After much project work, experimentation and general messing around with new and exciting stuff back to what I started this site for – an actual PowerShell script to do an actual task.
This grabs a bunch of mailboxes and gets the delegates then outputs to a csv file. It’s a little more complicated than you would expect because for some reason Full, SendAS and SendOnBehalf are all accessed via different cmdlets but ours is not to reason why.
You just have to set the $mailboxes variable to limit the targeted mailboxes
#exchange delegate report
# connect-exchangeonline
#Set query for target mailbox(es)
$mailboxes = Get-Mailbox -resultsize unlimited | where {$_.UserPrincipalName -like "*@excelsior.starfleet.com"}
$outfile = "MailboxDelegationReport_"+(Get-Date -format ddMMyy)+".csv"
$Permission = @()
$i = 0
ForEach ($mailbox in $mailboxes) {
$i++
Write-Host "Processing Mailbox" $i "of" $mailboxes.count "-" $mailbox.UserPrincipalName -Foregroundcolor Yellow
#GrantSendOnBehalfTo
If ($mailbox.GrantSendOnBehalfTo) {
$OnBehalfUsers = $mailbox | select -ExpandProperty GrantSendOnBehalfTo
ForEach ($OnBehalfUser in $OnBehalfUsers) {
$Permission += [PSCustomObject] @{"Mailbox"=$mailbox.UserPrincipalName;"Permission"="SendOnBehalf";"User"=$OnBehalfUser}
}
}
#FullAccess
$MBXPerms = Get-EXOMailboxPermission -Identity $mailbox.UserPrincipalName | where {$_.User -Like "*@*"}
ForEach ($MBXPerm in $MBXPerms) {
$Permission += [PSCustomObject] @{"Mailbox"=$mailbox.UserPrincipalName;"Permission"=$MBXPerm.AccessRights[0];"User"=$MBXPerm.User}
}
#SendAs
$MBXPerms = Get-RecipientPermission -Identity $mailbox.UserPrincipalName | where {$_.Trustee -like "*@*"}
ForEach ($MBXPerm in $MBXPerms) {
$Permission += [PSCustomObject] @{"Mailbox"=$mailbox.UserPrincipalName;"Permission"=$MBXPerm.AccessRights[0];"User"=$MBXPerm.Trustee}
}
}
$permission | Export-Csv -Path $Outfile -NoTypeInformation