Troubleshooting Outlook delegate permissions is a pain. I found the easiest way to get a user's delegates is to create a profile, open their mailbox and check each person.
That's why I created this script. Using the Quest Powershell addons for AD, it reads the delegate permissions for a specified mailbox, then looks up the display name for each delegate or mailbox they are a delegate for.
I'd like to clean up the results a little more, but for now this works nicely.
$entry = Read-Host "Display name of mailbox"
if ($entry -ne $null) {
$a= Get-QADUser $entry -ldapfilter '(mail=*)' -IncludedProperties displayname, publicdelegates, publicdelegatesbl
foreach ($user in $a) {
$user.displayname
"================================="
if ($user.publicdelegates -eq $null) {
Write-host "Has no delegates"
} else
{
Write-host "Delegates:"
$b = $user.publicdelegates;
foreach ($del in $b) {Get-QADUser $del | select-object displayname| sort-object displayname};
" "
}
if ($user.publicdelegatesbl -eq $null) {
Write-host "Is not a delegate"
} else
{
Write-Host 'Is a delegate for:'
$b = $user.publicdelegatesbl;
foreach ($del in $b) {Get-QADUser $del |select-object displayname| sort-object displayname};
" "
}
" "
}
}