Do you have a need to see which mailboxes John has access to without opening every single box and looking? No problem!
I wrote Exchange Permission as a result of a post on Experts Exchange. It is very simple to use.
THE BASICS
The first parameter is the user in question and of course is required. It needs to be in the format of Domain\Username. Although there are other ways to present a username, some of the fields the program checks while running store their information in that format. So its easier to take it in that way and not add more code to the program to check it and reformat if required.
The second parameter (optional) is the distinguished name of the container object. If this parameter is omitted, the rootDSE is used. Needless to say on a very large environment that could take hours to complete. In that case it is better to be as specific as possible with the root container.
For instance, if Bob is in the sales OU and you are trying to see who else in sales Bob has access to, it is wise to select only the sales ou. If you have less than 7,000 users or so, it probably won’t matter. Just remember that the properties that we are looking at are not indexed in Active Directory. That means every single access rule has to be looked at to see if it matches Bob.
GOTCHAS
One gotcha that exists currently in the program is inherited and MAPI permissions are not taken into account. MAPI permissions require that CDO or some other MAPI extension be utilized to get at the data. It would also then force the program to need admin rights to Exchange to get at the data. I am not completely sure why inherited permissions don’t work for an individual yet. Once I master that, I can then ensure that permissions inherited by a group would work. I am sure you just realized that groups are another gotcha.
If you need to keep the resulting information, simply pipe it to a file.
USING
Some of the techniques I used required .NET 3.5, so ensure you have that installed. The zip contains two files that must be located together. There isn’t an installation and since this is an admin tool, never will be.
Enjoy!
No comment yet