by Nuno Mota [Published on 14 Dec. 2011 / Last Updated on 29 Nov. 2011]

Are you looking for an easy way to check which mailboxes a certain account has Full Access permissions to? The best way is to use the EMS and the following cmdlet (replace FullAccess with the level of access you want to search for, such as DeleteItem for example):


Get-Mailbox -Resultsize Unlimited | Get-MailboxPermission -User | ? {$_.AccessRights -match "FullAccess" -and $_.IsInherited -eq $False} | Select Identity


If, however, you are using Exchange 2010, I recommend you update the cmdlet to the following:


ForEach ($mbx in (Get-Mailbox -Resultsize Unlimited | Select Identity)) {Get-MailboxPermission $mbx.Identity -User | ? {$_.AccessRights -match "FullAccess" -and $_.IsInherited -eq $False} | Select Identity}


This is because the way Exchange 2010 deals with multiple pipes. If you have thousands of mailboxes and you use the first cmdlet, you will probably run out of memory...

