Get-MailboxPermission cmdlet now returns UPN as the user info

A small, but very important change has been pushed to the EO servers. Namely, the output of the Get-MailboxPermission cmdlet now includes the UPN of the user, instead of the display name. Here’s an example:

PS C:\> Get-MailboxPermission wc

Identity             User                 AccessRights
--------             ----                 ------------
WC                   NT AUTHORITY\SELF    {FullAccess, ReadPermission}
WC                   NT AUTHORITY\SELF    {FullAccess, ExternalAccount, ReadPermission}
WC                   vasil@michev.info    {FullAccess}
WC                   huku@michev.info     {ReadPermission}

While the change itself is minor, it does help a lot. Especially in large organizations with thousands of users, or in countries where it’s common for people to have the same name. The display name is simply not suitable for identifying the user, and UPN makes much more sense.

Up until now, we had to do additional verifications in order to make sure we have the correct principal, as displayName is simply not unique. For example, one of the scripts I use was getting all recipients that match said display name, and for each of those matches performs additional checks against the mailbox, making use of the -User parameter (for example: Get-MailboxPermission wc -User vasil). And in some cases, even that was not enough (say if you have 5 ‘John Smiths’ with permissions on the said object). So yes, this simple change definitely makes a difference. Unfortunately, the GUI tools still return the display name, but hopefully that will change in the near future.

I’m certain the change will make it’s way to on-prem as well!

1 thought on “Get-MailboxPermission cmdlet now returns UPN as the user info

  1. Frank Lesniak says:

    Hi Vasil, just a note that if the object having permission represents a user (mailbox, etc.), it will be represented by its UPN. However, if it’s something that does not have a UPN, like a distribution list, then it will continue to show the display name.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.