PowerShell scripts for Exchange mailbox permission reports

Mailbox permissions include send as, send on behalf of, and full access permissions. Besides these, there are certain other non-owner and owner permissions like folder access and read permissions for mailboxes. There are also a couple of PowerShell commands for configuring and monitoring mailbox permissions.

PowerShell cmdlets for configuring mailbox permissions

1. Get-MailboxPermission [-Identity] <MailboxIdParameter> [-Owner] [-Credential <PSCredential>] [-DomainController <Fqdn>] [-ReadFromDomainController] [-ResultSize <Unlimited>] [<CommonParameters>]

   Using this cmdlet, you can find out which users in your Exchange organization have what permissions for a particular mailbox. This cmdlet also displays a list of all the mailbox permissions (owner and non-owner).

2. Add-MailboxPermission [-Identity] <MailboxIdParameter> -AccessRights <MailboxRights[]> -User <SecurityPrincipalIdParameter> [-AutoMapping <Boolean>] [-Confirm] [-Deny] [-DomainController <Fqdn>] [-IgnoreDefaultScope] [-InheritanceType <ActiveDirectorySecurityInheritance>] [-WhatIf] [<CommonParameters>]

   This cmdlet can be used to provide mailbox permissions such as send as, send on behalf of, full access, or owner permissions to any user in your organization for a particular mailbox.

   These are just the basic scripts. To address other needs such as triggering real-time alerts on permission changes, or saving the report in a specific folder/network share, the scripts have to be modified. This will only make the script more complex. Exchange Reporter Plus offers purpose-built reports to meet such complex needs.

The Exchange Reporter Plus way

Exchange Reporter Plus provides real-time insights on mailbox permissions. You can schedule the reports to get regular updates on the mailbox permission changes. This way you can more effectively monitor access rights and keep your organization’s mailboxes secure. Exchange Reporter Plus facilitates granular monitoring of mailbox permissions with predefined reports such as:

• Permissions Based on Mailboxes
• Permissions Based on Users
• Non-Owner Mailbox Permissions
• Shared Mailbox Permissions

Permissions Based on Mailboxes

Get the list of all users who have mailbox access rights for specified mailboxes.

Permissions Based on Users

List all permissions that a particular user has on the mailboxes available in your Exchange organization.

Non-Owner Mailbox Permissions

Know all permissions that are assigned to the non-owners of a particular mailbox.

Shared Mailbox Permissions

Equip yourself with the list of users who have access permissions to a particular shared mailbox.

To generate these reports:

1. Go to the Reporting tab in the top pane.
2. Navigate to Exchange Server → Mailboxes → Permission Reports.
   Note: The Shared Mailbox Permissions report is available under: Exchange Server → Organization → Shared Mailboxes report.
3. Choose a report from the list of reports available.
4. Enter the Organization and Mailbox name for which you would like to generate the report.
5. Click on OK.

That's it! With just a couple of clicks, Exchange Reporter Plus helps you get all the information you need to monitor mailbox permissions. To learn more about how Exchange Reporter Plus addresses complex Exchange functions, click here.