Public/Permissions/EXO/Get-EXOFullAccessPerms.ps1
function Get-EXOFullAccessPerms { <# .SYNOPSIS Outputs Full Access permissions for each object that has permissions assigned. This is for On-Premises Exchange 2010, 2013, 2016+ .EXAMPLE (Get-Mailbox -ResultSize unlimited | Select -expandproperty distinguishedname) | Get-EXOFullAccessPerms | Export-csv .\FA.csv -NoTypeInformation If not running from Exchange Management Shell (EMS), run this first: Connect-Exchange2 -NoPrefix #> [CmdletBinding()] Param ( [parameter(ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)] $DistinguishedName, [parameter()] [hashtable] $RecipientMailHash, [parameter()] [hashtable] $RecipientHash, [parameter()] [hashtable] $RecipientLiveIDHash ) Begin { } Process { Write-Verbose "Inspecting: `t $_" Get-EXOMailboxPermission -Identity $_ -Verbose:$false | Where-Object { $_.AccessRights -like "*FullAccess*" -and !$_.IsInherited -and !$_.user.startswith('S-1-5-21-') -and !$_.user.startswith('NT AUTHORITY\SELF') -and !$_.user.contains('\') -and !$_.Deny } | ForEach-Object { $Type = $null $User = $_.User Write-Verbose "Has Full Access: `t $User" if ($RecipientMailHash.ContainsKey($_.User)) { $User = $RecipientMailHash["$($_.User)"].Name $Type = $RecipientMailHash["$($_.User)"].RecipientTypeDetails } $Email = $_.User if ($RecipientHash.ContainsKey($_.User)) { $Email = $RecipientHash["$($_.User)"].PrimarySMTPAddress $Type = $RecipientHash["$($_.User)"].RecipientTypeDetails } if ($RecipientLiveIDHash.ContainsKey($_.User)) { $User = $RecipientLiveIDHash["$($_.User)"].Name $Email = $RecipientLiveIDHash["$($_.User)"].PrimarySMTPAddress $Type = $RecipientLiveIDHash["$($_.User)"].RecipientTypeDetails } [pscustomobject]@{ Object = $_.Identity PrimarySmtpAddress = $RecipientHash["$($_.Identity)"].PrimarySMTPAddress Granted = $User GrantedSMTP = $Email RecipientTypeDetails = $Type Permission = "FullAccess" } } } END { } } |