The below script should be run from an Exchange Management Console, and will list all mailboxes with permissions granted to other users to Send On Behalf Of. The output is to the screen (comma-seperated), but could easily be redirected to a file (change the write-host $out line to $out >> c:\output.csv)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# Get all mailboxes $mailboxes = get-mailbox; # Loop through each mailbox foreach ($mailbox in $mailboxes) { # If mailbox has Grant Send On Behalf permissions set if ($mailbox.grantsendonbehalfto -ne $null) { # Loop through each permission found foreach ($grant in $mailbox.grantsendonbehalfto) { # Output mailbox name and user with permission $out = $mailbox.name + "," + $grant.name; write-host $out; } } } |
If you need to perform a bulk removal of a specific user from these mailbox permissions, the below script will do just that. Eg, if a previous account had Send On Behalf Of across a large number of mailboxes – this would strip that one user from all mailboxes.
Don’t forget to change the name in the if statement (John Smith in this example):
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# Get all mailboxes $mailboxes = get-mailbox; # Loop through each mailbox foreach ($mailbox in $mailboxes) { # If mailbox has Grant Send On Behalf permissions set if ($mailbox.grantsendonbehalfto -ne $null) { # Loop through each permission found foreach ($grant in $mailbox.grantsendonbehalfto) { # If a match is found if ($grant.name -eq "John Smith") { $temp = $mailbox.grantsendonbehalfto - $grant.distinguishedname; set-mailbox $mailbox.alias -grantsendonbehalfto $temp; } } } } |