a delegate?

This is what I am trying with so far but cannot get it to work.

 

Get-Mailbox -ResultSize unlimited | Get-MailboxPermission | ? {$_.User -notmatch 'special.svc@mydomain.org' -and $
_.AccessRights -contains "FullAccess"}

4 Replies
Highlighted

All roads lead to Rome, but you want to check the set of permissions per mailbox, not the whole population. Then you can filter if that set contains a FullAccess for specified user. If there are results, the delegation exists, if not then not. Also, you might want to leave the inherited permissions out, resulting in something like (for readability, I didn't turn it into a one-liner :) :(

$account= 'special.svc@mydomain.org'
Get-Mailbox -ResultSize Unlimited | ForEach-Object {
$Object = [PSCustomObject]@{
Name= $_.Identity
DelegationFound= [bool]( Get-MailboxPermission $_.Identity -User $account | Where {$_.AccessRights -contains 'FullAccess' -and -not $_.IsInherited})
}
Write-Output $Object
}

 

Highlighted
Michel
I have tried your command and cannot get it to run.
I get errors indicating that :
+ ... Object = [PSCustomObject]@{Name= $_.Identity DelegationFound= [bool] ...
+ ~~~~~~~~~~~~~~~~
Unexpected token 'DelegationFound=' in expression or statement.
Highlighted
is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like ..
Highlighted
is there any script from where i can provide input as a same account name or email address then script will give me output in csv format and gives you the details of all shared/linked/user mailbox delegation.Please not script should have a option where i can specify the domain name like