Finding Delegates in Exchange 2010/2013

There have been numerous occasions where I’ve gotten complaints about delegates that no longer exist still somehow interfering with mail and calendars. The logical approach, therefore, is to search for delegates before removing an account to ensure that nothing is left behind that really shouldn’t be.

I found where a number of people have written complicated scripts that invariably (for me anyway) were fraught with errors and unrecognized syntax.

I found a simple solution and a new feature that I wasn’t aware of:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Out-GridView

This is a simple and elegant way to find where any mailbox has a delegate. Also, the output is in a simple “Grid View” (feature I didn’t know about until now) that easily shows:

Identity: (The account delegated out)
User: (The account that has delegate access)
AccessRights: (The level of access)
IsInherited: (if False then was manually applied)
Deny: (self explanitory – was not delegated with a Deny – don’t really see the point of this)

Exchange 2010 doesn’t seem to be capable of Grid View so if you want a user readable format output to a CSV:

Get-Mailbox | Get-MailboxPermission | where {$_.user.tostring() -ne “NT AUTHORITY\SELF” -and $_.IsInherited -eq $false} | Export-Csv c:\mailbox-permissions.csv

By admin|2018-01-31T02:04:10-08:00January 15th, 2018|Microsoft Exchange|Comments Off

About the Author: admin

An IT Specialist with humble beginnings at an ISP here in BC in 1996. Since then WiReDWoLF has expanded his knowledge and expertise in many areas of the IT field and is proficient with networking, applications, servers, and general application of all of the above.