HomeTech Articles

PowerShell - Enumerate SENDAS Permissions on all mailboxes

We are working on a security review of our Exchange environment. Part of that is to review who has permissions to access what mailboxes.

That's why I put together this little script. Using the Exchange 2007 Management shell, it reads our Exchange 2003 and 2007 environments, processing all the mailboxes. It outputs a single CSV file containing each instance where someone else (not SELF and not a SID) has permissions to a mailbox.

The heart of the script is this line of code. It is the one-liner that reads the mailbox information and filters on the rights I wanted. Without the -and and -notlike operators, I would need to filter through all of the various account permissions.

get-mailbox $thisuserDN | get-adpermission | select user, extendedrights | where {($_.extendedrights -like 'send-as') -and ($_.user -notlike '*SELF*') -and ($_.user -notlike '*S-1-5*')}

Note: It will prompt for the OU of the folder you want. If you don't specify anything and simply hit ENTER, it will use the root of your currently logged on domain.

AttachmentSize
EnumSendAsRights.ps12.17 KB
‹ Saving More Daylight!!upPowerShell Power Story ›

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <blockquote> <center> <hr> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options