Exchange Powershell - Export Mailbox Permissions

Hi all,
In our Exchange 2007 environment, I have this Powershell script which outputs mailboxes, which users have access to them and the type of access, such as Full Access, Delete Items etc. into a column called Access Permissions.
Get-Mailbox -ResultSize unlimited | Get-MailboxPermission | where { ($_.AccessRights -match “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | Export-csv -path "c:\reports\FullMailboxAccessPermissions.csv"
What I would like to do is change the script to only show those who have Full Access. I have tried the command -match but then this drops the Access Permissions column which I would like to keep. Is there a way around this?A
Also, there is a particular service account that has access to most mailboxes, and I would like to exclude that account from the results. Is there a way of doing that?

Here is per server...
foreach($mailbox in Get-Mailbox -ResultSize Unlimited -Server "ServerNameHere") {Get-MailboxPermission
$mailbox |  Where-Object {($_.AccessRights -like "*FullAccess*") -and ($_.User -notlike "NT AUTHORITY\SELF")-and ($_.IsInherited -eq $false)} | Export-csv -path "c:\reports\FullMailboxAccessPermissions-ServerName.csv"
Blog |
Get Your Exchange Powershell Tip of the Day from here

Similar Messages

  • Export Mailbox permissions to CSV

    I am looking for a powershell script to export mailbox permissions. I have a list of accounts that I know are shared to other users but I want to be able to export all their permissions to a CSV so I can then replicate these permissions in Office 365. I
    have a script now that pulls every mailbox and its permissions but it is such a mess i would like to be able to pull a file much cleaner they what i have. 
    The one I have now is 
    Get-Mailbox  | Get-MailboxPermission | Select {$_.AccessRights}, Deny, InheritanceType, User, Identity, IsInherited, IsValid | Export-Csv D:\test_permission.csv
    I want to be able to only pull data from the list of mailboxes that i have, and only see accounts/groups that have full mailbox rights. If I could filter out system accounts that would be great as well. i tried modifying this script but had no such luck.
    Thanks!

    Hi,
    I have a test in my environment using Exchange 2010. You can use the following cmdlet Amit provided to find who has full mailbox access on one or more mailboxes in your environment and export the result to a CSV file.
    Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | Where {$_.user -notlike "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[String]::join(‘, ‘, $_.AccessRights)}} | Export-Csv C:\MailboxAccess.csv
    -NoTypeInformation
    Please change the "C:\MailboxAccess.csv " to the location that you use to save this .csv file.
    Hope it helps.
    Best regards,
    Amy Wang
    TechNet Community Support

  • Exchange 2007 Export-Mailbox Error Message on only certain mailbox

    I have searched high and low for a solution to this, but no such luck. Hopefully someone has had the same issue and can help me out.
    I am attempting to export and then remove a date range for mailboxes before I migrate to an Exchange 07 server. The mailboxes range in the 10 GB range. I am attempting to use the Exchange 2007 cmdlet to do this with due to it does not have a 2 GB limit like the Exmerge of past.
    The command I am using is as follows:
    [PS] C:\>Export-Mailbox -Identity User -StartDate "01/01/07" -EndDate "01/30/08"
    -IncludeFolders "\Inbox","\Sent Items" -PSTFolderPath c:\PST\pst.pst
    This command works fine on some of the mailboxes in the Exchange03 system. But on some of the mailboxes I am getting the following error.
    Error occurred in the step: Moving messages. Failed to copy messages to t
    he destination mailbox store with error:
    MAPI or an unspecified service provider.
    ID no: 00000000-0000-00000000, error code: -1056749164
    Any ideas?

    Hello Joe Rod (and others)
    Thought I'd bring this over as a cross post because no-one seems to be picking it up in the 'admin' section. I believe I'm having a similar issue to yourself, as detailed below:
    Hi all,
    I've already posted this same question elsewhere, but if anyone here can resolve the issue or suggest a better way (without using archiving software - yet!), I'd be most grateful. I'd even be happy if someone can replicate the problem so I know I'm not going mad... I'm trying to set up a quick & dirty quarter year pst mail archive for one of our users on our Exchange 2007 (SP1) box. Using the command:
    export-mailbox -id userA -pstfolderpath \\testpath\test.pst -enddate "01/03/2007"
    I come up against this error:
    Error occurred in the step: Moving messages. Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider. ID no: 00000000-0000-00000000, error code: -1056749164
    Which I understand is a fairly standard permissions error. Problem is that I know the permissions are set correctly, having tested the function by removing the -enddate parameter; and getting a successful export.
    I worked out after a while that the command seems to fall over when it hits a subfolder, so I tested this by using the -includefolders parameter. The command:
    export-mailbox -id userA -pstfolderpath \\testpath\test.pst -includefolders '\inbox' -enddate "01/03/2007"
    will fail if there are any subfolders under '\inbox'. Add the names of the subfolders:
    export-mailbox -id userA -pstfolderpath \\testpath\test.pst -includefolders '\inbox\subfolder1' -enddate "01/03/2007"
    and as long as those subfolders don't have any subfolders, I will get a successful export.
    Any help appreciated.
    Cheers
    Dan
    If anyone is able to replicate this, please let me know, I'd love to get this sorted. If it is a known problem - can I use someone's PSS contact please?!

