Monday, 11 November 2019

Remove Mailbox Permissions (Full Access or Send As) using Powershell

Removing existing mailbox permission is one of the important Exchange management task. We can use the Remove-MailboxPermission cmdlet to remove permissions from user mailbox or shared mailbox. This cmdlet is available for both Exchange On-Premises and Exchange Online environment. To perform this task, your account should already have the server roles Organization Management and Recipient Management.

Note: Before proceed, based on your environment connect Exchange Online Remote Powershell or Exchange Management Shell (On-Premises).

The following command removes the full access permission for the user "morgan@contoso.com" from the mailbox "alex@contoso.com".
Remove-MailboxPermission -Identity "alex@contoso.com" -User "morgan@contoso.com" -AccessRights FullAccess -InheritanceType All -Confirm:$false
Identity - The identity (ex: Name, UPN, etc.. ) of the mailbox where you are removing permissions.
User - This parameter specifies the user mailbox that will get permissions removed.
AccessRights - Required rights (ex: FullAccess, SendAs, etc..) to remove.

Remove full access permission from all shared mailboxes:

The below commands retrieve all shared mailboxes and remove full access permissions from all shared mailboxes for the single user mailbox "morgan@contoso.com".
$user = "morgan@contoso.com"
$sharedmbxs = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Select Identity,Alias,DisplayName
$i = 1
$totalmbxs = $sharedmbxs.Count
foreach ($mbx in $sharedmbxs) {
Write-Progress -activity "Processing user $($mbx.DisplayName)" -status "$i out of $totalmbxs completed"
Remove-MailboxPermission -Identity $mbx.Identity -User $user -AccessRights FullAccess -InheritanceType All -Confirm:$false
$i++
}

Remove permission from shared mailboxes for multiple users:

For bulk users removal, you can keep the user mailbox identities in CSV file. Consider the CSV file "O365Users.csv" which contains user name (or upn) of users with the column header UserName.
$users = Import-Csv 'C:\O365Users.csv'
$sharedmbxs = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Select Identity,Alias,DisplayName
foreach ($user in $users) {
foreach ($mbx in $sharedmbxs) {
Write-Progress -activity "Processing user $($user.UserName) - shared mailbox $($mbx.DisplayName)" -status "Processing....."
Remove-MailboxPermission -Identity $mbx.Identity -User $user.UserName -AccessRights FullAccess -InheritanceType All -Confirm:$false
}
}
Your csv content should be in below format :
UserName
"user1@contoso.com"
"user2@contoso.com"
"user3@contoso.com"

Remove permission for multiple users from multiple mailboxes:

In some cases, you may need to delete access for a set of users from multiple mailboxes. In this case, you can keep both the user and mailbox identities in CSV file. Consider the CSV file "remove-fullaccess.csv" which contains user and mailbox identities under the column header UserName and Mailbox.
Import-CSV 'C:\remove-fullaccess.csv'| ForEach {
Write-Progress -activity "Processing mailbox $($_.Mailbox) - user $($_.UserName)" -status "Processing..."
Remove-MailboxPermission -Identity $_.Mailbox -User $_.UserName -AccessRights FullAccess -InheritanceType All -Confirm:$false
}
Your csv content should be in below format :
Mailbox, UserName
"sharemailbox1@contoso.com", "user1@contoso.com"
"sharemailbox2@contoso.com", "user1@contoso.com"
"usermailbox1@contoso.com", "user1@contoso.com"
"usermailbox1@contoso.com", "user2@contoso.com"

Advertisements
Advertisements

No comments:

Post a Comment