No announcement yet.

script or tool to export mailbox permissions in AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • script or tool to export mailbox permissions in AD

    Good Day Group,

    I am looking for a way to export Mailbox Permission access to a .csv or .txt for all mailboxes. I have an issue in our company as to who has access to which mailbox. Of course I could go through each one in AD and check but that would cause me to blow up the Data Center

    Seriously, Does anyone know of a script or tool which will give me the same information as the Exchange Advanced Tab > Mailbox Rights for all users and groups. I need to do this for all mailboxes in the organization.

    Thank you!!!

  • #2
    Some digging in ADSI showed that the mailbox permissions are stored in msExchMailboxSecurityDescriptor attribute of the user object.

    Some poking in google revealed the following KB with a sample code:;EN-US;310866

    Another limitation of msExchMailboxSecurityDescriptor is that it does not reflect any of the inherited access control entries (ACEs) on the security descriptor of the mailbox itself. Therefore, Microsoft does not recommend that you modify the mailbox rights on a mailbox by reading msExchMailboxSecurityDescriptor. Other ways of reading a user's mailbox rights are more accurate than using this directory attribute.
    Some more digging came up with this:

    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"