-1

How can I with powershell in which shared-mailboxes is a security group entered with sendas permissions?

Dave M
  • 4,514
  • 22
  • 31
  • 30
HermanX
  • 3
  • 1

2 Answers2

0

Try to run the following commands in the EMS to see which shared mailboxes have the Send As permissions of a security group:

$shared = Get-Mailbox -RecipientTypeDetails Shared
foreach($s in $shared)
{
$Name = "*" + $s.Name + "*" 
Get-ADPermission -Identity "<Security Group Name>" | where{$_.ExtendedRights -like "*send*" -and $_.User -like $Name}
}

The following snapshots which show my test result are for your reference: enter image description here

Ivan_Wang
  • 1,333
  • 1
  • 4
  • 4
  • Thank you so much. My problem now is the hybrid system. Get-Mailbox no get any result on Exchange Management Shell onPremise. If i open the shell on the cloud i get all shared mailboxes to the Variable but the Get-adpermission not working there even though i'm loading the active directory module. Any idea? – HermanX Oct 15 '20 at 08:31
  • Connect to Exchange Online powershell and run the commands post in my new answer. – Ivan_Wang Oct 15 '20 at 09:11
  • Get-RecipientPermission unfortunately also not known. and get-remotemailbox onPremise not have the -recipientdetails parameter – HermanX Oct 15 '20 at 11:35
0

Try:

$shared = Get-Mailbox -RecipientTypeDetails Shared
foreach($s in $shared)
{Get-RecipientPermission -Identity "<Security Group Name>" | where{$_.Trustee -eq $s.PrimarySmtpAddress -and $_.AccessRights -like "*SendAs*"}}
Ivan_Wang
  • 1,333
  • 1
  • 4
  • 4
  • Get-RecipientPermission unfortunately also not known. Thanks – HermanX Oct 15 '20 at 10:15
  • Where do the shared mailboxes and the security group locate in? Cloud or On-prem? – Ivan_Wang Oct 16 '20 at 01:40
  • The shared mailboxes i can get in the cloud only because Get-Mailbox only working in the cloud environment. In the onPremiseShell Get-RecipientPermission not working at all but Get-ADPermission.is working on premise but not in the cloud. My Idea: maybe you can get all shared mailboxes in the cloud to a textfile and asked this file onpremise to complete the script with Get-ADPermission e.g. Get-Content "C:\sharedMB.txt" | ForEach-Object { Get-ADPermission ....... – HermanX Oct 19 '20 at 08:39
  • If so, you could run the command **`Get-Mailbox -ResultSize unlimited -RecipientTypeDetails Shared | Select-Object Name | Export-Csv \Shared.csv`** in the **EXOL** PowerShell to export a CSV file which includes the names of all shared mailbox. – Ivan_Wang Oct 19 '20 at 09:40
  • Then run the following commands in the **On-prem** Exchange PowerShell to get the shared mailboxes which have the **Send As** permission of the security group: `$shared = Import-Csv \Shared.csv foreach($s in $shared){Get-ADPermission -Identity "" | where{$_.ExtendedRights -like "*send*" -and $_.User -like $s.Name}}` – Ivan_Wang Oct 19 '20 at 09:40
  • Thats it! Thank you so much – HermanX Oct 19 '20 at 11:33