Reputation: 12374
Remove all user accessrights from mailbox in exchange using powershell
This removes all FullAccess accessrights from a mailbox for a certain user.
Remove-MailboxPermission -identity MyMailbox -user SomeUser -AccessRights FullAccess
This removes SendAs accessrights
Remove-MailboxPermission -identity MyMailbox -user SomeUser -AccessRights SendAs
Is there something I can do to remove ALL accessrights in one go, so I do not have to explicitly have to remove every single kind of accessright?
Upvotes: 1
Views: 45009
Answers (3)
Reputation: 12374
Here is what I ended up with:
(assumes input $alias with samaccountname/identity)
Get-MailboxPermission -Identity $alias | ForEach-Object {Remove-MailboxPermission -identity $_.Identity -user $_.User -AccessRights FullAccess -InheritanceType All -confirm: $false}
Get-MailboxPermission -Identity $alias | ForEach-Object {Remove-MailboxPermission -identity $_.Identity -user $_.User -AccessRights ReadPermission -InheritanceType All -confirm: $false}
$Permissions = Get-Mailbox -identity $alias | where {($_.Identity -like "*")} | Get-ADPermission | Where-Object { ($_.ExtendedRights -like "*send-as*") -and $_.User -notlike "*AUTHORITY*" }
if ($Permissions)
{
$Permissions | ForEach-Object{ Remove-ADPermission -identity $_.Identity -user $_.User -ExtendedRights "Send As" -confirm:$false }
}
$mb = Get-mailbox -Identity $alias
$mb.GrantSendOnBehalfTo = "CN=SomeAdminAccount,CN=Users,DC=ourdomain,DC=local"
Set-Mailbox -Identity $alias -GrantSendOnBehalfTo $mb.GrantSendOnBehalfTo
Could be made a bit more elegant, but good gets the job done.
Also works using remote powershell, something that often seems to fail with creative" solutions using piping.
Upvotes: 0
Reputation: 76
Remove-MailboxPermission -Identity [email protected] -User [email protected] -AccessRights FullAccess -Confirm: $false
Remove-RecipientPermission [email protected] -AccessRights SendAs -Trustee [email protected] -confirm: $false
Upvotes: 0
Reputation: 60918
Try this:
Remove-MailboxPermission -Identity MyMailbox -User SomeUser -AccessRights FullAccess -InheritanceType All
or ( not tested )
$ar = "FullAccess", "SendAs", "ExternalAccount", "DeleteItem", "ReadPermission", "ChangePermission", "ChangeOwner"
Remove-MailboxPermission -Identity MyMailbox -User SomeUser -AccessRights $ar -InheritanceType All
Upvotes: 1
Related Questions
- Need to Remove the selected Access Rights
- Permissions for all filtered users to all mailboxes - Exchange 2010
- Public folders remove all permissions for all users
- Removing Exchange Mailbox Property using PowerShell
- Get-Mailboxpermission for list of Mailboxes
- Exchange 2010: How can I check what permissions a user/mailbox has towards other mailboxes?
- How to find out who has full mailbox access for a list of users in exchange 2010
- Set-MailboxFolderPermission does not, what it should do
- Clear GrantSendOnBehalfTo on a mailbox exchange - from remote powershell script
- Setting Exchange Mailbox ACL using Powershell