Find all mailboxes where user mailbox have access to

Tomasz Dyszy 21 Reputation points
2022-03-02T16:18:13.007+00:00

Hello guys !

I need to find all mailboxes where user mailbox have access to

I tried via Get-Mailbox | Get-MailboxPermission(...) also XPO but it is still loading and occurs i/o issues and others faults...reason why it does not works as expected is my tenant have huge number of users few thousands for each domain so the method taking a lot of time and occurs mentioned issues - not effective

My idea was get all mailboxes of user domain and after it execute mentioned query but, they do not know if user do not have access to mailboxes of different domain, so in this solution I should get list of users for each domain and after it check it one by one... - not effective

My question is if any solutions exists on that ? it not must to be in powershell maybe some audit? I need just list of objects where user have full access rights.

objects means shared mailboxes, room mailboxes, user mailboxes,
for groups it is completed through AAD.

Thanks for your time

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,241 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,911 questions
0 comments No comments
{count} votes

Accepted answer
  1. KyleXu-MSFT 26,211 Reputation points
    2022-03-03T06:37:38.927+00:00

    @Tomasz Dyszy

    You could try with the script below to check permission for shared mailboxes, room mailboxes, user mailboxes (There doesn't exist full access permission for distribution group):

    $mailboxes = Get-Mailbox -ResultSize unlimited | where{$_.RecipientTypeDetails -ne "DiscoveryMailbox"}  
      
    foreach ($mailbox in $mailboxes){  
        Get-MailboxPermission -Identity $mailbox.UserPrincipalName | where{$_.user -notlike "*self*"}  
    }  
    

    If it still takes a long time to run which caused failure, you could check permission based on domain:

    $mailboxes = Get-Mailbox -ResultSize unlimited | where{$_.RecipientTypeDetails -ne "DiscoveryMailbox" -and $_.UserPrincipalName -like "*@domain.onmicrosoft.com"}  
      
    foreach ($mailbox in $mailboxes){  
        Get-MailboxPermission -Identity $mailbox.UserPrincipalName | where{$_.user -notlike "*self*"}  
    }  
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Vasil Michev 96,836 Reputation points MVP
    2022-03-02T17:10:33.113+00:00

    If you want this information for specific user, use the -User parameter. For example:

    Get-Mailbox | Get-MailboxPermission -User vasil
    

    Details here: https://www.michev.info/Blog/Post/1516/quickly-list-all-mailboxes-to-which-a-particular-user-has-access

    If you want it for multiple users, or you have a big set of mailboxes to go over, best use a proper "inventory" type of script instead of oneliners.

    5 people found this answer helpful.