Exchange 2010 – All access rights from all mailbox folders


Let’s try this request:22-03-2013 19-42-05
Get all access rights for all mailbox folders.

We should use cmdlet Get-MailboxFolderPermission which requires declaration like alias:\Inbox\folder. So we need only another cmdlet Get-MailboxFolderStatistics and convert slash characters in its folderpath property.

PS] C:\>$folders = Get-MailboxFolderStatistics filip | %{$_.folderpath} | % {$_.replace("/","\")}

[PS] C:\>$folders[7..11]
\folder 0
\folder 0\folder ? test
\folder 0\folder 1
\folder 0\folder 1\ffolder2
\folder 0\folder 2

22-03-2013 20-51-29We should have all folder paths from the mailbox (filip = alias) in $folders variable and be able to use it for Get-MailboxFolderPermission. We can expect few errors for “system” folders such as Top of Information Store, Recoverable Items, Deletions, Versions, Purges but also for folders which contains the slash character in name because of converting.

[PS] C:\>$folders = $folders | %{ Get-MailboxFolderPermission "filip:$_" | select foldername,user,accessrights}`
 | ? { $_.AccessRights -notlike "None" -and $_.User -notlike "*filip*" }

The operation couldn't be performed because 'filip:\Top of Information Store' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : 28783069,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

The operation couldn't be performed because 'filip:\folder 0\folder ? test' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : 18857875,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

The operation couldn't be performed because 'filip:\Recoverable Items' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : ABE546E,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

The operation couldn't be performed because 'filip:\Deletions' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : 8321BED7,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

The operation couldn't be performed because 'filip:\Purges' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : 65847762,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

The operation couldn't be performed because 'filip:\Versions' couldn't be found.
 + CategoryInfo : NotSpecified: (:) [Get-MailboxFolderPermission], ManagementObjectNotFoundException
 + FullyQualifiedErrorId : 8A11CF7B,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

Valid objects are in the folders variable:

22-03-2013 20-49-14

Shortly:

  1. $folders = Get-MailboxFolderStatistics alias | % {$_.folderpath} | % {$_.replace(“/”,”\”)}
  2. $folderPermissions = $folders | %{ Get-MailboxFolderPermission “alias:$_” | select foldername,user,accessrights}
  3. $folderPermissions
Advertisements

5 thoughts on “Exchange 2010 – All access rights from all mailbox folders

  1. I would like to evaluate all folders on all mailboxes looking for a match of a single group or character. We have distribution lists in our environment that start with a $ character and I need to know where any of those lists have been applied as permissions on users’ folders. I’ve tried using get-mailbox to pipe the commands together but having a little difficulty. Any assistance with this would be appreciated.

    • Hi Dianne,
      all mailboxes means long processing time so pls test code below (just paste it into Exchange Management Shell) against a few mailboxes (i.e. Get-Mailbox filip* instead of Get-Mailbox -resultsize unlimited).:

      [PSObject[]] $mailboxpermissions = @()
      $mailboxfolders = Get-Mailbox -resultsize unlimited | Get-MailboxFolderStatistics | %{$_.identity.toString()}
      foreach ($mailboxfolder in $mailboxfolders){
      $alias = $mailboxfolder.Substring(0,$mailboxfolder.IndexOf(“\”))
      $folderpath = $mailboxfolder.Substring($mailboxfolder.IndexOf(“\”))
      $mailboxpermission = New-Object PSObject
      $mailboxpermission = Get-MailboxFolderPermission -Identity “$(Get-Mailbox $alias):$folderpath”
      $mailboxpermission | add-member -Type NoteProperty -name “MailboxName” -value $alias
      $mailboxpermission | add-member -Type NoteProperty -name “FolderPath” -value $folderpath
      $mailboxpermissions += $mailboxpermission
      }
      $mailboxpermissions | ? {$_.User -like ‘$*’}

  2. Do you know how to have it loop through all mailboxes & export the results to CSV? I’m using the code below which works but I have to do it for each user. Also can’t figure out how to add a column on the left to show username since the output would include multiple users.

    $alias = “jsmith”
    $ExcludeFolders = “Top of Information Store|Recoverable Items|Deletions|Purges|Versions”
    $folders = Get-MailboxFolderStatistics $alias | % {$_.folderpath} | % {$_.replace(“/”,”\”)} | where {$_ -notmatch $ExcludeFolders}
    $folderPermissions = $folders | %{Get-MailboxFolderPermission $alias”:$_” | select foldername,user,accessrights} | ? {$_.AccessRights -notlike “None”}
    $folderPermissions | Out-File C:\Temp\jsmith.txt

    • Hello,
      if you need to show also username (alias), you will modify the follwoing line in your script:
      $folderPermissions = $folders | %{Get-MailboxFolderPermission $alias”:$_” | select @{Name=”MailboxAlias”;Expression={$alias}} ,foldername,user,accessrights} | ? {$_.AccessRights -notlike “None”}

      If you want to make a loop under all mailboxes, you will use either example above (Dianne’s issue) or extended version of your scrip here:

      [PSObject[]] $folderPermissions = @()
      $aliases = Get-Mailbox Get-Mailbox -resultsize unlimited | %{$_.alias}
      $ExcludeFolders = “Top of Information Store|Recoverable Items|Deletions|Purges|Versions”
      foreach($alias in $aliases){
      $folders = Get-MailboxFolderStatistics $alias | % {$_.folderpath} | % {$_.replace(“/”,”\”)} | where {$_ -notmatch $ExcludeFolders}
      $folderPermissions += $folders | %{Get-MailboxFolderPermission $alias”:$_” | select @{Name=”MailboxAlias”;Expression={$alias}},foldername,user,accessrights} | ? {$_.AccessRights -notlike “None”}
      }
      $folderPermissions | select mailboxalias,foldername,user,@{Name=’AccessRights’;Expression={[string]::join(“;”, ($_.AccessRights))}}|Export-Csv -Path C:\Temp\jsmith.txt -Encoding unicode

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s