How to find out users without SEND AS SELF flag in Exchange 2010

Question

I'm looking for a way to find all users who don't have SEND AS SELF flag set in Exchange 2010. Without that flag users aren't able to send emails thru SMTP and it seems some users are missing this flag (especially users who used to be Domains Admins etc)

I guess this would have to be similar to query below although this should show users (well not quite as it hides the username) who have Send-as and I'm looking for users who don't.

[PS] C:\Windows\system32>Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like "*Send-As*")}

Identity             User                 Deny  Inherited
--------             ----                 ----  ---------
LGBSPL.LGBS/LGBS/... NT AUTHORITY\SELF    False False
LGBSPL.LGBS/LGBS/... NT AUTHORITY\SELF    False False

Answer 1

Use a foreach loop to iterate through all mailboxes and their permissions, and then print out the identities of the ones where the "NT AUTHORITY\SELF" does not figure:

$mboxes = Get-Mailbox -ResultSize Unlimited
foreach($mbox in $mboxes){
    $currentAlias = $mbox.Alias
    $sendSelf = $mbox | Get-ADPermission | where {($_.ExtendedRights -like "*Send-As*") -and ($_.User -like "NT AUTHORITY\SELF")}
    if($sendSelf -eq $null){
        Write-Host "The user $currentAlias does not have permission to send as himself"
    }
}

Save as a .ps1 file and execute from the EMS, and there you have it :-)