info@tijmenschoemaker.nl

Export GrantSendOnBehalfTo permission with Powershell

I had to create this script for work, so we could see which users were sharing their calendar in the wrong way. People used delegates to share the calendar, but most didn’t realise they were also granting the “send on behalf” permissions to users.

<# .SYNOPSIS Create en export of GrantSendOnBehalfTo permissions .DESCRIPTION This script gets all (user)mailboxes and checks the GrantSendOnBehalfTo permissions .NOTES Version: 0.1 Author: Tijmen Schoemaker Contributors: - Company: 's Heeren Loo .CHANGELOG v0.1 -Initial version .EXAMPLE .\ExportGrantSendOnBehalfTo.ps1 #>

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin;

$date = Get-Date -Format yyyyMMdd-HHmmss
$exportFile = $date + "_DelegatesExport.csv"

"{0}`t{1}`t{2}" -f "User","Email","Delegates" | Out-File -FilePath $exportFile

$mailBoxes = get-mailbox -Filter {RecipientTypeDetails -eq "UserMailbox"} -ResultSize Unlimited

foreach($mailBox in $mailBoxes){
    $grantSendOnBehalfTo = $mailBox.GrantSendOnBehalfTo
    if($grantSendOnBehalfTo -ne $null){
        $user = $mailBox.SamAccountName
        Write-Host "+-----------------------------------------------------------------------------------------------------------------------------+"
        Write-Host "| User: $user"
        Write-Host "+-----------------------------------------------------------------------------------------------------------------------------+"
        Write-Host "| Send on behalf granted to:"
        foreach($grantSendOnBehalfToItem in $grantSendOnBehalfTo){
            if($grantSendOnBehalfToItem.ObjectGUID -ne $null){
                try{
                    $userObjectGUID = $grantSendOnBehalfToItem.ObjectGUID
                    $grantSendOnBehalfToUser = get-aduser -Filter {ObjectGUID -eq $userObjectGUID} 
                    Write-Host "| + " $grantSendOnBehalfToUser.UserPrincipalName
                    "{0}`t{1}`t{2}" -f $user,$mailBox.UserPrincipalName,$grantSendOnBehalfToUser.UserPrincipalName | Out-File -FilePath $exportFile -Append
                }
                catch{
                    Write-Host  $_.Exception.Message
                    Write-Host  $_.Exception.ItemName
                }
            }
        }
        Write-Host "+-----------------------------------------------------------------------------------------------------------------------------+`n"
    }
}