locked
How list Get-MailboxFolderPermission RRS feed

  • Question

  • Hi,

    Im trying to create a powershell script that searches all mailboxes and displays the permission on :Inbox

    If I do this on a single mailbox:
    # Get-MailboxFolderPermission - identity awestwood:\Inbox | select User, FolderName, AccessRight

    So the question is how I can get this into a foreach loop that displays all mailboxes in my environment with the above cmdlet strings...

    Edit:

    what I want to achieve is something like this but one that works! :)

    $Mailbox = Get-Mailbox -resultsize unlimited | foreach {
    $Mailbox (Get-MailboxFolderPermission -identity $alias:\Inbox | select User, FolderName, AccessRight)
    }


    ftornell | Personal Blog: http://www.logicspot.NET
    • Edited by [zid] Wednesday, June 2, 2010 2:35 PM
    Wednesday, June 2, 2010 2:15 PM

Answers

  • Hi,

    It's true that the displayname is not accepted in that command.
    So you better select the mailbox on displayname with get-mailbox cmdlet and than pipe it for the next cmdlet add-adpermission.

    get-mailbox "Alex Westwood" | Add-ADPermission -ExtendedRights "Send-As"

    By Piping the get-mailbox info (this is the place where you make the selection) you got all the information for the next cmdlet.
    This should do it.

    Good luck,

    Timmy

    Friday, June 4, 2010 8:38 AM

All replies


  • $AllUsers = get-mailbox * | select SamAccountName

    ForEach ($User in $AllUsers) {

    $Mailbox = ""+ $User +":\Inbox" 

    get-mailboxfolderpermission -identity $Mailbox | Select User, FolderName, AccessRight | Out-File c:\Inbox_Permissions.txt -append

    }

    I choose samaccountname but you can change that in alias or whatever is unique...

    Greetzz,

    Timmy

    Wednesday, June 2, 2010 2:25 PM
  • This seems to work:

    get-mailbox |% {get-mailboxfolderpermission -identity ($_.alias + ":\Inbox") | select User,Foldername,AccessRight


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    • Edited by mjolinor Wednesday, January 4, 2012 11:13 PM
    Wednesday, June 2, 2010 2:33 PM
  • Hi guys.

    Speedyt

    the output file now displays:

    User                                    FolderName                              AccessRight                           
    ----                                    ----------                              -----------                           
    Default                                 Inbox                                                                       
    Jack Bauer                          Inbox                                                                      
    James Bond                        Inbox  

    dont know why the permissions dont show and I would like to know what box im currently on.

    like

    Alex smith

    User                                    FolderName                              AccessRight                           
    ----                                    ----------                              -----------                           
    Default                                 Inbox                                                                       
    Jack Bauer                          Inbox                                                                      
    James Bond                        Inbox  

    Tracy Jones

    User                                    FolderName                              AccessRight                           
    ----                                    ----------                              -----------                           
    Default                                 Inbox                                                                       
    Jack Bauer                          Inbox                                                                      
    James Bond                        Inbox  


    ftornell | Personal Blog: http://www.logicspot.NET
    Wednesday, June 2, 2010 2:49 PM
  • Hi,

    Possibly is AccessRight not the correct Object.

    Do this:

    get-mailboxfolderpermission -identity User:\Inbox | get-member

    Check the different objects and find the one for AccessRight
    Replace AccessRight with the correct name.
    That should do it...

    Or post the output from your single mailbox query...

    I'm out for today but I'll check you're post tomorrow morning.

    Greetzz,

    Timmy

    Wednesday, June 2, 2010 3:02 PM
  • The property name is "AccessRights" - plural.
    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, June 2, 2010 3:16 PM
  • This should do it than...

    thx mjolinor for the property name :-)

     

    $AllUsers = get-mailbox * | select Alias

    ForEach ($User in $AllUsers) {

    $Mailbox = ""+ $User +":\Inbox" 

    $Text0 = "---"
    $Text1 = ""
    $Text2 = "AccessRights For Mailbox: "+ $User +""
    $Text3 = ""
    $Text4 = "---"
    $Text5 = ""

    $Text0 | Out-File c:\Inbox_Permissions.txt -append
    $Text1 | Out-File c:\Inbox_Permissions.txt -append
    $Text2 | Out-File c:\Inbox_Permissions.txt -append
    $Text3 | Out-File c:\Inbox_Permissions.txt -append
    $Text4 | Out-File c:\Inbox_Permissions.txt -append

    get-mailboxfolderpermission -identity $Mailbox | Select User, FolderName, AccessRights | Out-File c:\Inbox_Permissions.txt -append

