How To: Find All Mailboxes with Send-As Permission Assigned

Again, here is a frequently asked question, How to find all the mailboxes with Send-As permission assigned? This would be useful for review and auditing purpose.

 

Let’s take an example..

I have given Send-As permission to Tank, Amit M (User ID: ESS-Test\atank) account on below users.

Miller, Alex T
Ross, Colin T

 

Now, use below command to get list of all mailboxes with some Send-As permission assigned on them.

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”)} | FT -Wrap

But, you would have noticed that it shows Send-As permissions assigned to SELF on all mailboxes also.

You can eliminate SELF permissions for all mailboxes from your output with below command.

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

Now, let’s say some of the inherited Send-As permission comes into output which you can eliminate it with below command.

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | FT -Wrap

 

You can filter your output as per your requirement, like for a server or database, for a OU or for particular Recipient type.

To filter your output for all users on a server, here is an example.

Get-Mailbox -Server “ESS-Exch702″ | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | ft -wrap

In same way you can use below switches to filter your output.

-Database
-RecipientTypeDetails
-OrganizationalUnit

 

To generate report in Spread Sheet you can export result in CSV formatted file.

Get-Mailbox | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Select Identity, User, Deny | Export-CSV test.csv

About these ads