Get Shared Mailbox with delegation access.

 Connect-ExchangeOnline

# Define the path for the CSV file

$csvPath = "C:\Temp\SharedMailboxesWithDelegatedAccess.csv"

# Function to get all shared mailboxes

function Get-AllSharedMailboxes {

   Write-Output "Retrieving all shared mailboxes..."

   $sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited

   Write-Output "Retrieved $($sharedMailboxes.Count) shared mailboxes."

   return $sharedMailboxes

}

# Function to get delegated access permissions for a mailbox

function Get-DelegatedAccessPermissions {

   param (

       [Parameter(Mandatory=$true)]

       [string]$MailboxIdentity

   )

   Write-Output "Retrieving delegated access permissions for mailbox: $MailboxIdentity"

   # Get Full Access permissions

   $fullAccessPermissions = Get-MailboxPermission -Identity $MailboxIdentity | Where-Object {

       $_.User -notmatch "NT AUTHORITY\\SELF" -and $_.AccessRights -contains "FullAccess"

   }

   Write-Output "Found $($fullAccessPermissions.Count) full access permissions for mailbox: $MailboxIdentity"

   # Get Send As permissions

   $sendAsPermissions = Get-RecipientPermission -Identity $MailboxIdentity | Where-Object {

       $_.Trustee -notmatch "NT AUTHORITY\\SELF" -and $_.AccessRights -contains "SendAs"

   }

   Write-Output "Found $($sendAsPermissions.Count) send as permissions for mailbox: $MailboxIdentity"

   # Combine permissions

   $permissions = @()

   foreach ($perm in $fullAccessPermissions) {

       $permissions += [pscustomobject]@{

           User          = $perm.User

           AccessRights  = "FullAccess"

       }

   }

   foreach ($perm in $sendAsPermissions) {

       $permissions += [pscustomobject]@{

           User          = $perm.Trustee

           AccessRights  = "SendAs"

       }

   }

   return $permissions

}

# Get all shared mailboxes

$sharedMailboxes = Get-AllSharedMailboxes

# Initialize an array to store the results

$results = @()

# Loop through each shared mailbox and get its delegated access permissions

foreach ($mailbox in $sharedMailboxes) {

   Write-Output "Processing mailbox: $($mailbox.PrimarySmtpAddress)"

   $delegatedPermissions = Get-DelegatedAccessPermissions -MailboxIdentity $mailbox.Identity

   foreach ($permission in $delegatedPermissions) {

       $results += [pscustomobject]@{

           DisplayName        = $mailbox.DisplayName

           PrimarySmtpAddress = $mailbox.PrimarySmtpAddress

           MailboxIdentity    = $mailbox.Identity

           User               = $permission.User

           AccessRights       = $permission.AccessRights

       }

   }

   # If no delegated permissions, add an entry indicating no access

   if ($delegatedPermissions.Count -eq 0) {

       $results += [pscustomobject]@{

           DisplayName        = $mailbox.DisplayName

           PrimarySmtpAddress = $mailbox.PrimarySmtpAddress

           MailboxIdentity    = $mailbox.Identity

           User               = "No delegated access"

           AccessRights       = "None"

       }

   }

}

# Check if results contain any entries

if ($results.Count -eq 0) {

   Write-Output "No results to export. No shared mailboxes with delegated access permissions found."

} else {

   # Export the results to a CSV file

   $results | Export-Csv -Path $csvPath -NoTypeInformation

   Write-Output "Export completed. Check $csvPath for the results."

}

has context menu

Compose