Hello!
Is there a simple method to remove a user or his authorizations from all mailboxes?
We have several function mailboxes and several users have access to each of them.
Unfortunately, we don't have an overview of which user has access to which mailboxes and you can't see this in the EAC, so I would like to solve this with a Powershell command, for example.
Are there any possibilities?
Yes, and Google is bound to come up with some ideas ;)
Yes, and Google is bound to come up with some ideas ;)
Wow. What a helpful answer. If I had found something on Google, I wouldn't be asking here. But of course you can make forums completely superfluous if you can always google everything. It's good that there are forum members like you who can help you so selflessly and quickly.
Wow, you must have searched really hard:
https://www.brainshrain.com/post/get-the-list-all-the-mailboxes-to-which-a-user-has-access
https://practical365.com/list-users-access-exchange-mailboxes/
but the main thing is to blame the others again.
you're welcome ;)
The problem now is that I am thrown out that only the first 1000 elements are returned. If I e.g.
Get-Mailbox ? {$_.GrantSendOnBehalfTo -match "max.mustermann"}
the message appears. I select a specific mailbox or a specific user. How can it then throw out such a message? Also a
-ResultSize unlimited
does not help. Then he works for a relatively long time and spends nothing.
Perhaps it would be helpful if you wrote down what you are doing in an understandable way and didn't assume that readers would immediately know why you made mistakes.
a
get-mailbox -resultsize unlimited | ? {$_.GrantSendOnBehalfTo -match "max.mustermann"}
works for me. Of course in my case it doesn't say max.mustermann but "Max Mustermann" ;)
Perhaps it would be helpful if you wrote down what you are doing in an understandable way and didn't assume that readers would immediately know why you made mistakes.
a
get-mailbox -resultsize unlimited | ? {$_.GrantSendOnBehalfTo -match "max.mustermann"}works for me. Of course in my case it doesn't say max.mustermann but "Max Mustermann" ;)
I enter the above command. I don't know what is incomprehensible about it.
I suspect that it is due to the environment. There are 15,000 mailboxes on the server(s).
I enter the above command. I don't know what is incomprehensible about it.
Well, just pick a mailbox where you know that someone has this right. And then try to get a result for _this one_ mailbox. Maybe max.mustermann is the wrong syntax.
I enter the above command. I don't know what is incomprehensible about it.
Well, just pick a mailbox where you know that someone has this right. And then try to get a result for _this one_ mailbox. Maybe max.mustermann is the wrong syntax.
That's exactly what I did and it's not the wrong syntax either.
That's exactly what I did and it's not the wrong syntax either.
And one of the mailboxes also returned a result? I would like to point out that I am not clairvoyant here. Perhaps you would like to formulate your answers in more detail about what you have done and what works or doesn't work?
That's exactly what I did and it's not the wrong syntax either.
And one of the mailboxes also returned a result? I would like to point out that I am not clairvoyant here. Perhaps you would like to formulate your answers in more detail about what you have done and what works or doesn't work?
If I use a normal query such as
get-mailbox -identity "Max.Musterman"
I also get data. As soon as I want to query authorizations, the message "WARNING: Only the first 100 elements are returned by default..." appears.
Or also with
Get-Mailbox | Get-MailboxPermission -User Max.Mustermann
As soon as I want to query authorizations, the message "WARNING: By default, only the first 100 elements are returned..." appears.
Or also with
Which is logical, because the first one only returns one result by definition.
I can assure you that in an environment with approx. 10,000 mailboxes, the following command will return results. Of course, you won't know who has the permissions, but at least you will know which mailboxes you need to check.
get-mailbox -resultsize unlimited | ? {$_.GrantSendonBehalfTo -ne $null}
Here is another link:
https://www.slipstick.com/exchange/find-users-send-behalf-permission/
No matter which user I choose, I always get the "1000" warning.
With
get-mailbox -resultsize unlimited | ? {$_.GrantSendonBehalfTo -ne $null}
I get a result.
But the mailboxes that belong to my OU cannot be queried either. The warning message also appears here
I get a result.
I see. And where don't you get one? Honestly, you read here and think to yourself... Can't "he" even write in detail? If that's too much to ask...
Try the following commands:
To find out which mailboxes the user "max.mustermann" has "Send as" access rights to:
Get-Mailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee max.mustermann | select identity
And for the full access rights:
Get-Mailbox -ResultSize unlimited | Get-MailboxPermission -User max.mustermann | select identity
You should only get the "1000" message if you omit the "-ResultSize Unlimited".
You can also restrict the search by using the "-RecipientTypeDetails" parameter.
For example, to output only "user mailboxes" to which the user "max.mustermann" has full access rights, the command would be as follows:
Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize unlimited | Get-MailboxPermission -User max.mustermann | select identity
