Finding users who have Send-As or Full Access permissions to mailboxes

Pat Richard posted a couple of nice one-liners to determine users who have Send-As or Full Access permissions to mailboxes.  He posted this over at UCBlogs.net.



The following one-liner lists all mailboxes where another user has Send-As permissions, and who that user is:

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like “*send-as*”) -and -not ($_.User -like “nt authority\self”)} | ft Identity, User -auto



And this one-liner displays all mailboxes where another user has Full Access permissions, and who that user is:



Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | ? {($_.AccessRights -match “FullAccess”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | ft Identity, User


Both of these one-liners are very useful to determine who has access to other people’s mailboxes.