Script to gather FullAccess and SendAs permissions

I wrote this script to gather FullAccess and SendAs permissions to divide mailboxes into logical batches. May be somebody find it helpful.

#Purpose of this script is to gather full access and Send-As permissions of all mailboxes in organization
#Author: Zbynek Salon
#importing needed module
Import-Module Servermanager
$out = @()
$path = "c:\temp\FASA.txt"
$out +="Identity-email;Full Access;Send AS"
set-adserversettings -ViewEntireForest $true
#gathering info
$list = Get-Mailbox -resultsize unlimited | select alias,displayname,primarysmtpaddress,userprincipalname,distinguishedname
$i = 0
Foreach ($line in $list){
$sa = $null
$fa = $null
$fa = get-mailbox "$($line.distinguishedname)" | get-mailboxpermission | where {($_.IsInherited -like $false) -and ($_.accessrights -like "*Full*") -and ($_.user -notlike "*SELF*")}
$sa = get-mailbox "$($line.distinguishedname)" | get-adpermission | where {($_.extendedrights -like "*Send*") -and ($_.IsInherited -like $false) -and ($_.Deny -like $false)  -and ($_.user -notlike "*SELF*")}
Write-host "°°°°°°°°°°°°°°$($line.alias)"
#Full Access section
write-host "Full Access $($line.displayname)"
$fapo=$null
$sapo=$null
if ($fa -ne $null){
$fapo = "FA:"
            foreach ($fap in $fa){
                $o2=$null
                $o=$null
                #query object from AD using LDAP (translate SID to DN)
                $o = [adsi]"LDAP://<SID=$($fap.user.securityidentifier)>"
                #query needed properties of AD object (AD object is used to query for all object types
                $o2 = get-adobject "$($o.distinguishedname)" -properties * | select displayname,userprincipalname
                $o2
                if($o2 -ne $null){
                    $fapo = $fapo + "|$($o2.displayname)*$($o2.userprincipalname)"
                }
                else{$fapo = $fapo + "|NoExist*$($fap.user.securityidentifier)" }
            }
}else{}
#Send As section
write-host "Send - AS $($line.displayname)"
if ($sa -ne $null){
$sapo = "SA:"
            foreach ($sap in $sa){
                $u2=$null
                $u=$null
                $u = [adsi]"LDAP://<SID=$($sap.user.securityidentifier)>"
                $u2 = get-adobject "$($u.distinguishedname)" -properties * | select displayname,userprincipalname
                $u2
                if($u2 -ne $null){
                    $sapo = $sapo + "|$($u2.displayname)*$($u2.userprincipalname)"
                }
                else{$sapo = $sapo + "|NoExist*$($fap.user.securityidentifier)" }
            }
 }else{}
$out += "$($line.displayname)*$($line.userprincipalname);$($fapo);$($sapo)"
}

$out | out-file "$($path)"