Search for Specific Mailbox Permissions

We all know the case where a user is migrated, misses permissions but doesn’t know which mailbox it was. I created a script that initiates a search for specific mailbox permissions for each mailbox. After that, it exports the mailboxes to CSV if the user has permission on that mailbox.

Prerequistes

As always, you need some modules in Powershell.

Use this script to install them:

$Modules = "ExchangeOnlineManagement"
$InstalledModules = Get-InstalledModule
foreach ($Module in $Modules) {
    If ($InstalledModules.name -notcontains $Module) {
        Write-Host "Installing module $$Module"
        Install-Module $Module -Force
    }
    Else {
        Write-Host "$Module Module already installed"
    }
}

The script:

This is the script:

$UsertoSearch = "AdeleV*" # Add an * if you don't know the full username

$Mailboxes = Get-Mailbox -Resultsize Unlimited

$Mailboxes  | ForEach-Object {get-MailboxPermission $_.Name} | Where-Object {$_.user.tostring() -Like $UsertoSearch} |  Export-Csv C:\temp\$($UsertoSearch.TrimEnd('*'))+Permissions.csv

Usage:

Replace the $UsertoSearch value with the user for which you want to know the permissions.

After that, run the script.

Example:

Firstly, we connect to Exchange Online Powershell via the following command:

Connect-ExchangeOnline

After that, you are prompted for authentication, and you are logged on!

I search for the user ‘Adele Vance’. This is a user in my lab tenant. So, I run this version of the script:

Search for Specific Mailbox Permissions - script

This is the output:

Search for Specific Mailbox Permissions - result

When you open the CSV file, you see that AdeleV has permission on the mailbox from GradyA:

And that is how you search for specific mailbox permissions.

References

Microsoft Docs about Get-MailboxPermission

Other posts:
Bulk remove teams user
Add exclusion in Attack Surface Reduction – Microsoft Defender for Endpoint

1 thought on “Search for Specific Mailbox Permissions”

Leave a Comment