locked
How to get mailbox folder permissions to all mailbox folders in all mailboxes? RRS feed

  • Question

  • Is it possible and how do you do it?

     

    I would like to be able to get mailbox folder permissions to all mailbox folders in all mailboxes. For example who has access to what. Get-mailbox, Get-MailboxFolder, and Get- MailboxFolderPermissions are all very simple commands but have proven a little tricky when combining.

     

    I thought there could be something like Get-Mailbox and then foreach get-mailboxfolders piped to get-mailboxfolderpermissions, but that didn’t pan out.

     

    Also at the same time, it would be great to thin out the Defaults and Anonymous's.

     

    Any thought would be appreciated.

     

    Thanks…

    Monday, January 9, 2012 10:01 PM

Answers

  •  

     I thought there could be something like Get-Mailbox and then foreach get-mailboxfolders piped to get-mailboxfolderpermissions, but that didn’t pan out.

    Hi Lance,

    You cannot run the cmdlet Get-MailboxFolder to get all folders for ALL mailboxes. You can only run the cmdlet against oneself who open the EMS because the cmdlet is only contained in the MyBaseOptions Manage Role(The Management Scope is Self).

    Please try to develop your script by using Get-MailboxFolderStatistic.

    For example:

    Get-MailboxFolderStatistic "usermailbox" | ft name,folderpath

    http://technet.microsoft.com/en-us/library/aa996762.aspx


    Frank Wang

    TechNet Community Support

    • Proposed as answer by Herbert Zimbizi Wednesday, January 11, 2012 8:26 AM
    • Marked as answer by Lance_Me Wednesday, January 11, 2012 5:18 PM
    Wednesday, January 11, 2012 6:25 AM

All replies

  •  

     I thought there could be something like Get-Mailbox and then foreach get-mailboxfolders piped to get-mailboxfolderpermissions, but that didn’t pan out.

    Hi Lance,

    You cannot run the cmdlet Get-MailboxFolder to get all folders for ALL mailboxes. You can only run the cmdlet against oneself who open the EMS because the cmdlet is only contained in the MyBaseOptions Manage Role(The Management Scope is Self).

    Please try to develop your script by using Get-MailboxFolderStatistic.

    For example:

    Get-MailboxFolderStatistic "usermailbox" | ft name,folderpath

    http://technet.microsoft.com/en-us/library/aa996762.aspx


    Frank Wang

    TechNet Community Support

    • Proposed as answer by Herbert Zimbizi Wednesday, January 11, 2012 8:26 AM
    • Marked as answer by Lance_Me Wednesday, January 11, 2012 5:18 PM
    Wednesday, January 11, 2012 6:25 AM
  • Lance,

    I came accross your post because I wanted the same thing and was frustrated that it was missing.

    Here is a snippet that will get all the folder objects and all the folder permissions for a user:

    $SpecialExchangeFolders = "Top of Information Store|Recoverable Items|Deletions|Purges|Versions"
    $CurrentUser = gci env:username | % { $_.value }
    [string[]] $FolderPaths = Get-MailboxfolderStatistics $CurrentUser | % {$_.folderpath}
    $ExchangeFolderPaths = $FolderPaths | % {$CurrentUser + ":" + $_.replace('/','\')}
    $UsableExchangeFolderPaths = $ExchangeFolderPaths | where { $_ -notmatch $SpecialExchangeFolders }
    $UsableExchangeFolderPaths | % { get-mailboxfolder $_ }
    $UsableExchangeFolderPaths | % { get-mailboxfolderPermission $_ }

    Hopefully this will help get you started on whatever you were trying to accomplish.

    Thanks,

    Chris


    Thursday, April 26, 2012 8:11 PM
  • Hi to all

    I want to leave a note here

    1) Thanks for the Script it helped me out a lot in investigation about my Quest
    Listing all Folders for all Mailboxes and retrieve the ACL for every Mailbox Folder
     
    I had problems with the -replace Part ,
     We have a customer with multicultural Users using all kinds of char.
    in the Foldersructur also a "/" so the "Folder Path"Replace went wrong very often.
     
    The solution i want to share with you........
     
    it is possible to use the EX-powershell command as follows:

                                                        ALIAS:FOLDER-ID
    get-mailboxfolderPermission john.doe:21092308734625ß71534ß946ß504362
     
    with that in mind i could write a short script that loops through
     
    But you have to Pass it 2 Strings! First is $A=alias +":"  $F=FOLDERID
     if you pass them all in one VAR or Sting or like $A:$B it fails it hase to be $A$B
     
    each mailbox --> /each folder FolderID /User, Access Rights ->> Output to Screen/File 
     Best Regards
     
    Manfred


    Manfred Preissner MSCA-Exchange-2003/MCSE-2003 MCTS-Exchange2007 Danube Data Center Vienna\Austria

    Friday, August 31, 2012 2:28 PM
  • Thanks. I can get what I need from both of your posts.
    Monday, June 17, 2013 6:28 PM