Periodically, it has been necessary to cleanup mailbox permissions across a Microsoft Exchange server or Exchange organization. Sometimes other IT administrators, myself included, have forgotten to remove self-applied permissions in the heat of providing employee support. Two tasks that have helped, an inventory of existing full access and selective bulk removal.
A. Inventory all the mailboxes with accounts with full permissions.
This will provide an export in CSV format to sort against for review.
1. Launch Exchange Management Shell as administrator with appropriate Exchange Organizational or Exchanger Server permissions.
2. Create localized folder for exports (i.e. C:\garzafx\).
3. Export all full mailbox permissions to mailbox to Excel CSV file as follows:
Get-Mailbox -Server “myemailserver” | Get-MailboxPermission | export-csv c:\garzafx\
NOTE: If you haven’t already created your own folder for exports on your system, please do so to avoid any inadvertent errors.
B. Selective account removal
Now that you have your variables to search against, you can create a get-contents script or just keep it simple with the following:
4. Get-Mailbox | Remove-MailboxPermission -AccessRights FullAccess -user “weyland\ellen.ripley”
IMPORTANT: For Send-As permissions will have to had employed Get-AdPermission
More Information On Exchange: http://www.msexchange.org/
More on PowerShell: http://blogs.technet.com/b/heyscriptingguy/