Posted inExchange Online Powershell Scripts

How to Get Shared Mailbox Members and Permissions Using PowerShell

No CommentsPosted inExchange Online, Powershell Scripts
How to View Shared Mailbox Permissions and Members Using PowerShell – TrulyBlogs
Extract shared mailbox members and permissions using PowerShell – A step-by-step guide from TrulyBlogs

Introduction

If you’re managing Microsoft 365 or Exchange Online environments, keeping track of who has access to shared mailboxes is crucial for both compliance and operational clarity. In this blog post, we’ll walk you through two simple PowerShell commands that help you extract complete access details for a shared mailbox. Whether you’re an IT admin or just curious, we’ve broken down everything in a human-friendly way.

PowerShell Script 1: Get-MailboxPermission

This script retrieves permission details assigned to a shared mailbox. Here’s the command:

PowerShell
Get-Mailbox -Identity "SharedMailboxEmailAddress" -ResultSize:Unlimited | Get-MailboxPermission | Select-Object Identity, User, AccessRights

Let’s break it down:

– Get-Mailbox: Fetches the mailbox object based on the specified identity.

– -Identity “SharedMailboxEmailAddress”: This is where you enter your shared mailbox email address.

– -ResultSize:Unlimited: Ensures that all mailboxes are retrieved without limitation.

– | (Pipe): Passes the output of one command into another.

– Get-MailboxPermission: Gets permission entries for the mailbox.

– Select-Object Identity, User, AccessRights: Filters and displays only the relevant fields.

PowerShell Script 2: Get-RecipientPermission

This command shows recipient permissions like “Send As” or “Send on Behalf” rights:

PowerShell
Get-RecipientPermission -Identity "shared mailbox1" | Select Trustee, AccessRights

Let’s understand what this script does:

– Get-RecipientPermission: Retrieves permission entries on a recipient (like a mailbox).

– -Identity “shared mailbox1”: Replace this with the actual mailbox name.

– | Select Trustee, AccessRights: Displays who (Trustee) has which access rights.

Sample Output

Here’s an example of what the output might look like for each script:

Output of Get-MailboxPermission:

Identity                        User                     AccessRights
——–                        —-                     ————-
SharedMailboxEmailAddress      DOMAIN\Alice             {FullAccess}
SharedMailboxEmailAddress      NT AUTHORITY\SELF        {ReadPermission}

Output of Get-RecipientPermission:

Trustee                  AccessRights
——–                 ————-
DOMAIN\Bob              {SendAs}
DOMAIN\Charlie          {SendOnBehalf}

Conclusion

Managing mailbox permissions is a critical task in ensuring that only the right users have access to the right resources. With the PowerShell commands shown above, you can easily extract and review shared mailbox permissions. Always remember to run these scripts using an account with the necessary administrative privileges.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *