How to Get a List of Shared Mailboxes Members and Permissions with PowerShell or Netwrix Auditor

Native Solution vs. Netwrix Auditor for Exchange
{{ firstError }}
We care about security of your data. Privacy Policy
Native Solution Netwrix Auditor for Exchange
Native Solution
Netwrix Auditor for Exchange
Steps

Connect to Exchange Online using PowerShell

1. If you haven't already, install the Exchange Online PowerShell Module according to your OS. Follow the instructions provided by Microsoft in this article.

2. Open the PowerShell ISE as Administrator and execute the following command:

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser 
 

3. Run the following command, type your user ID and password in the Windows PowerShell Credential Request, and click OK.

$Cred=Get-Credential

4. Connect to Exchange Online by running the following command:

Connect-ExchangeOnline -Credential $Cred

5. Copy and run the following script, adjusting the filters for the specific user you want to report on and specifying the desired path for the CSV file output. Using this PowerShell script, you can get a list of shared mailbox names and members’ permissions.

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited |

Get-MailboxPermission |

Select-Object Identity, User, AccessRights |

Where-Object { $_.User -like '*@*' } |

Export-Csv -Path C:\Temp\sharedfolders.csv -NoTypeInformation

6. Review the created CSV report; the identity column contains the names of the shared mailbox, the user column lists members of the shared mailbox, and the Access Rights column contains the permissions level:

7. Terminate your session with the following cmdlet:

Disconnect-ExchangeOnline -Confirm:$false

  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Exchange Online" section→ “Exchange Online State-in-Time”→ Select "Mailboxes Accessible by Non-Owners" → Click "View".
  2. Set “Mailbox Type” to “Shared Mailbox” → Click “View Report”. Note that you can also search the report using the relevant fields.
  1. To check the detailed permissions on delegates and their rights, click “Delegates”:

 

 

Learn more about Netwrix Auditor for Exchange

Keep Your Shared Resources Secure

User mailboxes associated with a single user identity are helpful for most situations. Still, sometimes, several users or specific group members need to have a standard work calendar and be able to answer emails on behalf of the organization. Accordingly, Exchange Online and on-premises Exchange also offer shared mailboxes, distinguished by their special RecipientType of “SharedMailbox.” Shared mailboxes do not have user credentials associated with them; instead, users must be granted access permissions using Microsoft Exchange Online Admin Center or PowerShell to access specific shared mailboxes, which allows them to perform everyday tasks for that shared mailbox. 

To prevent and spot misuse of shared mailboxes, you must keep track of them and the users with access to them. You can use the Exchange Online Management Console to get shared mailbox permissions for a single address. However, using PowerShell you can check shared mailbox permissions for all its members.

You can get a list of shared mailbox permissions with the help of Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Get-MailboxPermission command. However, you will probably want to get rid of all “NT AUTHORITY” records by piping the output using Where-Object {($_.user -like '*@*')}. If you need to filter the list by specific access rights, such as Full Access or Send As, to send email using Outlook on behalf of a shared mailbox, modify or rewrite the script, and then test the new script. Due to connection delays, testing PowerShell scripts on cloud solutions is usually more time-consuming.

Using Netwrix Auditor State-in-Time reports for Exchange Online and Exchange Server is a faster and easier option. In just a few clicks, you can generate a report on all your shared mailboxes with all the crucial details, such as which users have non-owner rights to which mailboxes and what permission level each user has. In addition, Netwrix Auditor for Exchange provides information about mailbox access events, shared mailbox permissions changes, and much more. You can also easily refine your audit results using the built-in filters and set up a report subscription. As a result, you will have far better control over what's happening in your Exchange environment.

Related How-tos
How to Detect Who Modified Mailbox Permissions in Exchange Online How to Stay on Top of Permissions Changes to Public Folders in Exchange Online How to Get Exchange Online Mailbox Permissions Report Using PowerShell or Netwrix Auditor