Export Office 365 Mailbox Permissions Report to CSV

This PowerShell script exports Office 365 users’ mailbox delegated permission to CSV with Display Name, User Principal Name, Mailbox Type, Access Type, User With Access, and Admin Roles. You can filter the output based on permission type, mailbox type, admin only mailboxes.

4.8 Star
1,869 times
Add to favorites
Office 365
E-mail Twitter del.icio.us Digg Facebook
  • Each permission on separate line
    2 Posts | Last post March 12, 2020
    • Great script, really easy to use and clean output, thanks! I would like to see an enhancement or switch where each permission has it's own line. So if several users have full access permissions to one mailbox, those each have their own line. That would make it easy to perform an import of permissions if needed.
    • Hi eFrank,
      This enhancement requires more code changes. It will take some time to incorporate in the script. Meanwhile, you can use 'Office 365 Reporting Tool by AdminDroid', which has a required 'Mailbox permission summary' report
  • I would like to add a column(Department)
    3 Posts | Last post November 14, 2019
    • I added the following in the script:
       $Result = @{'DisplayName'=$_.Displayname;'UserPrinciPalName'=$upn;'Department'=$department;'MailboxType'=$MBType;'AccessType'=$AccessType;'UserWithAccess'=$userwithAccess;'Roles'=$RolesAssigned} 
        $Results = New-Object PSObject -Property $Result 
        $Results |select-object DisplayName,UserPrinciPalName,Department,MailboxType,AccessType,UserWithAccess,Roles | Export-Csv -Path $ExportCSV -Notype -Append 
      Ran the report and I received the Department Column but all was blank.  What am I doing wrong?
    • Hi Miller,
      Department value need to be retrieved from Get-MsolUser cmdlet. Apart from above mentioned lines, you need to add below code as 64th line.
        $Department=(Get-MsolUser -UserPrincipalName $upn).Department
      Now, you will get the department column in the output file.
    • Thank you Kathy,you really save me.   
  • Getting the following error when running script
    2 Posts | Last post November 04, 2019
    •  Getting the following error when running script.  The file is not digitally signed?  What can I do so I can run this script?
    • I was able to manually digital sign this .ps1 file.  Please disregard.
  • The File Can not Open
    2 Posts | Last post August 08, 2019
    • The Line 215 
       $ExportCSV=".\MBPermission_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
      the file save is System32 can not open , need change to c:\ other other location 
      $ExportCSV="c:\$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
    • Hi,
      PowerShell opens in System32 when you run it as Administrator. Some server OS may have preventive permissions on System folders. That could be why you can't open the output file.
      This script is designed to store the output file in the current directory. I recommend you navigate to the folder in which the script is located or some other place where you want the output file to be stored and then execute the script. You will get the output in the same directory.
  • How would i automate this as a script ran every month?
    2 Posts | Last post August 08, 2019
    • I'm wondering how i can add the username and password to this script so it runs without asking for a username and password
      I tried adding username and password to line 200 but keep getting errors
    • Hi Brendman,
      You don't need to hard code credential in the script. By default this script is user friendly. You can pass the credential as a parameter.
      For example,
      ./GetMailboxPermission.ps1 -UserName admin@Contoso.com -Password XXXX
      For more advanced filtering and params, you can refer https://o365reports.com/2019/03/07/export-mailbox-permission-csv/
  • Report on Group Objects
    4 Posts | Last post August 06, 2019
    • Great Script!!
      We grant permissions via security groups, can we include in the report to gather the group names and not just mailboxes?  We get error messages when it tries to find the group name.   
    • Hi,
      Currently, this script supports mailboxes alone. We will publish a separate script to address your requirement.
    • Awe man!  I was hoping this could be a quick turnaround like the others.  Thanks for replying.  Looking forward to another script.
    • Any update on being export group permissions rather than just mailboxes?  
  • Nice Script
    2 Posts | Last post July 16, 2019
    • Can this script be modified or do you have another that will also record permissions for on-prem users that are granted permissions to mailboxes in Exchange Online or one that gets both the on-prem and online mailboxes and permissions?
      I am seeing error messages on the names of users who have permission that are still on-prem and security groups, so the script sees them but doesn't know what to do with them it looks like.
    • Hi,
      As of now, we are not supporting Exchange on-premise.
  • Exclude all system accounts
    2 Posts | Last post May 06, 2019
    • One more wish to only report real users. Can you exclude "NT Authority\System" and accounts that contain "S-1-5-21" as well?
    • Hi Michel,
      Sure.. Script modified to exclude system accounts and accounts that contain "S-1-5-21". You can download the new one.
  • Can the script be adjusted with the use of an input file? (Large Tenant)
    3 Posts | Last post May 04, 2019
    • Can the script be adjusted with the use of an input file of selected users? (Large Tenant)
    • Hi Michel_PR,
      We have modified script to get mailbox permission from an input file.You can download the new version.
    • Thank you Robert, works like a charm!
  • How to run this script for MFA enabled?
    2 Posts | Last post April 18, 2019
    • How to run this script for MFA enabled? i am trying to run , it gives error.
    • Hi Rajesh,
      The script has been updated to adopt MFA. You can download the new version and then execute the script with -MFA switch.