This script retrieves all mailboxes in Exchange Online and their respective mailbox permissions. It excludes permissions where the user is "NT AUTHORITY\SELF" and performs a left join on mailbox identity and permissions to create a consolidated list. The script then exports the details—including PrimarySmtpAddress
, AccessRights
, and User
—to a CSV file at a specified path. This is useful for auditing mailbox permissions in Exchange Online.
Here is the script:
$ExportPath = 'C:\Users\xxxxar\Desktop\perm.csv'
$mailboxes = Get-Mailbox -ResultSize unlimited
$MailboxPermission = @()
foreach ($mailbox in $mailboxes) {
$MailboxPermission += $mailbox | Get-MailboxPermission
}
$param =@{
LeftObject = $MailboxPermission | Where-Object user -ne "NT AUTHORITY\SELF" ;
RightObject = $mailboxes | Select-Object @{Name="Identity";Expression={$_.Id}},PrimarySmtpAddress ;
On = 'Identity' ;
JoinType = 'Left' ;
}
$output = Join-Object @param
$output = $output| Select-Object @{N="PermissionNoMailbox";E={$_.PrimarySmtpAddress}},
@{N="AccessRights";E={$_.AccessRights | Out-String}},
User
$output | Export-Csv -Path $ExportPath -Force