Here, I am presenting some examples on usage of Get-ADPermission cmdlet

1. Returns the permissions that have been applied to the user Ed.

                        Get-ADPermission -Identity Ed

2. Returns the permissions that have been granted to the user Ed on the Receive connector.

                         Get-ADPermission “” -User Ed

3. Run the following command against a mailbox database in Exchange 2010 to see who has “Receive-As” permission set at the Database level.  This means it is applying to all mailboxes in that database.  You can also substitute the value to be “Send-As”, etc:

Get-adpermission “Mailbox Database Name” | where-object {$_.extendedrights -like ‘receive-as’} | select user,extendedrights

4. If you want to see all users and their relevant permissions they have against the database (meaning all mailboxes in that database) use:

Get-adpermission “Mailbox Database Name” | select user,extendedrights

5. If you want to see which permissions a specific user has to a database use:

Get-adpermission “Mailbox Database Name” -user “Username” | select user,extendedrights


  1. I followed your steps and I was able to craete the shared mailbox and permissions. Now it will not give me permission to access the account. When I look at the Send As and Full Access permissions, it shows the security group that is suppose to manage the account. Where else should I investigate?


    • 1. No, Veeam Backup Replication is direct to disk, cutrlnrey there is no support for Tape2. Yes, Veeam Backup Replication has Instant File-Level Recovery for any file system the image level backup. Support for Exchange (or any application) is also supported on the VMware Platform with our Enterprise version and vPower technology.3. Yes, Veeam has it’s own VSS integration and application aware processing so flushing Exchange Logs is supported, simply check Application Aware Processing in the job setup wizard


    • Ao executar o comnado: Get-ReceiveConnector “NOME DO CONECTOR” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient“ estou permitindo que o conector possa enviar e-mails externamente, ou seja, para outros dominios correto?


Leave a Reply

Your email address will not be published. Required fields are marked *

Protected by WP Anti Spam