Morning group.
I have an issue thats going to cause some trouble. Someone in the organisation has set the Domain Admin group to have Full Access over all users (Which technically is OK), but it has given the Domain admin group Send As permissions to all users.
Due to a lack of configuration in the past, we have a LOT of domain admins (I am actually in the process of sorting this, but it could take weeks)
Is there a script in Powershell or a GUI way of just removing the Send As Permissions to multiple users in a variety of OU's?
I have tried the following PS:-
Add-PSSnapIn Microsoft.Exchange.Management.PowerShell.Admin
$strServer = read-Host "Enter Server Name".ToUpper()
# Retrieve mailboxes from server and store in $MB
$MB = Get-Mailbox -Server $strserver
foreach ($user in $MB)
{
remove-ADPermission -identity "CN=Domain Admins,CN=Users,DC=Domainame" -user $user.alias -AccessRights ExtendedRight -ExtendedRights Send-As -Confirm:$true}
but this doesn't seem to do anything to the Users permissions.
Any ideas? (On fixing this issue, not the whole dead-mule mess of domain admins, as I said, I'm working on that, but this has taken priority)
Thanks in advance,
NewbieNik
"What happens if I untick this?"