Export Shared & Room Mailbox Members into separate Files Using PowerShell

Introduction

If you’re managing a Microsoft 365 environment, you probably deal with multiple shared or room mailboxes. Whether it’s for auditing, reporting, or delegation purposes, knowing who has access to these mailboxes is vital. In this blog, we’ll walk through a PowerShell script that helps you export the access permissions of multiple shared or room mailboxes into individual CSV files.

Prerequisites

– Windows PowerShell with Exchange Online Management Module installed
– Admin access to run `Get-MailboxPermission`
– A CSV file with shared mailbox details (name and emailaddress columns)

PowerShell Script Overview

Here’s the full PowerShell script to export mailbox permissions into separate files based on each mailbox:

$Mailboxes = import-csv "C:\Users\Desktop\SharedMailboxesInformation.csv"

foreach ($mailbox in $Mailboxes) {
    $sm = $mailbox.name
    Get-MailboxPermission -Identity $mailbox.emailaddress |
    Where-Object { $_.User -ne "NT AUTHORITY\SELF" } |
    Select-Object User, AccessRights |
    Export-Csv -NoTypeInformation -Path "C:\Users\Desktop\Information\$sm.csv" -Append
}

$Mailboxes = import-csv "C:\Users\Desktop\SharedMailboxesInformation.csv"

foreach ($mailbox in $Mailboxes) {
    $sm = $mailbox.name
    Get-MailboxPermission -Identity $mailbox.emailaddress |
    Where-Object { $_.User -ne "NT AUTHORITY\SELF" } |
    Select-Object User, AccessRights |
    Export-Csv -NoTypeInformation -Path "C:\Users\Desktop\Information\$sm.csv" -Append
}

Line-by-Line Explanation

- $Mailboxes = import-csv "C:\Users\Desktop\SharedMailboxesInformation.csv"

- $Mailboxes = import-csv "C:\Users\Desktop\SharedMailboxesInformation.csv"

  This line reads the input CSV file that contains the list of shared mailboxes. Each row must include at least ‘name’ and ’emailaddress’.

- foreach ($mailbox in $Mailboxes)

- foreach ($mailbox in $Mailboxes)

  Loops through each mailbox entry from the CSV file.

- $sm = $mailbox.name

- $sm = $mailbox.name

  Stores the ‘name’ column value in the variable `$sm` for use in naming the output CSV file.

- Get-MailboxPermission -Identity $mailbox.emailaddress

- Get-MailboxPermission -Identity $mailbox.emailaddress

  Retrieves the permissions set on the mailbox identified by the email address.

- Where-Object { $_.User -ne "NT AUTHORITY\SELF" }

- Where-Object { $_.User -ne "NT AUTHORITY\SELF" }

  Filters out the default self-user entry to only show delegated access.

- Select-Object User, AccessRights

- Select-Object User, AccessRights

  Selects the relevant columns to export – who has access and what kind of access.

- Export-Csv -NoTypeInformation -Path "C:\Users\Desktop\Information\$sm.csv" -Append

- Export-Csv -NoTypeInformation -Path "C:\Users\Desktop\Information\$sm.csv" -Append

  Exports the result into a CSV file named after the mailbox name. The `-Append` flag ensures data isn’t overwritten if the file already exists.

Script Output Example

For a mailbox called ‘HRMailbox’, the output CSV file might look like this:

User                       AccessRights
—-                       ————-
John.Doe@domain.com        {FullAccess}
Jane.Admin@domain.com      { FullAccess}

Conclusion

This script is a simple yet powerful way to automate the process of exporting mailbox permissions. It’s particularly helpful for IT admins who manage multiple mailboxes and need to report on access regularly. Always remember to check mailbox access periodically to maintain a secure and organized environment.