Quickly list all mailboxes to which a particular user has access
Exchange Server
Frank -
12:06 PM

This question seems to get asked a lot, and people are unaware how easy the answer really is. Here it is:

  • List all mailboxes to which a particular user has Full Access permissions:
1
2
3
4
5
6
7
8
9
10
PS C:\> Get-Mailbox | Get-MailboxPermission -User vasil
Identity             User                 AccessRights
--------             ----                 ------------
HuKu                 Vasil Michev         {FullAccess}
retail               Vasil Michev         {FullAccess}
sharednew            Vasil Michev         {FullAccess}
testplan2            Vasil Michev         {FullAccess}
WC                   Vasil Michev         {FullAccess}
  • List all shared/user/room/whatever mailboxes to which particular user has Full Access permissions:
1
2
3
4
5
6
7
8
9
PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox,SharedMailbox -ResultSize Unlimited | Get-MailboxPermission -User vasil
Identity             User                 AccessRights
--------             ----                 ------------
HuKu                 Vasil Michev         {FullAccess}
retail               Vasil Michev         {FullAccess}
sharednew            Vasil Michev         {FullAccess}
testplan2            Vasil Michev         {FullAccess}
  • List all mailboxes to which members of a particular security group have access:
1
2
3
4
5
PS C:\> Get-Mailbox | Get-MailboxPermission -User secgrp
Identity             User                 AccessRights
--------             ----                 ------------
Bathroom             secgrp               {FullAccess}
  • List all mailboxes to which a user has Send As permissions:
1
2
3
4
5
PS C:\> Get-Mailbox | Get-RecipientPermission -Trustee vasil
Identity                            Trustee                             AccessControlType                   AccessRights
--------                            -------                             -----------------                   ------------
sharednew                           Vasil Michev                        Allow                               {SendAs}
  • List all user mailboxes to which members of a particular security group have Send As access:
1
2
3
4
5
PS C:\> Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-RecipientPermission -Trustee secgrp
Identity                            Trustee                             AccessControlType                   AccessRights
--------                            -------                             -----------------                   ------------
HuKu                                secgrp                              Allow                               {SendAs}
  • List all mailboxes to which a particular security principal has Send on behalf of permissions:
1
2
3
4
5
6
PS C:\> Get-Mailbox | ? {$_.GrantSendOnBehalfTo -match "vasil"}
Name                      Alias                ServerName       ProhibitSendQuota
----                      -----                ----------       -----------------
Bathroom                  bathroom             amspr03mb084     49.5 GB (53,150,220,288 bytes)
WC                        WC                   dbxpr03mb096     9.5 GB (10,200,547,328 bytes)

There will be slight differences if you are running this against on-prem Exchange, but remember that you can also look at the AD attributes there (msExchDelegateListLink and msExchDelegateListBL).

Archives