Dear all, I know "How to Grant the Send As Permission for a Mailbox" as to http://technet.microsoft.com/en-us/library/aa998291%28EXCHG.80%29.aspx But know I'd like to know how I can receive information on a mailbox-level regarding "Send As" permissions, i.e. who actually has "Send As" permissions on any given mailbox using Powershell. Regards Alex

Hi, Try this: Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”)} | FT -Wrap Regards from www.windowsadmin.info

Hi, well, that looks good. Unfortunately I still have some user accounts that are able to send emails in the name of another user, i.e. they can use Outlook to send a new email while selecting another user in the "From" field. This email is then successfully transmitted to its destined recipient with the selected user in the "From" field. The email looks genuine and checking the options states that this email is sent from the user contained in the "From" field. No clue that another user did this like "Send on Behalf of". I checked group memberships of thos users who are able to send "faked"emails as well as "Send on Behalf of" rights. Nothing could be found. Any ideas? Any help would be greatly appreciated Alex

Hi Alex, Do you mean someone can send emails as another people while he doesn’t list when you run the cmdlet provided by ManU? Please try to verify whether the user has the “send as” permission by following the steps below: 1. Open the Exchange Management Console. 2. Navigate to Recipient Configuration. 3. Click Mailbox. 4. Right-click the mailbox which you want to view who actually are granted the send as permission in the right panel. 5. Choose Manage Send As Permission. 6. And now we know who have been granted send as permission. Please feel free to let me know if someone can send email as specific mailbox but he has not been list when you perform the steps below. I look forward to hearing from you. Best regards, Serena

Dear Serena, this is exactly the problem. Someone can send emails as another person while he or she doesn't have the "Send As" right. When I rund the cmdlet provided by ManU the person ist NOT listed. When verifying the "Send As" permission with the Exchange Management Console as described by you the person is NOT listed either. Alex

Hi Alex, Have you check whether your user associate with an external account in his Outlook?Because the associated external account for a mailbox can send messages as the mailbox owner without the Send As permission. If your user does not associate with another external account in Outlook, please verify whether the user who can send email as another user have the Full Mailbox Access permission and Send on Behalf permission for the mailbox owner. Because when user 1 has both the Full Mailbox Access permission and Send on Behalf permission on the mailbox of user 2, the user 1 can send email as user 2. Please refer to my original post to verify whether user has the Full Mailbox permission on the mailbox. And you can view Send on Behalf permission by following the steps below: 1. Open the Exchange Management Console. 2. Navigate to Recipient Configuration. 3. Click Mailbox. 4. Right-click the mailbox which you want to view who actually are granted the send on behalf permission in the right panel. 5. Click Properties and go to the Mail Follow Settings. 6. And then choose Delivery Option, click Properties. 7. So we can see who have Full Mailbox Access permission on the specific mailbox. And here is more information, Understanding Send As Behavior in Exchange 2007: http://technet.microsoft.com/en-us/library/dd421860(EXCHG.80).aspx Please feel free to let me know if you have any questions. Best regards, Serena

Alex please try this command. You can place the alias of the user within this command where I have "alias of user" and run this. This will provide you send as permission user by user. Now if you would like to have this to pull all users on a certain server then use the -server parameter and specify the server. If you have over a 10,000 users then put the parameter -resultsize:unlimited so that you can get all the info. Please let me know if you have any further questions. Get-Mailbox -identity alias of user" | Get-ADPermission | where { ($_.ExtendedRights -like *Send-As*) -and ($_.IsInherited -eq $false) -and -not ($_.User -like NT AUTHORITY\SELF) } | Select User, extendedrights, identity