Production box goes down, we bring up the DR box.
Anyway my issue is on the production box. We test the DR box
periodically. We export permissions on mailboxes and public folders
from production and have them ready to import to DR.
To make things complicated, PFDAVADMIN fails to connect to production,
so I have to have an alternative way to export permissions.
I use this command : Get-mailbox -resultsize:unlimited | Get-
MailboxPermission | fl >D:\priv.txt
One of the users, sjones, says she should have access to another
user's calendar and contacts in DR, we'll call him John Doe.
When I run Get-mailbox -resultsize:unlimited | Get-MailboxPermission |
fl
I see that sjones only has rights to Catherine Smith and John Smith
but not John Doe. Below is a snippet of the output with the only two
mentions of sjones.
Another engineer has confirmed that from her outlook in production,
she has access to "calendar, contacts and a few folders in his
mailbox"
Am I exporting the correct permissions here? Is there another command
I need to use to export these permissions? I see Get-
MailboxCalendarSettings. Not sure how that applies.
Basically I want to export all user mailbox, contacts, tasks and
calendar permissions using this method.
I seem to be able to successfully do the public folders with:
get-publicfolder \ -recurse -resultsize:unlimited | Get-
PublicFolderClientPermission |fl > D:\pub.txt
*** Results snippet from Get-mailbox -resultsize:unlimited | Get-
MailboxPermission | fl ***
AccessRights : {FullAccess, DeleteItem}
Deny : False
InheritanceType : All
User : MYDOMAIN\sjones
Identity : mydomain.local/users/Catherine Smith
IsInherited : False
IsValid : True
ObjectState : Unchanged
AccessRights : {FullAccess}
Deny : False
InheritanceType : All
User : MYDOMAIN\sjone
Identity : mydomain.local/users/John Smith
IsInherited : False
IsValid : True
ObjectState : Unchanged
Reverse Permissions Audit Scripts Part 2
http://gsexdev.blogspot.com/2005/06/reverse-permissions-audit-scripts-part.html
James Chong (MVP)
MCITP | EMA; MCSE | M+, S+,
Security+, Project+, ITIL
msexchangetips.blogspot.com