Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
Falcor

Powershell - Removing User FullAccess Permissions from Their Own Mailb

Recommended Posts

Hi All,

We had a little bug go through our Exchange Server that really hosed our permissions on all mailboxes. I have everything working now, but am looking for a way to systematically clean up permissions.

For instance: NT Authority\Self is allowed FullAccess on all mailboxes...this is good. This allows each user full access to their own mailbox. On top of this, each user is listed ALSO with FullAccess permissions on their own mailboxes. This is unnecessary due to the NT Authority\Self permission.

If I were to use the Exchange Management Console to remove each user from their mailbox, EMC would actually remove their access entirely by stipulating a DENY - not good.

What I am looking to do is use PowerShell to run a loop. So that you may better understand what I am trying to do:

1. Get-Mailbox2. Enumerate username associated with mailbox and assign $username variable3. Remove-MailboxPermission –user $username –AccessRight FullAccess

Once the entire command is piped:

Get-Mailbox | $username = user | Remove-MailboxPermission -user $username -AccessRight FullAccess 

Thus, it would remove the users' full-access permissions only from their own mailbox.

Can anyone help me accomplish this? I have searched and searched, but still come up empty.

Thanks!

Edited by Falcor

Share this post


Link to post
Share on other sites

So far what I've come up with on my own...which does NOT work is:

Get-Mailbox | Foreach-Object{    $username = Select-Object Alias    Remove-MailboxPermission -user $username -AccessRight FullAccess}

This is the error I get, which doesn't help me in the least:

Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],   PSInvalidOperationException    + FullyQualifiedErrorId : RemotePipelineExecutionFailedCannot bind argument to parameter 'User' because it is null.    + CategoryInfo          : InvalidData: ( [Remove-MailboxPermission], ParameterBindingValidationException    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Remove-MailboxPermission

Any ideas?

Share this post


Link to post
Share on other sites

get-mail | gm

get the property of users

then

 

$p = (get-mail).user_property

 

foreach ($pp in $p) { remove-MailboxPermission -user $pp -AccessRight FullAccess }

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×