    $Text5 | Out-File c:\Inbox_Permissions.txt -append

    }

    This is written without any PS so paste it into an editor to check if its right.
    I guess it will work :-)

    Let me know if it fits your needs :-)

    Greetzz,

    Timmy

    • Marked as answer by [zid] Friday, June 4, 2010 6:07 AM
    • Unmarked as answer by [zid] Friday, June 4, 2010 6:55 AM
    • Proposed as answer by Timmy Luts [MCITP] Friday, June 4, 2010 8:51 AM
    Wednesday, June 2, 2010 4:29 PM
  • Hi Speedyt,

    What worked great! Thx!


    ftornell | Personal Blog: http://www.logicspot.NET
    Friday, June 4, 2010 6:07 AM
  • If I would like to use this list now for example to set the send as permission on a user the command is:

    Add-ADPermission "Alex Westwood" -User "domain\user" -Extendedrights "Send As"

    Alex Westwood is displayd as Displayname in the file u help me with but the output of the permission holders are also displayed as DisplayName but when we are to use Powershell it dont accept -user doman\Jack Bauer it wants an alias like domain\jbauer.

    Is there anyway in your script to also get the alias of the once holding the permision Editor, because they are about to get send as.


    ftornell | Personal Blog: http://www.logicspot.NET
    Friday, June 4, 2010 6:59 AM
  • Hi,

    It's true that the displayname is not accepted in that command.
    So you better select the mailbox on displayname with get-mailbox cmdlet and than pipe it for the next cmdlet add-adpermission.

    get-mailbox "Alex Westwood" | Add-ADPermission -ExtendedRights "Send-As"

    By Piping the get-mailbox info (this is the place where you make the selection) you got all the information for the next cmdlet.
    This should do it.

    Good luck,

    Timmy

    Friday, June 4, 2010 8:38 AM
  • Hi.

    I tried using this script and get the following error (for every single mailbox, with "USER" replaced by the alias):

    The specified mailbox "@{Alias=USER}" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32)
    [Get-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId :
    DDDCC6C6,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

    It seems like instead of just picking the alias, it picks "alias=the alias" so it doesn't work correctly.

    Is there a fix for this?

    Edit: Exchange 2010, by the way

    Thanks

    Paddy


    Friday, May 11, 2012 11:41 AM
  • Hi.

    I tried using this script and get the following error (for every single mailbox, with "USER" replaced by the alias):

    The specified mailbox "@{Alias=USER}" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32)
    [Get-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId :
    DDDCC6C6,Microsoft.Exchange.Management.StoreTasks.GetMailboxFolderPermission

    It seems like instead of just picking the alias, it picks "alias=the alias" so it doesn't work correctly.

    Is there a fix for this?

    Edit: Exchange 2010, by the way

    Thanks

    Paddy


    this works:

    $Mailbox =$User.SamAccountName +":\Inbox"

    Wednesday, January 23, 2013 1:33 PM
  • This seems to work:

    get-mailbox |% {get-mailboxfolderpermission -identity ($_.alias + ":\Inbox") | select User,Foldername,AccessRight


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    This solutions works best for me, except there's a typo in it that nearly made me ditch it and move on to someone else's suggestion.

    Get-Mailbox |% {Get-MailboxFolderPermission -Identity ($_.Alias + ":\")}

    I'm now using the following to grab a list of permissions assigned at the top level and inbox folder:

    #Get Top of Information Store permissions
    Get-Mailbox |% {Get-MailboxFolderPermission -Identity ($_.Alias + ":\")} | Select Identity, FolderName, User, AccessRights | Export-Csv 'Top Level.csv'
    
    #Get Inbox permissions
    Get-Mailbox |% {Get-MailboxFolderPermission -Identity ($_.Alias + ":\Inbox")} | Select Identity, FolderName, User, AccessRights | Export-Csv 'Inbox.csv'
    ...works like a charm.  Thanks for the idea, mjolinor.

    Matty Brown<br/> Computer Programmer (VBA 7.0/MS Access 2010, VB.Net 2005, ColdFusion 8)

    Thursday, March 13, 2014 12:58 PM
  • `Hello, (exchange 2010)

    I'm trying to use this script, but my output misses something.

