List shared mailbox with NO users assigned, NO delegates

Question

List shared mailbox with NO users assigned, NO delegates

Shanal S 1

Looking for a powershell script to generate a list of shared mailboxes with no delegation.

KyleXu-MSFT 26,396 Reputation points

2021-11-19T08:06:57.14+00:00

@Shanal S
I am writing here to confirm with you any update about this thread now?
If the script below helps, please be free to mark it as an answer for helping more people.

2 answers

Your answer

KyleXu-MSFT 26,396 Reputation points

2021-11-19T08:06:57.14+00:00

@Shanal S
I am writing here to confirm with you any update about this thread now?
If the script below helps, please be free to mark it as an answer for helping more people.

Answer 1

Vasil Michev 124K MVP Volunteer Moderator

Define "delegates"? Do you mean people with Full mailbox permissions? Or folder-level?

Here's an easy to use cmdlet to cover any shared mailboxes without Full Access permissions:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited | ? { (Get-MailboxPermission $_.UserPrincipalName | ? {$_.User -ne "NT AUTHORITY\SELF"}).Count -eq 0 }

If you want to cover folder-level permissions as well, best use a proper full-blown script, here's a sample one: https://www.michev.info/Blog/Post/3519/office-365-permission-inventory-calendar-permissions

Shanal S 1 Reputation point

2021-11-08T15:05:18.107+00:00

I'm looking for a script which satisfies these conditions

mail delegation full access is NULL and Send as ="NT AUTHORITY\SELF". (Screenshot attached)

Thanks in advance
Vasil Michev 124K Reputation points MVP Volunteer Moderator

2021-11-08T15:23:23.853+00:00
The snippet above will cover Full Access permissions, Send As is very similar to this - just use Get-RecipientPermission:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited | ? { (Get-RecipientPermission $_.UserPrincipalName | ? {$_.Trustee -ne "NT AUTHORITY\SELF"}).Count -eq 0 }

Answer 2

KyleXu-MSFT 26,396

@Shanal S

I guess you are using Exchange online shared mailbox. You could use script below to check those shared mailbox(Save this script into a .ps1 file, then run this script in PowerShell after connecting to Exchange online):

$mailboxes = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox  
  
foreach($mailbox in $mailboxes){  
    If ((Get-MailboxPermission $mailbox.Name | where {$_.IsInherited -eq $false -and $_.Deny -eq $false -and $_.AccessRights -eq "FullAccess"}) -eq $null){  
        if((Get-RecipientPermission $mailbox.Name -Trustee "NT AUTHORITY\SELF") -ne $null){  
            if((Get-RecipientPermission $mailbox.Name | where {$_.Trustee -ne "NT AUTHORITY\SELF"}) -eq $null){  
                Write-Host($mailbox.Name)  
            }  
        }               
    }  
}

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Shanal S 1 Reputation point

2021-11-09T08:45:22.64+00:00

Thanks, It's working fine. What changes to be made to output file as CSV/Excel?
Also, Is there any option to add email address on the output file

KyleXu-MSFT 26,396

Using this one:

$mailboxes = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox  
$data =@()    
foreach($mailbox in $mailboxes){  
    If ((Get-MailboxPermission $mailbox.Name | where {$_.IsInherited -eq $false -and $_.Deny -eq $false -and $_.AccessRights -eq "FullAccess"}) -eq $null){  
        if((Get-RecipientPermission $mailbox.Name -Trustee "NT AUTHORITY\SELF") -ne $null){  
            if((Get-RecipientPermission $mailbox.Name | where {$_.Trustee -ne "NT AUTHORITY\SELF"}) -eq $null){  
                $data+=$mailbox.Name  
            }  
        }               
    }  
}     
$data

Then add ">>c:\temp\1.csv" when running this script:

Shanal S 1 Reputation point

2021-11-09T09:56:03.2+00:00

$mailboxes = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails SharedMailbox
$data =@()
foreach($mailbox in $mailboxes){
If ((Get-MailboxPermission $mailbox.Name | where {$.IsInherited -eq $false -and $.Deny -eq $false -and $.AccessRights -eq "FullAccess"}) -eq $null){
if((Get-RecipientPermission $mailbox.Name -Trustee "NT AUTHORITY\SELF") -ne $null){
if((Get-RecipientPermission $mailbox.Name | where {$.Trustee -ne "NT AUTHORITY\SELF"}) -eq $null){
$data+=$mailbox.Name
}
}
}
}
$data

This script ran for a long time (45 minutes) and i stop the script. The output excel file is blank.
KyleXu-MSFT 26,396 Reputation points

2021-11-12T08:36:23.997+00:00
I think the task has been running for too long and the session has timed out.

You could split it into multiple tasks:

Prepare a csv file contain a part of shared mailbox:

Change this part of script:

$mailboxes = Import-Csv C:\Users\Administrator\Desktop\Shared1.csv

In this way, this script will only check a part of shared mailbox.
Shanal S 1 Reputation point

2021-11-15T08:28:56.307+00:00

Could you please me to add "LastLogOn Time" into this report
KyleXu-MSFT 26,396 Reputation points

2021-11-17T08:55:03.307+00:00
Change this part will be work:

$data+=Get-MailboxStatistics $mailbox.Name | select DisplayName,LastLogonTime

If above suggestion helps, please be free to mark it as an answer for helping more people. If you have other demands about this script, I would suggest you open a new thread and let us discuss in it. This will help other users to check and refer.

Share via

List shared mailbox with NO users assigned, NO delegates

2 answers

Your answer