Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-16

Use the Get-MailboxPermission cmdlet to get permissions on a mailbox.

Syntax

Get-MailboxPermission -Identity <MailboxIdParameter> [-Credential <PSCredential>] [-DomainController <Fqdn>] [-ReadFromDomainController <SwitchParameter>] [-ResultSize <Unlimited>] [-User <SecurityPrincipalIdParameter>]
Get-MailboxPermission -Identity <MailboxIdParameter> [-Credential <PSCredential>] [-DomainController <Fqdn>] [-Owner <SwitchParameter>] [-ReadFromDomainController <SwitchParameter>] [-ResultSize <Unlimited>]

Detailed Description

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Mailbox permissions and delegation" entry in the Mailbox Permissions topic.

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

The Identity parameter identifies the mailbox. You can use one of the following values:

  • GUID

  • ADObjectID

  • Distinguished name (DN)

  • Domain\Account

  • User principal name (UPN)

  • LegacyExchangeDN

  • SmtpAddress

  • Alias

Credential

Optional

System.Management.Automation.PSCredential

The Credential parameter specifies the user name and password to use to access Active Directory.

This parameter requires the creation and passing of a credential object. This credential object is created by using the Get-Credential cmdlet. For more information, see Get-Credential.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory.

Owner

Optional

System.Management.Automation.SwitchParameter

The Owner parameter returns the owner information for the mailbox identified in the Identity parameter.

This parameter can't be used with the User parameter.

ReadFromDomainController

Optional

System.Management.Automation.SwitchParameter

The ReadFromDomainController parameter specifies that the user information is read from a domain controller in the user's domain.

If you set the recipient scope to include all recipients in the forest, and if you don't use this parameter, it's possible that the user information is read from a global catalog with outdated information.

If you use this parameter, multiple reads might be necessary to get the information.

Note:
By default, the recipient scope is set to the domain that hosts your servers that run Exchange.

ResultSize

Optional

Microsoft.Exchange.Data.Unlimited

The ResultSize parameter specifies the maximum number of recipient objects returned.

User

Optional

Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter

The User parameter specifies the UPN, domain\user, or the alias of the user.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

Examples

EXAMPLE 1

This example returns permissions on the mailbox by its SMTP address john@contoso.com.

Copy Code
Get-MailboxPermission -Identity john@contoso.com | Format-List

EXAMPLE 2

This example returns permissions that the user Ayla has on John's mailbox.

Copy Code
Get-MailboxPermission -Identity john@contoso.com -User "Ayla"

EXAMPLE 3

This example returns the owner information for the resource mailbox Room222.

Copy Code
Get-MailboxPermission -Identity Room222 -Owner