Get All Mailbox Permissions with Powershell

Hallo zusammen,

Ich habe mir ein Powershell Script gebaut, welches die wichtigsten Mailboxpermissions ausliest und darstellt.

Hier das Script - falls etwas mit dem Copy Paste nicht funktioniert kann es hier heruntergeladen werden.

################################################################################
# Show Mailbox and MAPI Permissions of specified Mailbox in Exchange 2010
# Version 1.0 / 07.03.2012 Andres Bohren - Intitial Version
################################################################################

#/*MBX Permission*/
[string]$Email = "boa@icewolf.ch"
[string]$Mailbox = Get-Mailbox -Identity $Email
[string]$sam = $Mailbox.SamAccountName


Write-Host "*******************************************************************************" -foregroundcolor magenta
Write-Host "* Get Mailbox Permission for $Email" -foregroundcolor magenta
Write-Host "*******************************************************************************" -foregroundcolor magenta


#/*Full Access*/
$FullAccess = Get-MailboxPermission -Identity $Email | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | Select User
Write-Host "Full Access:" -foregroundcolor Green
Foreach ($User in $FullAccess)
 {
  Write-Host $User.User
 }

#/*Send As*/
#Get-ADPermission -Identity $sam | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and $_.Deny -eq $false} | ft Identity,User,ExtendedRights,IsInherited
$SendAs = Get-ADPermission -Identity $sam | Where {$_.ExtendedRights -like "Send-As" -and $_.User -notlike "NT AUTHORITY\SELF" -and $_.Deny -eq $false} | Select User
Write-Host "Send As:" -foregroundcolor Green
Foreach ($User in $SendAs)
 {
  Write-Host $User.User
 }

#/*Send on Behalf*/
#$SendOnBehalf = get-mailbox -Identity $Email | Select GrantSendOnBehalfTo
$SendOnBehalf = get-mailbox -Identity $Email | Select @{Name="SendOnBehalf";Expression={$_."GrantSendOnBehalfTo"}}
Write-Host "SendOnBehalf:" -foregroundcolor Green

Foreach ($User in $SendOnBehalf)
 {
  Write-Host $User.SendOnBehalf
 }

#/*MailboxFolders*/
$folders = Get-MailboxFolderStatistics -Identity $Email | Where {$_.Foldertype -ne "SyncIssues" -and $_.Foldertype -ne "Conflicts" -and $_.Foldertype -ne "LocalFailures" -and $_.Foldertype -ne "ServerFailures" -and $_.Foldertype -ne "RecoverableItemsRoot" -and $_.Foldertype -ne "RecoverableItemsDeletions" -and $_.Foldertype -ne "RecoverableItemsPurges" -and $_.Foldertype -ne "RecoverableItemsVersions" -and $_.Foldertype -ne "Root"} | select folderpath

Write-Host "Mailbox Folders:" -foregroundcolor Green
Foreach ($Folder in $folders)
 {
  Write-Host $Folder.Folderpath
 }

#/*MAPI Permissions*/
Write-Host "MAPI Permissions:" -foregroundcolor Green
get-mailboxfolderpermission -identity $Email":\" | ft foldername, User, AccessRights
Foreach ($Folder in $folders)
 {
  $NormalizedFolder = $Folder.FolderPath.Replace("/","\")
  $NormalizedIdentity = $Email + ":" + $NormalizedFolder
  get-mailboxfolderpermission -identity $NormalizedIdentity | ft foldername, User, AccessRights
 }

Grüsse
Andres Bohren