How to extract List of all Users Who Have Full Access, Send As and Send on Behalf to Other Exchange Mailboxes.

Question

How to extract List of all Users Who Have Full Access, Send As and Send on Behalf to Other Exchange Mailboxes.

Mohammad Haque 1

Hi Experts,

I need the script :

How to extract List of all Users Who Have Full Access, Send As and Send on Behalf to Other Exchange Mailboxes.

It is Okay, if there is separate command for these access.

Thank you.

0 comments

3 answers

Your answer

Answer 1

Lucas Liu-MSFT 6,196

Hi @Mohammad Haque ,
According to my research, we cannot directly obtain the permissions of the user's mailbox to other mailboxes.We can know whether each user mailbox contains the "Full Access", "Send As" and "Send on Behalf" permissions of other mailboxes through the permissions assigned to other users on each user's mailbox.

We could run the following script to get the permission between user mailbox:

Full Access:

$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"')  
  
foreach ($mailbox in $mailboxes)   
{ Get-MailboxPermission -Identity $mailbox.alias -ResultSize Unlimited | ?{($_.IsInherited -eq $false) -and ($_.User -ne "NT AUTHORITY\SELF") -and ($_.AccessRights -like "FullAccess")} | select Identity, User, AccessRights }

Send As:

$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"')  
  
foreach ($mailbox in $mailboxes)   
{ Get-ADPermission -Identity $mailbox.alias | ? { $_.ExtendedRights -like "*send*" -and -not ($_.User -match "NT AUTHORITY") -and ($_.IsInherited -eq $false)} | select Identity,User,ExtendedRights }

Send On Behalf:

Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "UserMailbox"') | select Alias, GrantSendOnBehalfTo

The following screenshots in the test in lab environment:
Full Access:

Send As:

Send On Behalf:

----------

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Lucas Liu-MSFT 6,196 Reputation points

2021-05-14T09:36:42.277+00:00

Hi @Mohammad Haque ,
I am writing here to confirm with you how thing going now?

----------

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Lucas Liu-MSFT 6,196 Reputation points

2021-05-20T08:35:27.253+00:00

Hi @Mohammad Haque ,
I am writing here to confirm with you how thing going now?

----------

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Brian Gowdey 0 Reputation points

2023-07-20T15:31:05.11+00:00

Anyway of getting the original mailbox user name? The Identity field is too long since the users are buried in OU's in my AD.
M Dwight Snow 5 Reputation points

2024-09-09T21:43:35.47+00:00

can we export to a report in csv format?
Trameon 20 Reputation points

2025-03-31T08:37:45.18+00:00

Hello @Lucas Liu-MSFT , I found this old post but really needed for my task today. Thanks a lot for your commands, but quick question, how could I export it as a csv file ? just adding the export-csv command at the end of it doesn't seems to work.

Thanks in advance
Wouter Victor 31 Reputation points

2025-03-31T08:45:04.1933333+00:00

$path="c:\temp\list.csv"
$list | export-csv -path $path

add -useculture if you are on azerty keyboard and need it in an excel column format
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Trameon 20 Reputation points

2025-03-31T09:04:14.15+00:00

Hello @Wouter Victor , thank you very much for your answer. I'm on a local environement, not exchange online. Can this apply for my situation ?
Also where should I add your cmplementary commands ? In the exchange shell prompt ? or in a powershell prompt ?
Thank you very much.
Wouter Victor 31 Reputation points

2025-03-31T09:20:16.1933333+00:00

powershell will need the exchange addon, exchange shell accepts export-csv. Its been a while since i used an exchange on prem. some commands are different, but thats something you can test or ask an AI (chatgpt)

Answer 2

Wouter Victor 31

The one for SendAs in Exchange online is the following. Code below for shared mailboxes

$mailboxes = Get-Mailbox -ResultSize Unlimited -Filter ('RecipientTypeDetails -eq "SharedMailbox"')  
foreach ($mailbox in $mailboxes)   
{ Get-RecipientPermission -Identity $mailbox.alias | Where-Object { $_.AccessRights -like "*send*" -and -not ($_.Trustee -match "NT AUTHORITY") -and ($_.IsInherited -eq $false)} | select Identity,Trustee,AccessRights }

0 comments

Answer 3

M Dwight Snow 5

How can we then export to csv.

Melvi

0 comments

Share via

How to extract List of all Users Who Have Full Access, Send As and Send on Behalf to Other Exchange Mailboxes.

3 answers

Your answer