Exchange Powershell – Removing mailbox, specifically “Send As” access


I want to remove full access along with send as easier than with EWC so obviously that’s a Powershell job.

Removing full access – done easily enough with a one liner

Remove-MailboxPermission -Identity $MailboxOwner -user $MailboxDelegate -AccessRights FullAccess -InheritanceType All -Confirm 

Removing send as access – you (I) would think same but with a different -AccessRights parameter.

Remove-MailboxPermission -Identity $MailboxOwner -User $MailboxDelegate -AccessRights SendAs 

Nope, gives me a bit of info about “Can’t remove access control on the Object because the ACE doesn’t exist“. A little bit of google tells me that the right one to use is Remove-ADPermission so I check it out with Get-ADPermission first

Get-ADPermission -Identity $Username 

Returns an error “The operation could not be performed because $Object could not be found on DC01

Ok, fair enough, I can change it from the SAMAccountName to the CN and object is found. Not a massive deal as the CN is also accepted by Remove-MailboxPermission

So it seems that a combo of both like this should work

#Get CN of mailbox owner $MailboxOwner = Read-Host "Please enter the mailbox owner" #Get CN of person accessing the mailbox $MailboxDelegate = Read-Host "Please enter the delegated owner" #Remove Full Mailbox Access Remove-MailboxPermission -Identity $MailboxOwner -user $MailboxDelegate -AccessRights FullAccess -InheritanceType All -Confirm #Remove SendAs Access Remove-ADPermission -Identity $MailboxOwner -User $MailboxDelegate -ExtendedRights "Send As" 

So those of you that actively manage exchange permissions, what way do you handle it ? I’d love to see better examples.

submitted by /u/stuartall
[link] [comments]

Leave a Reply