    I would like to see from each mailbox who has rights on the calendar. the output seems to be OK but I am missing the name of the mailbox.

    My script: (agenda is dutch for calendar)

    $AllUsers = get-mailbox * | select SamAccountName
    
    ForEach ($User in $AllUsers) {
    
    $Mailbox = ""+ $User +":\Agenda" 
    
    $Text0 = "---"
    $Text1 = ""
    $Text2 = "AccessRights For Mailbox: "+ $User.SamAccountName +""
    $Text3 = ""
    $Text4 = "---"
    $Text5 = ""
    
    
    $Text0 | Out-File c:\Inbox_Permissions.txt -append
    $Text1 | Out-File c:\Inbox_Permissions.txt -append
    $Text2 | Out-File c:\Inbox_Permissions.txt -append
    $Text3 | Out-File c:\Inbox_Permissions.txt -append
    $Text4 | Out-File c:\Inbox_Permissions.txt -append
    
    
    get-mailbox |% {get-MailboxFolderPermission -identity ($_.alias + ":\Agenda") | select User,Foldername,AccessRights | Out-File c:\Inbox_Permissions.txt -append
    
    $Text5 | Out-File c:\Inbox_Permissions.txt -append
    
    }}

    My output is like

    ---
    
    AccessRights For Mailbox: Administrator
    
    ---
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    User 1                                                             Agenda                                                             {LimitedDetails}                                                 
    User 2                                                             Agenda                                                             {Reviewer}                                                       
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    Anonymous                                                          Agenda                                                             {None}                                                           
    
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    Anonymous                                                          Agenda                                                             {None}                                                           
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    Anonymous                                                          Agenda                                                             {None}                                                           
    
    
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {None}                                                           
    Anonymous                                                          Agenda                                                             {None}                                                           
    
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    Anonymous                                                          Agenda                                                             {None}                                                           
    
    
    
    
    User                                                               FolderName                                                         AccessRights                                                     
    ----                                                               ----------                                                         ------------                                                     
    Default                                                            Agenda                                                             {AvailabilityOnly}                                               
    Anonymous                                                          Agenda                                                             {None}                                                           
    User 3                                                             Agenda                                                             {LimitedDetails}                                                 
    
    The first rule in the output is about mailbox for administrator, but the users shown under doesnt have acces to that. II just want to know the name of the mailbox...


    • Edited by Rnijland1 Friday, September 25, 2015 10:13 AM
    Friday, September 25, 2015 10:13 AM
  • This does not work at all.
    Sunday, July 3, 2016 12:09 PM
  • Doesn't work. It only produced the same "aliasname"\inboc does not exist.
    Sunday, July 3, 2016 12:10 PM
  • Get-Mailbox | Select @{Name="Identity"; Expression = {$_.Alias.tostring() + ":\Inbox"}} | Get-MailboxFolderPermission | Select Identity, FolderName, User, AccessRights

    The problem is that the Get-MailboxFolderPermission command only takes a text string for its Identity option when you are wanting results for specific folder in a mailbox. So you would need to "spoof" the Identity variable that you are passing along the pipe.

    The above code block is an example command that does this.

    There are four commands piped here:

    1. Get-Mailbox
    This is listing of all mailboxes. You could also use whatever normal commands to limit the results as you normally might.

    2. Select @{Name="Identity"; Expression = {$_.Alias.tostring() + ":\Inbox"}}
    This is the part that converts the parameter in the correct format for the next command. Here you are explicitly replacing the Identity data that the Get-Mailbox command normally returns to a different one. You are naming it Identity, and giving it an expression that takes the Alias output from the previous pipe command (indicated with $_.Alias), converting that output to a string value by appending .tostring() to it and then adding the text :\Inbox to this new string.

    3. Get-MailboxFolderPermission
    This is all that is needed now to return the Inbox folder permissions for the list of mailboxes.

    4. Select Identity, FolderName, User, AccessRights
    Finally, another select statement to include the Identity (of the Get-MailboxFolderPermission this time) - so you know which mailbox Inboxes you are looking at.

    Hope this helps and works for people!



    • Proposed as answer by JH2004 Monday, May 1, 2017 2:47 AM
    • Edited by JH2004 Monday, May 1, 2017 2:59 AM
    Monday, May 1, 2017 2:47 AM