  • Exchange 2010 Export Mailbox to PST using only .EDB file

    I have Exchange 2010 SP2 Update Rollup 4, SBS 2011 (which is similar to Server 2008 R2). I have recently recovered from a server crash due to a faulty RAID controller and need to recover some e-mail (and possibly contacts) from a couple of mailboxes.
    My main concern is that my old .edb file is in a old forest that is different than my current forest. Due to the length of the old internal domain name having more than 15 characters (I previously migrated using a answer file) and my current internal
    domain name is 15 characters.local they are different.
    I also dont have the log files or STM file
    With the two internal domain names being different will I still be able to follow this related topic:
    http://social.technet.microsoft.com/Forums/zh/exchange2010/thread/8f4eb425-72ff-4d18-abfc-5c00be7113e2
    If not please let me know which direction I should be going. I know there are third part tools that can get this done but not in the budget right now.
    Teron

    Hi,Teron,
    Cross forest export mailbox is not possible,if you have the old forest server still running you can export the mailbox in the old forest to PST file then import the pst file to your current forest.
    Otherwise you should convert the edb file to PST with thirdparty tool as the above guys said.
    Some additional information just for your reference.
    http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/d731ac97-416b-4ff6-a4d9-861ce4345292
    http://social.technet.microsoft.com/Forums/en-US/exchangesvr3rdpartyappslegacy/thread/74233836-38d9-4682-81d2-7dd395066574
    Regards,
    Sharon
    Sharon Shen
    TechNet Community Support
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

  • Exchange 2010 Shared mailbox permissions gone

    In Exchange2010, I created a shared mailbox yesterday, then granted several groups and individuals "full access permissions" to the Shared mailbox.
    When I arrived at work this morning and looked at the permissions, all the permissions  I had assigned were gone, except for a single individual. 
    I re-applied the same permissions and checked them an hour later and they were gone again.  I thought it may be related to the groups, so I selected several individuals and gave them Full Access Permissions to the Shared Mailbox.  I checked
    that some time later to discover that several individuals were missing again..  
    What might cause this to happen

    Hi,
    As Willard suggested, please check if these problematic mailboxes are members of Domain Admins or Enterprise Admins. Domain Admins and Enterprise Admins are assigned the explicit Deny permissions for Send As and Receive as on the main Exchange Organization
    object in AD. If you want to grant them full access permission, you need to remove the explicit Deny permissions.
    Hope this can be helpful to you.
    Best regards,
    Amy Wang
    TechNet Community Support

  • Exchange - Contacts and Mailbox permissions

    Hi,
    I need to setup forwarding for multiple users to a contact of the same name. (contacts are created)
    At the same time I would like to remove "self" permission and add the users account from a trusted domain with full mailbox access.
    Is this possible via PS script?
    Thanks

    Hi,
    Since you're still on 2003, basically all you can do with PowerShell is use Get-WmiObject. I haven't done any of this myself, but these links might be helpful for you:
    http://windowsitpro.com/scripting/manage-exchange-server-2003-using-windows-powershell-and-wmi
    https://dmitrysotnikov.wordpress.com/2007/09/06/wmi-powershell-for-exchange-2003/
    Don't retire TechNet! -
    (Don't give up yet - 12,700+ strong and growing)

  • Exchange 2013 - Shared Mailbox Permissions

    Here is what I am trying to do. I would like to create a shared mailbox in exchange 2013 for time off requests for my employees. I will have the mailbox to be something like
    [email protected] If an employee is sick or requesting time off, they can email this shared mailbox or send a meeting request.
    I would then like the ability for ALL employees to be able to have read access to the mailbox and Calendar associated with it, and I would like to have managers have Full access to it and to be able to approve calendar requests so that they are entered into
    the calendar.
    Is this possible? How can I set read only to the inbox and calendar for a shared mailbox? I would also like to be able to have the shared mailboxes automatically added to all user's Outlook.
    Thanks!

