Identify all users with “full access” and “send on behalf” access to each shared mailbox where the user is disabled

0
votes

We have the script here in the company when the user is fired, for a few months we leave the user disabled and do not delete it, however I need to clean our shared mailboxes and check which of these unblown users still have access to these mailboxes

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Get-MailboxPermission |Select-Object Identity,User,AccessRights | Where-Object {($_.user -like '@')}|Export-Csv C:\Temp\sharedfolders.csv -NoTypeInformation

I already have my script that checks all shared mailboxes, but I need to create a kind of filter where the results show me only users who are no longer active in AD, someone can help me, please?

1
exchange-server
Hi Fabiano , try this Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize: 5 | Get-MailboxPermission |Where { ($_.IsInherited -eq $False) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and ($_.User -like “s-”) } |Select Identity, user, AccessRights - Kemal K.

1 Answers

0
votes

I think this is what you are looking for.

$mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize unlimited
$mailboxes | Get-MailboxPermission | ForEach-Object{
$perm = $_ 
$ADuser = Get-ADUser $perm.user.securityidentifier.value
$perm | Add-Member -MemberType NoteProperty -Name UserEnabled -Value $ADuser.Enabled
$perm
} | Select-Object Identity, User, AccessRights, UserEnabled | Where-Object { ($_.user -like '@') -and $_.UserEnabled -eq $false } | Export-Csv C:\Temp\sharedfolders.csv -NoTypeInformation

Note it does require the Active Directory module to use the Get-ADuser command.