How to Get a List of Shared Mailboxes Members and Permissions with Powershell or Netwrix Auditor

Native Solution vs. Netwrix Auditor for Exchange
We never share your data. Privacy Policy
Native Solution Netwrix Auditor for Exchange

1. Connect to Office 365 PowerShell, run the PowerShell ISE as Administrator and execute the following command:

Set-ExecutionPolicy RemoteSigned
$Cred = Get-Credential

2. Type your user ID and password in the Windows PowerShell Credential Request and click OK.

3. Create a session using the following command, modifying –ConnectionUri parameter based on your Exchange Online location:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic –AllowRedirection

4. Connect to Exchange Online:

Import-PSSession $Session –DisableNameChecking

5. Copy and run the following script, adjusting the filters for the specific user you want to report on and specifying the desired path for the CSV file output:

Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Get-MailboxPermission |Select-Object Identity,User,AccessRights | Where-Object {($_.user -like '*@*')}|Export-Csv C:\Temp\sharedfolders.csv  -NoTypeInformation 

6. Review the resulting CSV report:

How to Get a List of Shared Mailboxes Members and Permissions - Native Auditing


7. Terminate your session with following cmdlet:


  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Exchange Online" section→ “Exchange Online State-in-Time”→ Select "Mailboxes Accessible by Non-Owners" → Click "View".
  2. Set “Mailbox Type” to “Shared Mailbox” → Click “View Report”
How to Get a List of Shared Mailboxes Members and Permissions - Netwrix Auditor
  1. To check the detailed permissions on delegates and their rights, click “Delegates”:
How to Get a List of Shared Mailboxes Members and Permissions - Netwrix Auditor Details

Keep Your Shared Resources Secure

User mailboxes associated with a single user identity are useful for most situations, but sometimes several users or specific group members need to have a common work calendar and be able to answer emails on behalf of the organization. Accordingly, both Exchange Online and on-premises Exchange also offer shared mailboxes, which are distinguished by their special RecipientType of “SharedMailbox”. Shared mailboxes do not have user credentials associated with them; instead, users must be granted access permissions to access specific shared mailboxes. 

To prevent and spot misuse of shared mailboxes, you have to keep track of them and the users who have access to them. Natively, you can use the Exchange Online Management Console to get shared mailbox permissions for single address, but if you need to investigate user access rights on all your shared mailboxes, using PowerShell is your best option.

You can get a list of shared mailboxes permissions using the Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited | Get-MailboxPermission command. However, you will probably want to get rid of all “NT AUTHORITY” records by piping the output using Where-Object {($_.user -like '*@*')}. If you need to filter the list by specific access rights, such as Full Access or Send As, you will have to modify or even rewrite the script and then test the new script. Keep in mind that testing PowerShell scripts on cloud solutions is usually more time consuming due to connection delays.

A faster and easier option is to use Netwrix Auditor State-in-Time reports for Exchange Online and Exchange Server. In just a few clicks, you can generate a report on all your shared mailboxes with all the crucial details, such as which users have non-owner rights to which mailboxes and what permission level each user has. In addition, Netwrix Auditor for Exchange provides information about mailbox access events, shared mailbox permissions changes, and much more. You can also easily refine your audit results using the built-in filters and set up report subscription. As a result, you will have far better control over what's happening in your Exchange environment.