    Simply grant Full Access to the managers.  Then for everyone else you can grant read only access to just the Calendar.
    Here is an example on how to do this -
    http://exchangeshare.wordpress.com/2009/07/07/how-to-setup-read-only-mailbox-in-exchange-20032007/.
    Let me know if that works.
    JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.

  • Exchange powershell check size mailbox in OU

    Hi Member
    I use exchange 2013 cu1 on sever 2012
    I would like know user mailbox size in OU by PS or Exchange PS .
    How to create code for get mailboxsize ?
    Is script run on exchange server or active directory server ?

    Hi,
    this is the command you should run in Exchange powershell:
    Get-mailbox -OrganizationalUnit "Your OU" | Get-MailboxStatistics| select DisplayName, TotalItemSize, Database, ServerName| export-csv
    \\share\data.csv
    Replase Your OU with OU you wish to get statistics.
    If you want to convert to MB then use this:
    Get-mailbox -OrganizationalUnit "Your OU" | Get-MailboxStatistics|
     select DisplayName, {$_.TotalItemSize.Value.ToMB()}, Database, ServerName| export-csv
    \\share\data.csv
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work
    It's show error OU name
    [PS] C:\Windows\system32>Get-mailbox -OrganizationalUnit "it" | Get-MailboxStatistics| select DisplayName, TotalItemSize
    , Database, ServerName| export-csv D:\data.csv
    Multiple organizational units match identity "it". Specify a unique value.
    + CategoryInfo : NotSpecified: (:) [], ManagementObjectAmbiguousException
    + FullyQualifiedErrorId : [Server=WSE-EXCHMB01,RequestId=aa9096bf-cb7e-4d68-b7d8-afd636013d4a,TimeStamp=10/7/2014
    5:34:32 AM] 1BEDEDA0
    + PSComputerName : wse-exchmb01.wse.in.th

  • Export-Mailbox, error code: -2147221219

    Hi Guys
    When I try to export a mailbox from our Exchagne 2010 Rollup 4 environment (not sp1 or sp2) I recieve the following error:
    [PS] C:\Windows\system32>Export-Mailbox -Identity ad.local\user -PSTFolderPath c:\temp\user.pst
    Error was found for USERNAME ([email protected] because:
    Error occurred in the step: Approving object
    . An unknown error has occurred., error code: -2147221219
        + CategoryInfo          : InvalidOperation: (0:Int32) [Export-Mailbox], RecipientTaskException
        + FullyQualifiedErrorId : A0E4BB51,Microsoft.Exchange.Management.RecipientTasks.ExportMailbox
    I have followed the instructions on the sites mentioned below without any success:
    http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exporting-importing-mailboxes-exchange-server-2010.html
    http://www.techguy.at/2010/06/16/export-pst-von-exchange-2010/
    If I run the command in verbose mode i can tell that it fails on
    VERBOSE: [08:25:50.826 GMT] Export-Mailbox : [USER] Opening Exchange mailbox. 
    This means that I ofcourse have Outlook 2010 x64 installed on both the computer I try to run the command on and also the server that EMS connects
    to. I have tro to tun the command as a domain admin but also as a common user without success.
    Please, please help me solve this.

    You can also check the below threads for your reference:
    Article says that its a bug:
    http://www.korneel.nl/?p=28
    Try the below threads too:
    http://www.telnetport25.com/2011/11/quick-tip-error-2147221219-occurred-in-step-approving-object-during-exchange-2007-export-mailbox-session/
    http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/a5734963-b75f-4f92-8f65-b889360341c7/
    http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/c475b553-ef41-4694-b636-83a29f386507
    Best Regards, Kranthi-EX "Mark this answer it this is Helpful"

  • Error: The specified mailbox database [Mailbox Database Name] does not exist, when you try to export mailbox in Exchange 2007

