Getting mailbox delegate information from ''editor'' attribute

PowerShell Help
1

With the following script i get mailbox data out of exchange online:

# Create a path in your directory to store the export file
$Export_File_Path = "C:\PS"

#Create class outputregel with Zivver objects
class outputregel {
    [string]$Email
    [string]$Full_name
    [string]$Is_active
    [string]$Delegates
    [string]$Aliases
    [string]$OU_UID
    [string]$InternalId 
}

#Create an empty array called $output
$output=@()

#Use Get-Mailbox to fetch all user mailboxes in Exchange Online
$usermailboxes=Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize unlimited | Sort-Object PrimarySmtpAddress

#Fill Zivver objects with data from Exchange Online
foreach ($mailbox in $usermailboxes) {

    Write-Progress -Status $mailbox.PrimarySmtpAddress -Activity 'Processing mailbox for'

    $regel=New-Object outputregel
    $regel.Email=$mailbox.PrimarySmtpAddress
    $regel.Full_name=$mailbox.DisplayName 
    $regel.Is_active= switch ($mailbox.AccountDisabled)
    {
        False {1}
        True {0}
    }
    $regel.Delegates='' #Delegates object will be populated later
    $regel.Aliases='' #Aliases object will be populated later
    $regel.OU_UID='' #Use this line by default. 
    #$regel.OU_UID=$mailbox.PrimarySmtpAddress.Split("@")[1]
    $regel.InternalId=$mailbox.Guid 
 
    # Get delegates from Exchange FULL ACCESS (read and manage) permissions.
    $users = Get-MailboxPermission $mailbox.PrimarySmtpAddress | Where-Object User -like '*@*' | Where-Object AccessRights -Contains 'FullAccess' | Select-Object -ExpandProperty User

    if ($users.count -lt 1) {
        $users = ''
    }

    # Get email aliases (smtp addresses)
    $aliases = $mailbox.EmailAddresses | Where-Object {$_ -clike 'smtp*@*'} | Where-Object {$_ -cne 'SMTP*'} | Where-Object {$_ -notlike '*onmicrosoft.com'}

    #Populate Zivver objects with data from "Get delegates" and "Get aliases"
    $regel.Delegates = $users -join ';' 
    $regel.Aliases = ($aliases -join ';').replace('smtp:','').replace('SMTP:','')
    $output+=$regel;
}
# If you want to see the output, run $output | Out-GridView

$output

I got the question to not find delegates via the ‘‘FullAccess’’ attribute but via the ‘‘editor’’ attribute users can give each other in Outlook (microsoft documentation).
It is possible to find this editor attribute for specific mailboxes via powershell, but I have difficulties including it in my script.

Changing the the AccessRights attribute from FullAccess to Editor does not seem to work.

$users = Get-MailboxPermission $mailbox.PrimarySmtpAddress | Where-Object User -like '*@*' | Where-Object AccessRights -Contains 'Editor' | Select-Object -ExpandProperty User

It is possible to find the editor attribute via the Get-MailboxFolderStatistics cmdlet

Get-MailboxFolderStatistics -Identity contoso@onmicrosoft.com | where-object {$_.foldertype -eq "Inbox"} | Select-Object -First 1 -expand Name

$mailbox = get-mailbox contoso@onmicrosoft.com
Get-MailboxFolderPermission $mailbox":\Postvak IN"

Does anyone have an idea on how to include this in the original script?

2

‘FullAccess’ and ‘Editor’ are different permissions on a mailbox. Typically, you can only set delegate permissions when a user is an editor. Take a look at the SharingPermissionFlags parameter/property on Get/Set mailboxfolder permission: Set-MailboxFolderPermission (ExchangePowerShell) | Microsoft Learn

I think what you’re looking for is the SharingPermissionFlags property on Get-MailboxFolderPermission when you give it the calendar folder of mailbox:

The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor