Office 365 - check exchange permissions

Question

Hi, relatively new to Adaxes.

We use a third party for our mail archiving solution for this to work account we have for this 3rd party needs full access to every mailbox. On occasion the permission has not granted on creation. I'd like to be able to setup a monthly scheduled task that runs and checks that every mailbox has this permission and if it doesn't to either email the results or export them to a CSV somewhere for manual review.

I'm no powershell expert at all and couldn't see a predifined command that would do the work. I know that a PS command similar to Get-MailboxPermission -Identity %mail% -User "archiveaccount" should in theory work, but I get stuck at the rest.

Would anyone be able to assist?

Thanks in advance
Gary

Comments

Hello Gary,

What columns do you want in the CSV file? Just names of those mailboxes or anything else?

---

Hi,

That's it really I just need a list of mailboxes that do not have the permissions

Thanks

---

Such a CSV would require quite a lot of time to generate, because getting full access delegates of each mailbox in Office 365 is a time- and resource-consuming task. We have an alternative idea:

1. A Scheduled Task runs regularly on the background and adds every mailbox that does not have the permissions to the See Also attribute of the designated work account.
2. When a review is required, you can simply check the See Also. Every mailbox will be represented as a link there. So, if necessary, you will be able to click a mailbox to open it in the Web Interface and grant the permissions.
   
3. If necessary, it is also possible to create a separate button on the home page of the Web Interface to review this specific attribute only.

What do you think about such a solution? Will it suit your needs or you still want a CSV?

---

Hiya, that would work just as well. Ideally what we want is to run a scheduled task that if the service account doesn't have access to a users mailbox and automatically adds it.

Additionally it would be good to be able to run a report/scheduled task that shows which mailboxes it doesn't have access to at the time the task/report is run.

Thanks again

---

Hi, thanks but unfortunately I don't speak/read Russian (as a guess apologies if wrong) nor am I willing to click links I can't read the full URL for :)

Answer 1

Hello,

Please ignore the messages in Russian. Those are SPAM bots. We try to eliminate them as soon as possible, but sometimes they spawn too quickly :evil:

We've come up with the following script: http://www.adaxes.com/script-repository ... r-s502.htm. It checks whether a user has full access to a mailbox. If the user doesn't have the access, the script adds it.

We recommend creating a Scheduled Task that adds the permission to mailboxes on a regular basis (say, you can run it once every day). To create such a task:

1. Create a new Scheduled Task.
2. On step 3, select User.
   
3. On step 4, add the Run a program or PowerShell script action and paste the script in the Script field.
   
4. In the $fullAccessUserDN parameter of the script, specify the Distinguished Name (DN) of the designated work account.
5. Enter a short description and click OK.
6. Right-click the action you've just added and select Add Condition.
   
7. Select If has an Exchange mailbox.
8. Specify If the User has an Exchange mailbox.
   
9. Click OK and then click Next.
10. On the final step, include the AD locations where mailbox users are placed in the Activity Scope of the task.

Comments

Thanks for this, it works exactly as described!