    [Symptom]
    ======================
    In Exchange 2007, when you want to export mailbox to a .pst file, you should run the
    Export-Mailbox cmdlet from a 32-bit computer that has the following installed:
    The 32-bit version of the Exchange management tools
    Microsoft Office Outlook 2003 SP2 or later versions
    If not, you may encounter the following error message:
    You check that you have these required installed, but you get the error below when you run Export-Mailbox in EMS.
    “The specified mailbox database [Mailbox Database Name] does not exist.”
    [Cause Analysis]
    =======================================
    This is because that the account you use to run Export-Mailbox cmdlet don’t have the Exchange Server Administrator role assigned.
    You can check if this account has been delegated the Exchange Server Administrator role through the following path.
    EMC -> Organization Configuration-> Check permissions in the result pane.
    To delegate this Exchange Server Administrator role, right click on the
    Organization Configuration node and choose Add Exchange Administrator,
    you will see the Add Exchange Administrator window.
    [More Information]
    ==============================
    Export-Mailbox
    http://technet.microsoft.com/en-gb/library/aa998579(v=exchg.80).aspx
    How to Export and Import mailboxes to PST files in Exchange 2007 SP1
    http://blogs.technet.com/b/exchange/archive/2007/04/13/3401913.aspx
    Exchange 2007 cannot export pst files via its powershell
    http://social.technet.microsoft.com/Forums/forefront/en-US/b3bc0dce-35f3-4a69-9a33-4f2a855b9f94/exchange-2007-cannot-export-pst-files-via-its-powershell?forum=exchangesvrgenerallegacy
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Hi,
    Based on my test, if you make the user the owner of the database (rather than a user with the db_owner role), when you create a query, it creates it under the dbo schema rather than DOMAIN\username.
    Steps to do so (in Management Studio):
    Right click database, select Properties 
    Click File 
    Change Owner in the textbox 
    OK to confirm 
    Downside - other users under db_owner role will still have their username appended. So schemas have to be created for these users.
    Jaynet Zhang
    TechNet Community Support

  • Setting EX2007 mailbox permissions with Exchange Management Shell not reflected in Exchange Management Console

    Hello,
    I'm trying to use PowerShell to script some mailbox permissions.  The mailbox permissions I set in the shell are not displaying in the EMC.  The command I'm using is:
    add-MailboxPermission -accessrights fullaccess -identity $username -user MYDOMAIN\$supervisor -confirm:$false
    I get confirmation from the shell:
    Identity             User                 AccessRights                                               
    IsInherited Deny
    MyDomain.net/Separa... MYDOMAIN\mysupervisor    {FullAccess}                                               
    False       False
    Afterwards, when I look in the Exchange Management Console for this user (Right click, Manage Full Access), even after allowing time for replication, I don't see this new permission reflected there.  But If I use Get-MailboxPermission
    $username, the permissions show up:
    Identity             User                 AccessRights                                               
    IsInherited Deny
    MyDomain.net/Separa... MYDOMAIN\mysupervisor    {FullAccess}                                               
    False       False
    Why is this addition not being reflected in the shell?

    Hi,
    The cmdlet you use to grant full access permission is right. If your case, please let "mysupervisor" access to this user's mailbox and verify if he/she can access it. Maybe Exchange Management Console has not been updated well.
    Hope this can be helpful to you.
    Best regards,
    Amy Wang
    TechNet Community Support

  • Exchange Server 2007 Cross Mailbox Search using Export-mailbox

    Hi All.
    We are trying to do some legal discovery but we are having a few problems. 
    Exchange 2007 (SBS 2008)
    The command for a single user mailbox works and returns the results i would expect:
    Export-Mailbox -Identity "User" -SenderKeywords "[email protected]" -TargetMailbox administrator -TargetFolder "Attempt2"
    but the same command to run over the entire mailbox database is giving me wildly inaccurate results, including emails from senders with nothing to do with the "[email protected]" address
    get-mailbox –Database "Mailbox Database" | Export-Mailbox -SenderKeywords "[email protected]" -TargetMailbox administrator -TargetFolder "Attempt2"
    Not only that, but i also want to find out how NOT to include empty folders in the export.  Because the "Administrator\Attempt 2" folder doesn't just include the exported messages, but actually includes the full subtree of folders, with lots
    of empty folders?  
    Any help on the above would really be appreciated.
    Thanks.
    Ben Weinberg
    Prime-Networks
    www.prime-networks.co.uk
    Please post the resolution to your issue so that everyone can benefit
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Hi ,
    Thank you for posting your issue in the forum.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.
    Best Regards,
    Andy Qi
    TechNet Subscriber Support
    If you are
    TechNet Subscription user and have any feedback on our support quality, please send your feedback
    here.
    Andy Qi
    TechNet Community Support

  • Export mailboxes to PST (Exchange 2007)

    Hi All,
    Is there an 'export-mailbox' cmdlet I can use to export each of the mailboxes in our mailbox database using the following file name format, so that the full smtp address is used as the filename of each the PST file exported:
    [email protected]
    [email protected]
    etc, etc
    We are currently migrating to a cloud email provider and they have strict rules on processing PST files. The exchange database is only 65GB in size, so not that big in the grand scheme of things.
    Any help appreciated.
    Thanks.

    Untamed, you sure can.  Here's the original code I sent:
    Get-Mailbox -Database <databasename> | Sort name | % {
        $MbxSmtp = $_.PrimarySmtpAddress.ToString()
        Export-Mailbox $MbxSmtp -PstFolderPath "\\Servername\Share\$MbxSmtp"
    Note the first line, which ties the code to a single database.  You can change that line to focus on any group of mailboxes, even to a single mailbox.  Here's code for a single mailbox:
    Get-Mailbox <mailbox alias> | Sort name | % {
        $MbxSmtp = $_.PrimarySmtpAddress.ToString()
        Export-Mailbox $MbxSmtp -PstFolderPath "\\Servername\Share\$MbxSmtp"
    Here's code for an OU:
    Get-Mailbox -OrganizationalUnit <OU DN, as in "ADDomain.company.com/OURoot/SubOUName"> | Sort name | % {
        $MbxSmtp = $_.PrimarySmtpAddress.ToString()
        Export-Mailbox $MbxSmtp -PstFolderPath "\\Servername\Share\$MbxSmtp"

  • Export Mailbox from Exchange 2010 and Import to Exchange 2007

    Hello,
    I exported mailbox (1GB in size) from Exchange 2010 to *.pst file; I need to import it into
    Exchange 2007 mailbox. Is it supported ?
    The operation completed successfully (no errors) but no items were imported; is it due to unsupported backward compatibility or some other issue ?
    Thank you,
    Luca
    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. Whenever you see a helpful reply, click on [Vote As Help] and click on [Mark As Answer] if a post answers your question.

    I also have the same issue. Exported mailboxes on Exchange 2010 SP3 latest updates using
    New-MailboxExportRequest and then tried to import into mailbox on Exchange 2007 SP3 with latest updates. The 32-bit client machine used for the import has Outlook 2010 SP1 (SP2 and later updates causes a different error). I used Outlook 2010 because the E2K10
    New-MailboxExportRequest documentation states that you have to use Outlook 2010 or later. The PST files created can be opened and imported via Outlook but not with the
    Import-Mailbox cmdlet (with no error as stated in this thread). Other PSTs, not created from E2K10 export do import just fine. I also ran ScanPST.exe against the exported PST and then ran the import again and it worked, everything got imported. Interestingly
    the test mailbox PST file I was using was 761 KB but after the ScanPST it was 1,257 KB - must be some difference in the PST format that the Import-Mailbox cmdlet can't deal with.
    Does anyone have any other solutions or
    workarounds to this. I've got over 900 mailboxes I need this for due to an
    acquisition? Has anyone tried using Outlook 2013 on the machine used for doing
    the Exchange 2007 imports or does Outlook 2013 also have the same issue as later versions of Outlook 2010 (Exchange Mailbox import failed with error code 2147221233)?

  • Export mailbox to PST - Exchange 2007

    I ran this command on my Domain Admin Account from our 2007 Exchange Server 2007 w/ SP3:
    [PS] C:\Users\jesse\Desktop>Get-Mailbox | Add-ADPermission -User "jesse.Sams" -
    AccessRights GenericAll -ExtendedRights Send-As, Receive-As, MS-exch-store-admin
    When I run the command:
    Export-Mailbox –Identity <mailboxUser> -PSTFolderPath <pathToSavePST>
    -StartDate "<//span>08/29/12" –EndDate "08/29/12"
    -DeleteContent
    I get the error:
    Export-Mailbox : Error was found for First Name ([email protected]) because: Error occurred in the step: Moving messages. Failed to copy messages to the destination mailbox store with error: MAPI or an unspecified service provider.
    ID no: 00000000-0000-00000000, error code: -1056749164 At line:1 char:15 + Export-Mailbox <<<< 
    -Identity first.last -PSTFolderPath d:\archive -StartDate "08/29/12" -EndDate "08/29/12" -DeleteContent   
    + CategoryInfo         
    : InvalidOperation: (0:Int32) [Export-Mailbox], RecipientTaskException   
    + FullyQualifiedErrorId : 70397370,Microsoft.Exchange.Management.Recipient Tasks.ExportMailbox
    Any help on this issue would be greatly appreciated.
    Thanks, Jesse

    Hello jwmms,
    You can use this command to do that:
    Get-mailbox| add-mailboxpermission -user "jesse.sams" -AccessRights fullaccess
    Add-MailboxPermission
    http://technet.microsoft.com/en-us/library/bb124097(EXCHG.80).aspx
    Thanks,
    Evan Liu
    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact
    [email protected]
    Evan Liu
    TechNet Community Support

Maybe you are looking for